Tackle mailbox migration head-on! Microsoft MVP Jaap Wesselius (@jaapwess) discusses common challenges like shared mailboxes and permissions, and strategies for a smooth mailbox migration.
Mailbox migrations are like moving day for emails! They happen when organizations decide to embrace the cloud or during mergers and acquisitions.
Think of it as packing up your emails and moving them from one digital home to another. This might involve moving from on-premises to online or going all-in with online-only migrations—what Microsoft calls cross-tenant migrations.
Today, we’re tackling mailbox migration. I’ll guide you through common hiccups and strategies, and cover tricky areas like shared mailboxes and delegates, permissions, and SMTP Relay for your multi-functional devices or apps.
Preparation is key—the more you plan, the better the results (and the fewer headaches you’ll face). Let’s get started!
Efficient mailbox migration: A step-by-step guide
Moving to a new house means clearing the old one, decluttering, and sorting through items. Moving mailboxes is similar. Let’s explore these best practices:
Take inventory of your mailbox
Before you move any mailbox, run this Get-MailboxReport.ps1 script, which will generate an export of all mailboxes in your source organization, including room mailboxes and resource mailboxes. The export will also contain sizing information for all mailboxes.
You can use the output generated by the script to create a CSV file to create new mailboxes in the target environment and a mapping list. This mapping list ‘connects’ the source mailbox to the target mailbox.
Keep in mind these two things:
- Mailbox size matters because it affects which license you’ll need for the target mailbox. For example, if your users have basic needs like webmail, but their mailbox in the source environment is 3 GB, you can’t just give them a Microsoft 365 F3 license in the target organization. I ran into this issue in my last migration, where we had users with Microsoft F3 licenses, but some had mailboxes between 2 and 3 GB.
- The number of items in a mailbox is crucial for migration performance. A 10 GB mailbox with 10,000 items of 100 MB each will migrate much faster than a mailbox with 100,000 items of 10 MB each. Unfortunately, there’s no one-size-fits-all strategy for grouping these mailboxes for migration. Migration performance depends on many factors, making it hard to provide specific guidelines or best practices.
Sort out permissions
It’s important to get an overview of all mailbox delegates in your source organization. You can use the Find-MailboxDelegates on GitHub to create an export of all mailboxes and their delegates (i.e. who has permissions on what mailbox).
Using this output, you can identify relationships between mailboxes, like managers and their assistants. Assistants usually have permissions on their managers’ mailboxes. It’s best to group and migrate these mailboxes together to the new platform. While cross-premises permissions can work as expected, it’s not guaranteed. Keeping these mailboxes together during migration can save you from many helpdesk tickets.
Make sure you have a clear picture of all applications that use email in your organization. Some applications need an SMTP (Simple Mail Transfer Protocol) relay server. This can be a relay server in Microsoft 365 or sometimes even an SMTP relay server on-premises. There are also modern applications that don’t use an SMTP relay server, but login directly to Exchange Online using Microsoft Graph. For these applications, you need to create and configure an App Registration in Microsoft Azure.
Considering using a third-party tool to migrate mailboxes? Make sure you’ve got the keys to the castle! Check that you have the right permissions to move mailboxes. For example, ShareGate’s migration tool requires Microsoft global admin permissions to copy at the source and destination. Additionally, ensure the tool is granted consent on your tenant.
Keep compliance and security in check
Compliance and security can cause major headaches in a cross-tenant migration. When compliance is configured in your source environment, make sure that the configuration in the target environment matches the configuration in the source environment.
This applies to mailboxes and archive mailboxes, including Retention Policy Tags (RPT) and Retention Policies. You don’t want to deal with helpdesk tickets from users who find their mail has disappeared after migration (in an archive mailbox).
Other important factors to consider:
- Litigation hold (and the accompanying inactive users)
- Data Loss Prevention (DLP) policies
- Digital Rights Management (DRM) configuration
- Message encryption. Previously Office 365 Message Encryption (OME) was used to achieve this, but it has been deprecated and replaced by Purview Message Encryption.
When it comes to security, it’s a good idea to take a close look at Multi-Factor Authentication (MFA) and Conditional Access Policies. These are important for users before and after the migration and can impact your migration tool as well.
What can happen is that your migration tool wants to log on to either the source or target environment, but the logon is stuck on an MFA request, or the logon tool comes from a location that’s not allowed via Conditional Access.
Configure Exchange Online
Before moving mailboxes, check that the Exchange configuration in your target tenant is finished. Here are some tips:
- Make sure you have the Autodiscover record, MX record, and SPF record in place. The Microsoft Online Portal gives you guidance on what you must configure in DNS for this.
- Configure DKIM in your tenant as well and create a DMARC record. In contrast to the other settings, DKIM is not configured in the Microsoft Online Portal, but in the Microsoft Security portal. Microsoft does not have a tool for creating a DMARC record, but you can use the MXTOOLBOX DMARC generator to do this. Just fill in your domain name and if it doesn’t have a valid DMARC record, it’ll present a wizard to create one.
- Microsoft 365 uses Exchange Online Protection (EOP) for message hygiene purposes. Before starting the migration, make sure you have recreated all message hygiene configurations and settings from the source environment in the target environment. There’s no Microsoft tool to help you with this, and for larger environments, this can be quite a lot of work when the configuration is complex. It can take quite some time before you’re all set.
- Remember to bring along any third-party signature and disclaimer solutions you‘re using in your project.
Keep an eye on network performance
Network performance can be a limiting factor for on-prem mailbox migrations. It’s less of an issue for cross-premises migrations, but you must be aware of throttling policies in Exchange Online.
To protect the Exchange Online platform, network throughput is limited, and throttling can cause the mailbox migration performance to slow down. When you migrate thousands of (large) mailboxes with multiple terabytes of data, contact Microsoft support to lift the throttling policies for some time so you can migrate your mailboxes properly.
Another tricky challenge to watch out for is Outlook during a cross-tenant migration. When migrating, Outlook needs a new profile. It generates a new .OST file for its cache. This means all contents are initially downloaded from the mailbox to the Outlook client.
If it’s just one or ten mailboxes, that’s manageable. But imagine migrating 1,000 mailboxes over the weekend; when Monday morning rolls around, all 1,000 Outlook clients start downloading simultaneously, which is an issue. Unfortunately, there’s no technical way to avoid this, it’s just how Outlook works.
Ensure a smooth end-user adoption
Getting everyone on board is key. Users need to understand what’s changing and what to expect.
Will their experiences stay the same? Do they have new features available like Teams, OneDrive, or SharePoint? And how can they make the most of them?
So how do you keep everyone in the loop? Start by keeping them informed through newsletters and regular updates on your company’s intranet. Share snippets about the new features on the horizon and how they can dive right in. Consider setting up an internal Wiki with handy “how-to” guides and create a status page on the intranet in case any issues pop up.
The key here is communication. Nailing this means users will embrace the new environment, leading to smoother transitions.
Moving mailboxes is not a very difficult task, but it’s important to be aware of common challenges. By implementing these tips and staying prepared, you can ensure the success of your mailbox migration project. Remember, with diligence and the right approach, you can overcome obstacles and make the transition seamless for your organization.
