Gmail (Inline Mode) - Service Account Provisioning
Cloud App Security provisions a service account to obtain an access token to get user/group/domain information and add/update a group used for holding the Cloud App Security policy targets.
Data will be automatically deleted one month after the grace period of your license expires.
After data is deleted, Cloud App Security does not protect your service any more.
Data collected |
|
---|---|
Console Settings | Provision: De-provision:
|
Gmail (Inline Mode) Quarantine
Cloud App Security will quarantine email messages in its storage after inbound/outbound messages trigger quarantine actions.
These quarantine items will be kept for 30 days in Cloud App Security before they get automatically deleted
After data is deleted, the administrator cannot restore or download the messages through Cloud App Security.
Data collected |
|
---|---|
Console Settings | Enable:
De-provision:
|
Exchange Online (Inline Mode) Service Account Provisioning
Cloud App Security provisions a service account to obtain an access token to get inbound/outbound email messages through Exchange Online connectors and transport rules, and scan the messages before they arrive at the inboxes of protected users or are sent out by protected users.
Data will be automatically deleted one month after the grace period of your license expires.
After data is deleted, Cloud App Security does not protect your service any more.
Data collected |
|
---|---|
Console Settings | Provision: De-provision:
|
Exchange Online (Inline Mode) Quarantine
Cloud App Security will quarantine email messages in its storage after inbound/outbound messages trigger quarantine actions.
These quarantined items will be kept for 30 days in Cloud App Security before they get automatically deleted.
After data is deleted, the administrator cannot restore or download the messages through Cloud App Security.
Data collected |
|
---|---|
Console Settings | Enable:
Disable:
|
Internal User Risk Analytics
Cloud App Security provisions a service account to obtain an access token to get risk detection data from Microsoft Identity Protection. The data is aggregated by Cloud App Security to show in the Internal User Risk Analytics widgets.
Data will be automatically deleted one month after the grace period of your license expires.
After data is deleted, Cloud App Security doesn’t collect risk detections.
All collected risk detections will be deleted after 60 days.
Data collected |
|
---|---|
Console Settings | Provision: De-provision:
|
Reports
Data will be automatically deleted one month after the grace period of your license expires.
Data collected |
|
---|---|
Console Settings | Reports: |
Retro Scan and Auto Remediate in Web Reputation
Cloud App Security collects metadata of email messages for Retro Scan and Auto Remediate to detect unidentified risks or restore false positive emails.
Email metadata will not be collected if the authentication token is deleted from the Cloud App Security management console and Retro scan is disabled from enabled policies
All collected metadata will be deleted after 90 days.
Data collected |
|
---|---|
Console Settings | Enable:
Disable:
|
Time-of-Click Protection in Web Reputation
Cloud App Security collects metadata of email messages for Time-of-Click Protection to obtain information about emails containing the clicked URLs.
Email metadata will not be collected if the authentication token is deleted from the Cloud App Security management console and Time-of-Click is disabled from enabled policies
All collected metadata will be deleted after 90 days.
Data collected |
|
---|---|
Console Settings | Enable:
Disable:
|
Retro Scan and Auto Remediate in Advanced Spam Protection
Cloud App Security collects metadata of email messages for Retro Scan and Auto Remediate to detect unidentified risks or restore false positive emails.
Email metadata will not be collected if the authentication token is deleted from the Cloud App Security management console and Retro scan is disabled from enabled policies.
All collected metadata will be deleted after 180 days.
Data collected |
|
---|---|
Console Settings | Enable:
Disable:
|
Microsoft Information Protection Service Account Provisioning
Cloud App Security provisions a service account to integrate with the Microsoft Information Protection service and obtains an access token to support the “add sensitivity label” and “remove sensitivity label” actions for detected documents in SharePoint/OneDrive/Teams.
Data will be automatically deleted one month after the grace period of your license expires.
After data is deleted, Cloud App Security does not support the sensitivity label related actions
Data collected |
|
---|---|
Console Settings | Provision: De-provision:
|
Teams Chat Service Account Provisioning
Cloud App Security provisions a service account to integrate with the Microsoft Teams Chat service and obtains an access token to scan contents and files sent in private chats with other users.
