Setting up Application Impersonation
Alternative Application Impersonation Setup
First login to the Office 365 Exchange Admin Portal. Go to 'permissions' on the left hand side bar and click the + symbol in order to add a new role group. Enter 'CloudMigratorImpersonation' in both the Name and Description fields.
Next, click the + symbol under 'Roles', select ApplicationImpersonation, click 'add' and the click 'OK'.
Next, click the + symbol under 'Members', select your administrator user, click 'add' and then click 'OK'.
Click 'Save' and you will see the impersonation role listen in admin roles. Application impersonation is now set up.
Setting up Delegated Access
Delegated access gives a user account permission to access another. Delegated access must be set up if you are not using an Enterprise plan of Office 365
First login to the Office 365 Exchange Admin Portal. Go to 'recipients' then under 'mailboxes', double-click the user you wish to delegate access to then go to 'Mailbox Delegation' and click the '+' symbol under 'Full Access'
Next, select your administrator user, click 'add' and then click 'OK'
Click 'Save' and your administrator user now has the required access for the migration to occur, repeat this process for all users you wish to migrate.
Office 365 Groups Azure App Registration
The following steps are required to migrate from/to Office 365 Groups.
- Login to the Microsoft Azure portal for your chosen domain.
- Click 'Azure Active Directory'and then'App registrations'
- Click 'New registration'
- Enter a name for your application (This can be changed at any time).
- Supported Account Types should be left as the default 'Accounts in this organizational directory only (NAME OF COMPANY)'
- Redirect URI is not required.
- Click 'Register'
- On successfully registering your application you will be redirected to the below screen.
- NOTE : Open Notepad and Copy 'Application (client) ID'. This is the 'Client Id' required in the CloudM Migrate configuration.
- Click 'Certificates & secrets'
- 'New client secret'
- Select 'Never'
- Click 'Add'
- Client Secret will be generated and the client secrets table populated like below.
- NOTE : Copy the value generated and paste the value into notepad. This is the 'Client Secret' required in the CloudM Migrate configuration.
- Click 'API Permissions'
- Remove the default 'User.Read' by selecting the row and clicking 'Remove permission'
- Click 'Add a permission', under 'Microsoft APIs' select 'Microsoft Graph'
- Click 'Application Permission'
- Under 'Select Permissions' type the name of the permission you would like to add. Once all added, click 'Grant admin consent for '(Name of company)'
Office 365 Groups as a Source
- Directory.Read.All
- Directory.ReadWrite.All
- Group.Read.All
- Sites.ReadWrite.All
Office 365 Groups as a Destination
- AuditLog.Read.All
- Directory.Read.All
- Group.Read.All
- Group.ReadWrite.All
- Sites.ReadWrite.All