2. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
The Case for Hybrid
Hybrid Challenges
Coexistence Challenges
Planning your migration
The migration itself
www.devconnections.com
3. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
THE CASE FOR HYBRID
When and when not to use Hybrid
www.devconnections.com
4. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Organization
Secure Mail Flow
Sharing (free/busy, MailTips,,
etc.)
Exchange Servers
AD
Mailbox Moves
AD FS
Users, Contacts &
Groups
DirSync & FIM
www.devconnections.com
5. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Exchange 2010 (SP2+) and Exchange 2013
only support Hybrid methods for migration
– cutover and staged are not an option.
Makes moving from a pilot to a full
migration simple, and re-uses Exchange
skills
Think of it as a transition rather than a
migration
www.devconnections.com
6. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Smaller 2007 and 2003 migrations
Non-Microsoft migrations
Multiple on-premises Exchange
organizations
Various options available
Staged
Cutover
Third Party Solutions including MigrationWiz, Binary Tree E2E Complete
and Quest Toolset
www.devconnections.com
7. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
HYBRID CHALLENGES
What you’ll need to overcome before
you can start planning to migrate
mailboxes
www.devconnections.com
7
8. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Migration of Client Facing Services
including
Moving AutoDiscover and other services
Implementing a legacy namespace
Similar to an Exchange 200x to 201x front-end services migration
Options available
Exchange 2013 RTM CU2 “Hybrid Servers”
Exchange 2010 SP3 “Hybrid Severs”
Free licenses available for both from Microsoft Support.
www.devconnections.com
9. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Should you implement Exchange 2013 RTM
CU2 as a Hybrid Server?
Where do you need to deploy Exchange
2010 SP3?
www.devconnections.com
10. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
External HTTPS Namespaces
Use the Remote Connectivity Analyser to test Exchange Web Services
(EWS) and AutoDiscover
Access to the above virtual directories is required for Hybrid
Configuration and Mailbox Migrations
Verify you add the correct firewall
exceptions to all services, both inbound
and outbound
For outbound MS recommend by URL rather than IP due to Content
Distribution Networks (CDNs)
www.devconnections.com
11. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Authenticated proxy servers cause issues
Exchange Servers cannot authenticate to proxy servers, and
outbound communications, including Federated Sharing and the
Hybrid Configuration Wizard will fail.
Outlook clients cannot authenticate to proxy servers and will fail to
connect to Office 365.
Solutions
Configure the proxy server to exclude the Exchange Online
datacentre URLs from Authentication
On Exchange Servers, set the proxy server in netsh& Exchange
Netsh winhttp import proxy source=ie
Set-ExchangeServer <servername> -InternetWebProxy:"http://proxy:8080"
www.devconnections.com
12. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
You need valid third-party certificates for
HTTPS namespaces and SMTP
Exception: Federation Certificate is selfsigned
Did you ever set up Federated Sharing before Exchange 2010 SP1?
www.devconnections.com
13. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
HCW attempts AutoDiscover for each hybrid domain
If you have some domains without AutoDiscover DNS names and
appropriate certificates configured, the HCW will fail to complete.
Exchange 2013 and Exchange 2010 SP3 RU1+ has a solution
Set-HybridConfiguration -Domain "domain.com, autod:primary.com"
SSL Offload will cause issues with mailbox moves
Remote Mailbox Moves will fail as SSL Offload is not supported by the
MRS Proxy
You may need to retain SSL offload, but there are workarounds
For example, use an additional FQDN for Remotes Mailbox Moves that bypasses SSL offload using a different Load Balancer VIP
www.devconnections.com
14. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
What is pre-authentication?
What uses pre-authentication?
Why is this a problem?
Federated Sharing e.g. /EWS/Exchange.asmx/WSSecurity
What are the solutions?
Rules before pre-authentication to exclude these paths:
http://community.office365.com/en-us/wikis/exchange/1042.aspx
Disable pre-authentication for /AutoDiscover/* and /EWS/*
completely!
www.devconnections.com
15. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Make sure you understand the
organization’s mail routing
Make sure you put the right certificates on
the Hub servers you will use for the Hybrid
configuration
Bear in mind firewalls and load balancers
that mask the real sender’s address
Changes to Receive Connectors may be needed
www.devconnections.com
16. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Provides Free/Busy and Calendar Sharing
Relies on AutoDiscover and Exchange
Web Services
These components can’t use preauthentication
Troubleshooting tools include IIS logs and
event logs
www.devconnections.com
17. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
SSL offload can cause issues here too
URL used can be specified manually, but
try not to
Remember the limitations of Federated
Sharing
www.devconnections.com
18. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Forests with Sub-Domains are no problem
Account + Resource Forests.
