Go Live UK Blog Header

Migrating to Hosted Exchange: Do’s and Don’ts


on | 0 comments

When it’s time to move your company’s on-premises Exchange mail to the cloud, keep in mind these tips and warnings.

Make no mistake: moving from an on-premises Microsoft Exchange deployment to Exchange in the cloud is a gargantuan undertaking.

Don’t underestimate the time it will take to move all of your data over

Migrating email to the cloud can take anywhere from a few days to several weeks, depending on a variety of factors such as how many users you have, how much data each mailbox stores, bandwidth limits, and more. One unanticipated stutter could come from Microsoft itself: Exchange Online has a non-obvious protection mechanism that throttles inbound sustained connections to prevent a small number of malicious actors from overpowering the system.

Once you're up and running and completely in the cloud for production, you'll appreciate this defence, which serves the subscription base as a whole. However, when attempting to ingest data, you may notice that transfer rates reduce to a crawl. Unfortunately, there isn't much you can do about it but bear it. Make sure to account for this in your planning, since migrating hundreds or thousands of multi-gigabyte mailboxes to Exchange Online could take much longer than you think.

Do use a delta-pass migration

If possible, use a delta-pass migration rather than a rigid cutover migration to relieve time pressure. Multiple migration attempts are made using delta-pass migration while mail is still being sent on-premises. For example, the first run would transfer everything backward from Sunday, May 1, and then later in the week, another pass might move the "delta" — or changes — from Sunday, May 1 to Wednesday, May 4, and so on until the mailboxes are essentially up to date.

Because each subsequent migration batch is smaller than the previous, this is a good strategy. Your last delta batch will often finish in a few minutes over the weekend, and then your moves will be complete, and you can migrate your MX records to Exchange Online. Your users never have to worry about missing historical mailbox data since they use the mailbox that already has their data until the mailboxes are identical.

Don’t forget to configure edge devices and intrusion detection systems to recognize Exchange Online as a trusted partner

If you overlook this crucial step, your migrations may be halted because your IDS suspects a denial-of-service assault is underway. Microsoft makes a list of IP addresses used by all 365 services public on a regular basis, which you may use when setting your edge devices to trust traffic where necessary.

Do run the Office network health and connectivity tests ahead of time

Microsoft has developed a comprehensive tool that can alert you to routing or latency issues between you and the Microsoft 365 data centers. The tool runs a suite of tests of speed, routing, latency, jitter, and more on your network connection to identify and isolate common issues that could lead to a degraded experience — especially with voice applications — for Microsoft 365 users.

Any performance issues the tool finds will almost certainly have a negative impact on the speed of your migration attempts and passes. Solving or mitigating any issues you find will speed up the entire project.

In a hybrid environment, do use the EAC in Exchange Online to initiate mailbox moves

If you choose with a hybrid architecture for your deployment, you'll have some mailboxes on-premises (at least for a while) and others on the cloud. It's tempting in this situation to rely on your old go-to Exchange Management Console to handle all of your mailbox migration work, shifting mailboxes back and forth. Don't fall in to that temptation; instead of using antiquated on-premises technologies, it's advisable to bring mailboxes into the cloud from the web-based EAC in the Microsoft 365 administration centre.

Don’t forget about Outlook client version updates

Updating an office suite across a large organisation is a difficult and time-consuming task, thus older versions of Outlook are common among your users. That's fine when you're in charge of your Exchange deployment because you're in charge of the timing of your actions.

However, one of the "side gotchas" of using the cloud is that someone else gets to choose the minimum level of software that will be compatible with its services. Microsoft is heavily promoting its subscription-based Office suite (Microsoft 365 or Office 365), as opposed to the old per-user perpetual volume licences with a year attached (Office 2013, 2016, or 2019, for example).

In fact, Microsoft has said that Outlook 2013 and previous versions would no longer be supported for connecting to Office 365 and Microsoft 365 services as of October 2020. While these older clients will not be deliberately blocked, they "may experience performance or reliability concerns over time." And no one knows when Microsoft will completely shut down the service.

So don't forget to plan for upgrading your clients to Office 2016 or later, or switching to a subscription licence and deploying those apps instead of volume licencing editions.

Do plan to implement two-factor authentication

One of the most significant benefits of migrating to Exchange Online and Microsoft 365 is the opportunity to take use of all of the new cloud security capabilities, the most important of which is the ability to enable two-factor authentication. 2FA immediately minimises your attack surface, and because Microsoft has already rewired the directory and Exchange security model on its servers to make it work, all you have to do is turn it on and show your users where to enter their mobile phone numbers.

Use the Microsoft Authenticator app instead to mitigate the security and social engineering concerns associated with SMS text messages. However, don't allow perfection become the enemy of the good. It can be tough to roll out Authenticator to tens of thousands of phones, especially in BYOD scenarios and remote-work situations where employees don't have access to an in-person help desk. Setting up SMS, on the other hand, involves no involvement from the end user and may be completed fully by IT. So, if you have the option of using two-factor authentication with SMS or not using two-factor authentication at all, go ahead and utilise SMS.

In a hybrid environment, don’t remove your last Exchange Server

In order to manage users in a hybrid Exchange environment, one cardinal rule is to retain at least one Exchange Server running on premises. There is a way to keep using Active Directory attribute editing to manage recipients, but it isn't really supported — and if it breaks, you'll have to file a ticket with Microsoft, wait three days, and maybe, just maybe, it'll come back.

In a hybrid environment, it's much easier to manage recipients using the Exchange admin console of your on-premises server, which you can't do unless you keep an Exchange Server running on-premises. Microsoft has often said that it is working on a solution to the issue of hybrid deployments requiring an existing licenced server on-premises, but little progress has been made after several years.

The last word

A transition period is usually difficult, and transferring your business to Exchange Online is no exception. You'll make that path smoother and get to the finish line faster if you take the suggestions and warnings above into account.

Choose Go Live UK as your IT support provider and stop wasting time, money, and data. Your IT assets will be serviced and managed by highly trained professionals, allowing you to concentrate on your business. Your company will benefit from our great knowledge, secure solutions, and quick turnaround times.

 

Comments:


 

Leave a comment


We respect your privacy and we will not share this information to third parties.

Get in Touch

Get in touch with our Online Security Experts right now!
Contact us
Scroll Top
Cookie settings