Cloud App Security supports using OAuth 2.0 to provision a service account (Authorized Account) for SharePoint Online. With the OAuth 2.0 framework, Cloud App Security uses an access token to obtain limited access on the Global Administrator's behalf to run advanced threat protection and data loss prevention scanning on files in the protected SharePoint sites of your organization.
If you have also provisioned a Microsoft Teams (Teams) service account, when the SharePoint site and the team corresponding to a file are selected as a policy target respectively, Cloud App Security applies policies for Microsoft Teams (Teams) to this site unless the site does not hit any policy for Microsoft Teams.The steps outlined below detail how to provision an Authorized Account for SharePoint Online from Dashboard.
The Provision Service Account for SharePoint Online screen appears.
The Microsoft logon screen appears.
The Microsoft authorization screen appears.
Cloud App Security assigned an App Id for SharePoint Online that will be used for permission request on the SharePoint admin center in the next step. Copy the App Id from the screen and paste it in step 7d as instructed.
If you decide to perform step 7 later, you can find the App Id under the corresponding Authorized Account from Administration > Service Account.
The SharePoint admin center page appears.
The Title field is automatically filled.
For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, enter https://admin-eu.tmcas.trendmicro.com/provision.html in the Redirect URL field.
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" /> </AppPermissionRequests>
The SharePoint admin center page appears.
If an item for Trend Micro Cloud App Security appears, the permission is successfully granted.
Cloud App Security then updates the SharePoint Online data in your organization. The time required depends on how much data you have in SharePoint Online.
If the message "SharePoint Online protected." appears on the Notifications screen, the provisioning is successful.
If for some reason the access token becomes invalid, go to Administration > Service Account to create a new access token for the service account. For more information, see Service Account.