Migration Assessment Scan: Web Application Policies

Learn how to fix issues with Web Application policies during migration.


In the source environment, there are discreet web applications for Team, Portal, Partner, and MySite (OneDrive). SharePoint OnPremise allows the use of web application policies to grant or deny blanket-level permissions to entire web applications. These permissions override any permissions set at the site collection, site, list/library, or item level.

The target environment uses a single web application to host all site collections.

We do not currently offer a permission feature that applies uniquely to specific root site names and all child items together.

Data Migration

None of the web application policies are migrated to the target environment.

Important: Any site that is configured as “No Access” (locked), in SharePoint will be skipped. To see a list of locked site collections see the Locked Sites scan output.

Preparing for Migration

Web application policies are not migrated. Some alternatives at this time include:

  • Change administrative procedures to manage all permissions at the site collection level (this can be performed via Tenant Admin) instead of using web application policies.

  • Use licensing to grant or limit specific capabilities to specific users and groups.

Post Migration

Ensure the alternative options function correctly during the User Acceptance Testing phase.

Scan Result Reports

AllWebAppPolicies_<Date>_<Time>.csv    This scan report lists all policies for all of your web applications.




Display Name of the user or group.


The login ID of the user or group.


The source web application.


Permission granted to the user or group in the source.

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!