A Step-by-Step Guide to Master Your Microsoft 365 Migration

We take a closer look the steps included in a successful Microsoft 365 migration in this guide, including the decisions, strategy, mobility, monitoring, and adoption aspects.

Whether you’re adopting a new cloud platform or moving away from an on-premises solution, Microsoft 365 represents a powerful and versatile platform comprising some of the most robust productivity tools on the market.

But before taking the plunge, a successful migration takes careful planning and consideration. We will provide you with the knowledge you need to smoothly navigate the transition, starting with the questions you need to ask before a Microsoft 365 migration in this guide.

How to Get Started With Microsoft 365

All you must do is create a Microsoft 365 tenant, synchronize Active Directory, migrate mail and sites, and you’re all set, right? Not exactly. People often don’t have the right or enough information about all the decisions required to implement this cloud solution.

Migrating to the cloud using Microsoft 365 is not a single decision. It actually requires a lot of decisions, most of which impact not only your IT staff but also your end users and budgets.

Below are the questions we most frequently ask clients to ensure there’s a complete understanding of the diverse topics and scale of required implementation efforts:

Which Office 365 Features Will You Use?

Before moving to the cloud, it’s important to know what Microsoft 365 features you need or want. Some of the available features include:

• Current versions of Microsoft Office.
• Microsoft Exchange Online,
• Microsoft Teams.
• Microsoft SharePoint Online.
• Intune Device and App Management
• Multifactor authentication and Conditional Access.
• Microsoft Defender.
• Microsoft Purview.

Is Your Network Prepared?

Does your network have the capacity to migrate existing mailboxes and identities to the cloud while continuing day-to-day business without performance issues? Will that still be the case when users begin to synchronize their OneDrives, too?

Before you start migrating users, be certain you prepare your network by using Microsoft’s tools for planning and performance.

How Will You Manage Identities?

In most cases, we’ve found that companies synchronize their on-premises Active Directory to the cloud. But is that enough?

To federate with Microsoft 365, you might need to use a third-party identity provider solution or upgrade to a more comprehensive version.

How Will You Manage Mobile and Application Access?

We have also found that most of our clients cannot meet their company’s security requirements regarding mobile device management using the default settings in Microsoft 365. For enhanced mobile security features, look to Microsoft Defender for Endpoint.

Who Will Support Microsoft 365?

The most underestimated and under-planned category of decisions concerns who will support which parts of the Microsoft 365 platform.

Read the administration roles available at the platform level alone to better understand this undertaking. Along with Help Desk, business analyst, developer, and other subject matter experts, the support organization will require retraining or repurposing existing staff and possibly even new hires, which may prove difficult to find.

How Will Users Learn?

Most companies discover the questions they forgot to answer when their users locate and begin to use features that no one planned to use. To avoid shadow training and hacks that users will find on their own – as well as the security of the company’s data – plan for training, not once, but continuously.

The Microsoft 365 platform is more fluid than static, and the support team can pass on changes they realize to the training team for circulation to users.

How Will You Manage Change?

Because Microsoft 365 is constantly changing, you can expect quarterly platform updates and regular updates on additional features. That means it will be critical to rely on a governing body to manage the Microsoft 365 roadmap and administration console message center.

The purpose of a governance or steering committee is to review current policies and determine the need for new policies. Your committee should meet regularly and include stakeholders from IT and business departments. This is vital to the overall management of the platform and user satisfaction.

These questions are only a start. They are examples of the range of questions and topics you need to consider before you leap into the cloud.

Once you know the answers to these questions, you can start planning your Microsoft 365 migration, which can’t happen without security.

Security Basics in Microsoft 365

Many organizations take great care in securing their networks by not allowing outsiders in, but they do nothing to secure the data leaving the network through instant messaging, email, and mobile devices.

With a couple of clicks, you can quickly toggle on and off the ability to share Microsoft 365 services with an outside organization. Microsoft 365 does a decent job inherently of limiting access to services and information to those users who should have access.

Microsoft 365’s built-in multifactor authentication is an easily implemented security solution that takes the basic measures a little further. All of this requires little in the way of initial planning. But there’s more to consider when thinking about security.

