When trying to migrate a mailbox, it is failing with error: "Error creating source session. The request failed. The remote server returned an error: (403) Forbidden". Source account is GA, and MFA is not enabled for it. However access is given by the Service Principal. Service Account is PIM-enabled. Source is hybrid and accounts are synced from the onprem AD.
Note: the issue can also happen with the cloud-only tenant, where service account was created through Microsoft PIM.
You need to be signed in and under a current maintenance contract to view premium knowledge articles.
© 2025 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center