Views:

To provision an Authorized Account for SharePoint Online or OneDrive from Cloud App Security web console, check below:

SharePoint Online from Cloud App Security web console

Log on to the Cloud App Security management console.
Hover over SharePoint Online and click Provision.

^{Click the image to enlarge.}
On the Authorized Account tab, click the Click here link under Step 1. This will open a Microsoft login screen.

^{Click the image to enlarge.}
Specify your Office 365 Global Administrator credentials, and click Sign in.
Click Accept to grant Cloud App Security the permission to use the Graph API to access all domains under the tenant associated with the specified Global Administrator.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console, as instructed, then click the Click here link under Step 2. This will open the SharePoint Online authorization screen.

^{Click the image to enlarge.}
Click Accept to grant Cloud App Security the permission to access all SharePoint site collections under the domains.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console, as instructed, and click the Click here link under Step 3.

^{Click the image to enlarge.}
Click Accept to grant Cloud App Security the permission to access resources in all SharePoint sites.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console as instructed. Take note of the App ID that is displayed.

^{Click the image to enlarge.}
Perform the following steps to grant Cloud App Security permissions to receive notifications from Microsoft for any changes to the files on your SharePoint sites.
1. Log on to the Microsoft 365 admin center with your Global Administrator account.
2. Go to Admin centers > SharePoint from the left navigation. The SharePoint admin center page appears.
  
  ^{Click the image to enlarge.}
3. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/AppInv.aspx in the address bar.
  For example, change https://example-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home to https://example-admin.sharepoint.com/_layouts/15/AppInv.aspx.
  
  ^{Click the image to enlarge.}
4. On the screen that appears, enter the assigned App Id (from step 10) in the App Id field, and then click Lookup. The Title field is automatically filled.
  
  ^{Click the image to enlarge.}
  
  The App Id can be found under the corresponding Authorized Account from Administration > Service Account.
5. In the App Domain field, enter "tmcas.trendmicro.com".
6. Enter {Cloud App Security_admin_site}/provision.html in the Redirect URL field based on your serving site.
  For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, enter https://admin-eu.tmcas.trendmicro.com/provision.html in the Redirect URL field.
7. Copy and paste the following information in the Permission Request XML field:
```
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
</AppPermissionRequests>
```
  ^{Click the image to enlarge.}
8. Click Create, and on the screen that appears, click Trust It.
  
  ^{Click the image to enlarge.}
9. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/TA_AllAppPrincipals.aspx and then open the URL to verify the permission.
  
  ^{Click the image to enlarge.}
10. Once Trend Micro Cloud App Security appears in the Apps list, it means that the permission is successfully granted.
  
  ^{Click the image to enlarge.}
Go back to the Cloud App Security management console and click Submit. Cloud App Security then updates the SharePoint Online data in your organization. The time required depends on how much data you have in SharePoint Online.
In the upper-right corner of the management console, hover over the bell icon and confirm if the provisioning was successful. If the message "SharePoint Online protected." appears on the Notifications screen, the provisioning is successful.

^{Click the image to enlarge.}

OneDrive from Cloud App Security web console

Log on to the Cloud App Security management console.
Hover over OneDrive and click Provision.

^{Click the image to enlarge.}
On the Authorized Account tab, click the Click here link under Step 1. This will open a Microsoft login screen.

^{Click the image to enlarge.}
Specify your Office 365 Global Administrator credentials, and click Sign in.
Click Accept to grant Cloud App Security the permission to use the Graph API to access all domains under the tenant associated with the specified Global Administrator.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console, as instructed, then click the Click here link under Step 2. This will open the OneDrive authorization screen.

^{Click the image to enlarge.}
Click Accept to grant Cloud App Security the permission to access resources in all OneDrive sites.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console as instructed. Take note of the App ID that is displayed.

^{Click the image to enlarge.}
Perform the following steps to grant Cloud App Security permissions to receive notifications from Microsoft for any changes to the files on your OneDrive sites.
1. Log on to the Microsoft 365 admin center with your Global Administrator account.
2. Go to Admin centers > SharePoint from the left navigation. The SharePoint admin center page appears.
  
  ^{Click the image to enlarge.}
3. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/AppInv.aspx in the address bar.
  For example, change https://example-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home to https://example-admin.sharepoint.com/_layouts/15/AppInv.aspx.
  