Cloud App Security provisions a service account to integrate with the Microsoft Teams Chat service and obtains an access token to scan contents and files sent in private chats with other users.
After data is deleted, Cloud App Security does not protect your service any more.
Data collected |
|
---|---|
Console Settings |
Salesforce Sandbox / Production Service Account Provisioning
Cloud App Security provisions a service account to integrate with the Salesforce Sandbox, and obtains an access token to access and protect users’ object information stored in Salesforce sandbox from threats.
After data is deleted, Cloud App Security does not protect your service any more.
Data collected | Information about Packaged, Standard and Custom objects, including:
|
---|---|
Console Settings |
Email and Collaboration Sensor App in Trend Vision One
Cloud App Security collects metadata of email messages, user profiles, mailboxes, and account activities for Trend Vision One to discover anomalies for Email Account Inventory customers.
Data collected |
If the admin grants permissions to collect user profiles, mailboxes, and account activities, the following data will also be collected:
|
---|---|
Console Settings |
|
SharePoint Online/OneDrive for Business Service Account Provisioning with Access Token
Cloud App Security provisions a service account to integrate with the Microsoft SharePoint Online and OneDrive for Business services respectively, and obtains an access token to access and protect users’ files stored in SharePoint Online /OneDrive for Business from threats.
Data collected |
|
---|---|
Console Settings | Provision:
De-provision:
|
Microsoft Teams Service Account Provisioning
Cloud App Security provisions a service account to integrate with the Microsoft Teams service and obtains an access token to protect users’ files stored in teams from threats.
Data collected |
|
---|---|
Console Settings | Provision:
De-provision:
|
Exchange Online Service Account Provisioning with Access Token
Cloud App Security provisions a service account to integrate with the Exchange Online service and obtains an access token to protect users’ email messages from threats.
Data collected |
|
---|---|
Console Settings | Provision:
De-provision:
|
Gmail Service Account Provisioning
Cloud App Security provisions service accounts to integrate with Gmail services and obtains access tokens to protect users’ email messages from threats.
Data collected |
|
---|---|
Console Settings | Provision:
De-provision:
|
Threat Investigation API
Cloud App Security collects metadata of email messages for the Threat Investigation API to sweep for required email information.
All collected metadata will be removed after 180 days.
Data collected |
|
---|---|
Console Settings |
|
Writing style analysis for BEC
Cloud App Security collects email messages sent by high profile users to train their writing style models if writing style analysis is enabled. All email content is irreversibly hashed.
Email messages will not be collected for continuous model training if writing style analysis is disabled.
Data will be automatically deleted one month after the grace period of your license expires.
Data collected |
|
---|---|
Console Settings |
O365 (Exchange Online, SharePoint Online, OneDrive for Business) Provisioning
Cloud App Security provisions service accounts to integrate with Microsoft Office 365 services, and accesses Office 365 data with the service accounts to protect users’ email messages and files from network threats.
Data collected |
|
---|---|
Console Settings | Provision:
When your license for Cloud App Security is valid, contact Trend Micro Technical Support to submit a request for de-provisioning. After de-provisioning is completed, data is deleted. |
Cloud storage service (Box, Dropbox, Google Drive) Provisioning
Cloud App Security provisions service accounts to integrate with cloud storage services and obtains access tokens to protect users’ files from network threats.
Data collected |
|
---|---|
Console settings | Provision:
De-provision:
|
Logs
Logs cannot be disabled unless you choose to NOT use Cloud App Security.
After data is deleted, administrators cannot retrieve history data of user events and policy violations from Cloud App Security.
Data collected |
|
---|---|
Console settings | Cloud App Security automatically deletes logs older than 180 days. |
Quarantine
Quarantine logs cannot be disabled unless you do not set Action to Quarantine in any Advanced Threat Protection or Data Loss Prevention policy or you do not enable Virtual Analyzer in any Advanced Threat Protection policy.
Data will be automatically deleted one month after the grace period of your license expires.
After data is deleted, administrators cannot retrieve history data of user events and policy violations from Cloud App Security.
