It is strongly recommended that when you select Remote Connection (Metalogix SharePoint Extensions Web Service) to connect to SharePoint, the version of MEWS is installed on the remote server is the same as the installed version of Content Matrix Console. However, when you select MEWS as the connection type, you will have the option to Override the MEWS Version and specify an earlier MEWS Version (in the format n.n.n.n) when making a connection. Note that you will receive a warning message that the installed version of MEWS may be incompatible.
You can hide the warning message for any new connections and re-connections made during the current session by checking the Do not show this message until application restarts box.
IMPORTANT: You cannot update the MEWS version once the connection has been created.
If the MEWS version is overridden, the job log will display the warning message. (If both the source and target connections use an older version of MEWS, an entry will display for each.)
Content Matrix Console can make a tenant or site level connection to a SharePoint Online environment. While a tenant connection is similar to the connection type, the process of creating the connection is slightly different, and also involves some prerequisite steps to set up permissions.
Requirements for Making a Tenant-level Connection
NOTE: A tenant level connection works the same as a CSOM connection to an Microsoft 365 environment, except that the tenant connection can also migrate Site Collections, MySites, and Managed Metadata.
·In order for users to make a SharePoint Online tenant-level connection, the connecting user must have the SharePoint Administrator permissions , as well as Site Collection Administrator permissions for each site collection being migrated.
Refer to the Office Support article Assigning admin roles in the Microsoft 365 admin center for details.
If the connecting user does not have sufficient permissions, the connection will not be completed and the following connection error will display:
·The SharePoint Administration URL must be used in order for a tenant-level connection to be completed; that is:
"https://<CompanyTenantName>-admin.sharepoint.com"
If an incorrect URL, such as a specific site or Site Collection URL is used, then the connection will not be completed and the following connection error will display:
To connect to SharePoint Online:
In the Content Matrix ribbon, choose Connection > Connect to SharePoint.
To complete the Connection Options tab:
1.For Address, enter either the URL or IP address of the SharePoint site or tenant to which you want to connect.
Note that the drop-down menu displays a list of previous connections.
2.For Target Type, select the connection type. Use the information in the following table for guidance.
If you want to connect |
Select |
Notes |
---|---|---|
directly to a SharePoint site |
Site.
|
This option must be used for a site-level connection to a Microsoft 365 tenant NOTE: If you want to connect to a Microsoft 365 tenant root node, use the Microsoft 365 Tenant connection type. |
to the root of a Microsoft 365 Tenant environment (comparable to a farm-level connection in an on premises environment) |
Microsoft 365 Tenant. |
This connection type has most of the limitations of the CSOM connection adapter, but can run Site Collection migrations. |
3.For Connection Type, select Remote Connection (SharePoint Client Side Object Model O365).
NOTE: If you accept the default (Auto Detect), this option will be detected automatically.
4.For Authentication Type, select the method to use when trying to connect to the specified SharePoint instance. When connecting to Microsoft 365, the two main Authentication Types will be Microsoft 365 OAuth/Standard/ADFS Authentication and Microsoft 365 Web Browser Authentication (Not Auto Detected). Use the information in the following table for guidance.
For a SharePoint Online connection that uses "modern" (not "legacy") authentication, you must select one of the Microsoft 365 OAuth Authentication options or Microsoft 365 Web Browser. If the account is also part of a SharePoint Online Multi-Factor Authentication Policy, Microsoft 365 Web Browser or Microsoft 365 OAuth with MFA Authentication must be used.
NOTE: Microsoft 365 Web Browser Authentication is not supported for jobs run from a PowerShell script or Distributed Migration.
For more information about legacy vs. modern authentication, refer to the Microsoft article Microsoft 365 feature descriptions.
