A Delegate Account is not associated with an actual
person. A Delegate Account is a tenant account that Cloud App Security requires to integrate with Exchange
Online, SharePoint Online, and OneDrive.
Cloud App Security creates the Delegate Account to use basic authentication (pass of the username and
password with every request) when connecting to a protected Microsoft 365 service.
Through the Delegate Account, Cloud App Security scans files in real-time to protect end users from advanced threats and to enforce
compliance based on Data Loss Prevention policies.
![]() |
ImportantCloud App Security uses the Delegate Account to integrate with Microsoft 365 services and access Microsoft
365 data under your authorization to protect your email messages and files from network
threats.
To guarantee stringent protection of data from unauthorized
access, Cloud App Security secures Delegate Account
credentials by encrypting the credential password with AES-256. Cloud App Security creates and manages the 256-bit encryption
key using the Trend Micro Key Management Service through the Microsoft Azure Key
Vault service.
Access to your Delegate Account is restricted to the Cloud App Security service only.
|
For Exchange Online, Cloud App Security uses the Delegate Account to access mailbox accounts designated for protection, and
listensfor arriving email messages. Through the Delegate Account, Cloud App Security gets access to email messages on the Microsoft 365 cloud, scans them, and then takes pre-configured actions as necessary.
For SharePoint Online and OneDrive, Cloud App Security uses the Delegate Account to access site
collections and user profiles designated for protection,
listensfor users uploading, creating, synchronizing, or modifying files, and then takes pre-configured actions as necessary.