# SharePoint Online ### Introduction We are now recommending connecting to SharePoint with Application Access. This involves setting up a new application in Entra. ### Recommendations For best results when connecting to SharePoint Online in Movebot using Application Access, we recommend the following permissions: * Licensed account with Application Admin **or** Global Admin roles. * SharePoint domain/hostname on hand. ### Configuration Steps {% hint style="success" %} You can also follow our [step-by-step video guide below](#video-guide). {% endhint %} Connecting Movebot to SharePoint through this method requires a few different processes. 1. [Start Movebot Configuration](#start-configuration-in-movebot) 2. [Create an application in Entra](#creating-the-application-in-entra) 3. [Generate a client secret for the application](#generating-the-client-secret) 4. [Upload a certificate from Movebot to the application](#upload-a-certificate-from-movebot-to-the-application) #### **Start configuration in Movebot** {% hint style="warning" %} If you're migrating data within a single tenant, create separate application registrations for the source and destination connections to avoid rate limiting. {% endhint %} 1. Log in to Movebot and create a new project or task 2. Choose to **Create new Connection** 3. Select **Sharepoint** from the list of available connections and set the connection name 4. Provide the non-admin SharePoint domain in the field required #### Create an application in Entra 1. Log in to Entra as an Application Admin or Global Admin at [https://entra.microsoft.com](https://entra.microsoft.com/). 2. Create a new App Registration by expanding **Entra ID** and choosing **App registrations** 3. Name the application. Keep the other fields as default and click Register. 4. Copy the **Application (client) ID** from the "Overview" section and paste it into Movebot. 5. Next, give the application permissions. In Entra, select your newly-created app and then click **API Permissions --> Add a Permission**. 6. Select **Microsoft Graph,** then Application Permissions. Enable the following Permissions: ``` Directory.Read.All Files.ReadWrite.All SharePointTenantSettings.Read.All Sites.Manage.All User.ReadWrite.All ``` 7. Next, add SharePoint permissions for the application. To do this, return to your app and go to **API Permissions --> Add a Permission** once more. 8. Select **SharePoint**, then Application Permissions. Select the following permissions: ``` Sites.FullControl.All ``` 9. Click the option to **Grant admin consent** and finish the consent process. #### **Generate a client secret for the application** Next, you need to generate the client secret. Under the configuration for the application you created: 1. Click **Certificates and Secrets -- > Client Secrets -- > New Client Secret**. 2. Provide a description and set an expiry period, then click **Add.** Copy the Secret from the "Value" Field. 3. Return to Movebot and paste the Secret "Value" into the appropriate field #### Upload a certificate from Movebot to the application Finally, you will need to generate and download the client certificate from Movebot and upload it to Entra for authentication. 1. In Movebot - Under Step 3, click **Generate and Download Certificate**. You should get a PEM file download from Movebot. 2. In Entra - Click **Certificates and Secrets -- > Certificates -- > Upload Certificate** 3. Upload the PEM file created in Step 1 4. The thumbprint in Entra should match the one shown in Movebot 5. Return to Movebot and **Click Save and Test** connection in Movebot. 6. Wait for the **Status** to show the connection is online. Confirmation is generally done in seconds but may take a few minutes for larger SharePoint tenants. {% hint style="info" %} When creating an application in Entra, it can sometimes take a few minutes for the settings to populate. If testing the connection in Movebot is producing errors, give it a minute or so and then retest. {% endhint %} #### Video Guide {% embed url="" %} ### Common Errors Movebot supports migrations to and from SharePoint Online as part of Microsoft 365. Below is a list of common issues users encounter during SharePoint migrations, along with troubleshooting guidance and answers to frequently asked questions.
Error: Invalid client secret provided **Cause:** The client secret value is incorrect. **Resolution:** Double-check that you have copied and entered the **client secret value**, not the **client secret ID**. These are often confused but are different fields in Entra.
