This article clarifies the role of a Global Administrator (GA) account during a Microsoft 365 migration and explains alternative methods for organizations with more stringent security requirements.
1. Why is a Global Administrator Account Recommended?
A GA account is recommended for Microsoft 365 migrations to utilize the full functionality within CloudM Migrate. It simplifies the initial connection setup and ensures the required Azure AD application has all the necessary permissions for authentication.
2. When is a Global Administrator Account Required?
A GA account is specifically required in the following scenarios:
- Automated Setup: If you choose to use the 'Create Azure AD Application' button within CloudM Migrate during the source or destination connection setup, a GA account must be entered in the Admin Username field. This is a one-time setup process that automates the creation of the required application.
- Teams Migrations: A GA account is a mandatory requirement from Microsoft to perform migrations that include Microsoft Teams. This level of access is necessary for the creation and administration of teams during the migration.
3. Are There Alternatives to Using a Global Administrator?
Yes. If your organization's security policies prohibit using a GA account, you can perform the setup manually.
- Manual Method: A GA can create the Azure AD application and configure its permissions using our provided PowerShell scripts or the Azure portal.
- Required Information: After the application is created manually, the GA can provide the migration team with the required credentials (Application ID and a PFX certificate/password). These details are then used to set up the connection in CloudM Migrate. The required 'Admin Username' field can then be populated with any admin address (it does not need to be a GA).
4. Is a Global Administrator Account Used for the Entire Migration?
No, with one key exception. The GA account is only needed for the initial Azure AD application creation. Once the application is configured and the connection is established, the migration process itself uses the permissions granted to that application. The 'Admin Username' field within the CloudM Migrate tool can then be changed to any licensed user, as the migration relies on the application, not the ongoing GA credentials.
Exception: A GA account is required in the 'Admin Username' field throughout the migration process if you are migrating Microsoft Teams. This is a requirement from Microsoft for the duration of the Teams migration.
Related Articles
For standard connection setup, see:
- Standard Connection Guides:
To learn more about manual setup methods, see:
- Limited Scopes (Manual Method):