User rights to migrate only some mailboxes

Occasional Contributor

Hi all,

 

is it possible to create a user with the rights to migrate to another tenant only some mailboxes?

I need to be sure that this user can't access to other mailboxes except those involved in the migration.

 

Thank you in advance

3 Replies
That depends on the migration tool/method, so you might as well elaborate on how you're planning to migrate? If using EWS or the Graph API, you can restrict access via the so-called Application access policies: https://practical365.com/new-application-access-policies-extend-support-for-more-scenarios/

Thank you @Vasil Michev for the reply, we need to migrate only the user mailboxes and the shared.

The tool that the parent company want to use is "codetwo".

You can create a user account with limited access rights. You'll simply need to manually assign Application Impersonation and View-Only Configuration roles (https://www.codetwo.com/kb/how-to-set-impersonation-rights-manually/) and limit their scope.