Trends are trends, and the reason there’s often no stopping trends is because there’s a darn good reason everyone’s doing whatever it is. These days one such trend that’s got solid legitimacy behind it is moving from an on-premises Microsoft Exchange deployment to Exchange, and for most people it is nothing short of a huge undertaking. It’s often full of major issues along with considerations and decisions galore, and for a lot of people they won’t know what they’ve gotten into with moving to hosted Exchange until they’re well into the process.
But you’re going to do what you’re going to do, and especially if it’s something you feel you need to do. I remember when I was very young and my grandfather said to me ‘some birds do, and some birds don’t. Some birds will, and some birds won’t.’ I had absolutely no idea what on earth he was talking about but I stared up into the sky anyways. The few birds I saw were flying around being birds like any other and I remember thinking what is it they would or wouldn’t be doing in the first place.
But enough about that. Our discussion today is not necessarily about trends and about who is going to do what. It’s about getting your organization into Exchange Online and for some people it’s full of pitfalls that can make the whole thing far too unpleasant, especially if you have on choice but to continue on with it.
So here’s what we know about what you should do, and what you shouldn’t do.
Don’t underestimate the time required for moving the entirety of data over
A whole bunch of factors can make this a lengthy ordeal. How many users do you have? How much data does each mailbox have stored? Do you have bandwidth constraints? The list can go on. Migrating email to the cloud can take anywhere from a few days to several weeks. In fact, Microsoft can contribute one major slowdown of their own – a less-obvious protective feature of Exchange Online makes it so that inbound sustained connections are throttled in order to prevent system overwhelm risk. A noble aim, but it may have you getting frustrated pretty quick if you’re hoping to continue moving ahead with your migration.
However, once you’re up and running and fully in the cloud you’ll come to appreciate this defense line, which works to benefit the general subscription base. But when you are trying to ingest data you may have it slowing to a crawl. That’s just the way it is, and there may not be a way around so you’ll have to be patient.
Do use a delta-pass migration
A delta-pass migration rather than a strict cutover migration reduces time pressure on you down the line and further on into the migration. With delta-pass migration, multiple migration attempts are made while mail is still being delivered on-premises. For example, the first pass might move everything from Tuesday, Mar 1 backward and then another pass is made later in the week to move the “delta” — or changes — from that day through Wednesday, Mar 4, and then in succession until mailboxes are up to date.
This is a useful technique with each successive migration batch being smaller than the last and taking less time. Your users won’t lose historical mailbox data because theirs already holds their data.
Don’t skip configuring edge devices and intrusion detection systems to recognize & trust Exchange Online
Forgetting or choosing not to may mean your migrations are interrupted because your IDS thinks a DoS attack is happening. The fix though is that Microsoft makes available a regularly updated list of IP addresses used by all 365 services, and you can use it to configure your edge devices for trusting certain traffic flows.
Do start with running the Office network health and connectivity tests
Microsoft offers a comprehensive tool capable of alerting you to routing or latency issues between you and the Microsoft 365 data centers. Speeds, routing, latency, jitter, and more – all covered on your network connection to identify and isolate common issues that could lead to a lessened experience for Microsoft 365 users. This is particularly true for voice applications.
Do plan on implementing 2-factor authentication
A primary advantage to moving to Exchange Online and Microsoft 365 is how you are ablet to use all of the new security features available in the cloud. Tops of them of is the ability to turn on two-factor authentication. It will diminish your attack surface significantly as soon as you turn it on, and since Microsoft has seen to the rewiring of the directory and Exchange security model on its servers to make it work, all that’s required of you is flipping the switch and show your users where to enter mobile phone numbers.
An even better choice is to use the Microsoft Authenticator app to cut down on the security and social engineering risks of using SMS text messages. Now of course deploying Authenticator across thousands and thousands of phones can be difficult, especially with BYOD setups and environments geared for remote work where employees don’t have IT support on hand. SMS requires nothing from the end user and is done entirely by IT. So 2-Factor Authentication really is the better choice.
In a hybrid environment, don’t remove your last exchange server
Keeping at least one Exchange Server running on premises in order to manage users is a cardinal rule for Exchange users who’ve recently made their migration. It is possible to continue to use the Active Directory attribute editing functionality to manage recipients, but it’s not supported particularly well. At least not at this time.
It is preferable to use the Exchange admin console of your on-premises server to manage recipients in a hybrid environment, and without leaving an Exchange Server running in your on-premises deployment you can’t do that. Microsoft has said a solution for this should eventually be made available but even after all this time there's been little progress toward solving that problem. Really is the only stain on Exchange as of this time, and it doesn’t take away from the overall advantages to it much if at all.
