This guide will show how to configure Microsoft 365 as a source or destination configuration.
For Microsoft 365 this is defined by the following requirements:
TABLE OF CONTENTS
- What Region for the Virtual Machine
- Authentication Method
- Account Used
- Client ID
- Test Account
- Microsoft 365 to SaaS Access
What Region for the Virtual Machine
For Microsoft as a destination, when selecting the link, a prompt will come up asking to choose which region of the world the migration will be performed for the purpose of landing the VM. Select the region closest to the destination.
Authentication Method
ClouldM Migrate uses Modern Authentication as a default. If Multi-Factor Authentication (MFA) is enabled on the configuration it’ll need to be disabled temporarily or a Personal Exchange Format (PFX) certificate has to be generated for access. As a destination, it’s recommended to disable MFA.
If Microsoft 365 is the source and MFA can not be disabled the Azure Application used to perform migrations can be created with a PowerShell script CreateAzureADApplication. This script will output a PFX Certificate that will need to be uploaded to CloudM Migate.
During script execution, you will be prompted to authenticate, be sure to leave the PowerShell instance running and keep it open to reference the output.
Once the Azure Application is created, MFA can be renabled.
Account Used
In Mircosoft 365 the Global Admin account is needed to grant CloudM Migrate access to the data in scope for migration.
Microsoft 365 Client ID
You'll only need to focus on the client ID from App Registration from the Powershell script.
Test Account
CloudM Migrate will test the connectivity with a Test user. Specify a user within the migration scope.
.
Azure AD App Registration".
After entering all of the required information, click on the `Create Azure AD Application` button. CloudM Migrate will then attempt to automatically create the Azure AD app registration with the permissions required for the migration.
You can locate a more detailed step-by-step here Modern Authentication for Microsoft 365
Microsoft 365 to SaaS Access
For reference purposes, here is what the application will give itself access to:
| GUID | Description |
|---|---|
| 75359482-378d-4052-8f01-80520e7db3cd | Read and write files in all site collections |
| 5b567255-7703-4780-807c-7be8301ae99b | Read all groups |
| 62a82d76-70ea-41e2-9197-370581804d09 | Read and write all groups |
| e2a3a72e-5f79-4c64-b1b1-878b674786c9 | Read and write mail in all mailboxes |
| 3aeca27b-ee3a-4c2b-8ded-80376e2134a4 | Read all notes |
| 9492366f-7969-46a4-8d15-ed1a20078fff | Read and write all Sites |
| df021288-bdef-4463-88db-98f22de89214 | Read all users’ full profiles |
| 913b9306-0ce1-42b8-9137-6a7df690a760 | Read all place |
| 35930dcf-aceb-4bd1-b99a-8ffed403c974 | Read and write all ChannelMember |
| 7ab1d382-f21e-4acd-a863-ba3e13f7da61 | Read directory data |
| 294ce7c9-31ba-490a-ad7d-97a7d075e4ed | Read and write all Chat |
You can find the relevant project migration guides here: Project Migration Guides