Exchange is in a dedicated resource forest and user accounts are in
one or more forests.
Windows Azure Active Directory Connector can replace DirSync
Multiple Forests and Exchange
organizations
No supported partner/self deployable solution. Must involve Microsoft.
www.devconnections.com
19. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Used for encrypted mail
While not unsupported can cause
challenges
Certificates are not automatically available to allow users to sign and
encrypt mail to organization contacts
DirSync will not push user certificates to
Office 365, so the cert is not in the GAL
Solution
Use an LDAP Provider in Outlook with the Fully Qualified Domain name
of a Global Catalog Server.
www.devconnections.com
20. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Commonly used to manage iPads,
Android tablets and similar
Not just for managing Exchange features,
but also deployment of Applications and
device monitoring.
Non-ActiveSync solutions like Good will
need updates
Inline ActiveSync solutions may cause
issues
www.devconnections.com
21. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
COEXISTENCE CHALLENGES
While you’re migrating, what do you
need to consider?
www.devconnections.com
22
22. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Larger the organization often means more
sharing
Sharing may cross many intra-org
boundaries
Not all sharing is easy to discover
Cross-premises sharers need to re-share
Calendars
No cross-premises access to Shared
Mailboxes
www.devconnections.com
23. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
While you use DirSync, on-premises DGs
cannot be managed in Office 365
This means DGs cannot be managed in
Outlook or OWA
What solutions are available?
FIM Portal
ADUC Delegation
Post-migration you could move to cloudonly DGs
www.devconnections.com
24. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Public Folder access is not configured
automatically
Access is configured using RPC over HTTPS (Outlook Anywhere)
During coexistence all users access onpremises public folders
Only migrate public folders after migrating
all users to the cloud
Limited to 2.5TB of Public Folders
This limit cannot be increased on a per-customer basis
www.devconnections.com
25. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
PLANNING YOUR MIGRATION
Measure twice, cut once
www.devconnections.com
26
26. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
The most important part
Base tools are very useful
OnRamp replaces the Deployment Readiness Tools
https://onramp.office365.com/OnRamp
ExDeploy – Exchange Deployment
Assistant
Other great MS tools including MAP for MS
Online Services
www.devconnections.com
27. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Active Directory & Exchange information
Clients like Outlook, ActiveSync, IMAP, SMTP clients, EWS, BES
Shared Mailboxes and who shares with who
UM and archive mailboxes in use
Policies that aren’t migrated, such as ActiveSync, OWA Mailbox and
Retention Policies
Mailbox and message sizes
Previous cross-forest migrations
Local Knowledge
Stats aren’t everything – IT staff supporting the users generally are a
wealth of information about the user base
www.devconnections.com
28. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Active Directory
Data
General User
Information
Department
Exchange Server
Mailbox Size
Collaboration and
Shared Mailboxes
Consolidated Data
Local IT Support
Knowledge
www.devconnections.com
Migration Groups
(Batches)
Outlook
Clients
BES
ActiveSync
Clients
IMAP/POP3
Clients
BES
Devices
C2C
Archive
One Users
29. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Migration concurrency depends on
multiple factors
Test throughput during the times you will
migrate
Leavers mailboxes provide good
candidates for throughput testing
Remember you can move mailboxes back
to re-test (and should test that you can do
this, anyway)
www.devconnections.com
30. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Double check your pre-requisites for
successful moves
Is it an on-premises mailbox with a corresponding mail user in the
cloud?
Does the Mailbox have a licence assigned?
Does the UPN match on-premises and in the cloud (and of course,
does AD FS work correctly)
Have all required details, like email addresses synchronized
successfully?
Were there any mailbox items larger than 25MB?
Do you have any clean up for cross premise migrations to do?
Check-EXOMigPreRequisites.ps1 script available to download from
www.stevieg.org
www.devconnections.com
31. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Good documentation should be tested
alongside your pilot migration
User and IT documentation
ActiveSync users may need most support because these devices to
not automatically update server settings.
Listen to recommendations from IT staff
who know the user base well
Consider an end-user portal
www.devconnections.com
32. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
THE MIGRATION
The easy bit
www.devconnections.com
33
33. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Distribution Groups are great to use for
migration batches!
It’s a communications channel
The helpdesk can use them
You can feed them to test scripts
And of course to create Remote Move
Requests
www.devconnections.com
34. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Migration Batch
Import Batch into
Active Directory
Group
Communicate with
end users within
batch
Communicate with
end-user IT support
Staff Mailbox SignOff if required
Determine
successful users
Schedule batch
User requests
re-schedule?
