Connecting to target Office 365

Once you installed CodeTwo Office 365 Migration and configured a source environment, it is time to create a connection to your target Office 365 tenant.

To configure a target connection, you need to launch the Target server connection wizard. There are two ways to do that:

  • click the Settings (Office 365 Migration settings button temp) button on the Defined target server connections card, and then click New (Fig. 1.); or
  • click Create a new migration job on the How to start card, go to the Target mailboxes step, and then choose Add new target connection from the Target server drop-down list.

O365 Migration target opening wizard v3.2
Fig. 1. Opening the target server connection wizard.

Either way, the Target server connection wizard will open. The wizard consists of the following steps:

Office 365 cloud (legacy setting)

In the Office 365 cloud step (legacy setting), select Office 365 global, as you can no longer migrate your data to the Office 365 Germany cloud (Microsoft retired Microsoft Cloud Deutschland on October 29, 2021). Read more about Office 365 Germany

Application registration

To connect to your Office 365 tenant, you need to register CodeTwo Office 365 Migration in that tenant's Azure Active Directory. By doing so, the program will be able to authenticate with Office 365 via OAuth 2.0, access and/or create target mailboxes and perform the migration tasks on your behalf.

There are two options available:

Automatic registration

Select this option if you want the CodeTwo migration application to register itself in your Azure AD. Click Log in as Office 365 admin (Fig. 2.) to load the Azure sign-in page.

Registering the program automatically in Azure AD.
Fig. 2. Registering the program automatically in Azure AD.

Next, provide the credentials of a global admin of your Office 365 tenant and accept all permissions the application has requested to be able to perform the migration (Fig. 3.).

Office 365 Migration - target Office 365 connection - Azure permissions
Fig. 3. Granting the necessary permissions to CodeTwo Office 365 Migration.

The application will be registered as CodeTwo Office 365 Migration Target in your Azure AD and will be signed with a unique certificate, valid for 5 years.


Each time you configure a new Office 365 server connection in the program by using the Automatic registration option, a new CodeTwo migration application entry will be registered in your Azure AD (this does not apply to situations where you edit an existing connection). If you don't want to duplicate these entries in your tenant, select the Manual registration option and provide the registration details of the previously registered CodeTwo migration application in the Application details step. You can view the application registration details by signing in to your Azure Active Directory admin center and navigating to Azure Active Directory > App registrations.

Keep in mind even if you delete this connection from the program, or once the migration is finished, the application will not be deleted from your Azure AD. To delete it manually, follow these steps.

Manual registration

Select the Manual registration option (Fig. 4.) if you prefer to register the CodeTwo migration application in Azure AD by yourself. A step by step guide on how to do so is available in this Knowledge Base article. Click Next to proceed to the next step, where you need to provide the application registration details. 

Selecting the Manual registration option.
Fig. 4. Selecting the Manual registration option.

Application details

The Application details step is required only if you have selected the Manual registration option. You are asked to provide the following information:

  • Dedicated application mailbox – the email address of any user from your target Office 365 tenant. This account is used to gain access to the tenant's information, such as name, domain, etc. You cannot use the same email address to configure multiple connections to the target tenant – to configure another connection to the same Office 365 tenant, use credentials of another user.


    If you intend to migrate public folders as well, the user whose email address you provide in this field needs to have Owner rights to the root public folder and any subfolders, to which you will be migrating your source data (learn more). For this reason, we recommend entering the email address of an admin account, rather than any regular user account.

  • Client ID – this is the ID assigned to CodeTwo Office 365 Migration after the application has been registered in your Azure AD. The ID can be found on the application's Overview page in the Azure Active Directory admin center, under Application (client) ID (Fig. 5.).
  • Tenant ID – this the ID of your Office 365 tenant. It also can be found on the application's Overview page, under Directory (tenant) ID (Fig. 5.).
  • Certificate thumbprint or Client secret – only one of these credentials needs to be provided in the wizard. You can add or view certificates and client secrets (app passwords) on the application's Certificates & secrets page in Azure Active Directory (Fig. 6.).

O365 Migration target connection - Azure AD application Overview page
Fig. 5. Client and tenant IDs shown on the application's Overview page in Azure AD.

The location of a certificate thumbprint (A) and client secret (B) in Azure AD.
Fig. 6. The location of a certificate thumbprint (A) and client secret (B) in Azure AD.

To use the Certificate thumbprint credential, your certificate needs to be signed with a 2048 bits key. The certificate also needs to be installed in the CurrentUser\Personal store. Use the Import button to open the Import certificate window (Fig. 7.), where you can select your certificate. If your certificate is already installed the CurrentUser\Personal store, simply enter the certificate thumbprint in the appropriate field in the server connection wizard.

Importing the certificate associated with the CodeTwo migration application.
Fig. 7. Importing the certificate associated with the CodeTwo migration application.

Client secret can be generated in Azure AD on the Certificates & secrets page (see Fig. 6. above). Once generated, it will be visible for as long as you remain on that page, so make sure to copy its value to the clipboard and paste it in the server connection wizard (Fig. 8.).

Application registration details filled out in the source Office 365 server connection wizard.
Fig. 8. Application registration details filled out in the source Office 365 server connection wizard.


In the last step, the wizard will set up a connection between the program and your target Office 365 tenant (and register the CodeTwo migration application in your Azure AD, if you have selected the Automatic registration option in the previous step). Click Configure and verify the results (Fig. 9.).

O365 Migration target connection config v3.2
Fig. 9. The program has successfully connected to the target Office 365 tenant.

Once the setup is complete, click Finish to close the wizard, and then click OK in the Manage target server connections window to save your connection. The new connection will be displayed on the Defined target server connections card (Fig. 10.).

O365 Migration target defined connection v3.2
Fig. 10. The Defined target server connections card.

If you encounter any problems, see Troubleshooting.

See next

Configuring a migration job

Managing server connections

In this article

Was this information useful?