Security standards continue to evolve across the Microsoft ecosystem, and with that evolution comes necessary changes to authentication workflows. To align with Microsoft’s modern security requirements, MigrationWiz has updated the configuration process for OneDrive, SharePoint, and Teams migrations to require PKCE-based authentication.
If you are planning or actively executing collaboration workload migrations, understanding this recent update is essential.
This article explains what has changed, why it matters, and how to configure your projects correctly using our new step-by-step video guidance.
What Has Changed?
Previously, OneDrive, SharePoint, and Teams project configurations relied on legacy or certificate-based authentication flows. Microsoft’s continued enforcement of modern authentication and OAuth security best practices now requires the use of Proof Key for Code Exchange (PKCE) as part of the authorization process.
PKCE enhances OAuth security by mitigating authorization code interception risks. It is now a requirement for many Microsoft Graph–based workflows and ensures secure token exchange during migration configuration.
As a result:
- New projects for OneDrive, SharePoint, and Teams must use PKCE authentication.
- Existing configurations may need to be updated depending on how they were originally set up.
- Administrators must complete an updated consent and authorization workflow.
This is not simply a UI change it is a modernization of the authentication framework used for collaboration migrations.
Why PKCE Matters
PKCE is part of Microsoft’s broader push toward zero-trust and secure API access. By requiring a dynamically generated code verifier and challenge during OAuth authorization, PKCE prevents intercepted authorization codes from being reused maliciously.
For MSPs and IT teams, this means:
- Stronger alignment with Microsoft security policies
- Reduced risk in delegated admin or multi-tenant migration scenarios
- Future-proofed authentication workflows
MigrationWiz now leverages Microsoft Graph APIs secured through PKCE to ensure continued compatibility and compliance.
Step-by-Step Video Walkthroughs
To simplify the transition, we’ve published three dedicated videos that walk through the updated configuration process for each workload type.
These videos provide a guided, screen-by-screen walkthrough of:
- Registering and configuring the Azure/Entra application correctly
- Applying the required API permissions
- Completing the PKCE-based consent process
- Validating connections before project execution
You can access each video below:
OneDrive Migration Configuration (PKCE Required)
New OneDrive Authentication Video
SharePoint Migration Configuration (PKCE Required)
New SharePoint Authentication Video
Teams Migration Configuration (PKCE Required)
New Teams Authentication Video
Each video focuses specifically on its respective workload to ensure clarity and reduce confusion during setup.
What MSPs Should Do Now
If your team frequently executes collaboration migrations, we recommend:
- Reviewing the updated configuration process before starting new projects.
- Updating internal runbooks and documentation to reflect PKCE requirements.
- Sharing the video resources with engineers responsible for project setup.
- Testing the updated authentication flow in a controlled environment before large deployments.
By proactively aligning with the new configuration model, you can avoid project delays and ensure smooth execution.
Continued Evolution, Same Reliable Execution
While the authentication workflow has changed, the core value of MigrationWiz remains the same: secure, scalable migration of Microsoft 365 workloads.
This update ensures that OneDrive, SharePoint, and Teams migrations continue to function reliably within Microsoft’s modern authentication framework.
If you have questions about the new PKCE configuration process or need assistance with a project, our support and technical teams are ready to help.
Stay secure. Stay modern. And migrate with confidence.