A comprehensive guide to Office 365 Tenant to Tenant Migration

 A comprehensive guide to Office 365 Tenant to Tenant Migration

Microsoft Office 365 is one of the most preferred cloud-based productivity suite amongst various business firms owing to the variety of advanced features it offers. With a comprehensive set of tools and services for collaborating with other people and advanced security features, Office 365 offers a secure and scalable solution for businesses of all sizes.

Tenant to Tenant migration involves moving all the data of users from one Office 365 environment (or tenant) to another. Organizations may need to shift from one Office 365 tenant to another for a variety of reasons ranging from mergers, divestitures, regulatory compliance, etc. In this article, we will go through a few reasons, prerequisites and methods for a successful Office 365 tenant to tenant migration.

What is the need to shift from one Office 365 tenant to another?

There can be various scenarios where it becomes necessary for organizations to perform the Office 365 tenant to tenant migration. Some of the most common scenarios include:

  • Reorganizing departments in organization: Sometimes changes in certain departments of an organization can also call for restructuring of the Office 365 tenants of users to be in tune with the new hierarchy set up by the organization.
  • Mergers and Acquisitions: At the time of Mergers and Acquisitions, the Office 365 tenants are usually merged into one single tenant. Tenant to tenant migration is a convenient way to combine all your data from multiple tenants into a single Office 365 tenant.
  • Rebranding organization: It becomes necessary to change the Office 365 tenants while rebranding your organization’s identity such as domain names, email addresses, etc.
  • Regulatory compliances and requirements: One of the key reasons for Office 365 tenant to tenant migration is certain regulatory compliances and requirements that business has to fulfill. By migrating to a new tenant, organizations can ensure alignment with evolving regulatory environment, mitigate risk, and maintain the trust of all parties involved.
  • Divestitures and spin-offs: Divestitures are another key reason for Office 365 tenant to tenant migration. When a company spins off, a need to separate all the IT infrastructure arises to create independent entities. This involves migrating data, users, and settings from one Office 365 tenant to another.

Pre-requisites for Office 365 tenant to tenant migration

There are certain pre-requisites that users need to keep in mind to perform a smooth, and hitch-free tenant to tenant migration. Users should keep these pre-requisites in mind:

  • Enough space should be available in the target tenant for a successful migration from source tenant.
  • dmin access should be provided to the source tenant and target tenant.
  • For keeping data hierarchy of your mailbox, make sure to set up user mailboxes, resource mailboxes, and distribution groups in the target tenant.
  • Ensure that both your source domain and the destination tenant are synchronized.
  • Verify the destination tenant in Office 365 to ensure that it has been set up properly.
  • Make sure one destination tenant is using only one domain.
  • Make sure each and every user in the source tenant and target tenant has a valid Office 365 license.

How to perform Office 365 tenant to tenant migration manually?

Tenant to tenant migration is performed when a user or an organization intends to shift all their data to a different domain or tenant in Office 365. The process to shift from one tenant to another manually is very lengthy and requires a lot of prior preparation. We’ve explained every step of this multi-step process in detail to guide you through this migration process.

Note: All the content of user such as emails, contacts, calendar, tasks, notes, etc. is migrated to the destination tenant and the source tenant mailbox is deleted after a successful migration.

Step 1: Set up a mail-enabled security group in the source tenant

  • Sign into the Microsoft 365 admin center with the admin account credentials.
  • Click on Teams & groups from the left-hand panel and choose Active teams & groups among the given options.
  • Under the Security Groups section, click on Add a mail-enabled security group.
  • Name your security group and add a short description and then click Next.
  • Click on Assign Owners and choose a few users to make them owners of the group and click on Add.
  • Click on Add Members and choose all the users you wish to add to your group and click on Add.
  • Type in a Group email address and choose the Domains that you see fit from the drop-down list and click Next.
  • Review the details you entered for the security group and click on Create group.
  • Make sure to copy the group name and email address since it would be needed later.

Step 2: Copy the Tenant ID for source and target tenant

Step 3: Create the migration application and secret value in the target tenant

  • Login into Microsoft Entra Admin Center and type in the tenant admin credentials.
  • Click on View in the Manage Microsoft Entra ID section. Click on App registrations and choose the New registration option.
  • Next, navigate to Supported account types and choose Accounts in any organizational directory (Any Microsoft Entra directory-Multi-tenant). Then choose Web from the drop-down list and type in https://office.com and click on Register.
  • After your Entra ID is successfully created, go to Microsoft Entra ID home page once again and choose App registrations.
  • Navigate to Owned applications, locate the app that you created and click on it.
  • Copy Application(client) ID under the Essentials section. It’ll be needed to create a URL for the target tenant later on in the process.
  • In the navigation pane, choose API permissions to review all the permissions granted to the newly created app.
  • Choose Add permissions to add all the needed permissions you’d need to migrate your mailbox.
  • In the Request API permissions window, click on APIs my organization uses and search for Office 365 Exchange Online.
  • Choose Application permissions and under the Select permissions section, expand the Mailbox option.
  • Tick the Mailbox Migration checkbox and click on Add permissions option at the bottom of the screen.
  • In the navigation pane of your application, choose Certificates & secrets and click on New client secret.
  • In the Add a client secret window, provide a description and set up the expiration settings.

