Provisioning a Service Account for Exchange Online

Cloud App Security also supports using the OAuth authorization framework to provision a service account for Exchange Online. With the OAuth authorization framework, Cloud App Security uses an access token to obtain limited access on the Global Administrator's behalf to run advanced threat protection and data loss prevention scanning on email messages in protected mailboxes.

Cloud App Security uses OAuth 2.0 for authentication.

The steps outlined below detail how to provision a service account for Exchange Online from Dashboard.

  1. Log on to the Cloud App Security management console.
  2. Hover over Exchange Online and click Provision.
  3. On the Accessing Microsoft Exchange Online Account Information screen, click the Use Access Token tab.
  4. Click Click here at the end of Step 1.

    The Microsoft logon screen appears.

  5. Specify your Office 365 Global Administrator credentials and click Sign in.

    The Exchange Online authorization screen appears.

  6. Click Accept to grant Cloud App Security permissions to use the Exchange Web Service (EWS) managed API for quarantine management.
  7. Go back to the Cloud App Security management console as instructed and click Click here at the end of Step 2.

    The Exchange Online authorization screen appears.

  8. Click Accept to grant Cloud App Security permissions to use the Graph API to access all mailboxes.
  9. Go back to the Cloud App Security management console as instructed and click Done.
  10. Hover over the ring icon in the upper-right corner of the management console.

    If the message "Exchange Online protected." appears on the Notifications screen, the provisioning is successful.