Organisations are rapidly adopting Microsoft 365 for their cloud office capabilities. In fact, more than 95 percent of Fortune 500 companies trust their business on Microsoft cloud services. As transactions remain essential for growth in most industries, it is common to have one organisation merge with or acquire another. A side effect of a merger or acquisition is a demand for unification. With a good probability that each transacting organisation will have an investment in Microsoft 365 services, any integration plan will include a migration to a single Microsoft tenant.
A Microsoft 365 tenant-to-tenant migration is the process of migrating objects, resources, and data from one Microsoft 365 tenancy to another, which can include many workloads and some or all content within a specific workload. Should an organisation decide to execute a tenant migration, whether by merger, acquisition, divestiture, larger internal reorganisation effort, or brand consolidation, they will need to consider the many factors that shape the migration process
Microsoft 365 tenant-to-tenant migrations are complex and require considerable awareness, planning and a good understanding of what will and will not migrate. Migrating mailbox data from one tenant to another is relatively straightforward. SharePoint and OneDrive data follow a prescriptive process, but the data generally migrates with little difficulty. It is “everything else” that presents a challenge. Some data cannot be migrated, and other cannot be migrated in its current format. For added complexity, the flexibility of sharing a common SMTP domain across multiple Microsoft 365 tenants is still not possible.
This paper will discuss the components governing a Microsoft tenant migration. It is critical to not underestimate the many activities required throughout the migration lifecycle in order to accomplish the migration in time, on budget and with a positive user experience.
Beginning with the end in mind, the success of a migration will be determined by the following general measures:
Considering these key performance indicators for a successful outcome, it is advantageous to begin migration planning with a list of priorities to guide the approach. For tenant migrations, the following objectives should be ranked at the top of the priority list:
Focus on the user experience
Where possible, affect a single change for the user
Cease, or greatly reduce, users from having to authenticate back to the source platform for services
Build trust through regular communication with all affected users
Having the above list of considerations agreed to and documented will provide alignment for the whole team when a difficult decision needs to be made.
Organisations can often treat a tenant migration solely as a technical exercise and overlook a key dimension, the human factor. A bad migration experience will leave an indelible mark on the users. Effective and timely communication is critical to ensuring users understand why this is happening, the changes that are occurring, and are engaged in the project.
Managing users during a tenant migration starts with a communication plan. The communications plan prepares the users for the upcoming changes and guides them through any changes or actions they may need to take. Benefits of early and constant user communication include:
The key message components of the plan should include the basic Five Ws and How questions:
WHY
is this change occurring?
WHAT
is changing?
WHO
is affected by the change?
WHEN
will the change occur?
WHERE
can users go for more information or to provide feedback?
HOW
will the change occur?
Effective communication approch should share information with users multiple times leading up to the final cut-over of the migration. One approach is using a “T-minus” communication plan working back from when users will actually be migrated. This regular stream of information helps prepare users for the transition.
An example of such notifications:
How the message is communicated is also important. Sending email notifications is often not enough. According to a survey conducted by SlickText, a high percentage of employees do not read company emails. To engage the widest audience, plan a multimedia approach such as hosting an information web page and FAQ on the intranet, creating a discussion channel in Teams, Yammer, or Slack system, include project information and key dates in company announcements and newsletters.
Developing a well thought out migration plan requires a deep understanding of the workloads involved. The ultimate goal of the discovery and assessment activities is to gain a deep knowledge of each existing infrastructure to inform the following planning and execution phases.
Environmental factors to be considered that are directly associated to tenant migrations include:
MICROSOFT 365 AUTHENTICATION METHOD
It can be useful to understand how users authenticate to Microsoft 365 in both the source and destination tenant as their authentication method could change post migration.
The options for Microsoft 365 authentication include:
Also note if multi-factor authentication (MFA) is used by either tenant, as users will be required to register for MFA in the destination tenant.
DIRECTORY REMEDIATION
A critical procedure to perform in preparation for tenant migration is a directory remediation exercise, whereby discovery activities are conducted across both source and destination directories to:
OBJECT INVENTORY
Each online service in Microsoft 365 has specific objects (e.g., Exchange Online has Mailbox, Distribution List, Unified Group, Contact, Public Folder, Dynamic Distribution Groups). Some objects may have sub-categories of type, such as a Mailbox may be of type User, Shared, or Resource.
Objects will require a 1:1 mapping between the source and destination tenant to ensure a complete migration.
An inventory of all objects and their types is to be gathered so they can be properly accounted for and provisioned in the destination tenant.