Step 4: Grant consent to the application

  •  On the Microsoft Entra ID home page, choose Enterprise applications from the navigation pane. Locate the recently created application and choose API Permissions.
  •  Choose Grant admin consent for [your tenant] and click on Accept in the newly opened dialogue box.
  • Refresh the portal once to confirm your acceptance.
  • Compose a URL to send to the source tenant administrator so that they can accept the invitation for enabling the mailbox migration.

Step 5: Set up an Exchange Online migration endpoint & organizational relationship to prepare the target tenant

  •  Connect to the Exchange Online PowerShell in the target Exchange Online tenant.
  • Set up a new migration endpoint for cross-tenant mailboxes migration.

           # Enable customization if tenant is dehydrated

        $dehydrated=Get-OrganizationConfig | select isdehydrated

          if ($dehydrated.isdehydrated -eq $true) {Enable-OrganizationCustomization}

         $AppId = “[Guid copied from the migrations app]”

         $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AppId, (ConvertTo-SecureString -String “[this is your secret password you saved in the

         previous steps]” -AsPlainText -Force)

           New-MigrationEndpoint -RemoteServer outlook.office.com -RemoteTenant “contoso.onmicrosoft.com” -Credentials $Credential -ExchangeRemoteMove:$true -Name “[the name of your migration endpoint]” -ApplicationId $AppId

  •  Either create a new organization relationship object or edit your existing organization relationship object in your source tenant.

         $sourceTenantId=“[tenant id of your trusted partner, where the source mailboxes are]”

          $orgrels=Get-OrganizationRelationship

          $existingOrgRel = $orgrels | ?{$_.DomainNames -like $sourceTenantId}

          If ($null -ne $existingOrgRel)

        {

             Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound

          }

         If ($null -eq $existingOrgRel)

         {

              New-OrganizationRelationship “[name of the new organization relationship]” -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound -DomainNames $sourceTenantId

 

Step 6: Prepare the source tenant mailbox by accepting the migration application and setting up the organization relationship via Exchange Online PowerShell.

# Enable customization if tenant is dehydrated

$dehydrated=Get-OrganizationConfig | select isdehydrated

if ($dehydrated.isdehydrated -eq $true) {Enable-OrganizationCustomization}

$targetTenantId=“[tenant id of your trusted partner, where the mailboxes are being moved to]”

$appId=“[application id of the mailbox migration app you consented to]”

$scope=“[name of the mail enabled security group that contains the list of users who are allowed to migrate]”

New-DistributionGroup -Type Security -Name $scope

$orgrels=Get-OrganizationRelationship

$existingOrgRel = $orgrels | ?{$_.DomainNames -like $targetTenantId}

If ($null -ne $existingOrgRel)

{

    Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope

}

If ($null -eq $existingOrgRel)

{

    New-OrganizationRelationship “[name of your organization relationship]” -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -DomainNames $targetTenantId

 

Step 7: Prepare target user objects for migration

For a successful cross-tenant migration, it is crucial that users must be present in the target tenant and the Exchange Online system with the required attributes. The migration can’t be executed properly until the users are properly set up in the tenant.

Step 8: Perform mailbox migrations by creating Migration batches

Cross-tenant Exchange mailbox migrations are initiated from the target tenant as migration batches. Users can perform this process in the same way as that of onboarding migration when migrating mailbox from Exchange on-premises to Microsoft 365.

Note: Migration batch is also supported from the new Exchange admin center when selecting the cross-tenant option.

Step 9: Be sure that on-premises mail users in both source & target are updated to the new target address.

After the successful migration of mailboxes from source to target tenant, it should be ensured that on-premises users, in both the source and target, are updated with the new targetAddress.

Step 10: Remove endpoints & organization relationships after migration

You can use the Remove-Migration Endpoint & Remove-Organization Relationship cmdlets to remove the endpoints & relationships, respectively.

Note: Mailboxes that are on any type of hold aren’t migrated, and the move for those mailboxes is blocked.

Challenges faced while performing tenant to tenant manually

Migrating all the data from one Office 365 tenant to another is a very tricky process since it involves a lot of steps that are to be executed with utmost precision and some pre-requisites that need to be fulfilled. Any mistake while performing this process may compel you to start all over again and in the worst-case scenario, it can lead to damage to your precious and subsequent data loss. Also, considering the nature of this multi-step process, users with little to no technical knowledge will find it very difficult to execute.

Automated tool to perform Office 365 tenant to tenant migration

The manual method discussed above to migrate all the data from one Office 365 tenant to another is a very tedious task where even a single error can have grave outcomes. Users are advised to migrate their data with the help of a professional Microsoft 365 migration tool such as Recoveryfix Migration for Microsoft 365.

Owing to several advanced features offered, this tool can be easily considered one of the best third-party software to perform an easy and safe tenant to tenant migration. Users can easily migrate various components of mailbox such as Primary mailboxes, Archive mailboxes, Shared mailboxes, Public Folders, etc. from On-premises and hosted Exchange to Exchange Online.

Conclusion

Migrating all the data from one Office 365 tenant to another is a common task for organizations. This blog discusses some scenarios which may compel users to shift from one tenant to another and a few pre-requisites to execute this process. We’ve also outlined a manual method to perform Office 365 tenant to tenant migration. Additionally, for a safe and instant solution we’ve also talked about a third-party migration tool called Recoveryfix Migration for Microsoft 365.

recoveryfix

Noida, India

Related post