Lessons learned during a migration to Exchange Online

Mailbox permissions for groups might require adjustments

I manage shared mailboxes by creating an Active Directory (AD) group, adding members to that group and giving that group access to the mailbox. You lose the ability to automatically map secondary mailboxes in Outlook, but you get better visibility on who has access to what. It's also easier to add a department group inside this group, if the entire department needs mailbox access.

However, the group will stop working when you migrate that shared mailbox to Exchange Online, unless you make the following configurations:

• The group is synced to Azure AD. (If you sync your entire AD, which is what Microsoft recommends, then you're fine).
• The group needs to be a mail-enabled security group.
• The group is a universal group, not the default global scope.

Without this arrangement, the shared mailbox won't work properly. Even if you use PowerShell to force a non-mail-enabled security group to have access to a shared mailbox, Exchange Online still cannot recognize group members to give them access.

Coping with distribution list management

There's a long list of reasons to consider a migration to Exchange Online. The lure of not having to manage the underlying infrastructure and storage requirements of Exchange Server is an easy sell for many in IT.

On-premises Exchange Server enables administrators to appoint users to manage distribution lists, giving them the ability to add or remove members via the Outlook address book. It's a great way to hand off the responsibility of list maintenance to the users.

However, Microsoft does not support this in Exchange Online. You can give users limited access to one of the Exchange utilities for group management, but this isn't ideal. You could explore a third-party product to let a user manage groups directly in AD with a utility or web interface, but that's not as simple as the address book method.

The best way around this is to migrate groups to Office 365 Groups instead. Microsoft designed the Office 365 Groups feature for user management and gave it a huge amount of extra functionality compared to a standard distribution list. But this switch is a significant change and might not be an option for your organization. If that's the case, then it might take some work to find an easier way for users to manage group members, or this task may fall on the help desk.

Better performance comes at a cost for secondary mailboxes

Unless you make some configuration changes, mailbox performance is slower when you switch from on-premises Exchange to Exchange Online. Microsoft recommends switching from online mode to cached mode for the best experience. This also carries over to secondary mailboxes, but this change will cause some issues if you need to view old email.

In online mode, you can see all email, but it is slower to navigate and overall general use for the end user suffers. Depending on your connection and how many hops you are away from your mailbox, this performance can vary drastically, which is why Microsoft endorses cached mode.

However, cached mode comes with its own caveat: The setting for your primary mailbox's offline mail also applies to all secondary mailboxes. Any email older than your offline setting on a secondary mailbox isn't visible in Outlook. There's no "Click here to view more on Microsoft Exchange" link when the email stops, which can make certain situations frustrating for an end user. There is no smooth workflow for a workaround for this issue.