In order to configure Trend Micro Cloud App Security and improve protection against Business Email Compromise (BEC), the following steps can be taken:

1. Ensure that the 'Suspicious Sender Detection' (SSD) rule is enabled for High Profile Users (HPU).
2. If the HPU is expected to only use an internal domain, the first checkbox should be ticked. This is used when there is a mailbox that has the same display name as HPU but uses a different/external domain.
3. If the HPU should be sending emails consecutively without missing any day for 30 days, tick the second checkbox (optional).
4. The action taken for SSD is up to the administrator. They can either tag the subject and not notify (which still delivers the email), or modify it according to how the email should be handled.

By following these steps, BEC emails can be better recognized and addressed in Trend Micro Cloud App Security.