Creating a Sharepoint (Graph) Service Account
Creating a Sharepoint (Graph) Service Account provides elevated permissions that allow you to access additional information outside of a standard Office365 user/admin.
Creating the App Registration
First, go to https://portal.azure.com/ and search for "App Registrations":
Then click on "New Registration":
Then enter the following information and click Register:
Name: Migration Application
Supported Account Types: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
Adding the Necessary Permissions
Now, click on Manage > API Permissions > Add a Permission:
In the blade that appears, select Microsoft Graph:
And then select Application Permissions:
Then Add the following permissions (you may need to repeat this for each permission you are adding):
- Directory.ReadWrite.All
- Sites.ReadWrite.All
- User.ReadWrite.All
The permissions listed above are suitable for migrations into and out of Office365.
If you are simply doing migrations out of Office365, you may use the "Read" permission set instead of the "ReadWrite" permission set.
Once that is complete, click the "Grant Admin Content for {Org}" button:
Getting the Application "Username"
Click on Overview and note the Application (Client) ID and the Directory (Tenant) Id:
The Application Id is essentially a username.
The Directory Id is essentially your organization's Id.
Creating an Application Password (Secret)
Now click on Manage > Certificates & Secrets > New Client Secret
In the dialog that appears, enter the following values and click Add:
Description: Migration Application
Expires: 730 Days (24 Months)
The expiration of 730 days will accommodate nearly all scenarios.
For optimal security, this password should expire shortly after your migration will be complete.
Once the secret is created, save its value.
The Secret is essentially the password.
Account Creation Complete!
Once you have the Directory (Tenant) Id, Application Id, and Secret you have everything you need to log in as a service account.
Related Articles
Sharepoint Backups: Shards and Tokens
Before backing up data from Sharepoint, you should install fiddler. You should then start recording a new session and log into SharePoint. You are looking for a request that has a FedAuth and rtFA cookie set: You can right-click on each of these ...SharePoint Backup and Restore Concepts
In Microsoft SharePoint, Sites and Drives are two related but different concepts. Understanding their differences will allow you to correctly leverage Universal Migrator's SharePoint backup and restore features. Sites and Drives A SharePoint site is ...Tabs3 Backups: Creating a Table List
When connecting to TABS3, there are a few different database servers that may be used. To determine the correct database system, open the TABS3 System Configuration Utility: Then click Help > About System Config. You will then see something like this ...Clio Data Restore: Read Me First - Trust Account Balances
In order to push trust account balances into Clio exactly one trust account must exist prior to the start of the migration. Click on Accounts on the left, then click New account in the upper right. Ensure the account type is Trust. Fill in the other ...MyCase Injections: Error Creating Custom Fields
A bug exists in the MyCase application (not Universal Migrator) that can cause all attempts at creating any custom field to fail. In the event that this happens, please open a support ticket with MyCase and direct your representative to this article. ...