Cloud App Security supports using OAuth 2.0 to provision a service account (Authorized Account) for OneDrive. With the OAuth 2.0 framework, Cloud App Security uses an access token to obtain limited access on the Global Administrator's behalf to run advanced threat protection and data loss prevention scanning on files in the protected OneDrive sites of your organization.
The steps outlined below detail how to provision an Authorized Account for OneDrive from Dashboard.
The Provision Service Account for OneDrive screen appears.
The Microsoft logon screen appears.
The Microsoft authorization screen appears.
Cloud App Security assigned an App Id for OneDrive that will be used for permission request on the SharePoint admin center in the next step. Copy the App Id from the screen and paste it in step 7d as instructed.
If you decide to perform step 7 later, you can find the App Id under the corresponding Authorized Account from Administration > Service Account.
The SharePoint admin center page appears.
The Title field is automatically filled.
For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, enter https://admin-eu.tmcas.trendmicro.com/provision.html in the Redirect URL field.
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" /> </AppPermissionRequests>
The SharePoint admin center page appears.
If an item for Trend Micro Cloud App Security appears, the permission is successfully granted.
Cloud App Security then updates the OneDrive data in your organization. The time required depends on how much data you have in OneDrive.
If the message "OneDrive protected." appears on the Notifications screen, the provisioning is successful.
If for some reason the access token becomes invalid, go to Administration > Service Account to create a new access token for the service account. For more information, see Service Account.