Error: SCP or roles claim need to be present in the token. **Cause:** Required claims are missing from the token. **Resolution:** Ensure all necessary API permissions are granted and that they are assigned as *Application* permissions, not *Delegated*. Also, confirm admin consent has been granted for these permissions.
Error: Tenant "domain.com" not found **Cause:** The specified SharePoint Tenant Domain does not exist or is misconfigured. **Resolution:** Verify that the tenant domain is correct. It should follow the format `yourcompany.onmicrosoft.com`
Error: Application with identifier 'a323b4ba-031...' was not found in the directory **Cause:** The application’s Client ID is incorrect or the app registration is missing. **Resolution:** Check that the correct Client ID is being used. Refer to **Step 7** of the [configuration steps](#configuration-steps), to confirm you have provided the proper ID.
Error: The certificate used to sign the client assertion is not registered **Cause:** The required certificate has not been uploaded to the application in Entra. **Resolution:** Generate the necessary certificate and upload it to the registered application in Entra. Refer to "**Upload the certificates from Movebot**" section of [configuration steps.](#configuration-steps)
Error: Could not find site (site-not-found) **Cause:** The SharePoint domain value is incorrect or the specified site does not exist. **Resolution:** Review your SharePoint configuration settings and ensure that you have specified the correct non-admin SharePoint domain. If the domain includes '-admin,' please remove it.a
Error: User Migration Failed (user-not-active) **Cause:** The user account is not currently active or fully provisioned in Microsoft 365. **Resolution:** First ensure the user has an active license assigned.\ If the user is newly created, their OneDrive may not yet be provisioned. You can either: * Pre-provision the user’s OneDrive using PowerShell ([learn more](https://learn.microsoft.com/en-us/sharepoint/pre-provision-accounts)). * Have the user sign in to OneDrive manually at least once to trigger provisioning.
Error: Call was made to the default drive, which is not supported for apponly tokens **Cause:** The OneDrive you are connecting to in the destination hasn't been provisioned yet. **Resolution:** You will need to pre-provision your OneDrive accounts so they are active before the migration by logging into them. You can do this in bulk following Microsofts current recommendations - [here](https://learn.microsoft.com/en-us/sharepoint/pre-provision-accounts)
### Frequently Asked Questions
Can Movebot migrate data between two Microsoft 365 tenants? **Answer:** Yes. Movebot supports bidirectional migrations between Microsoft 365 tenants, including full tenant-to-tenant migrations.
Can we restrict the app registration to only have access to specific users or sites? **Answer:** No. Currently, the app registration will have access to all users and sites within the tenant. More granular access control is not supported at this time.
Why does SharePoint show more storage used than Movebot? **Answer:** SharePoint includes all previous versions of files in its reported storage usage. By default, Movebot only counts the most recent version of each file, which can result in lower reported storage.
Can Movebot migrate data from a Classic SharePoint Site to a Modern Site? **Answer:** Yes. Movebot treats both Classic and Modern SharePoint sites the same. Data can be migrated seamlessly between them.
Can Movebot migrate custom column data between two SharePoint sites? **Answer:** Yes, this functionality is now available through a **beta feature**. When migrating between two SharePoint sites, you can choose to enable the **"Include SharePoint Column Metadata"** option to preserve metadata associated with SharePoint lists. Please note the following limitations: * This feature is **not supported** when using **Ludicrous Mode**. * Enabling it may result in **reduced migration performance** due to the additional processing required. * As a **beta feature**, it may still undergo changes and should be used with **caution in production environments**. We recommend testing thoroughly in a non-production environment before enabling this feature for critical workloads. Read the full article [here](https://docs.movebot.io/platform-guides/sharepoint/custom-column-metadata).
### Supported Features | Feature | Supported in | | ----------------------------- | --------------- | | SharePoint Document Libraries | Fully Supported | | OneDrive Users | Fully Supported | | Permissions | Fully Supported | | Versions | Fully Supported | | Modification Retention | Fully Supported | | Automatic Sanitization | Fully Supported | | SharePoint Column Metadata | Beta Feature | \ Tags: sharepoint