Problem: Automatic/manual provisioning of SharePoint Online/OneDrive failed when multi-factor authentication (MFA) is enabled on the required account.
If multi-factor authentication (MFA) is enabled on the Office 365 Global Administrator account used for automatic provisioning or on the SharePoint Online Delegate Account created for manual provisioning, the provisioning will fail because Cloud App Security cannot pass the access control on the Office 365 service side.
To complete provisioning, perform either of the following:
-
Automatic provisioning: disable MFA on the GA account and enable MFA after the provisioning as necessary.
This does not apply to manual provisioning because Cloud App Security needs to use the Delegate Account for subsequent proceeding after provisioning.
-
Automatic and manual provisioning: use an app password.
-
Create an app password for the account used for provisioning. This gives Cloud App Security permission to access the Office 365 account. For details, search for how to create a new app password on the Microsoft Support website.
-
Wherever you're prompted for your password during provisioning, paste the app password in the box.
-