Data collected |
|
---|---|
Console settings | For Quarantine logs, Cloud App Security provides an option for administrators to choose to automatically delete them older than 30, 60, or 90 days. |
Predictive Machine Learning
Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features.
Predictive Machine Learning | |
---|---|
Data collected |
|
Console location | ATP policy > Malware Scanning > Rules |
Console settings |
Malware Scanning Feedback
Malware Scanning Feedback enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment.
Malware Scanning Feedback | |
---|---|
Data collected |
|
Console location | ATP policy > Malware Scanning > Rules > Predictive Machine Learning |
Console settings |
|
Virtual Analyzer for files
Virtual Analyzer is a cloud sandbox designed for analyzing suspicious files. Sandbox images allow observation of file behavior in an environment that simulates endpoints on your network without any risk of compromising the network.
Data collected |
|
---|---|
Console location | ATP policy > Virtual Analyzer |
Console settings |
|
Advanced Spam Protection
Cloud App Security uses Trend Micro Antispam Engine to provide advanced spam protection, as a complement to the email protection service on your email gateway side, to further protect Exchange Online users from BEC, ransomware, advanced phishing, and other high-profile attacks.
Advanced Spam Protection | |
---|---|
Data collected |
|
Console location | ATP policy > Advanced Spam Protection |
Console settings |
|
Advanced Spam Protection Feedback
Advanced Spam Protection feedback enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment.
Advanced Spam Protection Feedback | |
---|---|
Data collected |
|
Console location | ATP policy > Advanced Spam Protection |
Console settings |
|
Web Reputation
Cloud App Security leverages Trend Micro Web Reputation Services to scan URLs contained in files, email bodies and attachments to detect malicious URLs based on their reputation scores.
Data collected |
|
---|---|
Console location | ATP policy > Web Reputation |
Console settings |
|
Quarantined email preview
Cloud App Security will store the previewed part of the quarantine email message body in its storage after the messages trigger quarantine actions.
The previewed part will be kept for 180 days in Cloud App Security before they get automatically deleted.
After data is deleted, the administrator cannot preview the quarantined messages through Cloud App Security.
Data collected |
|
---|---|
Console settings |
|
Cloud App Security Add-in -Manage Quarantine
Cloud App Security collects the listed information to enable end users to manage quarantined emails and add trusted senders.
Data collected |
|
---|---|
Console settings |
|
Cloud App Security Add-in - Report Email
Cloud App Security collects the listed information to enable end users to report emails.
Collected emails will be automatically deleted after 180 days.
Data collected |
|
---|---|
Console settings |
|
Exchange Online Protection Enhancement with Microsoft 365 Activity Data
Data will be automatically deleted one month after the grace period of your license expires.
Data collected |
|
---|---|
Console Settings | Enable: Disable:
|
Correlated Intelligence
Cloud App Security collects suspicious emails for backend services, which will gather the emails' metadata (with Personal Identifiable Information removed) for further analysis.
Data collected |
|
---|---|
Console Settings | Enable:
Disable:
|
Data center location for CAS & XDR Data Lake
Country of Purchase | Data Center Location |
---|---|
USA | CAS: West US, California XDR Platform/Activity Data: East US, N. Virginia |
EU | CAS: West Europe, Netherlands XDR Platform/Activity Data: West Europe, Netherlands |
Japan | CAS: Japan East, Tokyo XDR Platform/Activity Data: Japan East, Tokyo |
SG | CAS: Southeast Asia, Singapore XDR Platform/Activity Data: Southeast Asia, Singapore |
ANZ | CAS: Australia Central, Canberra XDR Platform/Activity Data: East US, N. Virginia (*Australia Central - future site) |
EU-UK | CAS: UK South, London XDR Platform/Activity Data: West Europe, Netherlands |
Canada | CAS: Canada Central, Toronto XDR Platform/Activity Data: East US, N. Virginia |
India | CAS: Central India, Pune XDR Platform/Activity Data: Asia Pacific, Mumbai |
Middle East (UAE) | CAS: Dubai / UAE North XDR Platform/Activity Data: UAE / Middle East |