Microsoft’s Stronger Security Solutions

A significant concern in any organization, regardless of size, is ensuring that data is not intercepted or accessed in error by unauthorized individuals. This kind of protection requires much more planning and forethought because it involves all users, policies, and the complete lifecycle of a document or artifact at a company.

Here are a few security options to keep in mind during your Microsoft 365 migration:

Platform Security

This doesn’t even require planning! Microsoft has policies and processes that limit physical data center access, so only authorized staff are allowed inside. You can encrypt storage devices so that even if they are stolen, no one can access the data.

Finally, the data is encrypted, both in transit and at rest. The platform itself is inherently secure, and the best part is that you will no longer need to have on-site infrastructure and support, which could equate to millions of dollars in savings year on year.

Secure Access and Sharing

As mentioned above, these settings in the Microsoft 365 admin center allow you to share resources with external users. An external user is someone who does not have a user account in an organization’s Microsoft 365 directory.

Some items you can share with external users or organizations are:

• User calendar – free or busy time only, details or everything.
• Files via:
  • Exchange.
  • OneDrive.
  • Teams.
• SharePoint sites.
• Microsoft 365 groups.

You can switch some Microsoft 365 collaboration sharing features on or off for the entire organization, and when switched on, you can also set them for individual users or groups.

Careful planning in this area prevents users from sharing what they aren’t supposed to. Information governance will help secure the data further.

Information Governance

This requires preparation, not only to define sensitive data but also to explain how people can use it. This also includes Litigation holds, eDiscovery, and the preservation of data after a user leaves an organization.

There is a limited and varied amount of time companies can recover data if a user becomes unlicensed from Microsoft 365, or they delete the login account. Organizations must prepare for this eventuality.

Awareness and Insights

Microsoft 365 logs every action a user or administrator takes. Audit logs are available in the Microsoft 365 Defender XDR and Purview admin centers for several categories. Here are a few of those categories:

• File and page activities.
• Sharing and access request activities.
• Synchronization activities.
• Site administration activities.
• Exchange admin activities.
• User administration activities.
• Application administration activities.
• Directory administration activities.

Ensure you have a plan in place to monitor and govern these activities.

Compliance and Trust

Microsoft 365 compliance and trust tools and services focus on threat management, data governance, search and investigation, and reporting for all of these. Here are a few of the security and compliance tools you can add to your Microsoft 365 subscription:

• Microsoft Entra ID Protection finds threats and vulnerabilities impacting your company’s identities and helps you create automated responses to suspicious activities and take action to resolve those activities.
• Microsoft Defender for Endpoint manages threats, devices, investigation and remediation, and more.
• Microsoft Purview Data Lifecycle Management and Microsoft Purview Records Management can help you retain the right data and delete data you no longer need to keep on file.
• The Compliance Program for Microsoft Cloud provides customers with personalized support, networking, and educational opportunities to help organizations ensure compliance with the regulations that apply to them.

This is the heart of information governance planning and policy enforcement. These two topics will need to include representatives from IT, executive management, legal, security, and most likely, the businesses as well.

Microsoft has done, or is doing, more every month to ensure the security of a company’s data. However, you need to do more, and companies using Microsoft 365 must assume responsibility for their part in planning to protect their data. One area you cannot forget about during their Microsoft 365 migration is mobile device management.

Mobile Device Management for Microsoft 365

When migrating or deploying to Microsoft 365, it’s important to consider mobility options. If you don’t implement mobile use policies, then all devices will have access to all of Microsoft 365 through mobile apps and browsers.

That means that with their credentials, any user can access their company’s Microsoft 365 data with the use of any device and from anywhere that has a connection to the internet. That also means users can move that data – files, email, or other types of data – to other locations. Everything is even easier thanks to mobile apps.

But, with no protection, organizations face security risks. How can organizations effectively manage this?

Microsoft 365 uses Intune for mobile device management (MDM) and governs any device that attempts to connect to the corporate tenant, forcing the devices to enroll in MDM so your security team can monitor them. Note users cannot enroll Apple devices until configuring an Apple token and certificate for the Microsoft 365 tenant.

Let’s take a deeper look at Microsoft 365’s mobile device management and security policies.

Device Management

Mobile device management allows an admin to perform the following:

• Enroll user devices.
• Restrict devices to a specific operating system.
• Push apps to devices.
• Remotely wipe company information from devices.

Device Security Policies

It’s important to put security policies in place so you can control the flow of information. Security policies can include blocking unsupported devices from connecting to Exchange and exempting individual groups from all policies.

Some device security policies include:

• Entra ID account password restrictions.
• Requiring data encryption.
• Requiring managing email profile (for selective wipe).
• Allowing devices to connect even if they don’t meet the above requirements.

Governing Microsoft 365 Mobility Options

Intune answers the question: “Can users connect from their mobile devices, and if so, what are the basic requirements for those connections?”

The idea, of course, isn’t to disallow mobility as a whole but rather to govern and enforce policies in concert with data loss prevention (DLP) policies.

There are also many third-party identity and device management options. If your organization is federated using Microsoft Entra ID, then it’s possible to define access policies that will limit – among other restrictions – access by users using http(s) or users not on the network. This eliminates browser-based access by a device to Microsoft 365 – another porthole through which the company’s vital and most confidential data could escape.

Finally, Microsoft offers full protection and resolute device and policy management using Microsoft Security for Enterprise. There are several suites and a la carte options you can customize to your organization’s particular needs. These require careful planning, however, like everything in Microsoft 365, to balance security and adoption.

Staying Healthy After Your Microsoft 365 Migration

Security is vital, of course, but successfully managing Microsoft 365 takes more than preventing a data breach. After your migration, how will you ensure that your service is continuously available and safe beyond security?

If Microsoft’s data centers and Microsoft 365 are ever completely offline, we’ll be more concerned about our survival skills than the cloud. Aside from Armageddon, though, Microsoft 365 has enough built-in redundancy that unexpected outages are rare.

There are, however, key service health features that can help you ensure your organization is covered on basic insight, usage, security, and updates:

• Admin App – Sends alerts on service health incidents and major upcoming changes. With it, you can also track your service requests and create new ones. Available in Android and Apple App stores.
• Health Dashboard – Provides the current service health status of your most-used applications in the browser and drills down into health incidents and usage reports.
• Microsoft Purview audit records – These audit reports allow ad-hoc reporting for user and admin actions such as file sharing, group management, or permissions elevation. It’s possible to search over 100 items by product.
• Service health and communications API – Located within Microsoft Graph, this gives you health status and message center posts related to Microsoft Cloud services.

Of course, if you don’t want to invest in developing reports for health and usage, you can use System Center, a Microsoft 365 management pack you can plug into Microsoft’s enterprise configuration and monitoring system, which has been proven to work well over the years. If you already own System Center, check into it first.

Now that you’ve established the security and health of your Microsoft 365 migration, there’s one big topic left to tackle: adoption.

Microsoft 365 Adoption

Users are creatures of habit. They’ll use what they’re used to. They don’t like change, especially if they can adequately do their work with the tools they already have. Or if they cannot see the value in learning a new tool.

Think of an accountant. They have enough to learn on a regular basis, and their focus is on the end results. So, a new piece of software or a new process is not as important to them.

They might even prefer to stick to the familiar way to accomplish tasks. Especially if there’s a learning curve to using it or it might put their data at risk. So now you need to sell your team.

You’ve gotten this far in the cloud migration process because you’ve already sold the c-suite on the benefits, cost savings, increased security, and personnel repurposing that result from moving to a cloud solution.

But what happens if users don’t buy into your idea and businesses invest in alternative solutions? If you don’t want to end up becoming repurposed personnel, here’s what you can do to get your users on board with the change:

• Make sure users understand the benefits so that it becomes “everyone’s idea” – not only “your idea”.
• Explain governance policies and any new processes to the extent that they’re clear and easy to follow.
• Offer courses on using the resources in your company’s internal educational platform.
• Provide all users with different types of quick-start guides so they aren’t forced to call someone or search for an answer.
• Create teams for different groups of learners based on preferred learning styles so they can share training ideas.
• Explore Microsoft Support’s training guides.

You know your users best. But, typically, if you can get your users to believe the new software makes their work lives easier – and they have the tools and training they need – then you have succeeded in planning your cloud rollout.

By asking yourself important questions upfront, considering your security and MDM needs, monitoring your cloud’s health, and helping your team embrace the migration to Microsoft 365, you can empower your team members and propel your organization toward a more productive and secure future.

Need additional help with Microsoft Adoption and Change Management or help with planning your overall migration? Connect with us