This article walks you through the initial setup for ShareGate Protect: creating your ShareGate account, connecting your Microsoft 365 tenant, and completing the admin consent required to start your first tenant analysis.
Prerequisites
Before you start, make sure you have the following:
An active ShareGate Protect subscription
A business email address (personal domains like Hotmail or Gmail are not accepted)
A Microsoft 365 global admin or privileged role admin available to consent to permissions, or the ability to send them a consent request
Step 1: Set up your ShareGate account
An account is required to access ShareGate Protect.
You can create one in two ways:
New to ShareGate: Go to login.sharegate.com to register for a full-featured 15-day trial.
Joining an existing workspace: Accept the invitation email from your ShareGate workspace owner.
Note: A business email address is required. Personal email domains (such as Hotmail or Gmail) and disposable email services are not accepted.
Step 2: Sign in to ShareGate Home
Sign in at login.sharegate.com. ShareGate Home is your central hub for all ShareGate products, including ShareGate Protect.
Step 3: Open ShareGate Protect
In ShareGate Home, click Open under ShareGate Protect.
If this is your first time connecting a tenant to Protect, you'll be prompted to consent to a set of Microsoft 365 permissions.
Step 4: Complete the Microsoft 365 admin consent
ShareGate Protect requires a one-time admin consent to read your Microsoft 365 tenant. This registers the ShareGate Protect Enterprise application in your Microsoft Entra tenant.
Note: The Enterprise app is registered under Workleap, ShareGate's parent company. If you see the Workleap name in the Microsoft consent dialog, this is expected.
How you complete this step depends on your Microsoft 365 role:
If you are a global admin or privileged role admin
When prompted, review the list of Microsoft 365 permissions ShareGate Protect requires.
Click Accept to grant consent.
Protect immediately begins analyzing your tenant. To review the full list of permissions before accepting, see Microsoft 365 permission sets required for ShareGate.
If you are not a global admin
When prompted, click Request approval.
Copy the generated link and send it to your global admin or privileged role admin.
Your admin follows the link and completes the consent on your behalf.
Once they have consented, return to Protect and refresh the page to continue.
Note: To use remediation actions in Protect (such as removing sharing links or changing workspace privacy settings), your admin needs to consent to a second set of permissions: ShareGate Protect Remediation Actions. This can be done separately after the initial setup is complete. See Microsoft 365 permission sets required for ShareGate for details.
Step 5: Wait for the initial tenant scan
After consent is granted, ShareGate Protect automatically starts analyzing your tenant. You don't need to do anything. The scan runs in the background.
Note: Most data refreshes occur within 24 hours, and not all refreshes occur at the same time. For large tenants with a high volume of sharing links, the initial scan can take longer. In complex environments, this can take more than a week.
Once the scan completes, your tenant data appears in Protect and continues to update automatically.
Step 6: Give your team access to Protect
Once admin consent is complete, ShareGate workspace admins can give other team members access to Protect.
Sign in to ShareGate.
Click the gear icon at the top right.
Select Members from the sidebar.
Find the member whose access you want to manage.
Click the three dots at the end of their row.
Under Product access, toggle ShareGate Protect on.
For more details, see Manage access to ShareGate.