2 - "You do not have permission to access this resource": If you get the following errors at the script end of the target tenant configuration, ( when the source admin login is required ), please add the source tenant admin to the Azure Conditional Access policies exclusions.
3 - "The command isn't allowed in your Organization": If you get the following error executing the source tenant configration script, please run:
"Enable-OrganizationCustomization" and try again.
4 - "Service.ProxyService/OAuth'. Access is denied": If the migration batch fails with the following errors, please ensure that the Application ID is correct and reacheable from the source tenant. Accept again the invitation mail from the source tenant admin inbox.
If it still fails, you'll need to remove the organizationrelationship in both tenants, remove the migration endpoint in the source, and then delete the Azure Resource Group/Key Vault and run the scripts from scratch.
I hope this helps you. Soon I will publish a step-by-step guide for this type of migrations.