Migration Assessment Scan: Web Application Policies

Article
01/06/2022

Learn how to fix issues with Web Application policies during migration.

Overview

In the source environment, there are typically discrete web applications for Team, Portal, Partner, and MySite (OneDrive). SharePoint Server allows the use of web application policies to grant or deny blanket-level permissions to entire web applications. These permissions override any permissions set at the site collection, site, list/library, or item level.

The target environment uses a single web application to host all site collections.

We do not currently offer a permission feature that applies uniquely to specific root site names and all child items together.

Data Migration

None of the web application policies are migrated to the target environment.

Important

Any site that is configured as "No Access" (locked), in SharePoint will be skipped. To see a list of locked site collections see the Locked Sites scan output.

Preparing for Migration

Web application policies are not migrated. Some alternatives at this time include:

Change administrative procedures to manage all permissions at the site collection level (this can be performed via Tenant Admin) instead of using web application policies.
Use licensing to grant or limit specific capabilities to specific users and groups.

Post Migration

Ensure the alternative options function correctly during the User Acceptance Testing phase.

Scan Result Reports

WebApplicationPolicy-detail.csv This scan report lists all policies for all of your web applications.

Column	Description
WebApplication	The source web application.
PolicyDisplayName	Display Name of the user or group.
PolicyUserName	The login ID of the user or group.
PolicyRoleBinding	Permission granted to the user or group in the source.
ScanID	Unique identifier assigned to a specific execution of the SharePoint Migration Assessment Tool.