Skip to main content

ShareGate's Enterprise applications in Microsoft Entra

Understand consent to Microsoft 365 permission sets and their associated Entra Enterprise applications

Updated over a week ago

ShareGate requires that a global or privileged role admin consent to different permission sets to perform some actions on your Microsoft 365 tenant.

These sets enable ShareGate to identify itself to Microsoft 365 as running operations on your tenant through an access token, granting ShareGate rights to use specific Microsoft functionality.

For example, they enable ShareGate to run assessments on your tenant in ShareGate Protect and offer additional benefits, such as reducing throttling during migrations in ShareGate Migrate.

A global or privileged role admin has to consent once for all ShareGate users working on the tenant.

To learn how a global admin can grant consent to the permission sets, see How a global or privileged role admin can consent to ShareGate's Microsoft 365 permission sets.

Note: Re-consent can be necessary if the feature or app that requires consent to a permission set gets an update that requires new permissions.

When a global or privileged role admin consents to a set of permissions, an Enterprise app is added to your Microsoft Entra ID portal.

ShareGate's Enterprise apps will not grant new access privileges to end-users in your tenant.

Enterprise apps (permission sets)

These Enterprise apps (permission sets) are:

  • ShareGate Migrate: Not required for all migration actions in Microsoft 365, but highly recommended.

  • ShareGate Migrate - Mailbox: Required for Copy mailboxes and Copy from Gmail.

  • ShareGate Migration assessment: Required to run Migration assessments.

  • ShareGate Migration assessment (EU): Required to run Migration assessments and keep the data at rest in Europe.

  • ShareGate Protect: Required to run Governance risk assessments.

  • ShareGate Protect (EU): Required to run Governance risk assessments and keep the data at rest in Europe.

  • ShareGate Protect remediation actions: Required to run governance actions in the Governance risk assessment.

  • ShareGate Protect remediation actions (EU): Required to run governance actions in the Governance risk assessment and keep the data at rest in Europe.

For more information about the required permissions of each Enterprise app, see Required Microsoft 365 Permissions for ShareGate.

A global or privileged role admin can revoke these permission sets at any time by deleting the associated enterprise app from Entra ID. To learn how, see Revoke consent to Microsoft 365 permission sets.

Did this answer your question?