SERVICE OBJECT DATA
For each object type that stores data, it is vital to learn as much as possible about the data before and during the transformation process. Using an incremental and iterative approach to data migration, the data analysis will contribute to the determination of the data synchronisation strategy and overall project duration.
SERVICE OBJECT PERMISSIONS
The tenant migration process may result in the loss of permission assignments to objects. It is best practice to capture object permissions from the source tenant so, if necessary, they can be reapplied in the destination tenant.
Please note, some objects may have varying levels of permissions. For example, a user can be granted permission to a mailbox, or a specific folder within the mailbox object (e.g., calendar delegate).
OBJECT PROVISIONING
Understand both on-premises and cloud object provisioning processes. This should include the method being used to license new users and remove licensing from departed users.
LICENSE MANAGEMENT
If the Microsoft 365 licenses change as part of the migration (for example, moving from E5 to E3 licenses), features and functionality will change for the migrated users.
Validation of license assignment is to be completed to ensure that the correct licenses are applied to the users being migrated, allowing them equal or higher-level access to the services and features they had in the source tenant.
DNS SETTINGS
Having the correct DNS configuration is key to ensure no interruption of services post migration. Common DNS changes for a tenant migration include:
Every DNS record has a specific time-to-live (TTL), which is the length of time before the record expires and is renewed by a client. Knowing DNS changes are required, it is recommended to lower the TTL of the DNS records to be changed. Make the TTL change a few days in advance to allow the change to fully propagate.
ENDPOINT INVENTORY
Denote the types of endpoints accessing the services to best determine how each will be impacted by the migration.
With users authenticating to Microsoft 365 with a new identity, they will need to re-profile applications such as Outlook, OneDrive, and Microsoft Teams. Many of the migration software vendors have a desktop application that can be used to re-profile some applications such as Outlook.
MAIL FLOW
The messaging architecture should be completely understood and diagrammed for both the source and destination systems, as changes will need to occur both pre- and post-migration.
Typically, mail forwarding is configured as part of the migration process. Since a mailbox will exist in both the source and destination tenant while data is being copied, there exists the potential that an email message may be delivered unintentionally to the destination mailbox, and thus, not be seen by the user. To prevent this, a forwarding address will be assigned to the destination mailbox, thus allowing any mail being sent to the destination mailbox to be forwarded back to the source mailbox. Just prior to cutover, the process is reversed with the forwarding address removed from the destination mailbox, and a forwarding address assigned to the source mailbox.
INTEGRATED SYSTEMS/APPLICATIONS ASSESSMENT
Identify on-premises or cloud-hosted services and applications that are integrated with a Microsoft 365 service, for example: Azure subscriptions, Exclaimer, voicemail such as Cisco Unity, third-party Mobile Device Management such as Workspace One or MobileIron, third-party message hygiene such as Proofpoint and Mimecast, etc.
ADDITIONAL CONSIDERATIONS
As investigation activities progress, additional complexities may surface that have to be accounted for, such as:
Once the current operating landscapes are understood, a suitable end state architecture can be crafted. Some questions to address regarding the end state structure may be:
With the many questions answered and the desired end state defined, the findings from the current state can be used to conduct a gap analysis showing the difference between where things are and where they are to be. The gap report is then used, along with other analysis, to determine the migration plan.
Although Microsoft does have some native capabilities for moving objects and data between tenants, it is quite a complex and time-consuming undertaking, requiring adequate skills and dedicated staff to perform the migration. Additionally, there are no native capabilities for many of the workloads.
Third-party migration software offers many benefits over the native tools, such as:
It is important to research and evaluate migration capable toolsets. Using the data gathered from the environmental assessment, compile a list of the criteria then rank them according to importance. To choose the migration tool, evaluate each tool against the criteria established. Additional considerations when evaluating tools include features, functionality, usability, reliability, security, performance, scalability, maintainability, and cost-effectiveness.
Selecting the right vendor is just as important as selecting a tool. Depending on the scale and complexity of the migration, the software purchase can be a long-term commitment. Take the time to thoroughly study the vendor. Some criteria to evaluate the vendor includes:
Although migration software continues to evolve, there are still several workloads that do not have tools or APIs available to migrate them. Workloads that do not have a migration option may require users to perform a manual, self-service migration.
A cutover is the point in which a user or workload transitions to the destination tenant, and typically involves a period of downtime. Fundamentally, there are two approaches to executing a migration cutover, single event or phased.
The single event migration approach involves migrating all users and workloads at one time as a single event. This approach typically involves pre-staging the migration, whereby the bulk of the data is migrated ahead of the cutover. Pre-staging helps to minimise the downtime necessary to complete the cutover as well as reduce the quantity of data that needs to be moved during the cutover event.
