Problem: Migrating to and/or from Microsoft
Solution:
- Don’t use a Global Admin account when setting up the BitTitan part, use a service account
- The service account should have a mailbox, Global Reader permissions and NO MFA
- Turn off MFA for the entire account if need be, follow instructions from: https://www.torontohelpdesk.ca/blog/office-365-mfa-is-turned-off-yet-it-still-prompts-for-it/
- If you get an error: your migration failed while checking destination credentials. One or more errors occurred
- https://help.bittitan.com/hc/en-us/articles/27481872521115-M365-Mailbox-and-Archive-Migrations-Performing-Migration-using-only-API-permissions#h_01J32YXTKMC07Q7YZD218GRMGX
- Delete the client secret (for the app)
- Create a new client secret
- Make sure you copy the Value and not the Secret ID
- Wait 20 minutes
Update
The destination only needs to have MFA turned off.
1. If the end user has Premium licensing
2. Go to Entra
3. Click on Properties
4. Scroll to the bottom and disabled Security Defaults
5. One of the options is to enable Conditional Policies, enable that
6. Go to Condional Policies and about 5 or so policies will show up, add the user/group the excluded for each one