putilov_denis - stock.adobe.com
Many IT departments have struggled to find time and resources to migrate their legacy Microsoft Exchange environment to Microsoft 365, as they have had to deal with other external factors and struggled for resources.
Exchange 2010 is well out of extended support, and Exchange 2013 recently reached its end-of-life date. If you have either messaging platform running, then it is a point of vulnerability in your infrastructure. Not only is it risky to use these products, but you are missing out on the new features in Exchange Online.
Microsoft's hosted email platform offers better performance and, as a cloud service, can scale to handle a sudden influx of users in certain cases, such as a merger or acquisition. If you are already using other areas of Office 365, such as OneDrive, SharePoint and Microsoft Teams, then you can integrate them with Exchange Online. A migration from Exchange 2010 to Office 365 will reduce potential security incidents and reduce the efforts related to maintaining an on-premises server workload.
How do I plan the Exchange migration?
A successful migration to Exchange Online is largely down to its planning. The process starts with the migration team, which should include all the relevant people in your team. This group should involve the business stakeholders, the technical people who set up the infrastructure, the ones who will handle the migration and the staff who train the users how to work with the new email platform.
Assess and prepare the current Exchange environment
The first step to handle an Exchange 2010 migration to Office 365 is to update the Exchange Server to Service Pack 3. An Exchange 2010 server without this patch is far more likely to have mailbox migration issues.
If there is no existing connection between on-premises Active Directory and Azure Active Directories, then you will need to use Azure Active Directory Connect to synchronize data,csuch as user identities, between these two directories.
Prepare your DNS configuration to ensure email continues to flow smoothly during and after the migration.
If you use an email archiving product, then you will need to rehydrate -- or restore -- all email from that backup location into the Exchange mailstore mailboxes. Because archiving systems were often introduced when front-end Exchange servers had limited storage capacity, this may require increasing the storage on the Exchange Server. A migration to Exchange Online directly from email archives is not supported for Exchange 2010.
You need to identify and plan how to handle public folders. You can migrate public folders to Exchange Online public folders through a series of preparation scripts. However, shared mailboxes in Exchange Online offer a simplified option: once you create the shared mailbox, export the public folder data to a PST file and import this into the shared mailbox.
If your Exchange users have been using PST files, this data will not be automatically migrated. The content of these files needs to be manually imported into the user's Exchange Online mailbox, if this is still required.
Plan how the users will be trained to use the new applications and features. A large part of a successful migration is communication; to bring people along with you, they need to be part of the transition process. Third-party class training and online learning tools can be useful depending on the size of your userbase and your available internal resources.
How to choose the Exchange Online licenses and features
The basic Exchange Online (Plan 1) license has 50 GB of mail storage and can use the desktop, web and mobile versions of Outlook. If you want further features, such as data loss prevention, archiving and litigation hold to preserve mailbox content for legal purposes, then you will need to look at other license options.
Exchange Online Protection offers mail hygiene tools for mail-flow rules compliance, such as email disclaimers, spam filtering, and blocked and allowed senders settings. You can supplement this with a third-party product or purchase the additional Advanced Threat Protection Microsoft service. The Office 365 licenses you will need are based on the feature set you require.
An Exchange Online kiosk plan is for users who need basic email functionality, with a small mailbox of 2 GB and webmail access only.
Choose one of three Exchange Server migration methods
The three main migration methods are cutover, staged and hybrid migration. Each method has advantages and disadvantages, and organizations will have to decide which method is the best fit:
- Cutover migration. Cutover migrations move all mailboxes at the same time. It's a suitable migration for organizations with a small number of users. If you want to migrate quickly and you have a simple network infrastructure, then this is a good option.
- Staged migration. A staged Exchange migration moves mailboxes in multiple stages rather than all at once. This type of migration is useful for medium-sized or large businesses.
- Hybrid migration. A hybrid Exchange migration keeps some mailboxes on-premises while others are moved to Exchange Online, which allows a phased migration approach.
Some scenarios when an organization may choose to use a hybrid Exchange migration include the following:
- There are many users. You can migrate a small number of people at a time, which reduces the impact of the migration on the organization.
- You have specific compliance or regulatory requirements. Some mailboxes can be moved to the cloud. Others are kept in the data center if there are requirements prohibiting them from being maintained in a cloud environment.
- You have a mix of Exchange versions. A phased approach to mailbox migrations can help if you have more than one version of Exchange that you need to move at separate times.
- You want to test migrations. You can move a small number of mailboxes to Exchange Online initially and then evaluate the service before committing to a full migration.
Hybrid is recommended for the migration of 150 or more mailboxes.
