Exchange Online migration design considerations

Exchange Online migration design considerations

Introduction

Most Microsoft 365 migration projects have an Exchange Online (EXO) portion. Whether that be an on-premises Exchange Server to Exchange Online migration task or a migration from a third party POP3/IMAP email hosting provider, there are a number of design considerations you need to take into account in every EXO project.

Exchange Online migration design considerations

The most common and important Exchange Online (EXO) migration design considerations are the following:

0) Before doing anything elese, determine your mailbox storage metrics and based on your customer’s ISP line bandwidth, create a first timeline draft of the overall migration. The migration process can be a cutover migration or a phased migration. Consult the following articles for more details on the initial migration design approach: https://practical365.com/methods-for-migrating-to-office-365/ and https://practical365.com/exchange-server-upgrades-migrations/ and https://docs.microsoft.com/en-us/exchange/mailbox-migration/office-365-migration-best-practices. If this is going to be a tenant-to-tenant (aka cross-tenant migration) take into account additional considerations as per: https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-tenant-to-tenant-migrations?view=o365-worldwide and https://docs.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide and https://docs.microsoft.com/en-us/exchange/mailbox-migration/migrate-mailboxes-across-tenants.

1) Be aware of all EXO physical limitations. There are certain limitations which come in by design and which may affect your migration project design. Take a look at https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits. Also educate your users about the difference between Outlook Cached Exchange Mode and Online mode. In most cases the Cached Exchange Mode is recommended and Online mode is only used for troubleshooting email object synchronization issues in some cases. However when using the Online mode, certain EXO features are not supported (e.g. Shared Mailboxes).

2) Plan for storage. You need to identify at early phase the source environment storage size (mailbox storage) and take into account that a percentage of this storage may be saved when migrating to EXO. This is because the customer may want to perform filtering of their mailbox data and only keep data which is x years old or earlier.

3) Determine who your users and groups currently are and how these will be mapped to users and groups in the EXO infrastructure. It is important to educate your customers about the available group options in Microsoft 365, i.e. Unified groups (Microsoft 365 groups), Mail-enabled security groups and distribution lists. Also it is important to compare Unified Groups performance and overall end-user experience with Exchange Online shared mailboxes. Depending you on your customer needs, choosing between Microsoft 365 groups vs. Shared Mailboxes should be done after training and testing the differences between the two.

4) Determine the number and type of EXO mailboxes (licensed mailboxes, online archive mailboxes and shared mailboxes). Also determine iof the users will be accessing their mailboxes from the Outlook client or also from Outlook for Web (OWA) and if other services (POP/IMAP/SMTP Auth, etc) are going to be enabled for the users or not.

5) Clearly identify what permissions you will be assigning to which users and groups in the EXO mailboxes (send as, send on behalf, full).

6) Ensure that you have lowered the DNS MX record TTL value to the lowest value possible early on, so that during the migration switch-over the change is done in the minimum possible time.

7) If you have a very large number of mailboxes and very high volume of storage, you should consider using the Microsoft Drive Shipping method for your .pst files: https://docs.microsoft.com/en-us/microsoft-365/compliance/importing-pst-files-to-office-365?view=o365-worldwide. Otherwise, use the network upload method and consult the following highly useful article: https://docs.microsoft.com/en-us/microsoft-365/compliance/use-network-upload-to-import-pst-files?view=o365-worldwide. In either case, it is useful to first review the FAQ guide, available at: https://docs.microsoft.com/en-us/microsoft-365/compliance/faqimporting-pst-files-to-office-365?view=o365-worldwide. To automate parts of this process, you could either develop your own Powershell scripts or use a third-party migration solution. Some of the most well-known third-party vendors are the following: https://www.quest.com/community/blogs/b/en/posts/pst-files-office-365-and-the-path-to-happiness and https://help.bittitan.com/hc/en-us/articles/360045744693-Exchange-Online-Microsoft-365-to-Exchange-Online-Microsoft-365-Mailbox-Migration-Guide and https://www.recoverytools.com/office-365/migrator/.

8) Ensure you have administrative access to all existing email hosting provider admin tools, such as the authoritative DNS server zone which manages the DNS records and email hosting provider (for example CPANEL). In cases where the customer has not only IMAP but also POP3 enabled mailboxes, pay extra attention that some of the mailbox data could only be downloaded to user endpoints and be removed from the POP3 server, so in these cases do not rely on the server to export the data. Discovering all available end user endpoints and exporting all data to .pst may be a tedious process but is essential for data consistency. After you export all .pst data always keep an offsite copy of the old .pst (preferably encrypted) in case these may be needed in the future for archival purposes.