The flexibility of sharing a common SMTP domain across multiple Microsoft 365 tenants does not exist. An SMTP domain can only be activated in a single tenant
Due to this platform limitation, the single event migration is typically the chosen approach In tenant migrations that require the source user to retain their current brand name (i.e., SMTP domain) postmigration in the destination tenant.
Some third-party tools do offer an Address Rewrite Service to overcome the platform limitation. This service seamlessly changes the source users’ email flow as if they’re already fully migrated to the target tenant. Outgoing email addresses are replaced with the recipient’s email address in the target tenant, while all incoming mail is automatically redirected to the source mailbox.
If the scope includes a large user base or significant data volume, a phased migration may be the better option. The phased migration approach breaks down the entire process into sub migrations, each with its own goals, timelines, scope, and quality checks.
The following highlights some of the advantages and disadvantages of each approach:
SINGLE EVENT CUTOVER
ADVANTAGES
DISADVANTAGES
PHASED MIGRATION
ADVANTAGES
DISADVANTAGES
The choice for a single-event or phased implementation will depend upon individual requirements and support structure. No matter the approach, user experience should be prioritised above all.
One way to increase the chances of success on a tenant migration project is to develop a migration plan. A migration plan is used to define the tools and techniques to migrate each of the workloads and note any risks that could affect the migration.
The following benefits can be realised by having a migration plan:
Much of the detailed information required by the migration plan is collected during the project, and therefore cannot be included in the initial project plan. For this reason, best practices recommend a migration plan that is distinct and separate from the project plan be prepared specifically for the migration effort.
A detailed migration plan will include the following:
Now that a migration plan exists that defines the scope and objectives of the migration, what data needs to migrate, risks and challenges involved in the process, and the specific activities to execute, testing must be performed to validate the processes and increase the odds of a successful migration.
Migration testing is a crucial step in any tenant migration project. It ensures the data is transferred accurately and efficiently and confirms the destination tenant is set up properly. The recommended approach is to draft a test plan with test cases.
A test plan is a document outlining the testing approach, methodology, resources, roles, and responsibilities. A test case is a set of instructions which specify what to test, how to test it, and what results to expect. Test cases are used to:
Test cases should be designed to cover the components directly affected or impacted by the migration, for example:
Custom mail routing configured specifically for the migration
Mail forwarding between tenants
Account provisioning process for
destination tenant
Authentication to destination
tenant
Permissions migrated
Group membership migrated
Data migration, including data integrity
Endpoint configurations
After completing the testing, verify and validate the results. Any issue encountered during testing should be analysed for root cause and corrective actions taken to fix.
A well-structured change management plan is essential for a smooth tenant-to-tenant migration. Without it, organisations risk disruption, confusion and reduced productivity during the transition.
The migration process involves not only the technical aspect of moving data but also adjusting workflows, security protocols and user access. Having a change management plan ensures that employees are informed, prepared and supported throughout these shifts, minimising downtime and ensuring a seamless experience.
Effective change management also helps mitigate user resistance and potential issues that arise from a lack of communication or training. By keeping employees in the loop and providing clear guidance on the new environment, organisations can reduce frustration and boost confidence in the new system. This approach fosters quicker user adoption, ensuring that the business continues to run smoothly during and after the migration.
To learn about change management best practices, check out our eBook, “Driving Seamless Change: The Role of Change management in Digital Transformation.”
To ensure the proper expectation is set for what will be available at cutover, the migration approach must be determined and the timing for each workload defined. As nice as it would be to have all the data immediately available on the destination tenant at cutover, the reality is that some data may be delayed due to service throttling, resource contention between workloads, or overall volume of data to move.
Although a request can be made to Microsoft to remove EWS Throttling in Microsoft 365 to improve the data migration performance to or from Exchange Online, Microsoft is currently throttling the SharePoint Online service during weekday daytime hours. SharePoint throttling has a direct impact on other SharePoint-dependent workloads such as OneDrive, Teams, and Microsoft 365 Groups.
With the SharePoint limitation in place, the efficiency of the migration can be maximised by determining what workloads can and cannot be run in parallel and what data should be prioritised.
The following demonstrates some migration workload strategies:
NOTE
For most migration tools, data migration is a copy not a sync, so negative changes (files deleted or moved) after the initial sync will still appear in the destination after the final sync.
NOTE
Leading up to the cutover, a change freeze should be implemented (at least one week prior), limiting all changes such as creating new users, SharePoint sites, Teams, or Teams channels, modifying permissions on objects, restructuring data, modifying group memberships, and so on.
Understanding that data cannot be moved instantaneously, it is crucial to go through a prioritisation exercise to determine what data needs to be immediately available to the end user when they come back online.
