LogoLogo
Movebot HomeLogin
  • Welcome
  • CONNECTIONS
    • SharePoint Online
    • Google Workspace Drives
    • Windows File Server
    • Dropbox Business
    • Egnyte
    • Box
    • BIM 360 Docs
    • Amazon WorkDocs
    • Citrix ShareFile
    • Google Workspaces Gmail
    • Outlook Online (Office 365) EWS
    • Exchange Server
    • IMAP Server
    • pCloud
    • Block Storage
      • Amazon S3
      • Azure Files
      • Azure Blob
      • Google GCS
      • Backblaze B2
      • Wasabi
    • Other Connectors
      • SFTP Server
      • Google Drive (Personal)
      • Dropbox Personal
      • SharePoint via Application Access
  • Features
    • Overview
    • Data Migrations with Movebot
    • Mail Migrations with Movebot
    • Calendar Migrations with Movebot
  • Using Movebot
    • Overview
    • Scan and Discovery
      • Project Discovery Scan
      • Searching Scan Results
      • Adding Transfers from Scan
      • Warnings and Issues
    • Transfer Mapping
      • Add User Mappings
      • Add Team/Shared Drives
      • Add Network Mappings
      • Import CSV Mappings
      • Excluding Content
    • Permissions and Metadata
      • Mapping Permissions
      • Scanning permissions
      • Manual Permissions
    • Transfer Execution and Cutover
      • Deltas and Changes
      • Failures and Errors
      • Pausing/Resuming
      • Scheduling
      • Data Localization
  • Platforms Guides
    • Overview
    • Google
      • SharedWithMe content
      • Sharing and Ownership
      • Performance and Limits
      • Deduplication of files/folders
      • Delegating Domain Wide Authority
      • Mail ingestion methods
    • SharePoint
      • Granting OneDrive Access
      • Custom Column Metadata
      • Performance Limits and SharePoint Ludicrous Mode
    • Windows Fileservers
      • Server Requirements
      • Proxy Configuration
      • Non-GUI Environments
      • Running the Movebot Agent as a Service
      • Logging and Debugging
      • Windows 2012 R2 Guide
      • Windows 2008 R2 Guide
    • Dropbox
      • Namespaces and Limitations
    • Others
      • Exchange Web Services (EWS)
        • How to disable EWS throttling
  • Troubleshooting
    • Performance and Speed
    • Errors and Failures
      • Common Errors
        • Error: user-not-active
        • Error: token-expired
        • Error: unknown-error
        • Error: user-not-found
        • Error: file-not-found
        • Error: invalid-filename-characters
        • Error: duplicate-file-name
        • Error: permissions-mapping-incomplete
        • Error: access-denied
        • Error: uploaded-size-mismatch
    • Hipaa Regions
  • Login to Movebot
Powered by GitBook
On this page
  • Introduction
  • Recommendations
  • Configuration Steps
  • Common Errors
  • Frequently Asked Questions
  • Supported Features

Was this helpful?

Export as PDF
  1. CONNECTIONS

SharePoint Online

Learn how to connect to Sharepoint Online with Application Access

Last updated 7 hours ago

Was this helpful?

Introduction

We are now recommending connecting to SharePoint with Application Access. This involves setting up a new application in Azure.

Recommendations

For best results when connecting to SharePoint Online in Movebot using Application Access, we recommend the following permissions:

  • A Global Administrator service account in Azure

  • The Global Administrator account is licensed

  • You have the SharePoint domain/hostname on hand.

If you are unable to connect as a Global Administrator, contact us for alternative configuration options.

Configuration Steps

You can also follow our .

To connect to SharePoint you'll need to create an application in Azure, then use that application to connect Movebot and SharePoint.

Creating the application in Azure

If you're migrating data within a single tenant, create separate application registrations for the source and destination connections to avoid rate limiting.

When creating an application in Azure it can sometimes take a few minutes for the settings to populate. If testing the connection in Movebot is producing errors, give it a minute or so and then retest.

  1. Login to Movebot and create a new project or task

  2. Choose to Create new Connection

  3. Select Sharepoint from the list of available connections and set the connection name

  4. Provide the non-admin SharePoint domain in the field required

  5. Name the application. Keep the other fields as default and click Register.

  6. Copy the Application ID from the "Overview" section and paste it into Movebot.

  7. In Azure in the Application permissions, click API Permissions --> Add a Permission. Select Microsoft Graph, then Application Permissions.

Enable the following Permissions:

Directory.Read.All
Files.ReadWrite.All
SharePointTenantSettings.Read.All
Sites.Manage.All
User.ReadWrite.All
  1. Next add the access, under Azure in the Application permissions, click API Permissions --> Add a Permission. Select Sharepoint, then Application Permissions.

