About On Demand Migration
Quest® On Demand Migration cloud application lets you create migration projects to perform the following:
Accounts and User Data Migration
- Analyze the structure of your Microsoft Azure Active Directory and get reports on the problems that might adversely affect the migration.
- Migrate Azure AD users, groups, and the related information between tenants.
- Migrate hybrid accounts synchronized with on-premises AD
- Map the existing accounts in the source and target tenants for further resource processing.
- Grant migrated accounts access to source tenant’s resources and applications.
- Provide robust project management interface and in-depth progress reporting.
- Provide coexistence services for transition period before migration process will be completed:
- Address Rewrite Service to change the message header as if the target mailbox is already used by sender.
Mail migration feature
- Migrate Microsoft Office 365 mailboxes and share free/busy information between tenants.
Content Migration
OneDrive for Business migration feature
- Analyze OneDrive for Business on your source tenant
- Transfer OneDrive for Business data and settings.
Public Folders migration feature
- Analyze Public Folders on your source tenant and get hierarchy information, content information and email addresses for mail-enabled public folders
- Migrate Public Folders and the related information between tenants
- Provide robust Public Folders migration management interface and in-depth progress reporting.
SharePoint migration feature
- Analyze SharePoint on your source tenant
- Map existing SharePoint sites (previously site collections) in the source and target tenants for further processing
- Migrate SharePoint sites (previously site collections) to the target tenant
- Provide robust SharePoint migration management interface and in-depth progress reporting.
Microsoft Teams migration feature
- Analyze Microsoft Teams on your source tenant
- Create Office 365 groups with Teams functionality on the target tenant
- Provision Microsoft Teams on the target tenant
- Migrate Microsoft teams including content to the target tenant
- Provide robust Microsoft Teams migration management interface and in-depth progress reporting.
On Demand Migration is a part of Quest® On Demand – a single SaaS console for managing your cloud environment in Microsoft Azure. For more information, see Quest On Demand documentation.
Before You Start
To access your Azure Active Directory or Office 365 tenant via On Demand Migration, the migrator account needs to have the following:
- Global administrator role
- Microsoft 365 cloud-only identity as per the Microsoft documentation.
- MFA disabled
- Exchange Online subscription
- ApplicationImpersonation role for mail migration
|
|
TIP: Quest recommends creating a temporary account for On Demand Migration and use it to grant all consents for the migration project |
If you do not have such account, create it with Microsoft Azure administrative portal.
This section provide you with the following information :
- permissions required to perform specific On Demand Migration tasks;
- accessing On Demand service;
- selecting your organization and region;
- adding your tenants;
- upgrading throttling policies to minimize Office 365 throttling impact to overall migration process. (Upgrading Throttling Policies)
Required Permissions
This section lists the universal permissions for administrative accounts to perform main On Demand Migration tasks:
|
|
TIP: In case you want to make permissions more granular using minimum administrative permissions refer to Granular Permissions. This section provides minimum permissions for processes that can be performed using Accounts migration dashboard. |
|
|
IMPORTANT: To perform any of the tasks the source and the target Azure AD administrative accounts should have a mailbox with valid Microsoft Exchange Online license. |
| Task | Minimal Permissions |
|---|---|
| Add tenant to On Demand | Global Administrator role for both source and target Azure AD administrative accounts. Refer to Adding a Tenant for details. |
| Configure tenant / grant admin consent | Global Administrator role for both source and target Azure AD administrative accounts. Refer to Adding a Tenant for details. |
| Discover accounts |
Granted “Migration - Basic” consent and Global Administrator role for both source and target Azure AD administrative accounts |
| Get statistics on Mailboxes | Global Administrator role for both source and target Azure AD administrative accounts |
| Enable calendar sharing | Global Administrator role for both source and target Azure AD administrative accounts |
| Migrate accounts | Granted “Migration - Basic” consent and Global Administrator role for both source and target Azure AD administrative accounts |
| Migrate hybrid accounts | Granted “Migration - Basic” consent and Global Administrator role for both source and target Azure AD administrative accounts, on-premises administrative accounts with write permissions for ADAM / AD LDS server used by Quest Migration Manager, and all prerequisites specified in Deploying Migration Manager for Active Directory |
| Migrate mailboxes | Granted “Migration - Basic” and "Mailbox Migration" consents, Global Administrator role (with Office 365 mailbox and Impersonation Role in Exchange Online). To perform Autodiscover during mail migration an Office 365 mailbox is required. Refer to Obtaining Impersonation Role for Mail Migration for details. |
| Migrate OneDrive storages |
Global Administrator role for both source and target Azure AD administrative accounts “Migration - SharePoint” consent granted for source and target tenants. |
| Process Resource Roles | Granted “Migration - Basic” consent, Global Administrator role for both source and target Azure AD administrative accounts, User Access Administrator role for "Quest On Demand - Migration - General [Automation]" |
| Process source SharePoint (without migration) | Granted “Migration - SharePoint” consent, turned on external sharing for SharePoint and Global Administrator role for both source and target Azure AD administrative accounts |
| Migrate SharePoint |
Granted for source and target tenants:
The target tenant should already have the fully configured SharePoint with the active license plan. Refer to Prerequisites for details. |
| Process Application Assignments | Granted “Migration - Basic” consent and Global Administrator role for both source and target Azure AD administrative accounts. Refer to Adding a Tenant for details. |
| Migrate Microsoft Teams and Office 365 Groups with Teams functionality |
Granted for source and target tenants:
Global Administrator roles and Teams licenses for both source and target Azure AD administrative accounts. Refer to Prerequisites for details. |
| Migrate Public Folders |
Granted for source and target tenants:
Owner permission to the target public folder root for target Azure AD administrative account. Refer to Prerequisites for details. |
Obtaining Impersonation Role for Mail Migration
Mail migration requires Application Impersonation, so that knowledge of the users' credentials is not required. Impersonation role should be configured manually as described below:
- Login to the Office 365 Exchange Admin Portal.
- Go to permissions, then click “+” icon under admin roles to add a new role
- In the Role Group dialog, provide a meaningful name and an optional description for your Role Group. For example, “Impersonation for migration”.
- Click “+” icon under Roles, select ApplicationImpersonation and add it to the role group.
- Click “+” icon under Members, select an administrative account that will perform the migration and add it to the role group.
- Click Save.
|
|
NOTE: It may take some time before the changes are applied to take effect. |