ShareGate's migration tool and Cloud copy need access to specific resources from Microsoft to work correctly. To obtain this access, a global admin must consent to the Azure ShareGate migration tool app to use delegated permissions on your tenant.
With these permissions, the ShareGate migration tool and Cloud copy can connect to your environment and perform actions.
Your network identifies this as an application performing actions and not you directly. As with all operations in ShareGate, your data remains secure.
For more information, see What is the Azure ShareGate migration tool app?
Required permissions
| Permission | Description |
|---|---|
| Read the members of the channels | Delegated: Allows the app to read the members of channels as the signed-in user. |
| Add and remove members from the channel | Delegated: Allows the app to add and remove members from channels as the signed-in user. It also allows the app to change members' roles. |
| Send channel messages | Delegated: Allows the app to send channel messages as the signed-in user. |
| Read and write the names, descriptions, and settings of channels | Delegated: Allows the app to read and write all channels' names, descriptions, and settings as the signed-in user. |
| Have full access to all files user can access | Delegated: Allows the app to read, create, update, and delete all files the signed-in user can access. |
| Read and write all OneNote Notebooks that the user can access | Delegated: Allows the app to read, share, and modify OneNote notebooks that the signed-in user can access. |
| View users' basic profile | Delegated: Allows the app to see users' basic profile (name, picture, user name) as the signed-in user. |
| Create, read, update, and delete user's tasks and task list | Delegated: Allows the app to create, read, update, and delete the signed-in user's tasks and task lists, including any shared with the user. |
| Create teams | Delegated: Allows the app to create teams as the signed-in user |
| Add and remove members from teams | Delegated: Allows the app to add and remove members from teams as the signed-in user. Also allows the app to change members' roles. |
| Manage user's installed Teams apps | Delegated: Allows the app to read, install, upgrade, and uninstall Teams apps for the signed-in user. It does not give the ability to read application-specific settings. |
| Read and change teams' settings | Delegated: Allows the app to read and change all teams' settings as the signed-in user. |
| Read and write tabs in Microsoft Teams | Delegated: Allows the app to read, install, upgrade, and uninstall Teams apps as the signed-in user and for teams the signed-in user is a member of. |
| Access directory as the signed-in user | Delegated: Allows the app to have the same access to information in the directory as the signed-in user. |
| Read user files | Delegated: Allows the app to read the signed-in user's files. |
| Read all groups | Delegated: Allows the app to read basic group properties and memberships on behalf of the signed-in user. |
| Read and write all groups | Delegated: Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Additionally allows group owners to manage their groups and allows group members to update group content. |
| Sign in and read the user profile | Delegated: Allows users to sign in to the app and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |
| Have full control of all site collections | Delegated: Allows the app to have full control of all site collections on behalf of the signed-in user. |
| Read and write items and lists in all site collections | Delegated: Allows the app to read, create, update, and delete document libraries and lists in all site collections on behalf of the signed-in user. |
| Read items in all site collections | Delegated: Allows the app to read documents and list items in all site collections on behalf of the signed-in user. |
| Read and write items in all site collections | Delegated: Allows the app to create, read, update, and delete documents and list items in all site collections on behalf of the signed-in user. |
| Read user files | Delegated: Allows the app to read the current user's files. |
| Read and write user files | Delegated: Allows the app to read, create, update, and delete the current user's files. |
| Run search queries as a user | Delegated: Allows the app to run search queries and to read basic site info on behalf of the currently signed-in user. Search results are based on the user's permissions instead of the app's permissions. |
| Read managed metadata | Delegated: Allows the app to read managed metadata and to read basic site info on behalf of the signed-in user. |
| Read and write managed metadata | Delegated: Allows the app to read, create, update, and delete managed metadata and to read basic site info on behalf of the signed-in user. |
| Read user profiles | Delegated: Allows the app to read user-profiles and to read basic site info on behalf of the signed-in user. |
| Read and write user profiles | Delegated: Allows the app to read and update user profiles and to read basic site info on behalf of the signed-in user. |