Given the conflicts between workloads, the most efficient and effective way to ensure the most recent active data is available to the user at logon is to define an order of precedence. The following demonstrates an order of precedence strategy.
All Mailbox tasks can be run in parallel with the SharePoint tasks since the migration endpoint for each service is non-conflicting
MAILBOX DATA
CALENDAR AND TASKS
Users need immediate access to their calendar data to ensure they do not miss an appointment. Assuming the bulk of the primary mailbox has already been copied through a date range synchronisation (as described previously), the first data workload to migrate at cutover would be Calendar and Tasks. Typically, there is not a high volume of data in these folders, so the data copy will complete in a relatively short period of time
PRIMARY MAILBOX
Once the Calendar and Tasks are complete, perform the final synchronisation of the users’ primary mailbox data using a date range filter like that used for the delta copies done previously. With the limited amount of data to process, the data copy will complete in a relatively short period of time
MAILBOX PERMISSIONS
Now that the users have all their active working data present, perform the mailbox permissions migration. This will ensure that delegates get reassigned in the destination tenant
ARCHIVE MAILBOX
User archives can get quite large and thus take a bit of processing time. Also, users are not typically referring to their archive data as part of their normal daily operations. For these reasons it is best to process this data once the user has all their active data migrated
RECOVERABLE ITEMS FOLDER (DUMPSTER)
As with the archive data, the Recoverable Items Folder can be quite large, and it is rarely accessed. It is best to process this data last since it is the least relevant data to the user
SHAREPOINT WORKLOADS
As stated previously, OneDrive, SharePoint, Teams, or Microsoft 365 Groups migrations should not run at the same time. These workload migrations use the same migration API, share the same bandwidth limitations, and are all subject to the workday SharePoint throttling imposed by Microsoft. For these workloads, it is all about balance and priority.
ONE DRIVE FOR BUSINESS
It is typical to begin with this workload since it houses the user’s personal data. Assuming the bulk of the OneDrive data has already been copied using date range synchronisations (as described previously), the data copy will complete in a relatively short period of time
SHAREPOINT, TEAMS, GROUPS
For these conflicting workloads, an order of priority should be determined since there can be many different orderings for running these workloads. For example, run SharePoint in its entirety, then Teams, then Groups. Another possibly is to run the top X most critical SharePoint sites, then the top X most critical Teams, then the top X most critical Groups, then complete all remaining SharePoint, Teams, and Groups in serial order
The complexity of tenant migrations is often misjudged. To increase the likelihood of success, organisations need a reliable and consistent methodology that allows them to plan, design, migrate and validate the migration. Further, they need to evaluate the need for any migration software that will support their specific migration requirements. Following a structured methodology that includes robust planning, designing, assessment and a meticulous focus on execution will allow the project to have the best chance of success.
To prevent these types of issues, organisations need a reliable and consistent methodology that allows the organisations to plan, design, migrate and validate the migration. Further, they need to evaluate the need for any migration software/tool that will support their specific migration requirements, including operating systems, storage platforms, and performance. To ensure all aspects are well managed, an organisation needs robust Planning, Designing, Assessment and precise execution of the project and its variables.
We’ve sent a copy to your inbox. Remember to mark hello@insentragroup.com as a “safe sender”, and to check any junk or spam folders so you receive your copy.
We’ve sent a copy to your inbox. Remember to mark hello@insentragroup.com as a “safe sender”, and to check any junk or spam folders so you receive your copy.
With the understanding that not all email archive migration projects are the same, our Email Archive Pre-Planning Assessment supports the diverse conditions found in organisations of all sizes, from enterprise environments to small businesses.
What kind of data are you migrating? Whether you are still in the planning phase or have begun your migration journey, you face a complex task.
According to a recent study conducted by Gartner, 83% of data migration projects either fail or exceed their budgets and schedules. It’s not a hidden fact that data migrations can be complex and stressful, however careful preparations will prove invaluable during the migration.
Insentra can augment end user service capabilities and accelerate business growth. Whether it’s an opportunity you can’t address, some pre-sales assistance, clients asking for a Professional or Managed service you can’t deliver, you’re struggling to break into new markets and accelerate your channel, or you’re frustrated trying to juggle multiple providers for all your IT needs – Insentra can help.
Empower yourself to seize every opportunity. Partner with Insentra.
We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!
Gain a clear understanding of how AI applies to your business, uncover immediate wins and develop a roadmap for success.
Imagine a business which exists to help IT Partners & Vendors grow and thrive.
Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.
Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.
We love what we do and are driven by a relentless determination to deliver exceptional service excellence.
SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the ISO 27001 Certification.