If |
Select . |
Notes |
---|---|---|
you want Content Matrix to automatically check against the SharePoint environment |
Auto Detect |
Content Matrix will check for authentication types listed in the drop-down (in order), and use the first method that is found. NOTE: At the time you click [OK] to complete the connection, a pop-up box will display that asks if you want to use Microsoft 365 OAuth. See Using Microsoft 365 OAuth Authentication to Connect to SharePoint Online for details. |
·you want to connect to Microsoft 365 OAuth, Microsoft 365 Standard editions, or systems with ADFS AND ·MFA is not being used |
Microsoft 365 OAuth/Standard/ADFS Authentication* |
By default the logged in user credentials will be unavailable, since this uses the Windows authentication method, and the Microsoft 365 credentials will need to be entered. NOTE: At the time you click [OK] to complete the connection, a pop-up box will display that asks if you want to use Microsoft 365 OAuth. See Using Microsoft 365 OAuth Authentication to Connect to SharePoint Online for details. |
your account requires the use of Multi-Factor Authentication (MFA) |
Microsoft 365 OAuth with MFA Authentication (Not Auto Detected)* |
With this authentication type, you do not have to enter account credentials in Content Matrix, and the Connect As options will be disabled. NOTE: There are some migration limitations with this connection type. See Migration Limitations When Using Microsoft 365 OAuth with MFA Authentication for details. |
you want to connect through a Web browser |
Web Browser Authentication (Not Auto Detected) |
This option is not searched for within the Auto Detect option, and needs to be manually set. In order for the Content Matrix Console to logon to the system, users must have logged on to the system being connected to through the web browser on that system first (only before the initial connection). Since this is all done using the Web browser for authentication, the credentials section of the window will be grayed out (since it is not needed).
NOTES: ·Because this connection method uses cookies from the browser, it may require multiple logins when running a single migration. However, this is only likely if the migration is running for a long session; this is mainly determined by the web browser settings for authentication. In the event that a login is required, a dialog box appears that lets users log in. After the user logs in, the migration will continue from where it left off. ·For migrations from SharePoint Online to SharePoint Online, web browser authentication is currently not supported for a source connection. ·This authentication type is not supported for running a job using a PowerShell script or Distributed Migration. Refer to the Quest Support Knowledge Base article Connections that will work with PowerShell and Connections that doesn't work with PowerShell for complete details. |
you want to connect through a Web browser using authentication for Microsoft 365 |
Microsoft 365 Web Browser Authentication |
This option works the same as Web Browser Authentication (Not Auto Detected) except: ·it looks for more specific Microsoft 365 cookies ·it requires that users first log into Microsoft 365 through the browser ·instead of allowing multiple logins, only one "request" for data can be made at a time, which ensures that no data is missed or lost due to the system locking from too many requests (but which may result in a slower connection). NOTE: This authentication type is not supported for running a job using a PowerShell script or Distributed Migration. Refer to the Quest Support Knowledge Base article Connections that will work with PowerShell and Connections that doesn't work with PowerShell for complete details. |
you want to make a site-level connection to a GCC High site using Microsoft 365 User Provided Authentication |
Microsoft 365 User Provided Authentication (hidden by default) |
You must first run a utility provided by Quest Support and enable the setting EnableUserProvidedAuthentication. Refer to the Quest Support Knowledge Base article Enabling User Provided Authentication in Content Matrix for details. |
* If you are connecting to SharePoint Online using OAuth authentication and you used a custom domain as the Address, you will also need to check the Override SharePoint Online Tenant Domain Name and enter the default tenant domain name (which can be found at https://admin.microsoft.com/Adminportal#/Domains) to allow Content Matrix to route the request to the proper region.
5.For Connect As, enter/select the login credentials you want to use to connect to the SharePoint site/server. Use the information in the following table for guidance.
NOTE: This option is disabled if you selected Microsoft 365 OAuth with MFA Authentication, or Web Browser Authentication (Not Auto Detected).
