Prerequisites
- Global Admin access.
- For Microsoft Teams/Groups, the specified Global Admin must also have a valid Microsoft 365 license that includes Teams.
Connection Details
- Connection Name: Provide a unique name for this new source connection. This connection will be available in the Connections screen and can be reused across projects. The name can be used to identify the connection.
- Admin Username: This should be the username of a global admin account within your Microsoft 365 tenant. If you are planning to migrate Microsoft Teams/Groups, this should also have a valid Microsoft 365 license that includes Teams.
- Test Username: Username of a user account in your Microsoft 365 tenant that will be used to test the connection to users.
- Domain Name: The default domain for your Microsoft 365 tenant.
- Plan: Select your Office 365 plan. Office 365 Germany is a differentiated option to the Office 365 services already available across Europe. It helps address the needs of the most regulated customers in Germany.
- Cloud Deployment: Select your Cloud Deployment. For most migration projects leave this set to Global Service as this is the endpoint for M365. If the endpoint is in a special version of Microsoft Cloud, such as GCC High, select the instance that is correct.
- Test Office 365 Group Email: Primary email address of a Microsoft Group that you would like to test the connection to.
- SharePoint Admin URL: The SharePoint Admin URL for your Microsoft 365 tenant.
- Hybrid Environment: Enabling this will allow for a custom Teams Site and My Site URL to be entered for hybrid environments.
- Team Sites URL: Custom Team Sites URL.
- My Sites URL: Custom My Sites URL.
Azure AD Application
Migrate uses modern authentication to connect to Microsoft 365 resources. An Azure AD App registration is created in order for this to be achieved. You can either create this automatically by clicking on the button on the below screen and following the flow, or manually via PowerShell.
Automatic Creation - Azure AD Application
To create the app registration automatically, follow the steps below.
- Click on the "Create Azure AD Application" button.
- Copy the code and click on the link. The link will take you to a Microsoft 365 web page where you will be asked to enter the code and sign in.
- Enter the code and click Next.
- Sign in using your Global Admin account.
- Click Continue to confirm you are trying to sign in to Microsoft Graph Command Line Tools.
- Close the browser tab as instructed to return to CloudM and allow the Azure AD Application Details to be loaded. It can take a few minutes for the app registration to be created in the background and the page to refresh.
- Once the Azure AD Application Details page is populated, you can click on Next to proceed to the connection test.
Manual Creation - Azure AD Application
Set-ExecutionPolicy Unrestricted
Download the following powershell scripts into a working directory eg c:\CloudM
- CreateAzureADApplication.ps1(right click and save link as)
- CloudM-Common,psm1(right click and save link as)
- CloudM-Certificate.psm1(right click and save link as)
Ensure you open powershell as Administrator in windows (for example press the windows key and type powershell, then choose the Run as Administrator option).
From here, change directory to the working directory where the above scripts are saved (for example enter cd c:\CloudM).
Then, you can run the script by typing .\CreateAzureADApplication.ps1. You will then be prompted to enter:
- Certificate Password (optional) Press enter to skip
- Location to save certificate e.g. “c:\cloudm\certificates”
- Application Name e.g. “My Migration” (Application will appear with prefix ‘CloudM-’)
- Cloud Deployment
- Scope (default scopes or limited scopes). For information on using limited scopes, please review the limited scopes article here.
Sign into your account.
After logging in, the script will generate the application in Azure AD and create certificate files in the directory specified above eg “c:\cloudm\certificates” The script will output the fields and also create a text file with the details you will need to enter into your migration configuration. Copy the values for these fields into CloudM Migrate and click the Next button to test your connection.
Azure AD Delegated Application
When Microsoft 365 is your destination, the Azure AD Delegated application is required for migrating Microsoft Teams. You can either create this automatically by clicking on the button on the below screen and following the flow, or manually via PowerShell.
Automatic Creation - Azure AD Delegated Application
- Click on "Create Azure AD delegated application".
- The delegated application will then be created automatically.
- Click on "Consent delegated application" to consent to the application.
- Sign in to your Microsoft 365 Global admin account, then check the "Consent on behalf of your organization" checkbox and click "Accept".
- Once you have done this, you will be instructed to close the tab which will take you back to CloudM Migrate and process the connection test.
- Once the test has passed successfully, you can click on "Save & Close" to proceed.
Manual Creation - Azure AD Delegated Application
- Download the below PowerShell script into a working directory eg c:\CloudM.
- Delegated Application script (right click and save link as)
- Ensure you open powershell as Administrator in windows (for example press the windows key and type powershell, then choose the Run as Administrator option).
- From here, change directory to the working directory where the above scripts are saved (for example enter cd c:\CloudM).
- Then, you can run the script by typing .\CreateAzureADDelegatedApplication.ps1.
- Choose "R" to run the script.
- Enter a name for the Azure AD Delegated Application.
- Enter the redirect URI. This will be the URL you are using to access CloudM Migrate.
- Enter the number that corresponds to your Cloud Deployment of Microsoft 365.
- Press enter to continue to login to Microsoft 365.
- You will then be redirected to the PowerShell session where your Client ID and Secret will be presented.
- In CloudM, you can click on the "Create Azure AD Delegated application manually" button.
- You will then be presented with the below screen where you can enter the Client ID and Secret created from the PowerShell script.
- Once you have done that, make sure to click on "Consent delegated application" and follow the flow to consent to the manually created delegated application.
- You can then click on "Next" to proceed to the connection test.