Pexels Christina Morillo 1181675
Photo by Christina Morillo


In this Weekly SharePoint Online Brown Bag I will talk about Governance in a company point of view and User Permissions Constraints putting myself in a Migration Consultant position.

Before I begin, I’m assuming you are having blocking points in your migration.

I’m assuming also when everyone is aware what is a SharePoint Migration, the Governance Committees work as expected and a Service Offer is in place you Maybe will not fall in this kind of issues.

My usual note

Perfect people or companies don’t exist. I’m the first to admit I’m not mistake free, that’s because I learn and share. If so please comment to Improve.


These days performing a migration in some industry sectors can bring many challenges. Why? Because security is very tight and nothing can go out the corporation environment.


  1. VMs Users Administration Rights Permissions
  2. Generic (Human Like Accounts)
  3. Development Environment Admin Rights


The first challenge begins with the assignment of administrator rights on a Virtual Machine, we cannot forget we have deadlines and SharePoint On Premisses Farms with a closing date.

When deadlines are tight, I immediately think of an Automated Migration System, with flows, Web Applications and Database Repositories. Microsoft Azure, in my opinion, is the best ecosystem to build one, remember, your tenant have a closely straight relation with Microsoft Azure, especially in SharePoint migrations with AAD Federated Accounts Security, Identity, Migration Flow (Storage) and affinity group, and everything is near your tenant. Pretty cool, you have less percentage to be throttled.

For your migration tool you can use the the SharePoint Migration Tool (SPMT) or any other such as ShareGate, Avepoint etc. Otherwise you’ll miss the deadline.

Passing the publicity (Ad), I personally use ShareGate because it brings me some advantages, namely own CMDLETS, doesn’t mean any other third parties are not good enough, it all depends on the migration scope, all migrations are different. I have also a lot of flexibility to schedule migration scripts.

I usually use it together with PnP.PowerShell and SharePoint Online Management Shell. To do this I’ll need Schedule Tasks, but to create and update schedule tasks, power rights are needed. So this is my first constraint to not have the proper rights.

The second challenge starts with assigning an AD Account (Human Like) for the Migration Server. I can understand why generic user accounts are not good for the business in a security context, but let’s be clear, it’s not an option migrating over my identity. So if you are blocked, you’ll have to find another process.

Saying that, it’s your option or not to go ahead. But why?

Obviously because only I know my password, I can go on vacation, or go on sick leave. So, the migration process stop because I’m the only one that can perform it.

The third challenge comes with the development environment. If your SharePoint Admin disable the Customs Scripts option, that’s a good way to secure your tenant, someone might say, I’ll install SPFx and everything necessary and then you’re a regular user. Don’t forget tu run gulp trust-dev-cert with elevate rights, IF the company have a policy that blocks this task. So, you may fall on this error.

Error - [trust-cert] Certificate trust failed with an unknown error.

The DEV Certificate will create/bridge a (certificate) for Node and SPO Workbench to the compiled manifest. BUT Somehow I’ll need to access the certificate store, or something will need elevated rights, you are not building solely SPFx but using.NET Core Visual Studio and Visual Studio for your Migration Automated System.

“Business as usual” effect.

In time and running fast you will need other tools for sure, every migration is different. But to have the proper rights I’m assuming you know what you are doing and installing. I really believe you cannot be depending on someone else on this, why? for my experience because in some big companies, support runs slow and you have a deadline. The buzzword “business as usual”. The deadline will fail.


Whatever Governance someone have, there are mandatory procedures, Usually Blocking Points, remember, build your network, always talk with the Corporate Governance Committees or the Product Owner in case of doubt.

DON’T BE AFRAID TO SAY NO, in the other hand you have to know how to say NO and explain. Come on, you suppose to know what are you doing, so instruct, that’s the main reason you’re hired in the first place.

Hope that help you in some constraints that you have.

That’s all for this week, see you next time


Joao Livio

João has over two decades of IT experience and holds several certifications, including Microsoft Certified Professional (MCP) and Microsoft Certified Technology Specialist (MCTS). He is also a Lean Specialist with expertise in Lean Management, Nintex, and other training programs from LinkedIn and Udemy, including exams related to Azure and the Power Platform. As a Consultant and Advisor for Modern Work, João assists clients in unlocking their digital potential and optimizing productivity and collaboration. His approach is agnostic to technology, focusing on practical solutions that align with business goals. He has consistently been recognized as a Microsoft Most Valuable Professional (MVP) for 10 consecutive years. His commitment to excellence extends beyond technical expertise; he also values consistency, mental health, creative thinking, teamwork, and fun at work. João believes that learning every day within a team context is the key to continuous improvement.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *