Professional Documents
Culture Documents
This series of topics illustrates several architecture approaches Most customers work with Microsoft Consulting Services or a
for mergers, acquisitions, divestitures, and other scenarios Microsoft partner to migrate tenants, including using third-
that might lead you to migrate to a new cloud tenant. These party tools to migrate content. In the examples provided in
topics provide starting-point guidance for planning. these topics, Contoso is the source tenant and Fabrikam is the
target (destination) tenant.
I need to split users across two Cloud tenant move Tenant move or split
tenants Identities remain in the source tenant,
but all users in the affected domain Similar to single-event migration, except
My company cannot use the and all workloads are moved to a new this does not include migrating accounts to
registered (*.onmicrosoft.com) cloud tenant. a new on-premises AD DS forest. For tenant
splits, this approach is not intended for
tenant name long-term coexistence.
I’m moving from a commercial Migration event includes additional work to
tenant to Microsoft Cloud for re-establish existing identities to the new
Government tenant.
• What workloads are being used in the • Complete the final data migration.
source tenant? Post-migration event:
• How many accounts are in scope? • Users must recreate their mobile profiles.
• Is mail forwarding required after • Client software needs to be reconfigured
migration? (Outlook, OneDrive Sync Client, Microsoft
• Is a unified GAL required? 365 apps activation).
May 2021 © 2021 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at CloudAdopt@microsoft.com.
Architecture approaches for Microsoft 365 This topic is 2 of 5
tenant-to-tenant migrations
Design considerations
Pre-stage vs dial-tone A typical strategy includes:
You can pre-stage mailboxes and SharePoint • One week of mail on the initial
and OneDrive content before the cut-over migration.
event (final domain name move), after the cut- • One month of mail at the next milestone. Exchange hybrid configuration
over event, or a combination of the two. • Remaining mail at the final milestone. Both approaches require an Exchange
management server on-premises with hybrid
Pre-stage content connectivity. This is necessary to manage
If the timeline permits, pre-stage content prior SharePoint and OneDrive migration properties of the mailboxes and to forward
to the migration event. email to the new tenant, if needed, in a phased
• Start with the oldest content first. migration. Consider running the minimal
Aligning SharePoint and OneDrive data hybrid configuration option in the Exchange
• Migration tools typically do not replicate requires careful planning. Hybrid Configuration Wizard (HCW) if you do
mailbox data changes from source. For
• Data volumes can be quite large and, not require additional functionality.
mailbox data, stop performing deltas for
content under 30 days. For SharePoint and unlike mail data, the documents are For more information, see How and when to
OneDrive, do incremental syncs as needed. frequently changing. decommission your on-premises Exchange
• Migration is complete after running the • In single event migrations, the required servers in a hybrid deployment.
final delta sync, in conjunction with the UPN changes during the migration will
final completion events. require re-mapping source to target. If the target tenant already exist, consider
these additional
Migrating complexities:
to an existing tenant
Dial-tone
Migrating user accounts to a new • The naming format for users might change
Right after cutting over to the new tenant, as well as the domain to match an existing
migrate a minimal amount of content. domain
policy.
Continue to migrate content after the initial Both architecture approaches involve moving
data migration. user accounts from an existing domain to a • How will policy conflicts be resolved?
• Requires continued access to the source. target domain. There are several approaches • Does the target tenant have access
you can take: restrictions (for example, Azure AD
• Useful if there’s not enough time to pre-
sync. • Use third-party tools Conditional Access policies) that may
prevent access for migrated identities?
• Better network performance for the • Hire Microsoft Consulting Services (Active
initial data migration content re-caching Directory Migration Service)
(as opposed to caching entire mailboxes Long term tenant co-existence
over the network). • Hire a Microsoft partner
If required, ongoing collaboration may be
• Works best for mailbox data only. This Be sure to plan which properties to migrate
required between tenants. See Microsoft 365
approach leads to a poor user with the user accounts. For example, migrating
inter-tenant collaboration.
experience with OneDrive and the Exchange Legacy DN property allows users
SharePoint data migrations. to reply to old emails.
Microsoft 365 Apps (Office 365 ProPlus) Yes See Reset Microsoft 365 apps for enterprise activation state.
Exchange mailboxes Yes Microsoft Consulting Services (MCS) and/or third-party tool
Azure Information Protection Partial Limited scenarios supported – requires a service ticket with
Microsoft Support. Labels cannot be migrated across tenants.
