Views:

The steps below shows how to provision a SharePoint Online Delegate Account for SharePoint Online first, and then OneDrive from Cloud App Security web console:

Log on to the Cloud App Security management console.
Perform the following steps to provision for SharePoint Online.
1. Hover over SharePoint Online, and click Provision.
  
  ^{Click the image to enlarge.}
2. Go to the Delegate Account tab.
  
  ^{Click the image to enlarge.}
3. Specify the Global Administrator credentials (email address and password) and click Verify.
  
  ^{Click the image to enlarge.}
  - Trend Micro does not save the Global Administrator credentials. They are used only once to provision the necessary Delegate Accounts.
  - (Optional) The Promote all Delegate Accounts to the Global Administrator admin role (Recommended) option can be enabled. This option promotes Delegate Accounts to Global Administrator privileges, which will allow automatic syncing of changes. If left disabled, the Global Administrator credentials will be required each time you want to synchronize changes.
4. Choose the synchronization targets:
  
  ^{Click the image to enlarge.}
  - Select Synchronize all targets, then proceed to Step E.
  - Choose Selected SharePoint site collections of your organization, then do the following:
    1. Sign in to Microsoft 365 admin center using the Global Administrator account, and go to Admin centers > SharePoint > site collections from the left navigation.
    2. Verify and add the URLs to protect one by one by copying a URL, pasting it into the text box, and clicking Add.
      A maximum of 100 site collection URLs can be added.
      When needed, existing URLs can be removed from this section.
    3. Proceed to Step E.
5. Click Submit.
  
  ^{Click the image to enlarge.}
6. Hover over the ring icon in the upper-right corner of the management console. If the message "SharePoint Online protected." appears on the Notifications screen, the provisioning is successful.
  
  ^{Click the image to enlarge.}
Perform the following steps to provision for OneDrive:
1. Hover over OneDrive, and click Provision.
  
  ^{Click the image to enlarge.}
2. Go to the Delegate Account tab.
  
  ^{Click the image to enlarge.}
3. Specify the Global Administrator credentials (email address and password) and click Verify.
  - Trend Micro does not save the Global Administrator credentials. They are used only once to provision the necessary Delegate Accounts.
  - (Optional) Enable the Promote all Delegate Accounts to the Global Administrator admin role (Recommended) option. This option promotes Delegate Accounts to Global Administrator privileges, which will allow automatic syncing of changes. If left disabled, the Global Administrator credentials will be required each time you want to synchronize changes.
  ^{Click the image to enlarge.}
4. Choose the synchronization targets:
  
  ^{Click the image to enlarge.}
  - If the Delegate Account is already provisioned for SharePoint Online, etis option is disabled because it follows what is selected during provisioning for SharePoint Online. Proceed to Step E.
  - If the Delegate Account is not provisioned for SharePoint Online yet, do the following:
    - Select Synchronize all targets, then proceed to Step E.
    - Choose Selected OneDrive users of your organization that have OneDrive sites, then do the following:
      1. Sign in to Microsoft 365 admin center using the Global Administrator account, and go to Admin centers > SharePoint > site collections from the left navigation.
      2. Verify and add the URLs to protect one by one by copying a URL, pasting it into the text box, and clicking Add.
        
        A maximum of 100 users can be synchronized.
        When needed, users can be removed from this section.
      3. Proceed to Step E.
5. Click Submit.
  
  ^{Click the image to enlarge.}
6. Hover over the ring icon in the upper-right corner of the management console. If the message "SharePoint Online protected." appears on the Notifications screen, the provisioning is successful.
  
  ^{Click the image to enlarge.}

If only some targets were selected to synchronize during provisioning, Cloud App Security is also able to extend its protection to all targets under the corresponding service by enabling you to manually synchronize all targets:

On the Notifications screen, click Extend to protect all your Office 365 service targets.
On the screen that appears, view the instructions and click Submit.
Go to Advanced Threat Protection or Data Loss Prevention, and open an ATP or DLP policy of each service you want to extend the protection to, that is, Exchange Online, SharePoint Online, or OneDrive.
Select the General tab and click the Click here link to manually synchronize all your targets

After clicking Submit, you can also wait until the next day because Cloud App Security automatically synchronizes with your Office 365 environment once per day.

Keywords: configure automatic provisioning of SharePoint Online,configure automatic provisioning of OneDrive,use delegate account to provision for SharePoint Online,use delegate account to provision for OneDrive

Setting up a SharePoint Online and OneDrive automatic provisioning using Delegate Account from the Trend Micro Cloud App Security web console

Product / Version includes:

Last updated: 2022/03/08

Solution ID: KA-0012733

Category: Configure

Summary

Cloud App Security uses a single SharePoint Online Delegate Account for both SharePoint Online and OneDrive. If you want to protect both services, provision the Delegate Account under SharePoint Online and OneDrive respectively to add required data about both services to the Delegate Account.

