Microsoft 365 Configuration

This guide will show how to configure Microsoft 365 as a source or destination configuration.

For Microsoft 365 this is defined by the following requirements:


  1. What Region for the Virtual Machine
  2. Authentication Method
  3. Account Used
  4. Client ID
  5. Test Account
  6. Microsoft 365 to SaaS Access

What Region for the Virtual Machine

For Microsoft as a destination, when selecting the link, a prompt will come up asking to choose which region of the world the migration will be performed for the purpose of landing the VM. Select the region closest to the destination. 

Authentication Method

ClouldM Migrate uses Modern Authentication as a default. If Multi-Factor Authentication (MFA) is enabled on the configuration it’ll need to be disabled temporarily or a Personal Exchange Format (PFX) certificate has to be generated for access. As a destination, it’s recommended to disable MFA.

If Microsoft 365 is the source and MFA can not be disabled the Azure Application used to perform migrations can be created with a PowerShell script CreateAzureADApplication. This script will output a PFX Certificate that will need to be uploaded to CloudM Migate.

During script execution, you will be prompted to authenticate, be sure to leave the PowerShell instance running and keep it open to reference the output.

Once the Azure Application is created, MFA can be renabled.

Account Used

In Mircosoft 365 the Global Admin account is needed to grant CloudM Migrate access to the data in scope for migration. 

Microsoft 365 Client ID

You'll only need to focus on the client ID from App Registration from the Powershell script. 


Test Account

CloudM Migrate will test the connectivity with a Test user. Specify a user within the migration scope.


Azure AD App Registration".

After entering all of the required information, click on the `Create Azure AD Application` button. CloudM Migrate will then attempt to automatically create the Azure AD app registration with the permissions required for the migration. 

You can locate a more detailed step-by-step here Modern Authentication for Microsoft 365

Microsoft 365 to SaaS Access

For reference purposes, here is what the application will give itself access to:

GUID Description
75359482-378d-4052-8f01-80520e7db3cd Read and write files in all site collections
5b567255-7703-4780-807c-7be8301ae99b Read all groups
62a82d76-70ea-41e2-9197-370581804d09 Read and write all groups
e2a3a72e-5f79-4c64-b1b1-878b674786c9 Read and write mail in all mailboxes
3aeca27b-ee3a-4c2b-8ded-80376e2134a4 Read all notes
9492366f-7969-46a4-8d15-ed1a20078fff Read and write all Sites
df021288-bdef-4463-88db-98f22de89214 Read all users’ full profiles
913b9306-0ce1-42b8-9137-6a7df690a760 Read all place
35930dcf-aceb-4bd1-b99a-8ffed403c974 Read and write all ChannelMember
7ab1d382-f21e-4acd-a863-ba3e13f7da61 Read directory data
294ce7c9-31ba-490a-ad7d-97a7d075e4ed Read and write all Chat

  You can find the relevant project migration guides here: Project Migration Guides



Was this article helpful?
1 out of 2 found this helpful