Views:
Cloud App Security protects the following services:
  • Microsoft 365 services, including Exchange Online, SharePoint Online, OneDrive, and Microsoft Teams
  • Google Workspace, including Google Drive and Gmail
  • Cloud storage applications, including Box and Dropbox
  • CRM platform, which is Salesforce
Cloud App Security requires service accounts to integrate with those applications and services that it protects. The service accounts can be categorized as:
  • Delegate accounts to integrate with Exchange Online, SharePoint Online, and OneDrive
  • Authorized accounts to integrate with Exchange Online, SharePoint Online, OneDrive, Microsoft Teams (Teams and Chat), Box, Dropbox, Google Drive, Gmail, and Salesforce
In Cloud App Security, go to AdministrationService Account, click Add, hover over the organization for which you need to grant access to services, and select a service from the list that appears on the right side.
Note
Note
If you have granted Cloud App Security access to a service in the organization, Cloud App Security grays it out on the list to prevent it from being selected again.
After you have granted Cloud App Security access to Microsoft 365 services for an organization, you can view the name of the Microsoft tenant associated with the organization.
Note
Note
If you have Trend Vision One, when you add a tenant in Trend Vision OneThird Party IntegrationMicrosoft Entra ID, Cloud App Security automatically associates the tenant with an organization with no service to which Cloud App Security has been granted access. If there is no such organization, Cloud App Security creates an organization and associates it with the tenant.
If you chose to synchronize selected users when granting Cloud App Security access to Exchange Online, you can continue to add new users or remove unavailable users. To do so, click Update Synchronized Users under Status of the Exchange Online service account, and then make necessary adjustments in the Synchronized User List for Exchange Online screen. For more information, see Managing synchronized user list for Exchange Online.
Note
Note
This option is not available if you chose to synchronize all users during the access granting.
Related information

Re-creating an access token for Microsoft 365 services and Gmail

If the access token becomes invalid for any reason or you need to refresh the existing token, re-create an access token to continue using the service account.
The following procedure uses Exchange Online as an example to outline how to re-create an access token in the management console.
Note
Note
  • For Gmail and Gmail (Inline Mode), provide an administrator account in the same domain as the one used during access grant to ensure successful re-creation of the access token.

Procedure

  1. Click Recreate Access Token under Status of the Exchange Online service account.
  2. On the Recreate Access Token for Exchange Online Service Account screen that appears, click Grant Permission, specify your Microsoft 365 Global Administrator credentials to sign in if prompted, and then click Accept on the screen that appears.
  3. Go back to the management console as instructed and verify that a checkmark icon appears for the step, indicating that the access token and the service account are valid.
  4. Click Close.

Re-creating an access token for Box, Dropbox, and Google Drive

If the access token becomes invalid for any reason or you need to refresh the existing token, re-create an access token to continue using the service account.
The following procedure uses Box as an example to outline how to re-create an access token in the management console.

Procedure

  1. Click Recreate Access Token under Status of the Box service account.
  2. In the Recreate Access Token for Box Service Account dialog that appears, decide whether to use the current Box administrator or a different Box administrator.
    Important
    Important
    It is highly recommended to select the current administrator used for creating the Box service account. Changing administrators may result in the inability to access and recover files quarantined in the current administrator's quarantine folder, potentially leading to data loss.
  3. If you need to use a different administrator, before assigning a new administrator, make sure that all existing quarantined files are reviewed and processed. These files are stored in the current administrator’s quarantine folder and will not be manageable to Cloud App Security after the change.
  4. Go back to the management console and open the Recreate Access Token for Box Service Account screen.
  5. Click Grant Permission, specify your Box administrator credentials to sign in if prompted, and then click Accept in the screen that appears.
  6. Go back to the management console as instructed and verify that a checkmark icon appears for the step, indicating that the access token and the service account are valid.
  7. Click Close.