Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Security Assessment Service Data Collection Disclosure

    • Updated:
    • 13 Apr 2020
    • Product/Version:
    • Apex One as a Service
    • Cloud App Security
    • Platform:
Summary

The section below outlines the following Security Assessment Service features that collect data, the data transmitted, and their location on the product console where you can disable the features:

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Details
Public

Registration

The Assessment Service uses the information to:

  • Identify users
  • Assign a confirmation number to each user (The number is used to log on to the portal.)
  • Assign an ID to the company (The ID is embedded in the Endpoint Assessment Tool package.)
  • Send status updates
  • Generate email and endpoint reports
 
The information will automatically be deleted 90 days after the report is generated.
Data collected
  • First name
  • Last name
  • Company name
  • Country
  • State/Province/Region
  • Email address
Console location

Registration page

Console settings

Click Start

Trend Micro Cybersecurity Assessment Service Data Collection Disclosure

Back to top

Office 365 Access

The Assessment Service needs permission to access mailboxes for scanning. Trend Micro does not access and store users’ Office 365 credentials.

Granted permissions expire one month after you click “Accept” on the Office 365 permissions page. If you want to revoke permissions before the expiration date, contact Trend Micro Support.

Data collected
  • Azure Active Directory: Domain, user, and group information
  • Exchange Online: Mailbox information
  • Global administrator email address used to grant permissions to the Assessment Service
Console location

Registration page > Click START

Console settings

Click Grant Permission

Trend Micro Cybersecurity Assessment Service Data Collection Disclosure

Back to top

Email Assessment

Email Assessment combines machine learning, document exploit detection, and behavior analysis to protect Exchange Online users from BEC, ransomware, advanced phishing, and other high-profile attacks.

 
The information will automatically be deleted 90 days after the report is generated.
Data collected
  • Email senders
  • Email recipients
  • Email locations
  • Email subjects
  • Email attachments
  • File modifiers
  • File locations
  • File names
  • URLs in email body
  • URLs in email attachments
  • URLs in files
  • Suspicious executable files and scripts in cloud storage services
  • Suspicious executable files and scripts in email attachments
  • Metadata of suspicious executable files and scripts in cloud storage services
  • Metadata of suspicious executable files and scripts in email attachments
  • IP addresses of upstream MTAs for IP rating query
  • Domain, user, device and group information in Azure Active Directory
Console location

Registration page > Click START > Click Grant Permission

Console settings

Click Start Email Assessment

Trend Micro Cybersecurity Assessment Service Data Collection Disclosure

Back to top

Endpoint Assessment

Endpoint Assessment includes Smart Feedback, a feature that shares anonymous threat information with the Trend Micro Smart Protection Network. Smart Feedback is automatically enabled when you start the Endpoint Assessment.

 
Information shared with the Trend Micro Smart Protection Network will automatically be deleted after three years.
Data collected
  • IP addresses
  • Logon names
  • Computer names
  • Operating systems
  • Names and paths of detected files and processes (malicious and suspicious)
Console location

There are two entries for endpoint assessment.

Console settings
  • Email assessment report > Click Start Endpoint Assessment

    Trend Micro Cybersecurity Assessment Service Data Collection Disclosure

  • Registration page > Choose “Potentially Compromised Endpoints Only" > Click Next

    Trend Micro Cybersecurity Assessment Service Data Collection Disclosure

Back to top

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000237109
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.