Skip to main content
  1. CloudM
  2. Migrate
  3. Perform a Migration
  4. Configure your Connections
  5. Connection Setup
  6. Destination Connection Setup

Microsoft 365 - Destination Connection Setup

Updated

Prerequisites

  • Global Admin Access: You must have Global Administrator privileges for the source Microsoft 365 tenant.
  • Microsoft Teams Licensing: If you are migrating Microsoft Teams or Groups, the specified Global Admin account must possess a valid Microsoft 365 license that includes Teams.

Connection Details

 

Enter the following information to configure your source connection:

  • Connection Name: Provide a unique identifier for this source connection. It will appear in your Connections screen and can be reused across multiple migration projects.
  • Admin Username: The email address of the Global Admin account within your Microsoft 365 tenant.
  • Test Username: The email address of a standard user account in your tenant, used to validate the connection.
  • Domain Name: The default or primary domain for your Microsoft 365 tenant.
  • Plan: Select your specific Office 365 plan. Note: "Office 365 Germany" is a distinct endpoint designed for highly regulated customers in Germany.
  • Cloud Deployment: For most standard migrations, leave this set to Global Service. If your endpoint is in a specialized Microsoft Cloud (such as GCC High or DoD), select the corresponding instance.
  • Test Office 365 Group Email: The primary email address of a Microsoft Group used to test Group connectivity.
  • SharePoint Admin URL: The administrative URL for your SharePoint environment. Learn how to find your SharePoint Admin URL.
  • Hybrid Environment: Check this box if you are operating in a hybrid environment. This allows you to specify custom URLs for Team Sites and My Sites.
  • Team Sites URL: Your custom Team Sites URL (requires Hybrid Environment to be enabled).
  • My Sites URL: Your custom My Sites URL (requires Hybrid Environment to be enabled).

Azure AD Application (App-Only)

CloudM Migrate uses modern authentication to securely connect to your Microsoft 365 resources. This requires creating an Azure AD Application (now known as Microsoft Entra ID). This app acts as a service principal, operating in the background to access data.

You can create this application automatically via the CloudM interface, or manually using PowerShell.

Method 1: Automatic Creation (Recommended)

To create the app registration automatically via device login:

  1. Click the Create Azure AD Application button in CloudM Migrate.
  2. A device code will be generated. Copy this code and click the provided Microsoft login link. 
     
  3. On the Microsoft page, paste the code and click Next.
  4. Sign in using your Microsoft 365 Global Admin account.
  5. Click Continue to confirm you are signing into the Microsoft Graph Command Line Tools.
  6. Close the browser tab when instructed. Return to CloudM Migrate and wait a few moments; the Azure AD Application details will populate automatically in the background.
  7. Once populated, click Next to proceed to the connection test.

Method 2: Manual Creation via PowerShell

Important: You may need to allow the running of unsigned scripts before executing these files. To do so, open PowerShell as an Administrator and run: Set-ExecutionPolicy Unrestricted

To manually create the application, download the following PowerShell scripts into a dedicated working directory (e.g., C:\CloudM):

  1. Open PowerShell as an Administrator.
  2. Change your directory to where the scripts are saved: cd C:\CloudM
  3. Execute the script: .\CreateAzureADApplication.ps1
  4. When prompted, provide the following details:
    • Certificate Password: (Optional) Press Enter to skip.
    • Location to save certificate: e.g., C:\CloudM\Certificates
    • Application Name: e.g., My Migration (The final app will have the prefix 'CloudM-').
    • Cloud Deployment: Select your deployment type.
    • Scope: Choose default scopes or limited scopes. Learn more about limited scopes here.
  5. Sign into your Microsoft account when the prompt appears. 
     
  6. The script will generate the application in Azure AD and save the necessary certificate files to your specified folder. A text file containing your Application (Client) ID and Directory (Tenant) ID will also be generated.
  7. In CloudM Migrate, copy these IDs into the respective fields, upload the generated certificate, and click Next to test your connection.
Note: If you run the script against a tenant that already has an application with the identical name, the application will be updated with a new certificate, overwriting the existing one.

Azure AD Delegated Application

If you are migrating Microsoft Teams, a secondary Azure AD Delegated Application is required. Unlike the standard background app, a delegated app allows CloudM to perform actions specifically on behalf of a user, which is a Microsoft requirement for Teams migrations.

Method 1: Automatic Creation (Recommended)

  1. In CloudM Migrate, click Create Azure AD delegated application. The application will be created automatically in the background.
  2. Once created, click Consent delegated application. A Microsoft permissions window will open. 
     
  3. Sign in with your Microsoft 365 Global Admin account.
  4. Check the box for Consent on behalf of your organization and click Accept.
  5. Close the browser tab to return to CloudM Migrate and process the connection test.
  6. Once the test passes, click Save & Close.

Method 2: Manual Creation via PowerShell

  1. Download the Delegated Application script (Right-click and "Save link as") into your working directory (e.g., C:\CloudM).
  2. Open PowerShell as an Administrator and navigate to your directory: cd C:\CloudM
  3. Run the script: .\CreateAzureADDelegatedApplication.ps1
  4. Type R to run the script.
  5. When prompted, provide the following details:
    • Application Name: Enter a recognizable name.
    • Redirect URI: Enter the exact URL you use to access your CloudM Migrate instance.
    • Cloud Deployment: Enter the number corresponding to your M365 deployment.
  6. Press Enter to trigger the Microsoft 365 login prompt. Sign in with your Global Admin credentials.
  7. Once authenticated, the PowerShell session will display your new Client ID and Secret.
  8. Return to CloudM Migrate and click Create Azure AD Delegated application manually.
  9. Enter the Client ID and Secret generated by the script.
  10. Click Consent delegated application and follow the Microsoft prompts to grant admin consent.
  11. Click Next to proceed to the connection test.
Was this article helpful?
1 out of 1 found this helpful