Grant Cloud Email and Collaboration
Protection access to Microsoft Teams (Teams) to
allow Cloud Email and Collaboration
Protection to run advanced threat protection
and data loss prevention scanning on files in protected teams.
 |
ImportantCloud Email and Collaboration
Protection protects the Teams and Chat services in
Microsoft Teams separately.
|
Cloud Email and Collaboration
Protection scans files that employees share in team
channels, which are stored in SharePoint.
If you have also granted Cloud Email and Collaboration
Protection access to
SharePoint Online, when the SharePoint site and the team corresponding to a file are
selected as a policy target respectively, Cloud Email and Collaboration
Protection
applies policies for Microsoft Teams (Teams) to this site unless the site does not
hit any policy for Microsoft Teams.
The steps outlined below detail how to grant access to Microsoft Teams (Teams) from
Dashboard.
Procedure
- Go to .
- Click Grant Access in the Action
column for Microsoft Teams.The Grant Access to Microsoft Teams screen appears.
- Select the policy to enable automatically when the access grant is complete.
- Click Grant Permission.
- Specify your Office 365 Global Administrator credentials and click
Sign in.The Microsoft authorization screen appears.
- Click Accept to grant Cloud Email and Collaboration Protection permissions on teams in your organization.
- Go back to the Cloud Email and Collaboration
Protection management console as
instructed.Cloud Email and Collaboration Protection assigned an App Id for Microsoft Teams that will be used for permission request on the SharePoint admin center in the next step. Copy the App Id from the screen and paste it in step 4 as instructed.If you decide to perform step 8 later, you can find the App Id under the corresponding Authorized Account from .
- Perform the following steps to grant Cloud Email and Collaboration
Protection
permissions to receive notifications from Microsoft upon any change to the files
in your teams.
- Log on to the Microsoft 365 admin center with your Global Administrator account.
- Go to from the left navigation.The SharePoint admin center page appears.
- Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/AppInv.aspx in the address bar, for example, change https://example-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home to https://example-admin.sharepoint.com/_layouts/15/AppInv.aspx, and then open the URL.
- On the screen that appears, copy and paste the App Id assigned in step
7 in the App Id field and then
click Lookup.The Title field is automatically filled.
- Copy and paste tmcas.trendmicro.com in the App Domain field.
- Enter {Cloud App
Security_admin_site}/provision.html in the
Redirect URL field based on your serving
site.For example, if the URL of your Trend Vision One console in the address bar is "https://portal.xdr.trendmicro.com" after logon, enter https://portal.xdr.trendmicro.com/ui/cas/provision.html in the Redirect URL field.
- Copy and paste the following information in the Permission
Request XML field:
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" /> </AppPermissionRequests>
- Click Create, and on the screen that appears,
click Trust It.The SharePoint admin center page appears.
- Change the SharePoint admin center URL to
{sharepoint_admin_site}/_layouts/15/TA_AllAppPrincipals.aspx
and then open the URL to verify the permission.If an item named Trend Micro Cloud App Security for MS Teams appears, the permission is successfully granted.
- Wait until the process is completed.If the message "Successfully created a service account and synced data." appears on the screen, the access grant is successful.