Views:

Why Users Will Receive the Action Required Email related with delegator account migration

Users may receive this notification due to the following reasons:

  1. User still uses delegator account for their SharePoint/OneDrive

    Users can check their services account in Administration Service Account page, if their SharePoint/OneDrive service account does not have the "Recreate access token" button, but have the "Migration available"" button, then they need to click the migration button to migrate their delegator account.

    SharePoint Online

  2. IDCRL Retirement Plan

    According to Microsoft's IDCRL retirement plan, existing customers who have already set up Remote Event Receivers via basic authentication may be impacted since 2026.1.31.

  3. Action Required Notification & Warning banner

    To mitigate this impact, we have sent “Action Required” notifications and show warning banner in our web console to customers who still used delegator account for SharePoint/OneDrive, requesting them to migrate to access token.

What to Do If You Received the Related Email

If you received the notification email, please follow these steps:

  • Identify the Service Name

    The email subject will specify the service requiring admin action. For example:

    Subject: Immediate Action Required: Migrate to an Authorized Account by 2025 to Maintain OneDrive Protection After Azure ACS Retirement

  • Steps to Migrate delegator account

    To migrate delegator account, please follow these steps:

    1. Sign in to Trend Micro Cloud App Security and Trend Vision One Cloud Email and Collaboration Protection.
    2. Navigate to Administration > Service Account.
    3. Click on Migration Available for the relevant service account (e.g., OneDrive).

Impact on Users' Trend Micro Cloud App Security and Trend Vision One Cloud Email and Collaboration Protection Status

  1. Current Protection Status

    Taking the above action will not affect your current Trend Micro Cloud App Security and Trend Vision One Cloud Email and Collaboration Protection status for the related services.

  2. Migration process

    Trend Micro Cloud App Security and Trend Vision One Cloud Email and Collaboration Protection will create access token and update the Remote Event Receiver configuration accordingly, the protection will use delegator account before migration is completed. After migration is finished, the protection will switch to use access token.

  3. Extend using IDCRL to 2026.4.30

    Microsoft Statement for IDRCL/legacy authentication "Starting January 31st, 2026, legacy client authentication will be blocked by default for SharePoint Online and OneDrive for Business. Organizations can temporarily use PowerShell to unblock legacy client authentication, by setting both AllowLegacyAuthProtocolsEnabledSetting and LegacyAuthProtocolsEnabled to TRUE. This can be done any time before 30th January and will allow legacy calls to continue till 30th April 2026." Organizations can temporarily use PowerShell to unblock legacy client authentication, by setting both AllowLegacyAuthProtocolsEnabledSetting and LegacyAuthProtocolsEnabled to TRUE. This can be done any time before 30th January and will allow legacy calls to continue till 30th April 2026.

For more details refer to Microsoft documentation: Migrating from IDCRL authentication to modern authentication in SharePoint

Keywords: migrate delegator account to access token,TrendAI Vision One sharepoint migration,OneDrive protection action required,IDCRL retirement Trend Micro,SharePoint legacy authentication block 2026