Deprovisioning Office 365 Services

This section describes how to deprovision Office 365 services, including Exchange Online, Exchange Online (Inline Mode), SharePoint Online, OneDrive, Microsoft Teams (Teams and Chat).

The steps outlined below detail how to deprovision an Office 365 service account.

  1. Choose Administration > Service Account.
  2. (Optional) Record the App Id under the corresponding service account if you deprovision SharePoint Online, OneDrive, or Microsoft Teams (Teams). You may need it in step 8.
  3. Select an Office 365 service account, for example, an Exchange Online account, and click Remove.

    Be cautious when deprovisioning an Exchange Online service account. The following supported Cloud App Security automation APIs will not work after the Exchange Online service account is deprovisioned: Threat Investigation, Threat Mitigation, Threat Remediation.

  4. On the Remove <Office 365 Service Name> Service Account screen that appears, click OK.

    If the service account is a Delegate Account, Cloud App Security requests Office 365 to verify the selected service account.

    • If the service account is valid, proceed to the next step.

    • If the service account is invalid, choose to cancel the operation or forcibly remove your data generated in Cloud App Security as instructed.

    Note:

    Global Administrator privileges are required for removing service accounts.

    If your account does not have required privileges, specify the Global Administrator credentials as instructed and click OK.

    Cloud App Security starts to remove the selected service account.

  5. Click the Details link in the Status column to check the progress.

    The Remove <Office 365 Service Name> Service Account screen appears, showing all the steps involved, the status of each step, and the estimated time left.

  6. After checking the detailed information, click Close to close the screen.
  7. Wait for some time and manually refresh your console.

    • If the selected service account is successfully removed, it disappears from the Service Account screen.

    • If Cloud App Security fails to remove the selected service account, you still have the option to forcibly remove your data generated in Cloud App Security as instructed.

  8. (For SharePoint Online, OneDrive, and Microsoft Teams) Open {sharepoint_admin_site}/_layouts/15/TA_AllAppPrincipals.aspx, find the application with name Trend Micro Cloud App Security and the App Identifier associated with the service being deprovisioned, and then click x in the front.

    The App Identifier for each service is the one you copied and pasted in the App Id field when provisioning the corresponding authorized account. If you forgot the App Id, refer to the information you recorded in step 2.

  9. Manually clean up the remaining data.

    For details, see Changes Made Under Inline Protection for Exchange Online (Inline Mode) or Changes Made Under API-based Protection for other services.

Parent topic: Deprovisioning Services