Migrating to Microsoft 365 is in most cases a hassle-free process. But there can be instances where this fairly simple activity turns out to be a complex manoeuvre. So, the question may arise, what makes this supposedly simple process a complex one? Most would agree that it is Planning, of course. Read on as we put forth a series of factors that contribute to having successful planning in the course of migrating to Microsoft 365.
Determining the Identity Models for Microsoft 365
Most migration projects are usually the existing businesses migrating from on-premises IT infrastructure to Microsoft 365 Cloud. To proceed with the migration one of the earliest decisions would be about the expectations for the identity management in the long term. This expectation will heavily influence how the rest of the Microsoft 365 migration goes. To understand why, let us go over the different identity models.
There are four to consider, and these cover most customer needs.
I. Cloud only
With Cloud only approach, the user accounts are in Microsoft 365, which means Azure AD is the source of authority for those accounts.
- No Directory synchronization between on-premises Active Directory and Azure Active Directory
- Possibility of the user accounts and their passwords to become different over time
- If there is no on-premises Active Directory to worry about, then the cloud-only model is an excellent decision.
II. Directory sync with password hash sync
With the directory sync approach, the user accounts are managed in the on-premises Active Directory which means the On-premises AD is the source of authority.
- Users will be synced to Azure Active directory using a tool called Azure AD Connect.
- Easier to manage user accounts in one place - the on-premises Active Directory.
III. Directory sync with pass-through authentication (PTA)
This model provides the benefits of directory sync in which there is a single source of authority for the identities, users get a great experience with just a single set of credentials to remember.
- With PTA, Microsoft 365 logins don't use the synched password to validate the user if the pass-through authentication is enabled. Instead, each login is validated against the on-premises Active Directory by way of a pass-through authentication agent
- One agent is installed on the Azure AD Connect server automatically. And we can install extra agents on other servers or in other sites of the on-premises environment to provide high availability and site resilience for that authentication process.
IV. Directory sync with federation
The federation model uses Active Directory Federation Services installed on-premises, and Microsoft 365 passes authentication requests to those AD FS servers
- AD FS servers authenticate the user's login attempt against the on-premises Active Directory
- Need to have skilled IT staff managing and maintaining AD FS, which is more complex
- Need to invest in high availability and site resilience for AD FS servers and on-premises AD, which means additional costs
It is easy to get fast LAN speeds inside the corporate network even when speeds are pretty consistently good in all but the most remote areas. But internet speeds are a different matter. Moving your apps and data to the cloud turns mostly local traffic into mostly internet traffic.
Now, all of the users are constantly connecting to apps and services over the internet connection, so the day-to-day network bandwidth requirements greatly increase. Also, the migration itself involves shifting a lot of data from your on-premises servers into the cloud. So, if there is a 100 GB of mailbox data and another 200 GB of file server data, that's a lot to migrate to Exchange Online and SharePoint Online over a slow internet connection. It can make migrations take months to complete. It is likely that your internet bandwidth requirements will increase, or at least you should validate that your existing connectivity is good enough, especially when you consider that it can take weeks or months to provision more bandwidth with some providers.
If the network is slow, all of Microsoft 365 from email to browsing SharePoint to using the voice capabilities of Skype or Teams is going to suffer. Microsoft has provided some calculators to help us with this planning.
- Exchange Client Network Bandwidth Calculator
- Skype for Business Network Assessment Tool
- Cloud voice network planner
- Skype for Business Bandwidth calculator
- Traffic analyse tool like Wireshark or Microsoft Message Analyzer
Hence, to Prepare the network for Microsoft 365 Migration,
- Use Calculators and monitoring tools to estimate bandwidth requirements,
- Use Microsoft 365 IP address list as basis for network optimization.
- Optimize routing client’s connections to Microsoft 365 PoP
- Optimize DNS lookups to resolve closest Microsoft 365 PoP for clients
Provisioning Client Apps and Devices
The number one cause of Microsoft 365 migration issues is outdated client software. Just because an older out-of-date client appears to work when it is first tried, it doesn't mean that problems won't surface later on. Get the clients up to date at the start of the project, and they will have a much better experience.
Users can connect to Microsoft 365 in a variety of ways.
- Microsoft 365 desktop applications
- Web browsers
- Mobile apps
Here is Microsoft’s view on support for client software:
Microsoft 365 is designed to work with the latest browsers and versions of Office. If you use older browsers and versions of Office that are not in mainstream support:
Microsoft won’t deliberately prevent you from connecting to the service, but the quality of your Microsoft 365 experience may diminish over time.
Microsoft won’t provide software updates to resolve non-security related problems.
So, if you are working on a really old iPhone and trying to connect to your Exchange Online mailbox, it is possible or even quite likely that you are going to run into problems with connectivity or with issues like calendar sync. Now, if you call Microsoft for support, you will be asked to update your iPhone to the latest version of iOS before they can really help you. The best time to get the client software in order is to upgrade before we start the Microsoft 365 migration. Which means
- Updating Windows and Mac clients to supported versions of Office.
- Updating web browsers to latest version (enable auto-update if possible)
- Updating mobile device apps
- Advise BYOD users to update
Testing and Piloting
The migration to Microsoft 365 is going to involve a lot of change.
- Changes in the platform that you run your apps and services on, from on-premises to the cloud.
- Changes in the user experience for accessing apps and data from, say, traditional file servers and other local resources to web-based document libraries, web applications, and constantly changing user interfaces as Microsoft 365 evolves.
- Changes in the administrative experience for your IT staff, moving from the tools that they are used to for legacy infrastructure administration and giving them access to new management concepts and tools for the cloud.
These changes can be tested in three different ways
- Create a test Microsoft 365 tenant and environment. Enable for targeted release.
- Enable a subset of production users for targeted release.
- Use a pilot group for all changes and adopting of new apps and features.
Legacy data is data that is stored in old fashioned way, but cannot be done away with, because the need for data, old or new, always persists. Microsoft 365 has generous storage allowances, 50 GB to 100 GB mailboxes, unlimited email archives, a whole terabyte for users' personal OneDrive libraries and multiple terabytes for SharePoint Online. And if more storage is required, it can be scaled up without the need to provision physical hardware or servers.
The more data we need to move, the more network bandwidth we will need and the longer your migration will take. This means more costs for bandwidth, more hours of labour for the migration team, more costs for special tools or to develop scripts to handle all that data. Instead, we could use anyone of the below method.
- Deleting old data that is not needed, or back it up and send it off to a long-term archive storage.
- If you must migrate the data, then
- Use Exchange Online archives to move oldest email to the cloud early.
- Use Microsoft 365 Import Service to ingest PST file data into Exchange Online mailboxes
- Use third party tools (e.g. QUADROtech, Transvalut) for complete PST and email archiving scenarios
- Use SharePoint Migration tool for migrating file server data into SharePoint Online.
Migration to Microsoft 365 can be an effortless exercise if done by adopting the aforementioned best practices. TrnDigital, with its specialized team for Microsoft 365 Migrations, provides seamless migration services leveraging its Gold Certified Partnership with Microsoft.