The steps outlined below detail how to grant Cloud App Security access to Exchange Online with an Authorized Account from Dashboard. This account enables Cloud App Security to scan messages after they arrive at or are delivered from protected mailboxes.
Procedure
- Go to .
- Click Grant Access in the Action
column for Exchange Online.The Grant Access to Exchange Online screen appears.
- Select to synchronize all users and groups or selected users during access
grant.
Important
For access grant with certain targets synchronized, Cloud App Security does not support manual synchronization and scheduled synchronization. - Select the policy to enable automatically when the access grant is complete.
- Click Grant Permission.
- Specify your Microsoft 365 Global Administrator credentials and click Sign in.The Exchange Online authorization screen appears.
- Click Accept to grant Cloud App Security permissions to use the Graph API to access all mailboxes.
- If you have selected Synchronize selected users in step
3, specify the users you want to synchronize.
- In the Available Targets area that appears,
specify individual users or select users from groups.
-
By User: specify the exact user principal name of a user and press Enter to verify and display the user name.
-
By Group: specify at least the first three characters of the group name and press Enter to search for and display the group(s).
-
- Select the user(s) and click the arrow button to add them to the
Selected Targets area.You can synchronize a maximum of 100 users.
- Optionally select one or multiple users in the Selected Targets area and click the arrow button to remove them.
- Click Submit.
- In the Available Targets area that appears,
specify individual users or select users from groups.
- Wait until the process is completed.If the message "Successfully created a service account and synced data." appears on the screen, the access grant is successful.
- To allow Cloud App Security to enhance protection for your Exchange Online service based on user behavior, click Grant Permission in the banner on the Dashboard screen, and follow the instructions to grant Cloud App Security the permission to read activity data for your organization.
What to do next
If for some reason the access token becomes invalid, a notification appears on Dashboard. Cloud App Security also sends an email message to notify the administrator of this event. To continue
using the service account, go to to create a new access token. For more information, see Service account.
If only some targets were selected to synchronize during access grant, Cloud App Security is also able to extend its protection to all targets under the corresponding service
by enabling you to manually synchronize all targets:
-
On the Service Account screen, click Extend Protection to All Targets.
-
On the screen that appears, view the instructions and click Submit.
-
Go to Advanced Threat Protection or Data Loss Prevention, and open an ATP or DLP policy of each service you want to extend the protection to, that is, Exchange Online, SharePoint Online, or OneDrive.
-
Select the General tab and click Click here to manually synchronize all your targets.
NoteAfter clicking Submit, you can also wait until the next day because Cloud App Security automatically synchronizes with your Microsoft 365 environment once per day.
|