What are some identity and access changes for users?
Microsoft recommends administrators switch on modern authentication in the Office 365 tenant settings, which enables features such as conditional access and multi-factor authentication (MFA).
Microsoft has minimum password requirements for Office 365 mailboxes:
- Passwords must be at least 8 characters long.
- Passwords can have a maximum of 16 characters.
- The username cannot be in the password.
- The password must contain a combination of uppercase and lowercase letters, numbers, and non-alphabetic characters.
Explain these requirements and security features to your users as part of their migration and training. For example, if you turn on MFA for Office 365 access, then users need to know how to work with IT to troubleshoot any issues they might have or prepare for any problems by keeping backup codes where they will remember them.
Steps to perform to prepare for the Exchange migration
An Exchange migration to Office 365 is not without its risks. But with good project and risk management, you can avoid downtime and data loss:
Plan. You need a migration plan from the initial steps to the final mailbox move for a successful move to Exchange Online. You can decommission the on-premises Exchange environment when you are confident it is no longer required.
Use available tools. Microsoft provides tools to prepare your migration. The Hybrid Configuration Wizard creates a connection with Office 365. You will need information about your mail transport and the wizard will ask you to create a text record in your domain's DNS to confirm your domain ownership. The Microsoft Remote Connectivity Analyzer, a web-based tool, tests the connection to the correct Exchange environment.
There are plenty of third-party migration tools available to simplify and automate parts of the migration, which can be complex and time-consuming.
Out-of-hours migration. Schedule mailbox migrations when bandwidth use is lower and affects fewer users. Regularly monitor and check logs to see which mailboxes have had issues that might need extra attention. Migrating small groups of users at a time also reduces the repercussions of unsuccessful mailbox migrations.
Test. Once you have established the connection to Office 365, run tests to ensure emails flow through the expected routes. Use a small subset of users who will give genuine and useful feedback to check migrations before rolling them out to all staff.
Rollback plan. As a last resort, you may decide to undo the migration if there are critical issues with the new Exchange environment. How you roll back an Exchange migration depends on the migration method used and the current state of the migration. Typically, you will need to stop the migration, restore the old Exchange environment (including the databases), revert the DNS settings and test that the original on-premises environment is sound.
You should evaluate what went wrong with the migration to understand how to successfully execute it the next time.
Verify the migration. After the migration, verify that all the mailboxes and their data moved successfully. Configure Outlook profiles for users to point to the new Exchange environment. The users should only need to enter their Exchange Online email address and password to start using the service.
Don't forget the users. All members of the organization should be informed of the changes with the messaging platform, how it might affect them and what the expectations are. You might opt to do formal classroom training to cover the new versions of Microsoft applications and security policies. You might choose to provide self-service resources with instructional videos and offer support if needed. Departmental champions who are essentially power users can be extremely useful to assist with colleague queries and training needs. Whichever way you do it, you need to engage with and bring people with you for the project to be a success.
What can go wrong when migrating to Exchange Online?
Many organizations have successfully been through the migration process and have hit issues along the way. Most problems have most likely been seen and solved by someone before. These are tips for a few of the most common troubleshooting issues:
Connection issues. The most common issue is incorrect login credentials or using an expired password. If MFA is in use, then this can cause authentication problems.
Network connectivity issues will stop migration and could occur via a router or firewall configuration or a DNS configuration issue.
Outlook profiles must be configured to point to the Exchange Online environment, and users must have a supported version of Outlook.
Antivirus or firewall software on the client can block the connection to Microsoft services, so check that the configurations allow proper access. Something simple as the wrong time on the client can cause connection issues, so it's useful to use a Network Time Protocol server for time synchronization on clients.
Sometimes the problem will be outside your organization. Microsoft experiences service outages that can prevent email access. It is worth checking the service health status link in the admin portal.
- Failed mailbox migrations. The main reason individual mailbox migrations fail is corrupt items. If this happens, then you can increase the bad item limit in the migration job for the next run. The corrupted items will not get moved to keep the mailbox in a healthy state.
- Azure account duplication. If you have staff members already using Microsoft 365/Office 365 services, then they likely have an existing Azure Active Directory account. When you try to migrate their mailbox, you might find that the mailbox already migrated to another new account because an account already exists with the same name. In this case, the on-premises Active Directory user accounts must be manually mapped to Azure Active Directory accounts before repeating the mailbox migration.
- User Principal Name configuration. The Unique Principal Name (UPN) is the identifier for an Active Directory user. If the UPN is not set correctly, the mailbox will not migrate. It is best practice is to set the UPN to the primary SMTP address, which is the username and domain separated by the @ symbol, for the migration.