Cloud App Security uses a single SharePoint Online Delegate Account for both SharePoint Online and OneDrive. If you want to protect both services, provision the Delegate Account under SharePoint Online and OneDrive respectively to add required data about both services to the Delegate Account.
During provisioning, Cloud App Security allows you to synchronize:
All SharePoint site collections and/or OneDrive users and groups of your organization
Certain SharePoint site collections and/or OneDrive users of your organization for testing purposes
You need to use the same option when provisioning a service account for Exchange Online, SharePoint Online, and OneDrive, that is, to either synchronize all targets or synchronize certain targets.
For service account provisioning with certain targets synchronized, Cloud App Security does not support manual synchronization and scheduled synchronization.
The steps outlined below detail how to provision a SharePoint Online Delegate Account for SharePoint Online first and then OneDrive from Dashboard.
The Provision Service Account for SharePoint Online screen appears.
Trend Micro does not save the Global Administrator credentials. They are used only once to provision the necessary Delegate Accounts.
Selecting this check box promotes Delegate Accounts to Global Administrator privileges. This automatically synchronizes changes.
Clearing this check box leaves Delegate Accounts with Service Administrator privileges. This requires Global Administrator credentials every time you want to synchronize changes.
Select Synchronize all targets and go to Step f.
Select Synchronize selected targets and click Next.
Sign in to Microsoft 365 admin center with your Global Administrator account, and go to Admin centers > SharePoint > site collections from the left navigation.
Verify and add the URLs to protect one by one by copying a URL, pasting it into the text box, and clicking Add.
You can add a maximum of 100 site collection URLs.
Optionally select the URLs one by one to remove them.
Go to Step f.
If the message "SharePoint Online protected." appears on the Notifications screen, the provisioning is successful.
The Provision Service Account for OneDrive screen appears.
If the Delegate Account is already provisioned for SharePoint Online, this option is dimmed and unavailable because it follows what is selected during provisioning for SharePoint Online in Step 2.
If the Delegate Account is not provisioned for SharePoint Online yet,
Select Synchronize all targets and go to Step f.
Select Synchronize selected targets and click Next.
In the Available Targets area that appears, specify individual users or select users from groups.
By User: specify the exact user principal name of a user having OneDrive sites and press Enter to verify and display the user name.
By Group: specify at least the first three characters of the group name and press Enter to search for and display the group(s).
Select the user(s) and click the arrow button to add them to the Selected Targets area.
You can synchronize a maximum of 100 users.
Optionally select one or multiple users in the Selected Targets area and click the arrow button to remove them.
Go to Step f.
If the message "OneDrive protected." appears on the Notifications screen, the provisioning is successful.
On the Notifications screen, click Extend to protect all your Office 365 service targets..
On the screen that appears, view the instructions and click Submit.
Go to Advanced Threat Protection or Data Loss Prevention, and open an ATP or DLP policy of each service you want to extend the protection to, that is, Exchange Online, SharePoint Online, or OneDrive.
Select the General tab and click Click here to manually synchronize all your targets.
After clicking Submit, you can also wait until the next day because Cloud App Security automatically synchronizes with your Office 365 environment once per day.