9) Ensure that you train your customer administrators and end-users sufficiently. Microsoft has released a series of free training videos for administrator and end-users. Place emphasis on the Outlook client training (https://support.microsoft.com/en-us/office/outlook-training-8a5b816d-9052-4190-a5eb-494512343cca), since this is the most common tool which end-users will be utilizing on a daily basis.

10) Advise your users to always download and use the latest Outlook client, depending on their installed version of the Office 365 suite. Ensure that you design an efficient process for deploying the Microsoft 365 apps on all supported user machines by utilizing the Office Deployment Tool alongside the Office config tool (https://config.office.com).

11) When running Powershell scripts or other unmanaged code and scripts against your EXO tenant during migrations, avoid getting thottled by reviewing the following article: https://stefanos.cloud/blog/kb/how-to-increase-throttling-limit-for-microsoft-365-tenant-to-tenant-migrations/. Always reduce the concurrent operations you programmatically run against EXO. Also consult the following relevant articles about EXO throttling: https://techcommunity.microsoft.com/t5/exchange-team-blog/resource-based-throttling-and-prioritization-in-exchange-online/ba-p/608020 and https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/ews-throttling-in-exchange and https://blog.quadrotech-it.com/blog/office-365-exchange-online-powershell-throttling/.

12) Create a robust security design around EXO, which should be based in the least privilege principle. Have a minimum of two global admins, always enable security defaults and 2FA in your tenant and pay attention to M365 security center and the secure score. Specific to EXO are the various security policies (such as DLP), the M365 audit log which covers all mailbox operations as well as the correct setup of EXO mailbox permissions. Managing your guest users and external access in general is of paramount importance. Ensure that you have knowledge of the storage location (region) of your Exchange Online data, as per https://docs.microsoft.com/en-us/microsoft-365/enterprise/eu-data-storage-locations?view=o365-worldwide..

13) Design an EXO reporting mechanism on top of what EXO gives you out of the box inside the admin portals. This can be accomplished by either a set of well-designed Powershell scripts or by utilizing a third party tool. You should be able to track which users have EXO online archives setup and determine what the best archiving and mail-retention policy should be for each user.

14) Besides the out-of-the-box file restoration capabilities of EXO (Online Archives and Deleted and Recoverable Items folder), you should always plan for a proper Cloud-to-OnPremise or Cloud-To-Cloud backup solution. Refer to the following article for all out-of-the-box data protection features of Exchange Online. A backup plan involves backup properties, what to backup, how often to backup, what backup type to take each time (full, differential, incremental) and how long to keep each backup (retention window). A proper backup solution helps keep your organization secure and allow for point-in-time restoration, in cases of disaster and critical malware attacks, such as ransomware incidents.

15) Be ready to provide support to your end-users post migration. Some handy tools to keep in mind are the following: https://stefanos.cloud/blog/microsoft-365-troubleshooting-tools.

Exchange Online migration pre-sales design questions to end customers

You should address the following questions to the technical team of your end customer in order to more efficiently design your technical solution:

  1. Does the customer require a data-only migration or a full end-to-end migration support, including end-user Office 365 apps setup, Outlook configuration and OneDrive for business configuration?
  2. What is your source SMTP server environment? Ensure you have administrative access to this environment to initiate migration tasks.
  3. What is your authoritative DNS server environment? Ensure you have administrative access to this environment to manage the DNS zones affecting your SMTP domains.
  4. Do you have an existing M365 tenant? Do you require tenant to tenant migration for company administrative or accounting purposes (e.g. change of company physical location for invoice issuance)?
  5. How may active users do you have in-scope?
  6. How many distribution lists, security groups, mail-enabled security groups and Office 365 unified groups will be needed?
  7. How many shared mailboxes will be needed? Prepare and deliver a quick demo to showcase the differences between shared mailboxes and office 365 unified groups to the end customer.
  8. What is the total mailbox storage space in GB?
  9. What are the specifications and bandwidth/latency of the customer’s ISP line? You may need to either upload .pst files via the customer’s ISP line or upload them from the customer’s existing cloud or by copying the files from on-premises to your CSP environment and then perform the migration. Of course, proper measures for data encryption in transit and for data privacy and confidentiality should be taken into account.
  10. Do you have an on-premises Active Directory forest/domain? Do you require on-premise directory synchronization with Azure AD via Azure AD Connect?
  11. Do you require end-user or administrator training? We assume that operations-related documentation should always be part of the project deliverables.
  12. Is EXO migration only in scope or do you require other data/services to be migrated as well, such as Sharepoint Online and OneDrive for Business? It is always critical to assess and document your project scope before providing your technical offer to the end customer.

About The Author