Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Provisioning a OneDrive Authorized Account from the Trend Micro Cloud App Security web console

    • Updated:
    • 14 Jan 2022
    • Product/Version:
    • Cloud App Security
    • Platform:
Summary

This article shows how to provision a OneDrive Authorized Account in Cloud App Security (CAS).

Cloud App Security supports using OAuth 2.0 to provision a service account (Authorized Account) for OneDrive. With the OAuth 2.0 framework, Cloud App Security uses an access token to obtain limited access on the Global Administrator's behalf to run advanced threat protection and data loss prevention scanning on files in the protected OneDrive sites of your organization.

Details
Public

To provision an Authorized Account for OneDrive from Cloud App Security web console:

  1. Log on to the Cloud App Security management console.
  2. Hover over OneDrive and click Provision.

    OneDrive Provision

    Click the image to enlarge.

  3. On the Authorized Account tab, click the Click here link under Step 1. This will open a Microsoft login screen.

    Service Account - OneDrive

    Click the image to enlarge.

  4. Specify your Office 365 Global Administrator credentials, and click Sign in.
  5. Click Accept to grant Cloud App Security the permission to use the Graph API to access all domains under the tenant associated with the specified Global Administrator.

    Permissions

    Click the image to enlarge.

  6. Go back to the Cloud App Security management console, as instructed, then click the Click here link under Step 2. This will open the OneDrive authorization screen.

    Service Account - OneDrive

    Click the image to enlarge.

  7. Click Accept to grant Cloud App Security the permission to access resources in all OneDrive sites.

    Permissions

    Click the image to enlarge.

  8. Go back to the Cloud App Security management console as instructed. Take note of the App ID that is displayed.

    Service Account - OneDrive

    Click the image to enlarge.

  9. Perform the following steps to grant Cloud App Security permissions to receive notifications from Microsoft for any changes to the files on your OneDrive sites.
    1. Log on to the Microsoft 365 admin center with your Global Administrator account.
    2. Go to Admin centers > SharePoint from the left navigation. The SharePoint admin center page appears.

      SharePoint

      Click the image to enlarge.

    3. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/AppInv.aspx in the address bar.
      For example, change https://example-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home to https://example-admin.sharepoint.com/_layouts/15/AppInv.aspx.

      OneDrive URL

      Click the image to enlarge.

    4. On the screen that appears, enter the assigned App Id (from step 8) in the App Id field, and then click Lookup. The Title field is automatically filled.

      App ID Lookup

      Click the image to enlarge.

       
      The App Id can be found under the corresponding Authorized Account from Administration > Service Account.
       
    5. In the App Domain field, enter "tmcas.trendmicro.com".
    6. Enter {Cloud App Security_admin_site}/provision.html in the Redirect URL field based on your serving site.
      For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, enter https://admin-eu.tmcas.trendmicro.com/provision.html in the Redirect URL field.
    7. Copy and paste the following information in the Permission Request XML field:
      <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
      </AppPermissionRequests>
      

      XML

      Click the image to enlarge.

    8. Click Create, and on the screen that appears, click Trust It.

      Trust App

      Click the image to enlarge.

    9. Change the SharePoint admin center URL to {sharepoint_admin_site}/_layouts/15/TA_AllAppPrincipals.aspx and then open the URL to verify the permission.

      OneDrive URL

      Click the image to enlarge.

    10. Once Trend Micro Cloud App Security appears in the Apps list, it means that the permission is successfully granted.

      Apps List

      Click the image to enlarge.

  10. Go back to the Cloud App Security management console and click Submit. Cloud App Security then updates the OneDrive data in your organization. The time required depends on how much data you have in OneDrive.
  11. In the upper-right corner of the management console, hover over the bell icon and confirm if the provisioning was successful. If the message "OneDrive protected." appears on the Notifications screen, the provisioning is successful.

    Privision Successful

    Click the image to enlarge.

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000290340
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.