Microsoft 365 Migration Guide

Phase 1: Microsoft Entra ID (Azure) Application Setup

Before we can migrate mailboxes to Microsoft 365, we must register an application in Microsoft Entra ID (formerly Azure AD). This generates the Client ID and Client Secret needed for secure OAuth authentication, and enables the required IMAP permission.

Note: You only need to complete this phase once per Microsoft 365 tenant.

Phase 1: Register the Azure Application

1) Create the App

  1. Log into the Azure Portal: https://portal.azure.com
  2. Use the top search bar to find Microsoft Entra ID (formerly Azure AD), then click it.
  3. In the left sidebar, click App registrations, then click New registration.
  4. Set the following:
    • Name: IMAPSync Migration Studio (or any name you prefer)
    • Supported account types: Select the third option:
      Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts
      This is required to migrate external clients, not only users within your own tenant.
    • Redirect URI: Select Web and enter the exact URL where your app will live, ending in oauth.php.
      Example: https://linux.thexyz.com/start/oauth.php
      The URL must match exactly. We will build this file in the next phase.
  5. Click Register.

2) Save Your Client ID

  1. On the Overview page that loads immediately after registration, copy the Application (client) ID.
  2. Save it in a secure notepad or password manager.

3) Generate Your Client Secret

  1. In the left sidebar, click Certificates & secrets.
  2. Click New client secret.
  3. Enter a description (for example: Web App Key) and set the expiry to 24 months.
  4. Click Add.
Critical: Immediately copy the value shown in the Value column and save it securely. Microsoft will permanently hide this value as soon as you leave the page. If you lose it, you must create a new secret.

4) Add the IMAP Permission

  1. In the left sidebar, click API permissions.
  2. Click Add a permission.
  3. Select the APIs my organization uses tab.
  4. Search for Office 365 Exchange Online and click it.
  5. Click Delegated permissions.
  6. Search for and check IMAP.AccessAsUser.All.
  7. Click Add permissions.
Important: After adding the permission, if you see an option to Grant admin consent, complete it. Without admin consent, OAuth sign-in may fail during migration.

Phase 1 Complete

You should now have the following saved securely:

  • Application (client) ID
  • Client Secret value

Next: Phase 2: OAuth Configuration and Authorization

  • 0 Notendur fundu þetta gagnlegt
Kom þetta að gagni?

Skyldar greinar

How to create an email alias

Aliases are a great way to create an alternate name for an existing mailbox and mask your real...

How to create a Group List of email recipients

We have an easy way to send group emails without having to risk people's privacy and security of...

Email everyone on a domain

You can send an email to everyone on your domain. To email everyone, log into the Email Admin...

Preparing your email migration

Now you have made the choice to have Thexyz host your email, there are a few things to take note...

Manage domain aliases with the Email Admin Control Panel

Email administrators can create domain aliases for their existing domains in the email...