Migrating to Authorized Account for Exchange Online

Cloud App Security no longer supports automatic and manual provisioning of the Delegate Account for Exchange Online. If you are using a Delegate Account, Cloud App Security allows you to migrate to a modern authentication-based Authorized Account.

Important:

Trend Micro strongly recommends that you complete the migration before October 1, 2022. This is because Microsoft will start retiring Basic Authentication for EWS in Exchange Online on this date. As a result, Cloud App Security cannot use the Delegate Account to connect to your Exchange Online service through EWS and implement protection.

During migration, Cloud App Security provisions an Authorized Account and obtains an access token to gain limited access to protected Exchange Online mailboxes.

Important:

Before migration to use token-based authentication is successful, Cloud App Security continues to protect your Exchange Online service by using the current basic authentication.

  1. Open the migration screen in either of the following ways:
    • Click Click here in the upper left of the Dashboard screen.

    • Go to Administration > Service Account, and then click Migration Available under Status of the Exchange Online service account.

    The Migrate to Use Authorized Account screen appears.

  2. Follow steps 3 through 6 in Provisioning an Exchange Online Authorized Account.
  3. Click Done.
  4. Hover over the task icon in the upper-right corner of the management console.

    If the message "Migrated to use Authorized Account for Exchange Online" appears, the migration is successful. Cloud App Security will protect your Exchange Online service using token-based modern authentication through the provisioned Authorized Account.

  5. (Optional) Delete the Delegate Account in your Microsoft 365 admin center.
    1. Go to Administration > Service Account and view the account name for Exchange Online.

    2. Log on to your Microsoft 365 admin center.

    3. Go to Users > Active users, and then locate and select the Delegate Account to delete the account.