Cloud App Security supports using OAuth 2.0 to provision service accounts (Authorized Accounts) for Exchange Online. With the OAuth 2.0 framework, Cloud App Security obtains an access token to get limited access on the Global Administrator's behalf to run advanced threat protection and data loss prevention scanning on email messages in protected mailboxes.
Cloud App Security supports two protection modes for Exchange Online. Each mode requires separate service account provisioning.
Protection Mode |
Provisioning |
---|---|
Scan messages after they arrive at or are delivered from protected mailboxes |
|
Scan messages while they are on the way to their destinations (inline mode) |
See Provisioning an Exchange Online (Inline Mode) Authorized Account. |
You can choose to provision for both or either of the protection types for your Exchange Online service based on your requirements.