AvePoint Learn
Request an article
Contact support
Request an article
Contact support
English

    Home > Perform Device Migrations > Create a Connection

    Download this article

    Create a Connection

    To connect the Device agent to AvePoint Online Services, you need to add connections by completing the following steps:

    1. Click Settings in the left pane, and select Connections to access the Connections page.

    2. Click Create connection. The Create connection panel appears.

    3. In the Create connection panel, complete the following settings:

      • Connection name – Enter a name for the connection.

      • Connection type – Select Active Directory and Entra ID Devices from the drop-down list to create a connection for Device.

      • Configure source or destination connection – Specify whether this connection is a Source or a Destination.

        If Source connection is selected, complete the following configurations:

        • AvePoint Online Services application (client) ID – Enter the ID of your app registration in AOS > Administration > App registrations.

        • Client secret – Enter the client secret of your app registration in AOS > Administration > App registrations.

        • Generate configuration key – Click to generate configuration key. The configuration key will be used to connect the device agent. You can click the Copy button to copy the configuration key.

        • Download and install device agent – Click Download device agent to download the device agent. The agent must be deployed to every end-user device you intend to migrate. It is recommended to silently push the agent installation (.msi) to all domain-joined devices via Group Policy Object (GPO). Alternatively, you can install the agent (.msi or .exe) manually on each required machine. Refer to Install the Device Agent for how to install the agent.

        • Create a local administrator on device – Select whether to create a local administrator of the device. This account can be used to log in if an issue occurs while rejoining the device to the domain.

          NOTE

          Your password should follow the complexity policy in your Active Directory. By default, the password must contain at least 7 characters and use at least 3 different character types (uppercase, lowercase, digits, or special characters).

        • Connect source Microsoft Entra ID – Select the checkbox to allow Fly to access and migrate Microsoft Entra ID group memberships associated with devices.

        If Destination connection is selected, select a destination and complete the following configurations:

        • If Active Directory is selected, select How to rejoin the device to the new Active Directory domain?

          • Rejoin online using AD user credentials – Rejoin the domain online using Active Directory user credentials instead of the Active Directory agent. Enter the username and password of a service account with sufficient permissions (Administrators or Domain Admin role) in the destination Active Directory, along with the destination domain name.

            Note that device agents are still required on each device being migrated, and devices must have direct network connectivity to the destination Domain Controller during migration (for example, via the office network, corporate Wi‑Fi, or a corporate VPN).

          • Rejoin offline using agent – Rejoin the domain offline using the Active Directory and Device agents. This option allows a device to join the destination domain without requiring direct network line‑of‑sight to the destination Domain Controller.

            Device agents should be installed on each device that needs to be migrated. For the Active Directory agent, it is recommended to install it on a domain‑joined member server in the destination domain rather than directly on the Domain Controller, as a best practice is to avoid installing third-party software on Domain Controllers whenever possible.

            Click Generate to create a connection key for the destination Active Directory agent. Refer to Install the Destination Agent for how to install the agent.

        • If Hybrid Identity is selected, complete the following configurations:

          NOTE

          Devices are automatically enrolled in Microsoft Intune after a successful domain rejoin. After the domain rejoin, sign in to Intune with your destination Microsoft Entra user account and configure the MDM user scope for Microsoft Intune. This setting enables automatic MDM enrollment for Microsoft Entra users, allowing the devices to be managed in Intune. For detailed instructions , refer to Enable Windows automatic enrollment.

          • Tenant – Select the destination tenant.

          • App profile – Select the Fly for Device app or a custom app profile from the drop-down list. You can also click the Create new in AvePoint Online Services link to create a new one.

          • How to rejoin the device to the new Active Directory domain? – Select how the device will be joined to the new Active Directory domain.

            If Rejoin online using AD user credentials is selected, device will rejoin the domain using Active Directory user credentials instead of the Active Directory agent. Enter the username and password of a service account with sufficient permissions (Administrators or Domain Admin role) in the destination Active Directory, along with the destination domain name.

            Note that device agents are still required on each device being migrated, and devices must have direct network connectivity to the destination Domain Controller during migration (for example, via the office network, corporate Wi‑Fi, or a corporate VPN).

            If Rejoin offline using agent is selected, the device will rejoin the domain offline using the Active Directory and Device agents. This option allows a device to join the destination domain without requiring direct network line‑of‑sight to the destination Domain Controller.

            Device agents should be installed on each device that needs to be migrated. For the Active Directory agent, it is recommended to install it on a domain‑joined member server in the destination domain rather than directly on the Domain Controller, as a best practice is to avoid installing third-party software on Domain Controllers whenever possible.

            Click Generate to create a connection key for the destination Active Directory agent. Refer to Install the Destination Agent for how to install the agent.

        • If Microsoft Entra ID is selected, select How to rejoin the device to the new Microsoft Entra ID domain?

          NOTE

          Devices are automatically enrolled in Microsoft Intune after a successful domain rejoin. After the domain rejoin, sign in to Intune with your destination Microsoft Entra user account and configure the MDM user scope for Microsoft Intune. This setting enables automatic MDM enrollment for Microsoft Entra users, allowing the devices to be managed in Intune. For detailed instructions , refer to Enable Windows automatic enrollment.

          If Rejoin online using Microsoft Entra ID app and bulk token is selected, complete the following configurations:

          • Tenant – Select the destination tenant.

          • App profile – Select the Fly for Device app or a custom app profile with delegated permissions from the drop-down list. You can also click the Create new in AvePoint Online Services link to create a new one.

          • Join devices to Microsoft Entra ID – Generate a bulk token by clicking Get bulk token and providing a Display name and Token expiration duration.

            You can generate multiple tokens; the information of the latest one will be displayed upon creation.

          If Rejoin offline using an enrollment file is selected, complete the following configurations:

          • Tenant – Select the destination tenant.

          • App profile – Select the Fly for Device app or a custom app profile from the drop-down list. You can also click the Create new in AvePoint Online Services link to create a new one.

          • Bulk enrollment file path – Select the file path of the Microsoft Entra ID bulk enrollment file. It can be stored either on the device in a local folder or in a shared folder. If a shared folder is used, ensure it is accessible to devices in both the source and destination environments.

    4. Click Save to save your configurations.

    On the Connections page, you can manage the existing connections.

    • Filter – Click Filter to filter connections by connection type and/or tenant.

    • Search – Enter the keyword of a connection name in the search box to search for the desired connection.

    • Edit – Click the connection name to edit a connection.

    • Delete – Select a connection and click Delete to delete it. Or you can select one or multiple connections and click Delete to delete them.