#Create a Migration Policy

A device migration policy allows you to define the mappings, areas, and areas to ignore.

Refer to the following steps to configure a migration policy for device migrations:

1. Click Policies under Settings in the left pane.

2. Click Migration policies to access the Migration policies page.

3. Click the Device tab.

4. Click Create migration policy. The Create migration policy panel appears.

5. Enter a name and an optional description for the policy, and then click Next.

6. In the Device rejoin domain section, complete the following configurations:

   • Force domain rejoin – Configure whether to force a domain rejoin. The rejoin will be triggered on the end user's device, where users can select to start immediately or snooze. Once forced domain rejoin is enabled, if no action is taken by the user, or if a silent rejoin is preferred, the device will automatically rejoin the domain after a specified period.

   • User credentials – Configure whether to cache user credentials to log on after an offline domain rejoin.

     Refer to Install the Agent to configure the cached user credentials in Fly Device Agent.

   • Computer object – Configure whether to use the existing computer object when rejoining the Active Directory and hybrid identity domain offline, rather than creating a new one in the destination.

   • Windows Autopilot – Configure whether to automatically register devices with Windows Autopilot for the destination tenant.

7. In the Access Control List (Re-ACL) section, select to map the defined users based on user mappings or the User principal name prefix property.

   • User principal name prefix – Enable the toggle to automatically map users. Note that if explicit user mappings are configured manually, they will override the auto mappings.

   • User mapping – User mapping allows you to map a Microsoft 365 user or group from the source to the destination. You can also map a domain in the source to a destination domain. Users, permissions, and user-related parameters can be migrated based on user mappings. Click the Add button to create a new one. Refer to the Create User Mappings section to view how to create a user mapping.

     You can also select a previously created user mapping from the drop-down list and click View details to view the detailed information of the selected user mapping. You can enter the keyword of a user mapping in the Search user mapping text box and press Enter on the keyboard to search for the user mapping.

8. In the Area section, select the following device areas for which you want to migrate permissions.

   • File system – Select to migrate local file and folder NTFS permissions on the device, ensuring that users retain seamless access to all local data after migration.

   • Local groups – Select to migrate the memberships of local machine groups (for example, the local Administrators group).

   • Windows profiles – Select to migrate permissions on the user’s local Windows profile directory (C:\Users\Username). This ensures the user retains access to personal data and settings, including Desktop, Documents, App data, and personalized operating system settings.

   • Printers – Select to migrate permissions for locally installed or mapped printers. This ensures users retain access to the same printers and can continue printing without interruption or the need to reinstall printers after migration. Refer to Add or install a printer in Windows for detailed information.

   • Registry – Select to migrate access controls in the local Windows Registry to preserve user‑specific application settings and permissions.

   • Services – Select to migrate the service logon account and associated permissions for any local Windows services that have the source user account explicitly configured as the Logon account.

   • User rights – Select to migrate user rights assignments defined in the Windows Local Security Policy from the source account to the destination account.

   • Scheduled tasks – Select to migrate permissions for automated background jobs or scripts configured in Windows Task Scheduler to run under the new user account after migration.

9. In the Areas to ignore section, enter the file path of the files or folders you want to exclude from the migration. All files and folders within the specified path will be ignored.

   NOTE

   Currently, the Areas to Ignore feature is used only for file system and Windows profiles.

   Example:

   • If you enter C:\Example, the entire Example folder will be ignored.

   • If you enter C:\Example.docx, the Example file will be ignored.

10. Once completed, click Next.

11. In the App reconfiguration step, you can configure the following settings for migrations:

    • App reconfiguration – Select whether to reconfigure applications automatically:

      If Don't reconfigure applications is selected, you need to manually run the Fly Device App Config tool to reconfigure applications. The account information in your Microsoft apps will be kept after the domain rejoins.

      If Reconfigure applications is selected, the device agent will automatically reconfigure the applications (triggering new setup prompts) after the device joins a new domain. The account information in your Microsoft apps will be automatically cleared after the domain rejoins.

      If Reconfigure applications is selected, select the Applications you want to reconfigure automatically:

      • Outlook – Select to automatically reconfigure Microsoft Outlook. You can also configure whether to enable silent reconfiguration, which will reconfigure Outlook with minimal user interaction.

      • OneDrive – Select to automatically reconfigure Microsoft OneDrive.

        You can select Free up local OneDrive space (Cloud-only) to free up local disk space by removing the local copy of downloaded files while keeping them available online in OneDrive. Any un-synced local files are automatically preserved in a Legacy destination folder to ensure zero data loss.

        You can also configure whether to enable silent reconfiguration, which will reconfigure OneDrive with minimal user interaction.

      • Teams – Select to automatically reconfigure Microsoft Teams.

    • Run command – Select whether to run commands on devices before or after rejoining the domain. Then, click Upload to upload and deploy the scripts (.ps1) and certificate (.cer or .crt) to each device. The commands will run automatically when you start a domain rejoin job.

    • Customized features – This function is unavailable for Device migration now.

12. Once completed, click Save.