Cloudiway.com Portal
Getting Started

Azure App Registration Setup for Cloud Migration

Create and configure Azure App Registration for secure Microsoft 365 migrations with modern authentication.

Overview

Azure App Registration provides secure application authentication for Microsoft 365 migrations. While Cloudiway can automatically create the application, manual creation gives you full control over permissions and security settings.

Automatic vs Manual Setup

Cloudiway offers automatic app registration creation through the platform. This guide is for administrators who prefer manual setup for additional control or compliance requirements.

Step 1: Certificate Creation

Create a self-signed certificate for secure authentication. Certificates are now preferred over client secrets for enhanced security.

# PowerShell - Generate self-signed certificate

$cert = New-SelfSignedCertificate `
  -Subject "CN=CloudiwayMigration" `
  -CertStoreLocation "Cert:\CurrentUser\My" `
  -KeyExportPolicy Exportable `
  -KeySpec Signature `
  -KeyLength 2048 `
  -KeyAlgorithm RSA `
  -HashAlgorithm SHA256 `
  -NotAfter (Get-Date).AddYears(2)

# Export certificate (.cer) for Azure
Export-Certificate -Cert $cert `
  -FilePath "C:\Certs\CloudiwayMigration.cer"

# Export private key (.pfx) - keep secure
$password = ConvertTo-SecureString `
  -String "YourSecurePassword" `
  -Force -AsPlainText

Export-PfxCertificate -Cert $cert `
  -FilePath "C:\Certs\CloudiwayMigration.pfx" `
  -Password $password

Security Notice

Keep the .pfx file and password secure. Never share the private key. The .cer file (public certificate) is safe to upload to Azure.

Step 2: App Registration

Create the application in Azure Portal:

  1. 1
    Navigate to Microsoft Entra ID

    Go to portal.azure.com → Microsoft Entra ID (formerly Azure AD)

  2. 2
    Create New Registration

    Click App registrationsNew registration

  3. 3
    Configure Basic Settings
    • Name: Cloudiway Migration (or your preferred name)
    • Supported account types: Accounts in this organizational directory only
  4. 4
    Add Redirect URIs (for Teams migration)

    If migrating Teams direct messages, add these redirect URIs:

    • • https://portal.cloudiway.com/teams/callback
    • • https://portal.cloudiway.com/connector
  5. 5
    Register

    Click Register to create the application

After registration, note the Application (client) ID - you'll need this for Cloudiway configuration.

Step 3: Credentials Setup

Configure authentication credentials for the application:

Certificate (Recommended)

  1. 1. Go to Certificates & secrets
  2. 2. Click Certificates tab
  3. 3. Click Upload certificate
  4. 4. Select your .cer file
  5. 5. Click Add

Client Secret (Alternative)

  1. 1. Go to Certificates & secrets
  2. 2. Click Client secrets tab
  3. 3. Click New client secret
  4. 4. Add description and expiry
  5. 5. Copy the secret value immediately

Enable Public Client Flows

  1. 1. Go to Authentication
  2. 2. Scroll to Advanced settings
  3. 3. Set Allow public client flows to Yes
  4. 4. Click Save

Step 4: API Permissions

Grant the appropriate permissions based on your migration type. Each migration scenario requires specific API scopes.

Permission Types

Application permissions allow the app to act on its own behalf. Delegated permissions require a signed-in user. Migration typically uses application permissions.

Common Permissions by Migration Type

Mail Migration

  • • Mail.ReadWrite (Application)
  • • Calendars.ReadWrite (Application)
  • • Contacts.ReadWrite (Application)
  • • User.Read.All (Application)

OneDrive/SharePoint Migration

  • • Files.ReadWrite.All (Application)
  • • Sites.FullControl.All (Application)
  • • User.Read.All (Application)

Teams Migration

  • • Team.ReadBasic.All (Application)
  • • TeamMember.ReadWrite.All (Application)
  • • Channel.ReadBasic.All (Application)
  • • ChannelMessage.Read.All (Application)

Grant Admin Consent: After adding permissions, click Grant admin consent for [your tenant] to activate the permissions.

Step 5: Entra Roles

Assign the required Microsoft Entra administrator roles to the application:

  1. 1
    Navigate to Roles and administrators

    In Microsoft Entra ID, go to Roles and administrators

  2. 2
    Add Exchange Administrator role

    Search for "Exchange Administrator", click it, then add your app registration

  3. 3
    Add Exchange Recipient Administrator role

    Repeat for "Exchange Recipient Administrator"

Required Roles

Both Exchange Administrator and Exchange Recipient Administrator roles are required for mail migration operations.

Cloudiway Configuration

After completing Azure setup, configure the connector in Cloudiway with these credentials:

Required Information

  • Client ID

    The Application (client) ID from your app registration

  • Client Secret

    If using secret authentication (save immediately upon creation)

  • Certificate File (.pfx)

    If using certificate authentication

  • Certificate Password

    The password used when exporting the .pfx file

Related Articles

Was this article helpful?

We value your feedback

Help us improve your experience

What would you like to share with us?

Need direct support? Open a ticket