Please check the following items:

1. Make sure that the Policy for the Service is enabled. Go to Advanced Threat Protection tab and enable the policies.

   

2. Check the Rules of the Policy:
       If you want to test an EICAR file, Rule Malware Scanning should be enabled.
       If you want to block specific attachments, Rule File Blocking should be enabled.
       If you want to block malicious URLs, Rule Web Reputation should be enabled.

   

3. Check if the App ID is created on SharePoint admin center.
   1. In Cloud App Security, navigate to Administration > Service Account. You will see the App ID for each service.

      

   2. Check if the App IDs are also created in this location, <sharepoint_admin_site>/_layouts/15/TA_AllAppPrincipals.aspx

      

   3. If App IDs are missing, perform the following steps to grant TMCAS permission to receive notifications from Microsoft upon any change to the files on your SharePoint sites.
      1. Log on to the Microsoft 365 admin center with your Global Administrator account.
      2. From the left navigation, go to Admin centers > SharePoint. The SharePoint admin center page will appear.
      3. Change the SharePoint admin center URL to <sharepoint_admin_site>/_layouts/15/AppInv.aspx in the address bar.
         As an example, change https://example-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home to https://example-admin.sharepoint.com/_layouts/15/AppInv.aspx, and then open the URL.
      4. On the screen, copy and paste the App ID of the following services in the App ID field, then click Lookup. The Title field will automatically be filled.
      5. Copy and paste tmcas.trendmicro.com in the App Domain field.
      6. Copy and paste the following information in the Redirect URL field based on your serving site.

         SERVING SITE	REDIRECT URL
         EU	https://admin-eu.tmcas.trendmicro.com/provision.html
         UK	https://admin.tmcas.trendmicro.co.uk/provision.html
         Japan	https://admin.tmcas.trendmicro.co.jp/provision.html
         US	https://admin.tmcas.trendmicro.com/provision.html
         Australia and New Zealand	https://admin-au.tmcas.trendmicro.com/provision.html
         Canada	https://admin-ca.tmcas.trendmicro.com/provision.html
         Singapore	https://admin.tmcas.trendmicro.com.sg/provision.html
         India	https://admin-in.tmcas.trendmicro.com/provision.html

      7. Copy and paste the following information in the Permission Request XML field:

         <AppPermissionRequests AllowAppOnlyPolicy="true">
         <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
         </AppPermissionRequests>

      8. Click Create, and on the screen that appears, click Trust It.

         

      9. The SharePoint admin center page will appear.
      10. Change the SharePoint admin center URL to:

          <sharepoint_admin_site>/_layouts/15/TA_AllAppPrincipals.aspx 

      11. Open the URL to verify the permission. If an item for Trend Micro Cloud App Security appears, the permission is successfully granted.