Yes
Successful batch
complete
www.devconnections.com
Add unsuccessful
users to retry batch
Leave other users in
migration batch
Inform IT support of
change
Add to retry batch
35. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
Before the main pilot iron out all issues you
can
Treat the pilot like the real deal
Don’t just use IT!
Use real users who’ll give you real
feedback!
www.devconnections.com
36. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
By this point it should be straightforward
Communicate with users so they know
what’s coming
Make sure you have the appropriate
resources
Don’t be afraid to scale up as you come
along
Again, keep reviewing feedback
www.devconnections.com
37. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
If you’ve moved all users to the cloud is it
time to get rid of on-premises entirely?
SMTP senders may require an on-premises
SMTP server or EOP connector
Consider provisioning and management
Remember you need to patch and
maintain
www.devconnections.com
39. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
It’s all in the planning
The more you test the more chance of
success
If you plan on a on-going hybrid
environment or longer migration, discovery
is very important
Exchange 2010 SP3 is still a great option for
a “hybrid” Exchange server if Exchange
2013 isn’t planned for on premises.
www.devconnections.com
Hinweis der Redaktion
What is Hybrid?It provides a unified organization that crosses logical boundariesTypically, it’s made up of ExchangeDirSyncAnd AD FSMailboxes and Resources can live both sides of the boundary and communicate as one organizationThe same username and password can be used before and after a migrationUsers share the same GAL and email domainsA migrated mailbox is the same mailbox – and thus OSTs are retained and AutoDiscover works cross-boundaryYou can use a Hybrid deployment for a migration, or for long term coexistence
Why Hybrid?Exchange 2010 needs itEase of Pilot You've got a way back Test, test and test again Transition, not migration What's the lowest impact on users Is user experience important? Whos' going to manage the migration Use the skills you have, don't learn now ones for a migration you'll only use once
Why not Hybrid Of course it's not always needed Smaller migrations - cutover or staged A cutover - you're planning on moving everything in one go The big bang approach can work! Multipleon-premise Exchange organizations Hybrid is a 1-1 on-premise to tenant relationshipAnd of course, you don't always have an on-premise Exchange IMAP migrations But don't - they can work, but look at MigrationWiz and similar Quest is great, but for smaller organizations too complicated
Challenges for Exchange 2007 and 2003 Organizations To do it properly, you're looking at a migration of Client Access services Let's walk through that Implementing a legacy namespace Then.. Moving AutoDiscover and other services Effectively, you're doing a lot of the hard work for an Exchange 201x migration What are your options Wave 15 is here, so you're looking at Exchange 2010 SP3 or Exchange 2013 CU2Unless you're 2003, in which case it's 2010 SP3 2013 CU2 simplifies the Hybrid Configuration Wizard
Challenges for Exchange 2010 Organizations Should you implement 2013 CU2 for your Hybrid Server Free Hybrid Key is now available for Exchange 2007 and 2010 organizationsWhy? You don't need a Hybrid Server on 2010... You'll need 2010 SP3 *in your Internet facing site* You're working from the outside-in, so you can upgrade just that site first If it's a single site and you can't upgrade the rest of the org? You can make a site within a site You'll need a DC, CAS and HUB
External URLs You need your AutoDiscover and Internet facing External URLs to be correct In particular, that's EWS and AutoDiscover Test the BASICS using the Remote Connectivity Analyser EWS Tests Including AutoD
External URLs You need your AutoDiscover and Internet facing External URLs to be correct In particular, that's EWS and AutoDiscover Test the BASICS using the Remote Connectivity Analyser EWS Tests Including AutoD
External URLs You need your AutoDiscover and Internet facing External URLs to be correct In particular, that's EWS and AutoDiscover Test the BASICS using the Remote Connectivity Analyser EWS Tests Including AutoD
Certificates Again, it's coming in from the Internet so VALID third party SSL certificates Common Vendors like GoDaddy, Verisign, Digicert are fine The Federation Certificate for MFG is self-signed though If you've setup Federation in pre-SP1 days consider That this uses the Consumer Gateway Look to remove and re-add this using a self-sign cert If you never used it, the chances are the cert expired This is a PITA to clean up Contact MS support - though possible to do via ADSIeditThe ADSIedit method will be a pain as there are many references, So contact MS If you do have to strip it out, expect a ~7 hour wait for the new one to take effect If you fail at the Get-FederationInformation stage, check this: Internally From another Exchange org And from Exchange Online PowerShell