  ^{Click the image to enlarge.}
4. On the screen that appears, enter the assigned App Id (from step 8) in the App Id field, and then click Lookup. The Title field is automatically filled.
  
  ^{Click the image to enlarge.}
  
  The App Id can be found under the corresponding Authorized Account from Administration > Service Account.
5. In the App Domain field, enter "tmcas.trendmicro.com".
6. Enter {Cloud App Security_admin_site}/provision.html in the Redirect URL field based on your serving site.
  For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, enter https://admin-eu.tmcas.trendmicro.com/provision.html in the Redirect URL field.
7. Copy and paste the following information in the Permission Request XML field:
```
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
</AppPermissionRequests>
```
  ^{Click the image to enlarge.}
8. Click Create, and on the screen that appears, click Trust It.
  
  ^{Click the image to enlarge.}
9. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/TA_AllAppPrincipals.aspx and then open the URL to verify the permission.
  
  ^{Click the image to enlarge.}
10. Once Trend Micro Cloud App Security appears in the Apps list, it means that the permission is successfully granted.
  
  ^{Click the image to enlarge.}
Go back to the Cloud App Security management console and click Submit. Cloud App Security then updates the OneDrive data in your organization. The time required depends on how much data you have in OneDrive.
In the upper-right corner of the management console, hover over the bell icon and confirm if the provisioning was successful. If the message "OneDrive protected." appears on the Notifications screen, the provisioning is successful.

^{Click the image to enlarge.}

Keywords: setup provision for sharepoint online,configure CAS to scan sharepoint online,create service account for sharepoint online, setup provision for onedrive,configure CAS to scan onedrive sites and fiels,create service account for onedrive

Provisioning a SharePoint Online or a OneDrive Authorized Account from the Trend Micro Cloud App Security (CAS) web console

Product / Version includes:

Cloud App SecurityAll

Last updated: 2022/06/30

Solution ID: KA-0012707

Category: Configure

Summary

This article shows how to provision a SharePoint Online or a OneDrive Authorized Account in Cloud App Security (CAS). Cloud App Security supports using OAuth 2.0 to provision a service account (Authorized Account) for SharePoint Online or OneDrive. With the OAuth 2.0 framework, Cloud App Security uses an access token to obtain limited access on the Global Administrator's behalf to run advanced threat protection and data loss prevention scanning on files in the protected SharePoint or OneDrive sites of your organization.

To provision an Authorized Account for SharePoint Online or OneDrive from Cloud App Security web console, check below:

EXPAND ALL

SharePoint Online from Cloud App Security web console

Log on to the Cloud App Security management console.
Hover over SharePoint Online and click Provision.

^{Click the image to enlarge.}
On the Authorized Account tab, click the Click here link under Step 1. This will open a Microsoft login screen.

^{Click the image to enlarge.}
Specify your Office 365 Global Administrator credentials, and click Sign in.
Click Accept to grant Cloud App Security the permission to use the Graph API to access all domains under the tenant associated with the specified Global Administrator.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console, as instructed, then click the Click here link under Step 2. This will open the SharePoint Online authorization screen.

^{Click the image to enlarge.}
Click Accept to grant Cloud App Security the permission to access all SharePoint site collections under the domains.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console, as instructed, and click the Click here link under Step 3.

^{Click the image to enlarge.}
Click Accept to grant Cloud App Security the permission to access resources in all SharePoint sites.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console as instructed. Take note of the App ID that is displayed.

^{Click the image to enlarge.}
Perform the following steps to grant Cloud App Security permissions to receive notifications from Microsoft for any changes to the files on your SharePoint sites.
1. Log on to the Microsoft 365 admin center with your Global Administrator account.
2. Go to Admin centers > SharePoint from the left navigation. The SharePoint admin center page appears.
  
  ^{Click the image to enlarge.}
3. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/AppInv.aspx in the address bar.
  For example, change https://example-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home to https://example-admin.sharepoint.com/_layouts/15/AppInv.aspx.
  
  ^{Click the image to enlarge.}
4. On the screen that appears, enter the assigned App Id (from step 10) in the App Id field, and then click Lookup. The Title field is automatically filled.
  
