Menu
Do’s and don’ts when migrating customers to hosted Microsoft Exchange

Do’s and don’ts when migrating customers to hosted Microsoft Exchange

When it’s time to move on-premises Exchange mail to the cloud, IT executives should keep in mind these tips and warnings.

Credit: Dreamstime

Make no mistake: moving from an on-premises Microsoft Exchange deployment to Exchange in the cloud is a gargantuan undertaking. Earlier this year, I explored the major issues businesses will need to consider and decisions to make when moving to hosted Exchange.

But for most organisations, further guidance is necessary. What are some of the gotchas to watch out for? What are some best practices to factor into planning? Here, I’ll take a look at several important do’s and don’ts when it comes to getting an organisation into Exchange Online.

Note: This story focuses on migrating from Exchange Server on-premises to some version of Microsoft’s hosted Exchange service (under an Exchange Online, Office 365, or Microsoft 365 subscription), or to a hybrid configuration with the “365” apps in the cloud and Exchange remaining in some fashion on-premises in production. It is not intended to apply to migrations to other providers’ services.

Don’t underestimate the time it will take to move all of the data over

Depending on a number of factors, including how many users the business has, how much data each mailbox has stored, bandwidth constraints, and more, migrating email to the cloud can take anywhere from a few days to several weeks.

One unexpected slowdown may come from Microsoft itself: a non-obvious protective feature of Exchange Online is that it throttles inbound sustained connections in order to prevent a small number of bad actors from overwhelming the system.

Once a customer is up and running and fully in the cloud for production, end-users will come to appreciate this defence, which works for the benefit of the general subscription base. But when trying to ingest data transfer rates sometimes slow to a crawl. There's unfortunately little a business can do about this other than simply endure.

Be sure to include this in planning, as moving hundreds or thousands of multi-gigabyte mailboxes into Exchange Online may take a lot longer than expected.

Do use a delta-pass migration

Reduce the time pressure by using a delta-pass migration rather than a strict cutover migration. With delta-pass migration, multiple migration attempts are made while mail is still being delivered on-premises. The first pass might move everything from Sunday, May 1 backward, for example, and then another pass is made later in the week to move the “delta” — or changes — from Sunday, May 1 through Wednesday, May 4, and then another and another until essentially the mailboxes are up to date.

This is a useful technique, as each successive migration batch is smaller than the last. Typically over a weekend, the last delta batch will finish in a few minutes, and then moves are complete and users can throw MX records over to Exchange Online. Users never experience missing historical mailbox data, because until the mailboxes are identical, they use the mailbox that already holds their data.

Don’t forget to configure edge devices and intrusion detection systems to recognise Exchange Online as a trusted partner

If users forget this all-important step, migrations may be interrupted because IDS thinks that a denial-of-service attack is happening. Conveniently, Microsoft makes available a regularly updated list of IP addresses used by all 365 services to use specifically when configuring edge devices to trust traffic where necessary.

Do run the Office network health and connectivity tests ahead of time

Microsoft has developed a comprehensive tool that can alert users to routing or latency issues between the business and the Microsoft 365 data centres. The tool runs a suite of tests of speed, routing, latency, jitter, and more on the network connection to identify and isolate common issues that could lead to a degraded experience — especially with voice applications — for Microsoft 365 users.

Any performance issues the tool finds will almost certainly have a negative impact on the speed of the migration attempts and passes. Solving or mitigating any issues users find will speed up the entire project.

In a hybrid environment, do use the EAC in Exchange Online to initiate mailbox moves

If users choose a hybrid model for deployment, then they will by definition have some mailboxes on-premises (at least for a time) and some in the cloud. In this scenario, it can be tempting to trust old go-to Exchange Management Console to do all of the mailbox move work, shifting mailboxes to and fro.

Don’t give in to that temptation; it’s best to pull mailboxes into the cloud from the web-based EAC in the Microsoft 365 administration centre, rather than using outdated on-premises tools.

Don’t forget about Outlook client version updates

Updating an office suite across a large enterprise is no easy task and takes a while, which means there’s often a prevalence of older copies of Outlook among users. When controlling an Exchange deployment, that’s fine, because the customer can control the timing of moves.

But one of the “side gotchas” that comes with using the cloud is that someone else gets to decide the baseline level of software that will work with its services. Microsoft is really pushing everyone toward the subscription-based Office suite (Microsoft 365 or Office 365) and away from the old per-user perpetual volume licenses with the year attached (Office 2013, 2016, or 2019, for example).

In fact, as of October 2020, the vendor declared that Outlook 2013 and older versions are no longer supported for connecting to Office 365 and Microsoft 365 services. While it won’t actively block these older clients, they “may encounter performance or reliability issues over time.” And there’s no telling when Microsoft will pull the plug entirely.

So don’t forget about developing a plan to update clients to Office 2016 or beyond, or move to a subscription license and deploy those apps instead of the volume licence editions.

Do plan to implement two-factor authentication

One of the biggest advantages to moving to Exchange Online and Microsoft 365 is the ability to use all of the new security features available in the cloud, the most important of which by far is the ability to turn on two-factor authentication.

2FA reduces attack surface significantly as soon as they turn it on, and since Microsoft has done all of the rewiring of the directory and Exchange security model on its servers to make it work, all businesses have to do is flip the switch and show users where to plug in their mobile phone numbers.

Better yet, use the Microsoft Authenticator app to reduce the security and social engineering risks of using SMS text messages. But don’t let perfect be the enemy of the good. Deploying Authenticator across tens of thousands of phones can be difficult, especially with BYOD set-ups and remote-work environments where employees don’t have access to an in-person help desk.

In contrast, setting up SMS requires nothing from the end-user and can be done entirely by IT. So if the choice is between two-factor authentication with SMS and no two-factor authentication, then by all means turn on 2FA and use SMS.

In a hybrid environment, don’t remove the last Exchange Server

One cardinal rule of operating a hybrid Exchange environment is that users must keep at least one Exchange Server running on-premises in order to manage users. There exists a way to continue to use the Active Directory attribute editing functionality to manage recipients, but it’s not really supported — and if it breaks, users will have to file a ticket with Microsoft, wait three days, and maybe, just maybe, it’ll come back.

It is much easier to use the Exchange admin console of an on-premises server to manage recipients in a hybrid environment, and users can’t do that unless they leave an Exchange Server running in an on-premises deployment.

Microsoft has repeatedly said it’s working on a solution to this issue of having to have an existing licensed server on-premises with hybrid deployments, but even after several years there's been little progress toward solving that problem.

The last word

A transition time is always challenging, and that's certainly true when migrating an organisation to Exchange Online. By factoring in the advice and warnings above, users will make that path smoother and reach the finish line more quickly.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsofthosted exchange

Featured

Slideshows

Show Comments