During provisioning, Cloud App Security allows you to synchronize:

All SharePoint site collections and/or OneDrive users and groups of your organization
Certain SharePoint site collections and/or OneDrive users of your organization for testing purposes

Note

You need to use the same option when provisioning a service account for SharePoint Online and OneDrive, that is, to either synchronize all targets or synchronize certain targets. Note that this article only applies to SharePoint and OneDrive provisioning.
For service account provisioning with certain targets synchronized, Cloud App Security does not support manual synchronization and scheduled synchronization.

The steps below shows how to provision a SharePoint Online Delegate Account for SharePoint Online first, and then OneDrive from Cloud App Security web console:

Log on to the Cloud App Security management console.
Perform the following steps to provision for SharePoint Online.
1. Hover over SharePoint Online, and click Provision.
  
  ^{Click the image to enlarge.}
2. Go to the Delegate Account tab.
  
  ^{Click the image to enlarge.}
3. Specify the Global Administrator credentials (email address and password) and click Verify.
  
  ^{Click the image to enlarge.}
  - Trend Micro does not save the Global Administrator credentials. They are used only once to provision the necessary Delegate Accounts.
  - (Optional) The Promote all Delegate Accounts to the Global Administrator admin role (Recommended) option can be enabled. This option promotes Delegate Accounts to Global Administrator privileges, which will allow automatic syncing of changes. If left disabled, the Global Administrator credentials will be required each time you want to synchronize changes.
4. Choose the synchronization targets:
  
  ^{Click the image to enlarge.}
  - Select Synchronize all targets, then proceed to Step E.
  - Choose Selected SharePoint site collections of your organization, then do the following:
    1. Sign in to Microsoft 365 admin center using the Global Administrator account, and go to Admin centers > SharePoint > site collections from the left navigation.
    2. Verify and add the URLs to protect one by one by copying a URL, pasting it into the text box, and clicking Add.
      A maximum of 100 site collection URLs can be added.
      When needed, existing URLs can be removed from this section.
    3. Proceed to Step E.
5. Click Submit.
  
  ^{Click the image to enlarge.}
6. Hover over the ring icon in the upper-right corner of the management console. If the message "SharePoint Online protected." appears on the Notifications screen, the provisioning is successful.
  
  ^{Click the image to enlarge.}
Perform the following steps to provision for OneDrive:
1. Hover over OneDrive, and click Provision.
  
  ^{Click the image to enlarge.}
2. Go to the Delegate Account tab.
  
  ^{Click the image to enlarge.}
3. Specify the Global Administrator credentials (email address and password) and click Verify.
  - Trend Micro does not save the Global Administrator credentials. They are used only once to provision the necessary Delegate Accounts.
  - (Optional) Enable the Promote all Delegate Accounts to the Global Administrator admin role (Recommended) option. This option promotes Delegate Accounts to Global Administrator privileges, which will allow automatic syncing of changes. If left disabled, the Global Administrator credentials will be required each time you want to synchronize changes.
  ^{Click the image to enlarge.}
4. Choose the synchronization targets:
  
  ^{Click the image to enlarge.}
  - If the Delegate Account is already provisioned for SharePoint Online, etis option is disabled because it follows what is selected during provisioning for SharePoint Online. Proceed to Step E.
  - If the Delegate Account is not provisioned for SharePoint Online yet, do the following:
    - Select Synchronize all targets, then proceed to Step E.
    - Choose Selected OneDrive users of your organization that have OneDrive sites, then do the following:
      1. Sign in to Microsoft 365 admin center using the Global Administrator account, and go to Admin centers > SharePoint > site collections from the left navigation.
      2. Verify and add the URLs to protect one by one by copying a URL, pasting it into the text box, and clicking Add.
        
        A maximum of 100 users can be synchronized.
        When needed, users can be removed from this section.
      3. Proceed to Step E.
5. Click Submit.
  
  ^{Click the image to enlarge.}
6. Hover over the ring icon in the upper-right corner of the management console. If the message "SharePoint Online protected." appears on the Notifications screen, the provisioning is successful.
  
  ^{Click the image to enlarge.}

On the Notifications screen, click Extend to protect all your Office 365 service targets.
On the screen that appears, view the instructions and click Submit.
Go to Advanced Threat Protection or Data Loss Prevention, and open an ATP or DLP policy of each service you want to extend the protection to, that is, Exchange Online, SharePoint Online, or OneDrive.
Select the General tab and click the Click here link to manually synchronize all your targets

After clicking Submit, you can also wait until the next day because Cloud App Security automatically synchronizes with your Office 365 environment once per day.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Setting up a SharePoint Online and OneDrive automatic provisioning using Delegate Account from the Trend Micro Cloud App Security web console

Setting up a SharePoint Online and OneDrive automatic provisioning using Delegate Account from the Trend Micro Cloud App Security web console

Product / Version includes:

Summary