In this article, we will review connection account requirements for the Project for the web -> Project for the web migration scenario.
Please note: All information in this article also applies to the Planner (premium plans) -> Planner (premium plans) migration scenario.
Project for the web source account
The connection account for migration from Project for the web (SOURCE) should meet the following requirements:
1. The account should be a member/a user of the tenant and the Power Platform Environment where Project for the web is deployed.
2. The account should have an active license assigned.
Supported license types:
- Project Plan P1.
- Project Plan P3 (previously called Project Online Professional).
- Project Plan P5 (previously called Project Online Premium).
- Microsoft 365 A3 for Faculty
- Microsoft 365 A3 for Students
- Microsoft 365 A3 for students use benefit
- Microsoft 365 A3 - Unattended License for students use benefit
- Microsoft 365 A5 for Faculty
- Microsoft 365 A5 for Students
- Microsoft 365 A5 for students use benefit
- Microsoft 365 A5 without Audio Conferencing for students use benefit
- Microsoft 365 Business Basic EEA (no Teams)
- Microsoft 365 Business Standard
- Microsoft 365 Business Standard EEA (no Teams)
- Microsoft 365 Business Standard EEA (no Teams)
- Microsoft 365 Business Premium
- Microsoft 365 Business Premium EEA (no Teams)
- Microsoft 365 E3
- Microsoft 365 E3 EEA (no Teams)
- Microsoft 365 E3 EEA (no Teams) - Unattended License
- Microsoft 365 E3 - Unattended License
- Microsoft 365 E3 (500 seats min)_HUB
- Microsoft 365 E3 EEA (no Teams) (500 seats min)_HUB
- Microsoft 365 E5
- Microsoft 365 E5 EEA (no Teams) with Calling Minutes
- Microsoft 365 E5 EEA (no Teams) without Audio Conferencing
- Microsoft 365 E5 (500 seats min)_HUB
- Microsoft 365 E5 Developer (without Windows and Audio Conferencing)
- Microsoft 365 E5 EEA (no Teams)
- Microsoft 365 E5 with Calling Minutes
- Microsoft 365 E5 without Audio Conferencing
- Microsoft 365 E5 without Audio Conferencing (500 seats min)_HUB
- Microsoft 365 E5 EEA (no Teams) (500 seats min)_HUB
- Microsoft 365 E5 EEA (no Teams) without Audio Conferencing (500 seats min)_HUB
- Office 365 A1 for faculty
- Office 365 A1 Plus for faculty
- Office 365 A1 for students
- Office 365 A1 Plus for students
- Office 365 A3 for faculty
- Office 365 A3 for students
- Office 365 A5 for faculty
- Office 365 A5 for students
- Office 365 E1
- Office 365 E1 EEA (no Teams)
- Office 365 E3
- Office 365 E3 (no Teams)
- Office 365 E3 EEA (no Teams)
- Office 365 E5
- Office 365 E5 EEA (no Teams)
- Office 365 E5 EEA (no Teams) without Audio Conferencing
- Office 365 E5 Without Audio Conferencing
- Microsoft 365 F3 (provides read-only access and does NOT allow downloading custom fields)
- Office 365 F3 (provides read-only access and does NOT allow downloading custom fields)
- Microsoft Power Automate (provides read-only access and does NOT allow downloading custom fields)
The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a security role in the Environment that allows reading all or personal Project for the web data (e.g. System Administrator, Basic User).
Create a Read-Write user account
By default, all licensed users are created with an access mode of Read-Write. This access mode provides full access rights to the user based on the security privileges that are assigned.
How to update the access mode of a user
- In the Power Platform Admin center https://admin.powerplatform.microsoft.com, select an environment and go to Settings > Users + permissions > Users.
- Select a user's full name.
- In the user form, scroll down under Administration to the Client Access License (CAL) Information section. In the Access Mode list, select Read-Write.
- Select the Save icon.
How to manage User Roles
- In the Power Platform Admin center https://admin.powerplatform.microsoft.com, select an environment, and go to Settings > Users + permissions > Users.
- Select a user's full name.
- Select MANAGE ROLES, select a role you would like to apply (System Administrator or a custom role with Read, Create and Write permissions enabled).
- Click OK.
The account should be a member of all projects in Project for the web (their Microsoft 365 groups) that need to be migrated. In case there are projects without associated groups, the account should be their creator to be able to migrate them.
Project for the web target account
The connection account for migration to Project for the web (TARGET) should meet the following requirements:
1. The account should be a member/a user of the tenant and the Power Platform Environment where the Project for the web is deployed.
2. The account must have one of the following licenses assigned:
- Project Plan P3
- Project Plan P5
Planner Plan 1 or Dynamics 365 Customer Engagement Plan can be used if advanced dependencies are not required for migration.
The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a Security Role in the Environment that allows reading and writing data to the Project for the web (e.g., System Administrator default security roles or custom roles with Read, Create and Write permissions enabled).
Create a Read-Write user account
By default, all licensed users are created with an access mode of Read-Write. This access mode provides full access rights to the user based on the security privileges that are assigned.
How to update the access mode of a user
- In the Power Platform Admin center https://admin.powerplatform.microsoft.com, select an environment and go to Settings > Users + permissions > Users.
- Select a user's full name.
- In the user form, scroll down under Administration to the Client Access License (CAL) Information section. In the Access Mode list, select Read-Write.
- Select the Save icon.
How to manage User Roles
- In the Power Platform Admin center https://admin.powerplatform.microsoft.com, select an environment, and go to Settings > Users + permissions > Users.
- Select a user's full name.
- Select MANAGE ROLES, select a role you would like to apply (System Administrator, or a custom role with Read, Create and Write permissions enabled).
- Click OK.
In case the migration is performed to the existing Microsoft 365 groups and projects, the migration account should be added as a member or an owner.
To connect to Project for the web for the first time, Microsoft 365 tenant Global Administrator consent is required to allow Project Migrator to access your Microsoft 365 tenant.
Admin consent should be granted only once before adding the first Project for the web connection account. Once the consent is granted, any user account credentials that meet the requirements can be used for connecting to the Project for the web environment.
Project Migrator application for the Project for the web connection will be added to the Microsoft 365 tenant.
The following API permissions are required:
For the source Project for the web account:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.Read.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
Project Migrator will have the following permissions for reading data from the Project for the web:
- Read data in the organization's directory, such as users, groups, all users' basic profiles.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership.
- Read data from existing Projects that the connection account has access to in Project for the web.
- Maintain access to data you have given it access to.
- Access Common Data Service as organization users.
For the target Project for the web account:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.ReadWrite.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
Project Migrator will have the following permissions for reading and writing data to Project for the web environment:
- Read data in the organization's directory, such as users, groups, all users' basic profiles, users' primary email addresses on behalf of the signed-in user.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership on behalf of the signed-in user.
- Create groups, read, and update the group properties and memberships on behalf of the signed-in user. It allows group owners to manage their groups and allows group members to update group content.
- Read and update data in the existing Projects that the connection account has access to in Project for the web, create new Projects, Resources, and Dynamics 365 Teams.
- Maintain access to data you have given it access to.
- Access Common Data Service (CDS) as organization users.