  ^{Click the image to enlarge.}
  
  The App Id can be found under the corresponding Authorized Account from Administration > Service Account.
5. In the App Domain field, enter "tmcas.trendmicro.com".
6. Enter {Cloud App Security_admin_site}/provision.html in the Redirect URL field based on your serving site.
  For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, enter https://admin-eu.tmcas.trendmicro.com/provision.html in the Redirect URL field.
7. Copy and paste the following information in the Permission Request XML field:
```
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
</AppPermissionRequests>
```
  ^{Click the image to enlarge.}
8. Click Create, and on the screen that appears, click Trust It.
  
  ^{Click the image to enlarge.}
9. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/TA_AllAppPrincipals.aspx and then open the URL to verify the permission.
  
  ^{Click the image to enlarge.}
10. Once Trend Micro Cloud App Security appears in the Apps list, it means that the permission is successfully granted.
  
  ^{Click the image to enlarge.}
Go back to the Cloud App Security management console and click Submit. Cloud App Security then updates the SharePoint Online data in your organization. The time required depends on how much data you have in SharePoint Online.
In the upper-right corner of the management console, hover over the bell icon and confirm if the provisioning was successful. If the message "SharePoint Online protected." appears on the Notifications screen, the provisioning is successful.

^{Click the image to enlarge.}

OneDrive from Cloud App Security web console

Log on to the Cloud App Security management console.
Hover over OneDrive and click Provision.

^{Click the image to enlarge.}
On the Authorized Account tab, click the Click here link under Step 1. This will open a Microsoft login screen.

^{Click the image to enlarge.}
Specify your Office 365 Global Administrator credentials, and click Sign in.
Click Accept to grant Cloud App Security the permission to use the Graph API to access all domains under the tenant associated with the specified Global Administrator.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console, as instructed, then click the Click here link under Step 2. This will open the OneDrive authorization screen.

^{Click the image to enlarge.}
Click Accept to grant Cloud App Security the permission to access resources in all OneDrive sites.

^{Click the image to enlarge.}
Go back to the Cloud App Security management console as instructed. Take note of the App ID that is displayed.

^{Click the image to enlarge.}
Perform the following steps to grant Cloud App Security permissions to receive notifications from Microsoft for any changes to the files on your OneDrive sites.
1. Log on to the Microsoft 365 admin center with your Global Administrator account.
2. Go to Admin centers > SharePoint from the left navigation. The SharePoint admin center page appears.
  
  ^{Click the image to enlarge.}
3. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/AppInv.aspx in the address bar.
  For example, change https://example-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home to https://example-admin.sharepoint.com/_layouts/15/AppInv.aspx.
  
  ^{Click the image to enlarge.}
4. On the screen that appears, enter the assigned App Id (from step 8) in the App Id field, and then click Lookup. The Title field is automatically filled.
  
  ^{Click the image to enlarge.}
  
  The App Id can be found under the corresponding Authorized Account from Administration > Service Account.
5. In the App Domain field, enter "tmcas.trendmicro.com".
6. Enter {Cloud App Security_admin_site}/provision.html in the Redirect URL field based on your serving site.
  For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, enter https://admin-eu.tmcas.trendmicro.com/provision.html in the Redirect URL field.
7. Copy and paste the following information in the Permission Request XML field:
```
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
</AppPermissionRequests>
```
  ^{Click the image to enlarge.}
8. Click Create, and on the screen that appears, click Trust It.
  
  ^{Click the image to enlarge.}
9. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/TA_AllAppPrincipals.aspx and then open the URL to verify the permission.
  
  ^{Click the image to enlarge.}
10. Once Trend Micro Cloud App Security appears in the Apps list, it means that the permission is successfully granted.
  
  ^{Click the image to enlarge.}
Go back to the Cloud App Security management console and click Submit. Cloud App Security then updates the OneDrive data in your organization. The time required depends on how much data you have in OneDrive.
In the upper-right corner of the management console, hover over the bell icon and confirm if the provisioning was successful. If the message "OneDrive protected." appears on the Notifications screen, the provisioning is successful.

^{Click the image to enlarge.}

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Provisioning a SharePoint Online or a OneDrive Authorized Account from the Trend Micro Cloud App Security (CAS) web console

SharePoint Online from Cloud App Security web console

OneDrive from Cloud App Security web console

Provisioning a SharePoint Online or a OneDrive Authorized Account from the Trend Micro Cloud App Security (CAS) web console

Product / Version includes:

Summary

SharePoint Online from Cloud App Security web console

OneDrive from Cloud App Security web console