Views:
For customers who have granted Cloud App Security access to the SharePoint Online and OneDrive services with a Delegate Account, Cloud App Security now supports migrating the customers to a modern authentication based Authorized Account for protection.
Trend Micro recommends that customers currently with a Delegate Account complete the migration as early as possible.
Important
Important
Before migration to use token-based authentication is successful, Cloud App Security continues to protect your SharePoint Online and OneDrive services by using the current basic authentication.

Procedure

  1. Go to AdministrationService Account, and then click Migration Available under Status of the SharePoint Online service account.
    The Migrate to Use Authorized Account screen appears.
    Note
    Note
    If you have granted only access to the SharePoint Online service with a Delegate Account , the Migrate to Use Authorized Account screen shows a four-step procedure for migrating to use Authorized Account for SharePoint Online; if you have granted only access to the OneDrive service with a Delegate Account, the screen shows a three-step procedure for migrating to use Authorized Account for OneDrive; if you have granted access to both services with a Delegate Account, the screen shows the procedure for SharePoint Online first, and then the procedure for OneDrive after you complete the procedure for SharePoint Online.
    Here it is assumed that you have granted access to both services with a Delegate Account.
  2. Follow steps 4 through 6 in Granting access to Sharepoint Online with an authorized account.
  3. Go back to the Cloud App Security management console and click Next.
    The message "Are you sure you have followed the instructions for step 2 to grant Cloud App Security permissions to receive notifications from Microsoft for real-time scanning on your SharePoint Online sites? Cloud App Security cannot receive notifications from Microsoft for real-time scanning on your SharePoint Online sites if you do not grant the permissions." appears.
  4. Click Yes.
    The Migrate to Use Authorized Account screen for the OneDrive service appears.
  5. Click Click here at the end of Step 1.
    The Microsoft logon screen appears.
  6. Follow steps 4 through 6 in Granting access to OneDrive with an authorized account.
  7. Go back to the Cloud App Security management console and click Submit.
    The message "Are you sure you have followed the instructions for step 2 to grant Cloud App Security permissions to receive notifications from Microsoft for real-time scanning on your OneDrive sites? Cloud App Security cannot receive notifications from Microsoft for real-time scanning on your OneDrive sites if you do not grant the permissions." appears.
  8. Click Yes.
    Cloud App Security then updates the SharePoint Online and OneDrive data in your organization. The time required depends on how much data you have in SharePoint Online and OneDrive.
  9. Click Done.
  10. Hover over the task icon in the upper-right corner of the management console.
    If the message "Migrated to use Authorized Account for SharePoint Online" or "Migrated to use Authorized Account for OneDrive" appears, the migration is successful. Cloud App Security will protect your SharePoint Online and OneDrive services using token-based modern authentication through the created Authorized Account.
  11. Click Delegate Account Cleanup under Status of the SharePoint Online or OneDrive service account, or hover over the notification icon in the upper-right corner and click Delegate Account cleanup for SharePoint Online or Delegate Account cleanup for OneDrive to clean up the Delegate Account.
    Note
    Note
    The Delegate Account Cleanup and Delegate Account cleanup for SharePoint Online (or Delegate Account cleanup for OneDrive) links are available only if the Delegate Account that you previously use is not assigned to the Global Administrator role.
  12. On the Delegate Account Cleanup screen that appears, specify your Microsoft 365 Global Administrator credentials and click Done to clean up the Delegate Account.
  13. (Optional) Delete the Delegate Account in your Microsoft 365 admin center.
    1. Go to AdministrationService Account and view the account name for SharePoint Online and OneDrive.
    2. Log on to your Microsoft 365 admin center.
    3. Go to UsersActive users, and then locate and select the Delegate Account to delete the account.