Chat now with support
Chat with Support

Binary Tree Power365 Current - Help Center

Help Center Home Power365 Platform Tenant-to-Tenant Directory Sync Migration for Active Directory Release Notes Known Limitations Support

Setup

Projects

What is a Power365 Project?  

A project in Power365 allows you to configure and manage a subset of features, services and capabilities related to specific environments and/or user groups. There are three Power365 project types to choose from.

  • Basic Migration Project
  • Advanced Migration Project
  • Premium Integration Project

Figure 1: Create New Project Example Page

 

The following information provides details on the features available for each project type. Some features are optional and may require additional license types. Optional features are indicated by the .

 

Basic Migration Project  

With a Basic Migration Project, migrate the User Mailbox and Archive in the cloud or On-premises. Includes Mailbox Delegation & Permissions. Simply choose your preferred connection options and upload your list of users to get started.

Features Basic
Basic Authentication
Modern Authentication
Online Mailbox
On-Premises Mailbox
Online & On-Premises Archive Mailbox
Mailbox Delegates
Mailbox & Folder Permissions
Manage Users with Mapping File

 

What is Basic Authentication?  

Basic Authentication is one of the connection methods allowed in a Basic migration project. Basic Authentication uses single factor authentication where your environment account name and password are securely stored in the environment connection details which will be used to access assigned environment resources for the purposes of data migrations.

 

What is Modern Authentication?  

Modern Authentication is the other connection method allowed in all migration project types. Modern Authentication offers a more secure and integrated login experience. OAuth 2.0 provides, a seamless, two-factor authentication method across different platforms and applications. OAuth 2.0 is the most secure data sharing standard on the market. The two-factor nature and use of tokenization prevents the single factor disclosure of accounts.

Other advantages of using OAuth is the native support of Multi-Factor Authentication (MFA) when accessing the app and the support for delegated app permissions where the Power365 app is granted permission to the designated resources for the purposes of migration and optionally, integration services.

It’s easier to manage, more secure and built-in to your existing identify management controls and policies. Modern Authentication is the recommended connection method.

 

Is Modern Authentication required for Exchange Online?  

Yes. All Power365 project types (excluding Basic Projects using the Basic Authentication option) take advantage of Modern Authentication to help manage your projects. Modern Authentication is the default behavior for all Microsoft 365 tenants. Unless it was disabled, no action is required. However, we recommend the following configuration parameter is validated prior to deployment.

Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

If Modern Authentication is disabled it must be enabled prior to any migration activities can proceed. To enable Modern Authentication for Exchange Online, run this command under the correct authority.

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Here is some additional information about how to Enable modern authentication in Exchange Online.

 

Advanced Migration Project  

With Advanced Migration Projects, automatically discover, match and migrate data related to the User Online Mailbox, Archive and/or OneDrive for Business. Includes Mailbox Delegation, Permissions and Outlook reconfiguration.

Features Advanced
Basic Authentication  
Modern Authentication
Online Mailbox
On-Premises Mailbox  
Online Archive Mailbox
Mailbox Delegates
Mailbox & Folder Permissions
Automatic Outlook Cutover
Customizable End-User Cutover Email
Automatic Discovery & Reporting
Automatic Matching & Mapping
OneDrive for Business & OneNote

 

Premium Integration Project  

Add to the array of migration services with Power365 Integration. Additional services include Calendar Sharing, User Creation & Mail Flow Management, Public Folders, Office 365 Groups and Microsoft Teams Migrations. In addition, Integration Pro provides Domain Sharing and Domain Move services.

Features Premium
Basic Authentication  
Modern Authentication
Online Mailbox
On-Premises Mailbox  
Online Archive Mailbox
Mailbox Delegates
Mailbox & Folder Permissions
Automatic Outlook Cutover
Customizable End-User Cutover Email
Automatic Discovery & Reporting
Automatic Matching & Mapping
OneDrive for Business
Public Folders
Office 365 Groups and Microsoft Teams
User Provisioning (Create, Update & License)
Calendar Sharing (Free/Busy)
Mail Flow Management (Before & After Migration)
Directory Sync Services (Supports Azure & AD)
Domain Sharing Day 1 (New Domain Before Migration)
Domain Sharing Day 2 (Original Domain After Migration)
Long-Term Domain Sharing (Day 1 with No Migrations)
Domain Move Services with Zero Email Downtime

 

How do I create a new Project?  