If you want to |
Then |
---|---|
use the current Windows user's authentication credential |
Select the (default) <Domain>\<user> radio button. |
use different authentication credentials |
·Select the Different User radio button, and ·Enter the applicable user name and Password. In cases where alternate credentials are entered, it is recommended that you select the Remember my password check box so Content Matrix will automatically remember that user account password. This is especially important if you chose Web Browser Authentication, as credentials must be stored in the Credential Manager vault before the connection is made. |
6.If you want to Add or Remove certificates to be included when connecting to SharePoint:
a)Select the Included Certificates tab.
Please see the Connecting with Certificates for more details on connecting to SharePoint instances that require certificates.
b)After all of the desired connection options have been set, for all options tabs, click [OK] to establish the connection.
If you are making a tenant-level connection, the Limit Site Collections dialog displays, giving you the option to limit the site collections to include in your connection (which by importing an xml file with the list of URLs you want to include). This is useful if the environment you are connecting to includes a very large number of site collections. In this case, limiting displayed site collections can improve performance. Additionally, the Include Microsoft 365 tenant my site host connection allows One Drives to display under their own top-level connection node (alongside the main tenant node) with the following URL format: http://[Tenant URL]-my.sharepoint.com. It is selected by default, but if you want to exclude them from the connection, uncheck this box.
NOTE: If you want to View Sample xml, click the link on the dialog. The xml file you import must follow the same format as this sample.
7.Either:
§Click [Yes Import from XML] to specify the URLs of the sites you want to include in the connection, then browse/upload the file
OR
§Click [No Continue with Connection] to add all sites within the selected scope to the connection.
If Content Matrix successfully makes the connection, a new node will appear in the Explorer View (two if you opted to include One Drives), and you can expand the node(s) and navigate through the SharePoint objects.
NOTE: Should the log file ever show a "could not find site on remote SharePoint server" exception message when working with CSOM connections, simply restart the CSOM service on all machines running the Content Matrix console and then rerun the action.
Microsoft 365 OAuth Authentication is a token-based authentication method that can be used as an alternative to Standard/ADFS Authentication to reduce throttling.
If Multi-Factor Authentication is set up for the tenant and enabled for the account (as described in the Microsoft TechNet article SharePoint Online - Microsoft 365: Set up Multi-Factor Authentication), you can connect using M365 OAuth with MFA Authentication as an alternative to Microsoft 365 Web Browser authentication.
NOTE: If you are using the M365 OAuth with MFA Authentication type, be aware that some migration limitations apply.
The very first time OAuth Authentication is selected, the application Content Matrix SharePoint Client must be registered for the tenant.
IMPORTANT: Prior to version 9.2, the Metalogix SharePoint Migration Client application was used for OAuth Authentication. Jobs created before version 9.2 (including those that use PowerShell or Distributed Migration) will continue to use this application (as long as it is still registered in Entra ID). Starting with version 9.2, all jobs using OAuth Authentication will use the Content Matrix SharePoint Client application.
Required Permissions
At a minimum, the following permissions are required to register and provide consent for the Content Matrix SharePoint Client application.
·For a site-level connection, the account must have a minimum of Site Administrator and Application Administrator permission roles.
·For a tenant-level connection, the account must have a minimum of Application Administrator permission role.
Providing Consent to Grant the Application Requested Permissions
The first time a Content Matrix user attempts to connect to SharePoint Online using Microsoft 365 OAuth Authentication, a dialog displays requesting that you grant the permissions that the application needs to perform migrations.
A Global Administrator can check the Consent on behalf of your organization box, which will prevent this dialog from displaying for other users. If the account is not a Global Administrator, the Consent on behalf of your organization option will be hidden.
IMPORTANT: If a Global Administrator does not consent on behalf of the organization, each Content Matrix user who attempts to connect using Microsoft 365 OAuth Authentication for the first time must sign in with an account that has the Application Administrator and SharePoint Administrator permission role.
After [Accept] is clicked, the connection is created (and the application will be registered if it does not already exist in Entra ID). In addition, the token cache file ConnectionsTokenCache.dat is created in the AppData/Roaming/Metalogix folder. (Note, if you have used OAuth Authentication in an earlier version of Content Matrix, this file will already exist.)
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center