#Create an Aviator Policy for SharePoint Online

A SharePoint Online Aviator policy allows you to define the data filter and other settings for the Aviator jobs. Fly provides a system default policy for you. You can directly use the system default policy, or refer to the following steps to configure a policy for SharePoint Online based on your needs:

1. Click Settings in the left pane, and click Policies > Aviator policies > SharePoint Online.

2. Click Create Aviator policy. The Create Aviator policy panel appears.

3. Enter a name and an optional description for the policy, and then click Next.

4. In the Filter & conflict resolution step, complete the following settings:

   • Scope – Select or deselect the Structure and/or Content checkbox to define in bulk the SharePoint objects you want to migrate.

   • Site – Select whether you want to migrate the listed objects and configurations.

   • List – Select whether you want to migrate lists/libraries, settings and public views.

   • Content – Select whether you want to migrate the listed content.

   • Permissions – Select whether you want to migrate permissions at each level.

     Guest users are added via the Microsoft 365 admin center, and can be added as SharePoint administrators, permission users and users related to shared links.

     

     External users can be added as permission users and users related to shared links if the two related tenants have enabled cross-tenant access for each other. You can enable the cross-tenant access by completing the following steps:

     1. Log into the Microsoft Entra ID admin center.

     2. Click External Identities.

     3. Click Cross-tenant access settings.

     4. Click Add organization under the Organization settings tab.

     5. In the Add organization panel, enter the tenant ID or domain name of the tenant for which you want to allow the member, and click Add.

        Then after about 24 hours, you can manually add the member to the target shared channel.

   • Workflows and user alerts – Select whether you want to migrate the workflow definitions and user alerts.

     *Note: By default, user alerts will be automatically disabled during the Aviator job to avoid interruption. You can manually Enable User Alerts for the destination SharePoint Online after the Aviator job.

   • Conflict Resolution – Specify the content level conflict resolution when the source object conflicts with an existing object in the destination. (The Content level includes documents and list items.)

     *Note: The conflict resolution applies when you merge containers or copy files to the destination.

5. Click Next to continue.

6. In the Additional options & mappings step, define how to manage the sensitivity labels, IRM restrictions, and configure user mappings for the Aviator job.

   • To manage the sensitivity labels of files during the Aviator job, select an option below:

   • *Note: Fly cannot manage sensitivity labels of PDF files during the Aviator job.

     • No label insource, or migratefiles with source label to destination (if file has label encryption, it will be inaccessible in the destination) – Select this option if there is no sensitivity label applied on source files, or you want to keep the source sensitivity labels of the files to the destination.

       After the Aviator job, the migrated files that have label encryption may not be accessed in the destination.

     • If a label exists, remove it during the migration (source label remains, it is removed from the file in the destination) – Select this option if you want to remove the source sensitivity labels from the files.

       After the Aviator job, the migrated files do not have any sensitivity labels and can be accessed in the destination.

     • Apply same label in the destination (same label must exist in the destination) – This option removes the source sensitivity labels from the migrated files during the Aviator job, and applies existing destination sensitivity labels with the same display name to the migrated files in the destination. The source sensitivity labels applied to source files will not be removed from the source tenant.

     • Apply labels in the destination based on label mappings (labels must exist in both source and destination) – With this option, you can configure sensitivity label mappings to replace the source sensitivity labels applied to the migrated files with existing destination sensitivity labels.

       According to the label mappings, Fly will remove the source sensitivity labels from the migrated files during the Aviator job, and apply the destination sensitivity labels to the migrated files in the destination. The source sensitivity labels applied to source files will not be removed from the source tenant.

       Click the Add () button to Create Sensitivity Label Mappings to map the source and destination labels based on their display names. You can also select a previously created label mapping from the drop-down list to use it (Clicking View details can view and edit the detailed information of the selected label mapping.).

   • To manage the sensitivity labels of sites during the Aviator job, select an option below:

     *Note: If the source does not have the Microsoft Information Protection (MIP) service implemented or source sites do not have any sensitivity labels configured in the Sensitivity setting, select the first option for your Aviator job to ensure a successful job.

     • No label in source, or do not copy source label on site to destination – Select this option if there is no sensitivity label applied on source sites, or you do not want to keep the source sensitivity labels to the destination sites.

     • Apply same label in the destination (same label must exist in the destination) – Select this option to not keep the source sensitivity labels, and apply existing destination sensitivity labels of the same display name to the destination sites.

     • Apply labels in the destination based on label mappings (labels must exist in both source and destination) – Select this option to configure sensitivity label mappings to map the source sensitivity labels to existing destination labels based on their display names. You can click the Add () button to Create Sensitivity Label Mappings to map the source and destination labels based on their display names.

       If the source sites are applied with the source labels configured in the mapping, the Sensitivity setting value of their destination sites will be updated to the mapped destination labels.

   • Information rights management – Select the Remove source IRM restrictions from files checkbox if you want to remove the source IRM restrictions during the Aviator job. If you deselect this checkbox, the source IRM restrictions will be kept, and the source files may be inaccessible in the destination.

   • User mapping – With a user mapping, you can map a source user/group to a destination one. User mapping can replace an existing source user/group with a destination user/group. You can also map a domain in the source to a destination domain. Users, securities, and user-related metadata can be migrated based on user mappings. Click the Add () button to create a new one. Refer to the Create User Mappings section to view how to create a user mapping.

     You can also select a previously created user mapping from the drop-down list and click View details to view the detailed information of the selected user mapping. You can enter the keyword of a user mapping in the Search user mapping text box and click the Search () button to search the user mapping.

     *Note: For the users/groups that have not been configured in user mappings, you can choose to map the users/groups based on User principal name prefix, Display name, and/or Email address prefix.

7. Click Save to save the policy. After creating the policy, you can click Set as default to set the policy as the default policy.

On the Aviator policies page, you can manage existing policies.