Migrating to Authorized Account for SharePoint Online and OneDrive

For customers who have provisioned a Delegate Account for the SharePoint Online and OneDrive services, Cloud App Security now supports migrating the customers to a modern authentication based Authorized Account for protection.

Trend Micro recommends that customers currently with a Delegate Account complete the migration as early as possible.

Important:

Before migration to use token-based authentication is successful, Cloud App Security continues to protect your SharePoint Online and OneDrive services by using the current basic authentication.

  1. Open the migration screen in either of the following ways:
    • Click Click here in the upper left of the Dashboard screen.

    Note:

    If you are still using the SharePoint Online or OneDrive service with a Delegate Account, the Click here link is available on the Dashboard screen, allowing you to migrate from using basic authentication to using token-based authentication to better protect your SharePoint Online or OneDrive service.

    • Go to Administration > Service Account, and then click Migration Available under Status of the SharePoint Online service account.

    The Migrate to Use Authorized Account screen appears.

    Note:

    If you have provisioned the Delegate Account only for the SharePoint Online service, the Migrate to Use Authorized Account screen shows a four-step procedure for migrating to use Authorized Account for SharePoint Online; if you have provisioned the Delegate Account only for the OneDrive service, the screen shows a three-step procedure for migrating to use Authorized Account for OneDrive; if you have provisioned the Delegate Account for both services, the screen shows the procedure for SharePoint Online first, and then the procedure for OneDrive after you complete the procedure for SharePoint Online.

    Here it is assumed that you have provisioned the Delegate Account for both services.

  2. Click Click here at the end of Step 1 of the procedure for migrating to use Authorized Account for SharePoint Online.

    The Microsoft logon screen appears.

  3. Follow steps 4 through 7 in Provisioning a SharePoint Online Authorized Account.
  4. Go back to the Cloud App Security management console and click Next.

    The message "Are you sure you have followed the instructions for step 2 to grant Cloud App Security permissions to receive notifications from Microsoft for real-time scanning on your SharePoint Online sites? Cloud App Security cannot receive notifications from Microsoft for real-time scanning on your SharePoint Online sites if you do not grant the permissions." appears.

  5. Click Yes.

    The Migrate to Use Authorized Account screen for the OneDrive service appears.

  6. Click Click here at the end of Step 1.

    The Microsoft logon screen appears.

  7. Follow steps 4 through 7 in Provisioning a OneDrive Authorized Account.
  8. Go back to the Cloud App Security management console and click Submit.

    The message "Are you sure you have followed the instructions for step 2 to grant Cloud App Security permissions to receive notifications from Microsoft for real-time scanning on your OneDrive sites? Cloud App Security cannot receive notifications from Microsoft for real-time scanning on your OneDrive sites if you do not grant the permissions." appears.

  9. Click Yes.

    Cloud App Security then updates the SharePoint Online and OneDrive data in your organization. The time required depends on how much data you have in SharePoint Online and OneDrive.

  10. Click Done.
  11. Hover over the task icon in the upper-right corner of the management console.

    If the message "Migrated to use Authorized Account for SharePoint Online" or "Migrated to use Authorized Account for OneDrive" appears, the migration is successful. Cloud App Security will protect your SharePoint Online and OneDrive services using token-based modern authentication through the provisioned Authorized Account.

  12. Click Delegate Account Cleanup under Status of the SharePoint Online or OneDrive service account, or hover over the notification icon in the upper-right corner and click Delegate Account cleanup for SharePoint Online or Delegate Account cleanup for OneDrive to clean up the Delegate Account.
    Note:

    The Delegate Account Cleanup and Delegate Account cleanup for SharePoint Online (or Delegate Account cleanup for OneDrive) links are available only if the Delegate Account that you previously use is not assigned to the Global Administrator role.

  13. On the Delegate Account Cleanup screen that appears, specify your Office 365 Global Administrator credentials and click Done to clean up the Delegate Account.
  14. (Optional) Delete the Delegate Account in your Microsoft 365 admin center.
    1. Go to Administration > Service Account and view the account name for SharePoint Online and OneDrive.

    2. Log on to your Microsoft 365 admin center.

    3. Go to Users > Active users, and then locate and select the Delegate Account to delete the account.