To create a new project, follow these steps:

  1. Login to https://power365.quest.com/.
  2. Click on Migrate and Integrate on the homepage.
  3. Click New Project to open the start of a project.
  4. Select which type of project you would like to create. See figure 1 above.
  5. If a project option is not available, this means you do not have the required licenses.
  6. To verify your licenses, login as a client administrator to Power365 then click here to open the Licensing management page.
  7. To request additional licenses, contact Support or your local sales account executive.
  8. Once the project type is selected, click Next to begin the project. Follow the wizard which will guide you through the setup process.
  9. Follow the project wizard until it is complete.

 

Additional Information  

Add your Tenants

Application Permissions

Tenant Environments

All Power365 Projects require at least 2 Microsoft 365 Multi-Tenants or environments be added to your Power365 Project to establish at least one source and one target environment for migration and integration activities. Additional environments can be added for more complex migration scenarios.

 

What is a Tenant?  

A “tenant” or “environment” is this context is referring to an Microsoft 365 Worldwide subscription.

 

What should I prepare before adding a tenant?  

Before creating your project, it is recommended that an Application Service Account be created in each of your Microsoft 365 environments. This account will be used for the duration of the project or services requirement.

This account will be used to grant delegated permissions to Power365 on-behalf of the signed-in user. The administrator consents to the permissions that the app requests and the app has delegated permission to act as the signed-in user when making calls to Microsoft Graph. Some higher-privileged permissions require administrator consent. Power365 requires Global Administrator consent for 4 Graph permissions anytime a tenant is added or reconnected.

Follow these recommended steps to prepare your accounts for project setup:

  1. Create a cloud only Power365 Application Service Account in each environment.
  2. The recommended name of the account would be “Power365 App Services”.
  3. Set the account password expiration date to correspond with the project end date or set to “do not expire”.
  4. Assign Global Administrator Role to the account.
  5. Assign an Microsoft 365 License to the user. The minimal subscription should include Exchange Online.
  6. Login to the account for the first time in Microsoft 365 to verify access.
  7. Make the account information available to the authorized administrator for each client environment.

Please Note: It is acceptable to use an existing administrator account if that is preferred.

 

How do I add a tenant to my project?  

During the start of your project setup you will be asked to add your tenants or environments. Follow these steps to complete the process.

  1. Login to Power365 with your Microsoft account.
  2. Click the Create Project button or open your existing project.
  3. Navigate through the setup wizard to the add a tenant step.
  4. Click the Add Tenant button.

  5. When you add a tenant, you will be prompted for your Microsoft account.
  6. Enter the credentials of an administrative account for this Office365 tenant.
  7. Read and accept the permission notice related to MS Graph permissions required to manage your migration and integration projects. For more details about required Graph permissions, see the Power365 Application Permission Requirements topic. Note that two SharePoint Migration API permissions are included to allow OneDrive for Business Accelerated Velocity Mode migration to function.

    (click to view larger)

  8. You will then be returned to the Add Tenant screen. You will repeat this process for each tenant that is part of the project.

 

What happens when I add a Tenant to my Project for the first time?  

When setting up your project for the first time, a Binary Tree PowerShell account will be created in each tenant added to the project and the Power365 App will be installed. This account is used for PowerShell related tasks and to provide full access to the source and target mailboxes for migration purposes.

To complete this process, each tenant must have at least 1 available Microsoft 365 license, so it may be assigned to the account.

  1. Power365 will use your Application Service Account you created to connect to Microsoft 365. Credentials are never stored or transmitted between Power365 and Microsoft 365.

  2. Power365 will add the Power365 App to your Tenant. See figure 2 below.

  3. Power365 will create a cloud only account in your Microsoft 365 tenant for PowerShell.

  4. Power365 will license your new account with the available subscription that has the Exchange Online plan. A lower cost license will be used if available. For example, if you have both E3 and E1; E1 will be used if a license is available.

  5. Power365 by default will grant the Exchange and SharePoint Administrator Roles to this account.

    Figure 2: Example Power365 App (click to view larger)

 

What permissions am I granting to Power365?  

Here is the list of minimal Graph permissions required to operate a Power365 project.

  1. Sign in and read user profile (User.Read)

  2. Read and write all users’ full profile (User.ReadWrite.All)

  3. Read and write all groups (Group.ReadWrite.All)

  4. Read and write directory data (Directory.ReadWrite.All)

  5. Access directory as the singed in user (Directory.AccessAsUser.All)

  6. Have full access to all files user can access (Files.ReadWrite.All)

  7. Send mail as user (Mail.Send)

For more details about the required Graph permissions, check out the Application Permission Requirements topic.

