Blog
How to optimally prepare for tenant-to-tenant migration
Good planning is essential
From the technical and logistical viewpoints, a tenant-to-tenant migration is a major construction site. For in-house IT, which does not deal with this on a daily basis, this means an enormous amount of work and stress. The resulting changes for users must also be taken into account. A clear road map and the best practices of the experts at Skaylink help to prepare you well for this type of migration.
When is tenant-to-tenant migration necessary?
In the wake of mergers, spin-offs or corporate acquisitions, users, data and devices usually have to be migrated to a new or existing different tenant. This enables employees to collaborate without the limits otherwise present due to IT technology: for example, due to access, rights or the data status. Even a separation after parts of a company are sold – with the opposite motivation – can also make this type of migration necessary.
What exactly is migrated?
For tenant-to-tenant migration, the entire Microsoft 365 Suite is relevant and the configurations and data from Exchange, OneDrive, Teams and SharePoint are transferred, for example. The technical goal of tenant-to-tenant migration is to either create the users of the tenant to be migrated in the Active Directory (AD) of the destination tenant and synchronize them there, or create them there as cloud identities.
Further, companies should check whether products from third-party manufacturers integrated into Microsoft 365 must be migrated and whether configurations need to be included for the seamless use of other applications.
How do I prepare a migration?
In order to avoid surprises during the migration, multiple preparations must be made in advance:
Analyze the initial situation
There are relevant differences between the old tenant and the destination tenant, particularly when migrating to a tenant that already exists. In this case, the users, their ways of working, the data types and quantities involved, and the security and compliance policies must be aligned, for example. This is the only way to thoroughly include the required adjustments in the plan from the very beginning.
Define configurations
The security defaults in the destination tenant must be adjusted in order to ensure that users can log into the new environment without any problems. User synchronization, DNS name resolution, and the security policies must also be adjusted. If companies prefer to use migration tools from third-party manufacturers (which is usually necessary), they must also be configured for use.
Grant access rights
Specific project members (usually the admins from both sides) must have access to both tenants and the relevant systems (hybrid set-up, network access) in order to make key configuration adjustments. Your IT service provider needs a service account and access to migration tools for both the source and destination tenants.
Create “relocation lists”
A list of all users to be migrated and the services they use, as well as a user mapping table (User@Source → User@Destination) must be created. Further, a list of users who have already been invited to the destination tenant with their original account, a list of all typical recipients for Exchange Online and a list of all guest accounts in the source tenant are required.
How do I plan the tenant-to-tenant migration?
Design phase
In the design phase, the required configurations, migration steps, project setup and schedule are defined. An inventory of the source tenant is made and the necessary configurations are taken care of in the destination tenant (see above). In this phase, solutions are found for cases in which the policies and limitations in the tenants are different. If the adjustments affect users directly, the relevant communication must be prepared.
What requires special attention before the actual tenant-to-tenant migration?
Preparation phase
The preparation phase in particular requires a lot of work and is connected to numerous different workloads. For example, the existing mailboxes must be analyzed in order to define the various migration waves. This must be considered in the individual workloads.
Network
If both sides use Microsoft 365 Cloud services, a fast check of the network structure is run in order to see whether all the conditions for migration are fulfilled. The network setup for the migration tools and data migration are also checked.
Identity & security
Users must have the same UPN prefix for the migration to enable the smooth migration of all data, accesses, etc. The security standards in both tenants must be aligned and adjusted, and any changes must be communicated to the users (see above).
Windows clients
Windows clients are connected to the respective domain in the local Azure Active Directory, which can lead to access problems. This is why the design phase must also take client migration into account. Basically, the decision is made here to leave the clients in their original on-premises active directories. For spin-offs, the on-premises AD is separated and migrated in a separate sub-project – but that is not the subject of this article.
Mobile clients / MS Intune
All settings of the Endpoint Manager (formerly Intune) must be aligned between the source and destination tenants and adjusted. Mobile device users must be instructed as to how the devices can be migrated into the new environment, since this cannot be done automatically. Alongside a prepared manual, the service desk should be prepared to handle any inquiries.