Certificates The HCW will be default look for AutoD for *EVERY* domain in the Hybrid ConfigAre ALL your domains on the SAN for AutoD? Exchagne 2013 built in solution Set-HybridConfiguration -Domain "domain.com, autod:primary.com" Word is, this maybe back-ported to Exchange 2010 but no confirmation yet SSL Offload Where are you likely to find this? Typically a larger existing Exchange 2010 org You'll probably avoid this from the get-goif you're implementing Exchange 2010 servers for Hybrid Exchange 2013 doesn't support SSL offload yet, so it shouldn't be a problem Everything will work for the HCW But, you won't be able to move mailboxes Can you just get rid of SSL offload Find out why it's enabled. Is it part of the architecture sizing? What will the effects be on the: Load Balancer, which will now need to re-encrypt And the Client Access server? Any workarounds? Yes! You could implement a different namespace Additional SAN: hybrid.company.com Use this *only* when you are specifying a name for Remote Move requests It could be the same name as the SMTP certificate name, if that's unique
Pre-Authentication What's Pre-authClient (or in this case, Office 365) has to authenticate against LB/TMG first Credentials entered are passed onto back-end Exchange TMG, I'm looking at you But TMG and ISA aren't all bad as the pre-auth and SSO can be used alongside AD FS for single sign on And now, KEMP and F5 What's the problem? Federated Sharing (not AD FS) using Web Services Security /WSSecurity -.e.g /EWS/Exchange.asx/WSSecuritySolutions? Rules *before* pre-auth rules to exclude these filenames See Tim Heeney's article: http://community.office365.com/en-us/wikis/exchange/1042.aspx Or disable pre-auth on /AutoDiscover/* and /EWS/* Oh no, security risk! MS aren't even recommending pre-auth for Exchange Current recommendation is 3 arm LB 1 in Server VLAN 1 in Internal LAN 1 in DMZ None with pre-authWhat's easier to troubleshoot?
SMTP mail flow Make sure you understand you mail routing first If you're not combining you Hybrid CAS and SMTP, make sure your certificates are in place on the Hubs HCW will define the address ranges for the Receive Connector Routing through something else? You may need to think about this one as it depends on the exact setup For example: Allow firewall rules and DNS entries direct to Hub Servers so they see the remote IP address Or you might need the IP Exchange sees to be different to what it sees for general mail You won't expect it to go via a Third Party SMTP gateway on the way in (or out) Remember, this is internal mail (effectively) and already going through EOP (FOPE) to get to you
Federated Sharing Firstly - it's reliant on AutoDiscover and EWS Remember our pass-thru for pre-auth above When troubleshooting, examine IIS logs and event logs Event logs can be especially useful if it's going to an internal AD site/traversing CAS servers
Federated Sharing You can manually specify the EWS endpoint in the Org relationship on the Exchange Online site Avoid this unless you really need to Again, SSL offload can cause problems An example - customer configured SSL offload and removed binding except for SSL localhostWas that a bad idea? Why did they have a self-sign cert bound to local host? OWA makes an SSL connection to EWS on localhostSo even with SSL offload, have the SAN cert bound to the Exchange website properly Note that you can't have another EWS virtual directory on the same server For co-existence, remember the limitations of Federated Sharing Re-share Calendars Availabiltiy should work without issue though We'll cover that more later
Complicated Exchange organizations will need some thought up front.Explain a standard scenario and re-assure that is supportedExplain account and resource forests brieflyAzure AD Connector download:https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=50509Formerlly known as the Office 365 ConnectorMore complicated scenarios, you need to bring in MS.
Explain a little about S/MIMEWhy would organizations use it?Proof of sender (signed messages)Privacy (encrypted messages)How is it usually deployed within an organization?Certificates issues by an internal CACertificates optionally issued by an external CAEnd user keeps private key on devicesPC (used for Outlook, OWA)Mobile Device (e.g. ActiveSync)Public certificate is published to Active DirectoryWhen picking a recipient to send encrypted mail you need their Public CertificateFor recipients in the GAL the above is automaticWhy is this an issue in Office 365?The certificate is not synced by DirSync to Office 365This means the end user cannot send an encrypted mail without understanding they need the certificateHow to workaround?On-Premises, add the Global Catalog as an additional LDAP providerOutlook 2013: Account Settings / Address Book tab / New: LDAPThe user can pick from the GAL, Outlook will resolve the certificate without the user needing to understand the LDAP directory
Give a basic MDM overviewWhy is it usedMention OWA app as a benefit of Office 365 along with the usual Quarantine and Remote WipeWhy can it be a problemSome interact using MAPI CDO and push to devices and therefore aren’t supportedOthers sit inline or connect using Remote PowerShell, these may have issuesCheck with your vendor to ensure they support Exchange OnlineAirWatch – SupportedFiberlink MaaS360 – supportedBoxtone – supported, but features that examine CAS server logs do notGood Technology – requires update from MAPI/CDO version to EWS versionMobileIron – inline proxy (Standalone Sentry) is inline and not recommended, remote PowerShell based solution (Integrated Sentry) may not be supported yetSybase Afaria – SupportedTangoe – SupportedYMMV!