 

How are these permissions being used?  

The following lists the basic need for each Graph permission. For more details about required Graph permissions, see the Power365 Application Permission Requirements topic.

  1. Sign in and read user profile (User.Read) - Used to connect a tenant.

  2. Read and write all users’ full profile (User.ReadWrite.All) - Used for OneDrive Sync.

  3. Read and write all groups (Group.ReadWrite.All) – Used for OneDrive Sync.

  4. Read and write directory data (Directory.ReadWrite.All) - Used to discover Azure directory and automate licensing.

  5. Access directory as the singed in user (Directory.AccessAsUser.All) - Used to provision the Binary Tree PowerShell account and assign the required roles.

  6. Have full access to all files user can access (Files.ReadWrite.All) – Used to read and write OneDrive files during Sync.

  7. Send mail as user (Mail.Send) - Used to send the User Cutover email notification.

 

Does Power365 save my account password?  

Power365 will not ask you to save or transmit your administrator credentials in any cloud environment endpoint configuration.

 

What account roles are required to manage my project(s)?  

For daily migration and integration operations and services, the minimum Microsoft 365 administrator roles required are:

  1. Exchange Administrator (Mailboxes, Archives, PFs)
  2. SharePoint Administrator (OneDrive)

For complete details about the required account roles, check out the Requirements.

 

What account roles are required to add or reconnect a tenant to my project(s)?  

Anytime a tenant is connected for the first time or reconnect later, the minimum Microsoft 365 administrator role required is:

  1. Global Administrator

For complete details about the required account roles, check out the Requirements.

 

When should I reconnect my tenant?  

There are a few reasons why you could be required to reconnect your Microsoft 365 tenant to your Power365 project. The following lists the most common reasons this action is required.

  1. Office 365 OAuth Token has Expired – After 90 days a standard OAuth token will expire. So, if your project is running longer than 3 months, please be sure to update your token by reconnecting your tenant to your project.
  2. Before a Domain Cutover Event – Before a domain cutover event, it is required that you raise your application account’s role to Global Administrator to facilitate the domain move orchestration and automation.
  3. Application Account has Changed – If the Application Account is deleted, recreated or changed it will be required that you reconnect your tenant to the project to continue services.

 

Additional Information  

Application Permission Requirements

Domain Cutover


Pairing

What is pairing?  

Pairing in this context means to identify the source and target relationships in your project. There are three (3) pairing types in an Advanced or Premium project. Those are tenant environment pairing, the accepted domain pairing and the object attribute pairing.

 

Why is pairing required?  

Pairing environments, domains and objects are important because without designating the source and target locations, it will not be possible to migrate data, match objects, orchestrate mail flow or translate email addresses.

 

When do I setup my pairings?  

The project setup wizard will ask a few questions about the required pairings. And authorized administrators may update pairings when needed.

 

How do I setup environment pairings?  

After adding your tenants in the project setup wizard, it is time to set up your tenant pairs. This is where you identify the source and target relationships in your project.

Power365 will use this information as it guides you through configuring your project. You start with your tenants, and then it’s just a matter of “from” and “to.” From what tenant would you like to migrate accounts? And to where are they going?

With only two tenants it might be just a simple one-to-one relationship. If you have multiple tenants like in a divestiture, you may need to set up several tenant pairings.

Select your environment pairs screen

(click to view larger)

 

How do I setup domain pairings?  

After setting up tenant pairs, the next step is to pair the domains. Domain Pairing is setting up accepted domains from the source tenant with accepted domains in the target.

When an account is setup in the target, the email address is automatically stamped with the paired domain in the target. The default domain might be a different domain altogether, so pairing makes sure you know what you will have in the target after migration.

Create one pairing at time. Choose an accepted domain from the source. And then a domain from the target. That’s the basic pairing.

Create whatever combination of domain pairings meets your needs. You can do a simple one-to-one relationship, or pair several source domains to a single target domain.

Select your domain pairs screen

(click to view larger)

 

How do I setup attribute pairings?  

After setting up domain pairs, the next step is to pair the attributes for the purposes of matching objects between environments. Attribute Pairing is setting up value pairs from the source object and the target object.

Match users screen

(click to view larger)

 

Additional Information  

Application Permissions

Projects

Tenant Environments

Manage Scope

Matching

Discovery

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating