Delegate Account

A Delegate Account is not associated with an actual person. A Delegate Account is a tenant account that Cloud App Security requires to integrate with Microsoft Office 365 services.

Through the Delegate Account, Cloud App Security scans files in real-time to protect end users from advanced threats and to enforce compliance based on Data Loss Prevention policies.

Important:

Cloud App Security uses the Delegate Account to integrate with Microsoft Office 365 services and access Office 365 data under your authorization to protect your email messages and files from network threats.

To guarantee stringent protection of data from unauthorized access, Cloud App Security secures Delegate Account credentials by encrypting the credential password with AES-256. Cloud App Security creates and manages the 256-bit encryption key using the Trend Micro Key Management Service through Key Management Interoperability Protocol (KMIP) technology.

Access to your Delegate Account is restricted to the Cloud App Security service only.

For Exchange Online, Cloud App Security uses the Delegate Account to access mailbox accounts designated for protection, and "listens" for arriving email messages. Through the Delegate Account, Cloud App Security retrieves email messages from the Office 365 cloud, scans them, and then takes pre-configured actions as necessary.

For SharePoint Online and OneDrive for Business, Cloud App Security uses the Delegate Account to access site collections and user profiles designated for protection, "listens" for users uploading, creating, synchronizing, or modifying files, and then takes pre-configured actions as necessary.

Note:

Cloud App Security can protect an Office 365 tenant account hosted in different countries or regions, but for better performance and efficiency, Trend Micro recommends registering your Cloud App Security with Trend Micro Customer Licensing Portal using a location that is geographically close to your Office 365 tenant location.

In addition, one Customer Licensing Portal account manages only one Office 365 tenant account.