Select the following permissions:

Sites.FullControl.All
  1. Grant admin consent and finish the consent process.

Generating the client secret

Under the application configuration:

  1. Click Certificates and Secrets -- > Client Secrets -- > New Client Secret. Provide a description and Add. Copy the Secret from the "Value" Field.

  2. Return to Movebot and Paste the Secret "Value" into the appropriate field

Upload the certificates from Movebot

Finally, you will need to generate and download the client certificate from Movebot and upload it to Azure for authentication.

  1. Under Step 3: click the button Generate and Download Certificate. You should get a PEM file download from Movebot.

  2. In Azure - Click Certificates and Secrets -- > Certificates -- > Upload Certificate

  3. Upload the file created in step 1

  4. The thumbprint in Azure should match the one shown in Movebot

  5. Return to Movebot and Click Save and Test connection in Movebot.

  6. If the connection has succeeded, you can continue.

Video Guide

Common Errors

Movebot supports migrations to and from SharePoint Online as part of Microsoft 365. Below is a list of common issues users encounter during SharePoint migrations, along with troubleshooting guidance and answers to frequently asked questions.

Error: Invalid client secret provided

Cause: The client secret value is incorrect.

Resolution: Double-check that you have copied and entered the client secret value, not the client secret ID. These are often confused but are different fields in Azure.

Error: SCP or roles claim need to be present in the token.

Cause: Required claims are missing from the token.

Resolution: Ensure all necessary API permissions are granted and that they are assigned as Application permissions, not Delegated. Also, confirm admin consent has been granted for these permissions.

Error: Tenant "domain.com" not found

Cause: The specified SharePoint Tenant Domain does not exist or is misconfigured.

Resolution: Verify that the tenant domain is correct. It should follow the format yourcompany.onmicrosoft.com

Error: Application with identifier 'a323b4ba-031...' was not found in the directory

Cause: The application’s Client ID is incorrect or the app registration is missing.

Error: The certificate used to sign the client assertion is not registered

Cause: The required certificate has not been uploaded to the application in Entra.

Error: Could not find site (site-not-found)

Cause: The SharePoint domain value is incorrect or the specified site does not exist.

Resolution: Review your SharePoint configuration settings and ensure that you have specified the correct non-admin SharePoint domain. If the domain includes '-admin,' please remove it.a

Error: User Migration Failed (user-not-active)

Cause: The user account is not currently active or fully provisioned in Microsoft 365.

Resolution: First ensure the user has an active license assigned. If the user is newly created, their OneDrive may not yet be provisioned. You can either:

  • Have the user sign in to OneDrive manually at least once to trigger provisioning.

Frequently Asked Questions

Can Movebot migrate data between two Microsoft 365 tenants?

Answer: Yes. Movebot supports bidirectional migrations between Microsoft 365 tenants, including full tenant-to-tenant migrations.

Can we restrict the app registration to only have access to specific users or sites?

Answer: No. Currently, the app registration will have access to all users and sites within the tenant. More granular access control is not supported at this time.

Why does SharePoint show more storage used than Movebot?

Answer: SharePoint includes all previous versions of files in its reported storage usage. By default, Movebot only counts the most recent version of each file, which can result in lower reported storage.

Can Movebot migrate data from a Classic SharePoint Site to a Modern Site?

Answer: Yes. Movebot treats both Classic and Modern SharePoint sites the same. Data can be migrated seamlessly between them.

Can Movebot migrate custom column data between two SharePoint sites?

Answer: Yes, this functionality is now available through a beta feature. When migrating between two SharePoint sites, you can choose to enable the "Include SharePoint List Metadata" option to preserve metadata associated with SharePoint lists.

Please note the following limitations:

  • This feature is not supported when using Ludicrous Mode.

  • Enabling it may result in reduced migration performance due to the additional processing required.

  • As a beta feature, it may still undergo changes and should be used with caution in production environments.

We recommend testing thoroughly in a non-production environment before enabling this feature for critical workloads.

Supported Features

Feature
Supported in

SharePoint Document Libraries

Fully Supported

OneDrive Users

Fully Supported

Permissions

Fully Supported

Versions

Fully Supported

Modification Retention

Fully Supported

Automatic Sanitization

Fully Supported

SharePoint Column Metadata

Beta Feature

Tags: sharepoint

Login to Entra as a Global Administrator and register a new application at and create a new App Registration via Identity -> Applications -> App registrations

Resolution: Check that the correct Client ID is being used. Refer to Step 7 of the , to confirm you have provided the proper ID.

Resolution: Generate the necessary certificate and upload it to the registered application in Entra. Refer to "Upload the certificates from Movebot" section of

Pre-provision the user’s OneDrive using PowerShell ().

Read the full article .

https://entra.microsoft.com
learn more
here
step-by-step video guide below
configuration steps
configuration steps.