Obtaining a Client and Tenant ID for a Microsoft 365 Migration

With an email migration to or from Microsoft 365, we only support Modern Authentication for Microsoft 365 endpoints used for Mailbox, Online Archive mailbox, and Public Folder migrations. Modern Authentication provides a more secure authentication mechanism for registered applications to connect to Microsoft Entra ID and Microsoft 365. 

Microsoft's documentation explains enabling and disabling Modern Authentication for Exchange Online.

Registration and Configuration


Below the steps, please find corresponding images representing each step or a group of steps.

  1. Log in to the Microsoft Entra admin center with a Global Administrator login.
  2. Click View all products and select Microsoft ID (Azure AD) in the Microsoft Entra Admin Center.
  3. In the left sidebar, open the Applications dropdown list and select App Registrations, which is found under Identity.
  4. Select New Registration at the top of the screen.

    New App Office 365
  5. Give the app a distinct name. You can change this later if necessary.
  6. Select the Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multi Tenant) radio button.
  7. Under Redirect URI (optional), select Public client/native (mobile & desktop) and set it to urn:ietf:wg:oauth:2.0:oob
  8. Click Register.
    Microsoft 365 App Name
  9. In the Overview tab, you will find the Application (client) ID and the Directory (Tenant) ID.
  10. Copy both of these to another application, such as Notepad, for use later in this process.
    Authentication Settings
  11. Under the Manage menu, select Authentication.
  12. Set the option Allow public client flows to Yes
  13. Click Save.
    Add Permissions
  14. From the Manage menu, select API permissions.
  15. If an API permission is named User.Read under Microsoft Graph is already present, this can be removed. The Microsoft Graph API does not apply to this project type and is not used.
  16. Click Add a Permission.
    API Permissions
  17. Select APIs my organization uses.
  18. Scroll down or search for the following permissions Office 365 Exchange Online.
    Request API permissions

  19. Select Delegated Permissions.

  20. Select EWS.

  21. Check the box under EWS for EWS.AccessAsUser.All.
  22. Click Add Permissions. This permission only allows the OAuth application (MigrationWiz) to be associated with EWS.


    This does not grant access to all mailbox data.
    Request API permissions
  23. Click Grant admin consent.
    Grant Permissions
  24. Click Yes to confirm the settings. Under the Status column, you should see a message that permission has been granted for the domain.
  • 134 Users Found This Useful
Was this answer helpful?

Related Articles

Webmail keyboard shortcuts

When you login to Webmail, your premium webmail account includes various keyboard shortcuts....

Moving an Email into a Folder

To move an email into another folder, click and drag the email from the email list to a folder in...

Renaming a Folder

To rename a folder with Webmail, follow the directions below:1. Right-click on the email folder...

Automatically forward email to another email account

You can use the email forwarding feature to send incoming email to an external email account by...

Best practice for Thexyz email storage maintenance

This article describes how to monitor user storage in the Thexyz Email Admin Control Panel as...