Use PowerShell to automate your Box.com to OneDrive for Business migration.
Note: At the end of January 2026, Microsoft began deprecating the IDCRL cookie, meaning that only Browser and Modern authentication methods with the parameters -Browser and -ModernAuth will work in most Microsoft 365 tenants. To learn more about this change, see Important change to "Other user" authentication for Microsoft 365.
Prerequisites
Your OneDrives have been provisioned (this can be automated with the Get-OneDriveURL cmdlet).
Note: You need to be a site collection admin on each OneDrive, even if you have higher admin privileges. You will use SharePoint admin or global admin permissions to apply site collection admin permissions on all your OneDrives. The PowerShell script will then remove the Site collection admin permissions as you migrate each Box.com account.
How-to
Tip: To migrate your documents to a new folder in your OneDrives, see Walkthrough - Migrate to a new OneDrive folder in PowerShell.
Assign yourself as a site collection administrator on all your OneDrives
Open ShareGate Migrate.
Go to All reports.
Click on Create custom report in the top right corner.
Select OneDrive for Business as your object type.
Click Continue without saving.
Select your tenant.
Click on Run.
Select all your OneDrives with the checkmark box at the top of the list.
Click Edit in the Quick actions menu.
Select Add administrators in the Transformations dropdown.
Search and add your account in the Select user or group field that appears.
Click Apply.
Create your script
Copy and paste the following script into the PowerShell application of your choice.
Import-Module Sharegate
# Connect to Box
$box = Connect-Box -Email [email protected] -Admin
# Get all Box users
$users = Get-BoxUsers -Box $box
# Connect to the SharePoint tenant
$tenant = Connect-Site -Url https://mytenant-admin.sharepoint.com -ModernAuth
# Loop through each user
foreach ($user in $users) {
# Check if the user is not inactive
if ($user.Status -ne 'inactive') {
# Get the user's OneDrive site URL
$dstSiteUrl = Get-OneDriveUrl -Tenant $tenant -Email $user.Email
# Connect to the user's OneDrive site
$dstSite = Connect-Site -Url $dstSiteUrl -UseCredentialsFrom $tenant
# Get the "Documents" list from the user's OneDrive site
$dstList = Get-List -Site $dstSite -Name "Documents"
# Import documents from Box to the OneDrive "Documents" list
Import-BoxDocument -Box $box -DestinationList $dstList -UserEmail $user.Email
# Remove site collection administrator permissions
Remove-SiteCollectionAdministrator -Site $dstSite
}
}
Adjust your script to work for you. Here are a few guidelines:
$box: Replace the email with your Box.com admin email.
$tenant: Change the URL to match your tenant's admin center.
Connect-site: The command to connect to a SharePoint site or OneDrive for Business. If you need to change the authentication method from Modern authentication, see Connect Site.
foreach: Used to loop through a set of values. In this case, all the commands between the foreach brackets will be repeated for each user in your Box.com account.
-UseCredentialsFrom: This script uses Modern authentication with the -UseCredentialsFrom parameter to reuse a single connection. This script will prompt you for your Microsoft 365 credentials when you start it. If MFA isn't enforced on your tenant, you can set your script to use a username and password for unattended scheduling. To learn more, see Connect-Site and Avoid repeatedly entering your credentials with the browser and modern connection methods.
Remove-SiteCollectionAdministrator: Removes your user account as site collection administrator on the OneDrive after its migration. For more information, see Remove Site Collection Administrator.
Run your script once it's properly adjusted and tested.
Considerations
Modern authentication with -ModernAuth is the most secure and persistent authentication method for Microsoft 365, and it can be used with Username and Password variables as long as Multi Factor Authentication (MFA) is not enforced. There are also a few limitations. See Connect-Site to learn different ways to use this connection method, or to switch to Browser authentication if needed.
You can migrate the content of your user's root folder in Box.com, but not the folder itself. If you want to migrate Box.com content into a separate folder in OneDrive for Business, you will need to create that destination folder first.
Migration reports are automatically generated, and you will be able to find them in Tasks. You can also export the reports in your script with Export-Report.
You can schedule your migration using PowerShell to run it off-hours and optimize performance.
To perform an incremental migration, see the Incremental update using PowerShell article.
To replicate the copy options from ShareGate Migrate, see Copy options in PowerShell.
Only the files that the user owns are migrated. If the user is a collaborator or co-owner of a file, it will not be copied during the migration.
If you experience considerable performance issues, see Box.com throttling.
Script Errors and Testing: Test your PowerShell script on a small subset of OneDrive accounts before applying it broadly. Testing helps identify potential issues in a controlled scope.