The option ‘Migrate Account Delegates’ in Microsoft Office 365 destination Advanced Settings has been updated and is now off by default. When turned on, the following mail delegate types will be migrated for the selected users.
Delegate Types:
- Send As - Allows sending emails from another mailbox
- Send on Behalf - Allows sending emails on behalf of another mailbox
- Full Access - Allows modifying content and reading email from another mailbox
Mail delegates must be migrated as part of a delta migration, as they will fail to import if the delegate user does not exist in the destination domain. In order to carry out domain and username replacements for mail delegates, each user that is to be granted delegate access must be included in the migration. Alternatively, an address replacement csv can be provided to map the delegate users. Destination users must also have relevant licences applied so that they have a valid mailbox.
Azure AD App Setup
The Azure AD Apps used for both export and import need to have the ‘Exchange.ManageAsApp’ API and the ‘Full_access_as_app’ API application level permission.
The role ‘Exchange Administrator’ must also be granted to the Azure AD Apps.
How we migrate this information
Powershell is used to migrate mail delegates and to do so a remote session will be established with both the source and destination domains at the start of the migration. This session is used to execute Powershell commands and once the migration is complete, the sessions will be closed.
How we report on mail delegates
Each individual delegate user that is migrated is recorded as an ‘Other’ type migration item.