Messaging
For the migration, policies that limit the data flow must be adjusted in both tenants. Initially, the global admin can do this for a limited period of 90 days. An additional 90-day period must be requested via support ticket. Deactivation generates a transfer speed of up to 150 MB per five minutes and mailbox. There should be a service account in each tenant with at least Exchange administrator rights in the source and destination environments, as well as Exchange application impersonation rights in the destination environment.
OneDrive for Business
For migration with a third-party manufacturer tool, a global admin must grant application rights for the source and destination tenants. To migrate the rights corresponding to the users, the UPN prefix must be the same in the source and destination tenants.
Microsoft Teams
With the API limits for Teams, the migration of teams to a new tenant remains complex. The data can be transferred with migration tools. Although migration in stages is theoretically possible, the experts at Skaylink recommend migrating a team in a single run. Because they lack an API, guests on teams are not migrated. They can undergo a “script-based” transfer, but the guests must complete a new registration process.
Change & adoption management
If the source and destination environments are significantly different, it is essential to include employees through change & adoption measures. It is just as important to consider changes in corporate culture and different ways of working. How do the colleagues work as a team? When is it the custom to write an e-mail vs. use a chat function? In practice, short guides, scenario-based training sessions and champions programs have been proven to provide effective support to colleagues during change. This provides the opportunity to both migrate the technologies and support the productivity of and collaboration among the new colleagues.
Stricter security guidelines that required multifactor authentication for external accesses are another example of a change from familiar ways of working. This change must also be proactively communicated in order to integrate employees in time.
What process does a tenant-to-tenant migration follow?
Staged data migration has proven to be particularly pleasant and efficient for projects. In this type of migration, data is migrated step-by-step in the background, making it possible to handle even large quantities of data without any noticeable changes for users. Depending on the number of users and the data volume, this migration takes one to three months. After the data is migrated in the background, test and pilot migrations should be carried out. They are done to verify the quality of the migration and solve any problems. In the last stage of the migration phase, which could take around one week depending on the planned schedule, the remaining data is transferred and all configurations required for bringing the users into the new environment are completed.
Which migration tools do you recommend?
Some proprietary Microsoft tools simplify and support tenant-to-tenant migration. In general, however, the tools from third-party providers perform better. Above all, BitTitan MigrationWiz in conjunction with ShareGate Desktop has proven very effective in practice, since they can migrate Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams. ShareGate Desktop has proven its worth for Teams and SharePoint in particular, which is why it is a useful accompaniment to BitTitan MigrationWiz. Both tools comply with the GDPR (General Data Protection Regulation). The Skaylink experts supplement their offer for tenant-to-tenant migration with various proprietary developments and scripts in order to achieve higher quality and a higher automation rate.
Read before you start – What you absolutely need to know around tenant-to-tenant migration!
Security coordination
Since sensitive access to tools and data is required, close coordination with the cybersecurity team is essential from the very beginning.
Necessary double-licensing
For the period in which the migration is taking place, users must be double-licensed – in the source and destination tenant – to enable the data to be migrated. If you have an Enterprise Agreement, it is usually possible to negotiate with Microsoft to receive the required double licenses free of charge for the migration period. Alternatively, via the Microsoft CSP model you can acquire licenses only for the period of time in which they are actually required.
Hybrid project management
For tenant-to-tenant migration, many internal and external project members must be coordinated. At least eight different technical workloads must interact to ensure that the migration runs smoothly and without disruption for end users. Usually, cloud environments and possible changes in the Microsoft 365 Suite do not permit classic waterfall project management. Depending on the time frame, it may be necessary to make additional design changes in the preparation or migration phase. At Skaylink, hybrid project management has proven successful here.
Conclusion
Tenant-to-tenant migration cannot be taken care of in parallel to the usual daily workload. It requires experience, preparation, and planning. Time is of the essence here. Waiting too long means that error-prone workarounds quickly become established, policies are not uniformly implemented and the security and efficiency of company workflows suffer lasting negative consequences. And corporate acquisitions are often subject to strict time constraints. Experienced IT service providers support you with expertise and highly qualified specialists, which is why they are usually the best option for implementing your migration successfully and quickly. Feel free to ask us about our offers!