When you choose Modern Authentication, then you need to register the application in the Azure Active Directory and provide adequate permissions to new registration. Later, you can generate Client ID, Tenant ID, and Client Secret.

To create the app registration, follow the below steps-

Step 1

Open a web browser and type portal.azure.com, then sign in with the administrator credentials of Azure cloud.

Step 2

Click App registrations.

Note: You can also type App registrations in the search bar and open the service from there.

Step 3

After opening the App registration wizard, click the New registration option.

Step 4

Provide any name to the app registration entry. For supported account types, you need to choose the option based on your account. Then click the Register option.

Step 5

After registering the app, you need to enable APIs in it. Click API Permissions in the Manage category. There will be different permissions for the registered applications

For Microsoft Teams

Step 5.1

Click Add a permission.

Step 5.2

Click and Open Microsoft Graph.

Step 5.3

Choose Application Permissions.

Step 5.4

Apply all the permissions given in the below table.

Migration Type Permission Category Permissions
For Microsoft Teams Team Team.Create
Group Group.Read.All
Group.ReadWrite.All
Files Files.Read.All
Files.ReadWrite.All
Sites Sites.Read.All
Sites.ReadWrite.All
User User.Read
User.Read.All
User.ReadWrite.All
Teamwork Teamwork.Migrate.All
Directory Directory.ReadWrite.All
Directory.AccessAsUser.All
Directory.Read.All
Calendar Calendar.Read
Calendar.ReadWrite
GroupMember GroupMember.Read.All
GroupMember.ReadWrite.All
ChannelMessage ChannelMessage.Read.All
TeamSettings TeamSettings.Read.All
TeamSettings.ReadWrite.All
TeamsTab TeamsTab.Create
TeamsTab.Read.All
TeamsTab.ReadWrite.All
TeamsTab.ReadWriteForChat.All
TeamsTab.ReadWriteForTeam.All
TeamsTab.ReadWriteForUser.All
For Office 365 Exchange Exchange.ManageAsApp
Full access Full_access_as_app

For Office 365 (Exchange Online)

To migrate Office 365 mailbox contents, it requires API permissions that provide it full access to the registered App.

Step 5.1

In API Permissions, click Add a permission. At the top of the Request API permissions pane, click the ‘APIs my organization uses’ tab and search Office 365 Exchange Online.

Step 5.2
Migration Type Permission Category Permission
For Office 365 Exchange Exchange.ManageAsApp
Full Access Full_access_as_app

After choosing the application, you should click Add Permissions.

Step 6

Once you have enabled all the APIs in the newly registered apps, you should grant admin consent for the account. Click the option.

Step 7

Click Yes, to grant the confirmation for admin consent.

Step 8

Go to Overview on the left-hand panel and copy Application (Client ID) and tenant ID that you will need to connect.

For OneDrive/SharePoint Online

To migrate content from OneDrive and SharePoint Online account, no API permissions are required. It will need some App’s Permission Request XML. It process is given in the following page- https://www.nucleustechnologies.com/sharepoint-migration/modern-auth-sharepoint-permissions.html

Generate the Client Secret

Step 1

Type secrets in the text box and click on certificates & secrets. Then click New client secret.

Step 2

Provide a brief description for the new secret. Also, choose period till you want to use the secret. Then click Add.

Step 3

Copy the Secret ID as you will require it at the login page to connect the mailbox.

Assign Role and Administrator

For adding Office 365 account, you need to provide administrative role to the account for accessing mailbox.

Step 1

Go to Active Directory Dashboard and Select Role and Administrators. Search for ‘Global administrator’ and double-click on it.

Step 2

Under assignments category, click ‘add assignments.’

Step 3

Enter the name of the registered app and click Add to assign the role to it.

OR

Step 4

If no members have been assigned here, so click ‘No Members selected.’

Step 5

Type the name of the app that you have added in the Azure Active Directory. Choose it, then click Select.

Step 6

A new member has been added. Click Next.

Step 7

In Assignment Type, choose Active. Set the Assignment duration and provide a justification for assignment. Finally, click Assign.