Understanding collaboration issues during co-existence The larger the organization the more sharing they're likely to do Sharing relationships may cross many boundaries You might not be able to discover all sharing Default Reviewers Cross premise, users will need to re-share Calendars Those that are migrated retain sharing permissions Federated Sharing doesn't provide access to Shared Mailboxes Use your discovery information to at the very least, find departments with heavy collaboration E.g. If Finance and HR share heavily migrate them together or one after the other
Talk about how people manage distribution groupsPA’s, secretaries using Outlook to manage DGsOWA from 2010 onward providing great features to do thisDirSync blocks these users from managing DGs using Exchange / OutlookUse an alternative solution while in coexistenceDelegated access to Active Directory Users and ComputersIf you’re using FIM, consider the FIM PortalPost Migration you could move to using Cloud-Managed GroupsYou may need to re-create the GroupsYou can use Exchange Online PowerShell to re-create these
Public Folder access and migration is supportedPublic Folder Databases must be on Exchange 2007 SP3 RU10 or later - no 2003Each Mailbox Server with PF Databases must have the CAS role installedMigrate Public Folders to Exchange Online after all usersGuidance on TechNethttp://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx
Planning Most of your work is in the planning Obvious issues like multi-forest, resource forest etc Use the base tools - OnRamp replaces Deployment Readiness Tool https://onramp.office365.com/OnRamp ExDeployhttp://technet.microsoft.com/en-gb/library/ee681665(v=exchg.141).aspxhttp://technet.microsoft.com/en-gb/library/jj218681(v=exchg.150).aspxMAP (Microsoft Assessment and Planning) Toolkit for Microsoft Online Services http://technet.microsoft.com/en-us/solutionaccelerators/dd537571.aspx
PlanningPer-user discovery within your environment Active Directory User, Group and Department Data Exchange Data Mailbox Sizes Messages Sizes including large messages Outlook Clients ActiveSync Clients IMAP/POP3 Clients SMTP senders, like Application Servers and MFCs EWS Clients, like Outlook 2011 for Mac BES Clients Shared and Collaboration Mailboxes Who Shares with who? Any clean up required from a previous cross forest migration Local knowledge Statistics and data aren't everything Who are the real VIPs Groups of users you can get on-board And those that you can't and will complain loudly It's also effectively a cross-forest migration so where people are may matter too
Migration concurrency depends on more than one factor Max moves per DB on premise Max moves per DB in the cloud Test your throughput during the times you'll migrate Obviously yours and Microsoft infrastructure is busiest at certain times Move Requests are the lowest priority Leavers or other unused mailboxes provide good candidates for throughput testing Just watch out for those still used to retrieve historical data Record your statistics and consider your planned batches Remember, you can move mailboxes back and re-test
Double check your pre-reqsIs it an on-prem mailbox Is it a mail user in the cloud Is it licenced Is the UPN on prem valid and matches in the cloud Have details like email address synchronised successfully Did it have any oversized items Does it require Linked Mailbox cleanup, like Mailbox Permissions that need fixing
Documentation User and IT documentation Involve IT support staff who'll be on the ground early and listen to them Consider an end user portal FAQS Checks users can do themselves Videos and guides on how to perform updates Even personalise per user, such as providing planned
Building Migration Batches Consider using Distribution Groups Provides a communications channel Provides a great feed to test scripts Provides an in-AD method for IT staff to check quickly if someone is to be migrated And provides input to your Remote Moves
Pre-Pilot and Pilot Phases Before the main pilot, iron out every issue you can Treat the pilot like the real deal It's your one chance to get it right Don't just use IT, use real users IT might have configuration or changes not allowed elsewhere IT bods have a tendency to click past and error that will scare a user A successful pilot with representative users is likely to equal a successful migration Formally collect user feedback and act upon it Get the IT staff involved's input too. Their feedback is essential
The Migration Itself It was all in the planning right, this should be easy! Make sure you've got appropriate resources Don't be scared to scale up Some customers of mine have migrated 1000s per night Keep reviewing feedback from users and IT You might not need to act on it though
Post-Migration Time to get rid of on-premises? SMTP senders may be worth keeping a server for Remember our app servers and copiers? You can use an EOP connector thoughBig benefits with provisioning too when creating Remote Mailboxes But - it's an Exchange Server to patch and maintain