Cross-tenant mailbox migration: Common issues.

Iron Contributor

As most of you already know, Microsoft allows you to perfomr cross tenant Exchange Online migrations. (Preview). Cross-tenant mailbox migration - Microsoft 365 Enterprise | Microsoft Docs

I alredy did a couple of those migrations and faced some common issues, so I'll explain them here with the correspondent troubleshooting.


1- "Missing PS Modules": Ensure that you have installed all the required modules before launching the target Tenant configuration script, or you'll get the following PS errors:



To fix this, run the following cmdlts and after that execute the configuration script again:


Install-Module AzureRM.Insights -AllowClobber -Scope CurrentUser

Install-Module AzureRM.KeyVault -AllowClobber -Scope CurrentUser

Install-Module AzureRM.Profile -AllowClobber -Scope CurrentUser

Install-Module AzureRM.Resources -AllowClobber -Scope CurrentUser


2 - "You do not have permission to access this resource": If you get the following errors at the script end of the target tenant configuration, ( when the source admin login is required ), please add the source tenant admin to the Azure Conditional Access policies exclusions.




3 - "The command isn't allowed in your Organization": If you get the following error executing the source tenant configration script, please run:

"Enable-OrganizationCustomization" and try again.




4 - "Service.ProxyService/OAuth'. Access is denied": If the migration batch fails with the following errors, please ensure that the Application ID is correct and reacheable from the source tenant. Accept again the invitation mail from the source tenant admin inbox.


If it still fails, you'll need to remove  the organizationrelationship in both tenants, remove the migration endpoint in the source, and then delete the Azure Resource Group/Key Vault and run the scripts from scratch.





I hope this helps you. Soon I will publish a step-by-step guide for this type of migrations.



0 Replies