If you are just using Exchange Online with Azure AD, chances are you have all that you need to perform your migration by now, but that is rarely the case. With all of the offerings available in Azure AD and Office 365, there is bound to be at least one other major service that is in use. In addition, there may be some Shadow IT occurring; services that have not been officially deployed, but are nonetheless being used. It may be acceptable to most organizations to just inform those that were using these components their data will not be migrated over and potentially lost, but that should not be the first assumption. There have been times when certain employees (i.e. Developers) have been working on projects using components not deployed yet, such as PowerBI. Losing this data, while not sanctioned, may still result in lost revenue for an organization. The following topics review all other major areas to consider with a tenant to tenant migration.
Skype for Business Online\Microsoft Teams
Skype for Business Online is set to retire soon. If you deploy a new tenant, you need to contact Microsoft to determine if they will even provision the Skype for Business Online service for that tenant. If not, you will have to migrate to Microsoft Teams. Even if you already have Skype for Business Online available, there is no tool (native or 3rd party) that assists in a total migration of Skype for Business Online in a tenant to tenant migration. Users will sign into Skype for Business Online in the new tenant as if it were their first time with an empty contact list. Meetings that have Skype for Business Online links will also be broken. There is a tool Microsoft created, Meeting Update Tool that users can use to try to automatically update existing Skype for Business meetings.
If you are currently using Microsoft Teams, there are 3rd party tools, such as Bititan MigrationWiz for Teams, that are developing to allow for data to be migrated to a new tenant.
If you are utilizing Microsoft Phones System with either Calling Plans or on-premises call handling, you need to perform a full voice migration for all components involved. For Calling Plans, even though the numbers live in Microsoft, you still need to submit a porting request. Although these requests are done much quicker and with less complexity since technically you are not switching providers. You still need to work with the PTN team (PTN@Microsoft.com) to work with you to move your numbers to a new tenant. For on-premises call handling scenarios, either Cloud Connector or Direct Routing, these need to be updated to send and receive calls from the new tenant. All Call queues and Auto Attendants need to be recreated. Voicemails will not be lost since they are stored in Exchange Online, but greetings will need to be re-recorded.
SharePoint Online\OneDrive for Business
SharePoint tenant to tenant migrations are slightly different depending on if you are consolidating an acquired tenant into your own tenant, or merging into a new tenant. If migrating an acquired company, you need to determine the site structure and layout requirements or decide if the acquired company’s users simply need to start using the existing structure. For mergers into a new tenant, there are significantly more planning requirements in which each organization needs to collaborate to come to a universal structure that will work for both organizations in the new tenant.
During the transition period, you need to determine what level of coexistence is necessary. The same rules that apply to Exchange apply to SharePoint. A domain can only exist in one tenant, so usernames for accessing content may have to change on the source tenant to the onmicrosoft.com namespace during the transition. However, the existing data can be migrated in advance of the domain move to ensure no data loss.
Finally, it should be determined what is actually being used. Having 100GB of data compared to 100TB of data makes a big difference in migration timelines. There are a few different reports that can be generated to export the owners/users for each site as well as utilization statistics.
Security and Compliance
In addition to what was previously discussed for Azure AD and Exchange Online, the following areas of Security and Compliance should be addressed between both organizations for all workloads being migrated.
- Multi-Factor Authentication
- Azure AD Conditional Access
- Regulatory Compliance (HIPAA, GDPR, etc)
- Data Loss Prevention
- Microsoft Threat Protection
- Microsoft Defender ATP
- Office 365 Advanced Threat Protection
- Cloud App Security
- Azure Advanced Threat Protection
- MDM/MAM, such as Intune
Other Application Dependencies
There are some workloads that simply have no means of migrating data from one tenant to another (as of Oct, 2019). These include Yammer and PowerBI. There may be others, but as already mentioned, each workload should be analyzed to determine requirements and capabilities.
Office 365 workloads are not the only applications that can be affected with tenant to tenant migrations. Any deployments in Microsoft Azure (IaaS/PaaS) utilize Azure AD as a directory. There are over 3000 supported applications that can integrate with Azure AD. In addition, on-premises applications can be using Azure AD Application Proxy or Active Directory Federation Services, or other custom applications can be integrated with Azure AD. Once an app is integrated into Azure AD, it is potentially capable of taking advantage of all features of Azure AD, including Single Sign On and Conditional Access. Any function, no matter the integration method, needs to be reviewed and reconfigured in the new tenant to ensure a seamless transition.
That concludes Enabling Technologies’ series on Lessons Learned for tenant to tenant migration and consolidations. During this series we have address most major and common areas to properly address and anticipate when performing this migration. However, no environment is always 100% identical, and many unique challenges may present themselves within the areas addressed or others (i.e. PowerBI, Yammer, Project, etc). If you are using a component of Azure AD or Office 365 in any capacity, or have any level of integration with other applications, ensure you receive proper planning and guidance from a partner can help alleviate those concerns before they become showstopping issues.
Enabling Technologies can help you enable secure productivity in the cloud by properly preparing you for moving to Azure AD and Office 365 based on Microsoft Best Practices. You can check out more in the Cloud section of our website.