Problem: Automatic/manual granting of access to SharePoint Online/OneDrive failed when multi-factor authentication (MFA) is enabled on the required account.
If multi-factor authentication (MFA) is enabled on the Office 365 Global Administrator account used for automatic access grant or on the SharePoint Online Delegate Account created for manual access grant, the access grant will fail because Cloud App Security cannot pass the access control on the Office 365 service side.
To complete access grant, perform either of the following:
  • Automatic access grant: disable MFA on the GA account and enable MFA after the access grant as necessary.
    This does not apply to manual access grant because Cloud App Security needs to use the Delegate Account for subsequent proceeding after access grant.
  • Automatic and manual access grant: use an app password.
    1. Create an app password for the account used for access grant. This gives Cloud App Security permission to access the Office 365 account. For details, search for how to create a new app password on the Microsoft Support website.
    2. Wherever you're prompted for your password during access grant, paste the app password in the box.