Intune Yes Users may have to unenroll their devices, and then reenroll in
the target tenant. For more information, see Tenant to tenant
migration for Intune.
Windows 10 Subscription Yes Windows users must join the Azure AD domain of the target
Activation license tenant and sign in with their new target tenant account name.
Ensure that the new user accounts have the Microsoft 365
license with the Windows 10 Enterprise service enabled.
May 2021 © 2021 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at CloudAdopt@microsoft.com.
Architecture approaches for Microsoft 365 This topic is 3 of 5
tenant-to-tenant migrations
UPN:
Sophie.Holter@Fabrikam.com Exchange SharePoint
Pre-cutover event
Replicate identities in the existing
AD DS domain (Contoso) to the
target AD DS domain (Fabrikam).
If identities in the source domain
are using the same UPN in the On-premises Microsoft cloud
target domain, assign a
temporary UPN.
Contoso.AD.com Contoso.onmicrosoft.com
(Contoso.com, Fabrikam.com)
Synchronize identities from the
target AD DS domain to the
target Azure AD tenant. Initially,
the UPN will be in the UPN: Azure AD
onmicrosoft.com domain. Leon.Kruger@Contoso.com
Cleanup:
On-premises Microsoft cloud • Remove the migrated identities from
the source domain (Contoso.com), if
mail forwarding is not required. You
Contoso.AD.com Contoso.onmicrosoft.com can create a contact object if
(Contoso.com) forwarding is still required.
• If an ongoing collaboration
relationship is required, consider
using Azure B2B between tenants.
UPN:
Leon.Kruger@Contoso.com Azure AD
Exchange SharePoint
Fabrikam.AD.com Fabrikam.onmicrosoft.com
(Fabrikam.com)
Azure AD
UPN:
Sophie.Holter@Fabrikam.com Exchange SharePoint
May 2021 © 2021 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at CloudAdopt@microsoft.com.
Architecture approaches for Microsoft This topic is 4 of 5
UPN:
Leon.Kruger@Contoso.com Azure AD
UPN:
Sophie.Holter@Contoso.com Exchange SharePoint
Bridge state
UPN:
Sophie.Holter@Fabrikam.com
Exchange SharePoint
Cleanup:
On-premises Microsoft cloud • Remove the migrated identities from the
source domain, if mail forwarding is not
required. You can create a contact object if
Contoso.AD.com Contoso.onmicrosoft.com forwarding is still required.
(Contoso.com) • If an ongoing collaboration relationship is
required, consider using Azure AD B2B
between tenants.
UPN:
Leon.Kruger@Contoso.com Azure AD
Exchange SharePoint
Fabrikam.AD.com Fabrikam.onmicrosoft.com
(Fabrikam.com)
Azure AD
UPN:
Sophie.Holter@Fabrikam.com Exchange SharePoint
May 2021 © 2021 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at CloudAdopt@microsoft.com.
Architecture approaches for Microsoft This topic is 5 of 5
Tenant move or split In this example, Contoso is moving all users to a new tenant
named Fabrikam. All users initially belong to the Contoso.com
domain. Users are migrated from the Contoso.com domain to
Fabrikam.com.
Moving a subset of user accounts to a new tenant is not
Initial state described.
Exchange SharePoint
Pre-cutover event
Prepare the target tenant
(Fabrikam.onmicrosoft.com).
• Create accounts in the target
tenant. This can be accomplished On-premises Microsoft cloud
by scripting or provisioning cloud
accounts in the target tenant with
a temporary UPN. Or, you can Contoso.AD.com Contoso.onmicrosoft.com
leave the default login (Contoso.com)
(user@Fabrikam.onmicrosoft.com).
• Licenses must be available for both
tenants.
Cutover event
Execute the final content migration for Exchange SharePoint
email.
At this point the source tenant is completely Note: If you are moving a subset of user
On-premises disconnected from AD DS, and all content accounts to a new tenant, the final
has been migrated to the target. architecture includes two Azure AD Connect
The organization can decommission the servers on premises, each synchronizing
Contoso.AD.com source tenant. accounts to different Azure AD tenants.
The on-premises Exchange organization can
be configured for hybrid connectivity with
only one tenant.
Fabrikam.onmicrosoft.com
(Fabrikam.com)
Azure AD
Exchange SharePoint
May 2021 © 2021 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at CloudAdopt@microsoft.com.