Granular Permissions
This section lists the minimum permissions required for Azure AD Administrative accounts to perform specific On Demand Migration tasks. You can use PowerShell to assign these roles to your Azure AD administrative account. All of the listed roles are required, but you can select any of the roles separated by -OR-.
| Product Feature | Minimum Permissions for source | Minimum Permissions for target |
|---|---|---|
| Exchange Online processing (Exchange Online license must be assigned) | ||
|
Address Rewriting |
Transport Rules Remote and Accepted Domains Distribution Groups Security Group Creation and Membership |
Transport Rules Remote and Accepted Domains Distribution Groups Security Group Creation and Membership |
|
Calendar sharing |
Federated Sharing |
Federated Sharing |
|
Discovery |
View-Only Recipients -OR- Mail Recipients |
|
|
Account Migration |
View-Only Recipients -OR- Distribution Groups |
Security Group Creation and Membership Mail Recipient Creation |
|
Mail Migration |
ApplicationImpersonation |
Mail Recipients ApplicationImpersonation |
| Mailbox Switch |
Mail Recipients ApplicationImpersonation |
Mail Recipients ApplicationImpersonation |
|
Mailbox Permissions Migration |
Mail Recipients | Mail Recipients |
| Azure AD Roles | ||
|
Account Migration (guest users migration) |
Guest inviter | |
|
Resource processing |
Guest inviter | |
| SharePoint Roles (SharePoint license must be assigned) | ||
|
OneDrive Migration (provisioning only) |
SharePoint administrator | |
Using Collections
You can use collections to streamline the migration process. There are two approaches:
- You can select discovered accounts and create a new collection for them
- You can create a new empty collection and then populate it with discovered accounts using comma-separated CSV file.
To create a new collection based on selected accounts:
- Click Accounts on necessary migration project
- Select accounts you want to combine into the collection. You can use search for filtering out the accounts by certain criteria or simply hand-pick the individual accounts or mailboxes from the list.
- Click +New Collection
To create a new empty collection and then populate it with accounts:
- On the
- Enter the informative collection name. Click Save to add this collection to the project.
- Populate it using comma-separated values (CSV) file as specified in Populating Collections from File.
Populating from File
You can populate any existing collection using a comma-separated values (CSV) file with account attributes.
|
|
NOTES:
|
To populate collection from CSV file
- Prepare a comma-separated values (CSV) file with data of discovered accounts you want to add to the collection. File can contain accounts that have not been discovered, but these accounts won"t be added to the collection. One of the columns should contain the user principal names (UPNs). For example:
userPrincipalName,email,objectID
Example@testexample.onmicrosoft.com,Example@testdomain.com,d6801a8b-5cb1-48f4-9757-4465564c5c63
- Select a collection you want to populate on Dashboard and click it to open the Collection Dashboard
- Click Fill from File to populate the collection with discovered objects you specified in the file created on Step 1.
- Click Browse to open the comma-separated CSV file created on Step 1.
- Browse for file and click Open. Selected file name appears next to the Browse button.
- Click Populate to populate the collection.
The collection is populated. You can see added objects on the Collection Dashboard.
|
|
NOTE: The objects that do not exist in the source and/or target tenants and the source accounts that are not enumerated during the Discovery are ignored without producing an event. |
Exporting Mapping for Selected Objects
To export the mapping as a comma-separated values (CSV) file, select objects in the grid and click
You can customize this file and use it as a base for manual mapping.