MigrationWiz - Migration Planning - Modern Authentication for Office 365 mailbox migrations

BitTitan® now supports Modern Authentication for Office 365 endpoints used for Mailbox migrations. Modern Authentication provides a more secure authentication mechanism for registered applications to connect to Azure Active Directory and Office 365. 

The Autodiscovery of items option will not work with Modern Authentication in place.



  • A Global Administrator account with access to Azure Active Directory. MFA/2FA is not supported at this time. The administrator account will need to be excluded from these policies if enabled. 
  • MigrationWiz® Mailbox project(s) created and ready for configuration.
  • The application will require administrator consent


  1. Log in to the Azure AD admin console with a Global Administrator login.
  2. Select Azure Active Directory in the Azure Active Directory Admin Center.
  3. Select App Registrations, which is found under Manage.
  4. Select New Registration at the top of the screen.
  5. Give the app a distinct name. You can change this later if necessary.
  6. Select the Accounts in any organizational directory button.
  7. Under Redirect Uri, select Public Client (mobile & desktop) and set it to urn:ietf:wg:oauth:2.0:oob
  8. Click Register.
  9. Go back to App registrations.
  10. Select the App you just created.
  11. In the Overview, you will find a ClientId (aka Application) and Directory (Tenant) ID.
  12. Copy both of these to another application, such as Notepad, for use later in this process.
  13. Under the Manage menu, select Authentication.
  14. Set the option Allow public client flows to Yes
  15. Click Save.
  16. From the Manage menu, select API permissions.
  17. Select Add a Permission.
  18. Select APIs my organization uses

  19. Scroll down and select Office 365 Exchange Online

  20. Then select Delegated Permissions

  21. Select EWS

  22. Check the box under EWS for EWS.AccessAsUser.All.
  23. Click Add permissions. This permission only allows the OAuth application (MigrationWiz) to be associated with EWS. This does not grant access to all mailbox data.
  24. Click Grant admin consent.
  25. Click Yes to confirm the settings.
  26. In MigrationWiz, select the project that needs to be configured for Modern Authentication.
  27. Click the Edit Project menu.
  28. Select Advanced Options.
  29. Under Support Options enter the ClientID and TenantID information you saved earlier in the following format:
    • If enabling Modern Authentication for the Source:
      • ModernAuthClientIdExport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
      • ModernAuthTenantIdExport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    • If enabling Modern Authentication for the Destination:
      • ModernAuthClientIdImport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
      • ModernAuthTenantIdImport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 
        • Enter the specific ClientID and TenantID for your tenant in place of the xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.
        • These options can be entered for either the Source or the Destination, or both, depending on the settings on the tenants.
        • These options need to be configured for each MigrationWiz project that needs to have Modern Authentication enabled.

  30. Run a Verify Credentials to confirm that MigrationWiz can connect using Modern Authentication. 
  31. Click on the item that was verified. There will be a message in the MigrationWiz Migration Information page that Modern Authentication is being used. This message will show in the “Migration Errors” box; however, it is not an error. This is just a message confirming that Modern Authentication is now active and being used for connection.
Was this article helpful?
4 out of 7 found this helpful