To provision a Service Account for Microsoft Teams from the Cloud App Security web console:

1. Log on to the Cloud App Security management console.
2. Hover over Microsoft Teams and click Provision.

   

   ^{Click the image to enlarge.}

3. Click the Click here link under Step 1. This will open a Microsoft login screen.

   

   ^{Click the image to enlarge.}

4. Specify your Office 365 Global Administrator credentials, and click Sign in.
5. Click Accept to grant Cloud App Security the permission to use the Graph API to access all domains under the tenant associated with the specified Global Administrator.

   

   ^{Click the image to enlarge.}

6. Go back to the Cloud App Security management console, as instructed, then click the Click here link under Step 2. This will open the Microsoft Teams authorization screen.

   

   ^{Click the image to enlarge.}

7. Click Accept to grant Cloud App Security the permission to access resources in all Microsoft Teams sites.

   

   ^{Click the image to enlarge.}

8. Go back to the Cloud App Security management console as instructed. Take note of the App ID that is displayed.

   

   ^{Click the image to enlarge.}

9. Perform the following steps to grant Cloud App Security permissions to receive notifications from Microsoft for any changes to the files on your Microsoft Teams sites.
   1. Log on to the Microsoft 365 admin center with your Global Administrator account.
   2. Go to Admin centers > SharePoint from the left navigation. The SharePoint admin center page appears.

      

      ^{Click the image to enlarge.}

   3. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/AppInv.aspx in the address bar.
      For example, change https://example-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home to https://example-admin.sharepoint.com/_layouts/15/AppInv.aspx.

      

      ^{Click the image to enlarge.}

   4. On the screen that appears, enter the assigned App Id (from Step 8) in the App Id field, and then click Lookup. The Title field is automatically filled.

      

      ^{Click the image to enlarge.}

       

      The App Id can be found under the corresponding Authorized Account from Administration > Service Account.

       
   5. In the App Domain field, enter "tmcas.trendmicro.com".
   6. Enter {Cloud App Security_admin_site}/provision.html in the Redirect URL field based on your serving site.
      For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, enter https://admin-eu.tmcas.trendmicro.com/provision.html in the Redirect URL field.
   7. Copy and paste the following information in the Permission Request XML field:

      <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
      </AppPermissionRequests>
      

      

      ^{Click the image to enlarge.}

   8. Click Create, and on the screen that appears, click Trust It.

      

      ^{Click the image to enlarge.}

   9. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/TA_AllAppPrincipals.aspx and then open the URL to verify the permission.

      

      ^{Click the image to enlarge.}

   10. Once Trend Micro Cloud App Security appears in the Apps list, it means that the permission is successfully granted.

       

       ^{Click the image to enlarge.}

10. Go back to the Cloud App Security management console and click Submit. Cloud App Security then updates the Microsoft Teams data in your organization. The time required depends on how much data you have in Microsoft Teams.
11. In the upper-right corner of the management console, hover over the bell icon and confirm if the provisioning was successful. If the message "Microsoft Teams protected." appears on the Notifications screen, the provisioning is successful.

    

    ^{Click the image to enlarge.}