Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft’s Tenant to Tenant Migration Vision Lacks Coverage and Depth

Image 1 Expand

Those who listened to Microsoft’s virtual Ignite session on Supporting Mergers, Acquisitions, and Divestitures in Microsoft 365 might have concluded that Office 365 tenant restructuring was about to become possible. It’s not.

What’s really happening is that Microsoft is taking on the easiest parts of tenant to tenant migrations: cross-tenant mailbox migration (now in public preview) and the announcement of a preview to move SharePoint Online and OneDrive for Business files, lists, pages, and news (here’s the application to join). A video demo of the SharePoint/OneDrive transfer capabilities is included in the Ignite session.

Advantages Leveraged by Microsoft

As they develop a tenant restructuring strategy, Microsoft is leveraging assets they already have, including:

Experience of moving mailbox and documents between Office 365 datacenter regions for multi-geo tenants.
A decade of knowledge about how to move hundreds of millions of mailboxes into Office 365 from on-premises Exchange servers using the Exchange Mailbox Replication Service (first introduced in Exchange 2010). Moving batches of mailboxes between tenants is a little (but not a lot more) complex than moving batches from on-premises to the cloud.
Hybrid connectivity linking Exchange Online and Exchange on-premises.
The Mover acquisition and their toolset for moving SharePoint and OneDrive content.
Redirects used to maintain page links when SharePoint Online site URLs are renamed.
Cloud components such as Azure Key Vault.
Azure Active Directory synchronization and B2B capabilities (for People Search across multiple tenants).
Microsoft’s own experience of acquiring companies with Office 365 tenants (they move data from the acquired company’s tenant into the Microsoft tenant).

Good Building Blocks But…

These are great building blocks, but the envisaged solution is limited and doesn’t address the needs of organizations who need to combine multiple Office 365 tenants or split the data belonging to a subset of Office 365 accounts in a tenant and move the data to another tenant. Why? There’s no mention of Teams, Yammer, Planner, or Power Automate in the grand plan, and it looks as if mailboxes moved to a new tenant need to have a new profile created, including building a new OST.

Microsoft’s approach doesn’t accommodate information protected with rights management or other encryption schemes which depend on users being able to authenticate against Azure Active Directory. The Ignite session briefly touches on using MIP (sensitivity) labels to protect SharePoint content after it is moved to the target tenant. I’m much more worried about maintaining access to encrypted content after it is moved to the target tenant, a challenge that’s similar to that when an organization decides to exit Office 365 and move to another platform.

To be fair to Microsoft, they acknowledge that they need to take a phased approach across Office 365 core services (Exchange, SharePoint, OneDrive, and Teams) because of the engineering complexity involved in dealing with the different types of data.

The sheer amount of data that tenants build up inside Office 365 also increases complexity, as anyone who has had to transfer mega-gigabyte mailboxes can attest. The fact that all the data is inside Microsoft’s datacenter network makes this task easier than migrations which must transfer data across the internet.

Data Only the Start

Remember that moving data is only part of a tenant merge. Policies need to be adjusted as well. You might have to recreate Data Loss Prevention policies, sharing policies, retention policies, and label publication policies. You might need to recreate trainable classifiers to use with auto-label policies or communication compliance policies. User profiles will need to be repopulated with new business titles, photos, and organization information, and so on. Branding for sites might need to be adjusted and hub and communication sites rebuilt. Licensing of accounts might need to be reviewed to ensure that the transferred user accounts have the correct licenses. In short, data is a start, not the complete picture.

The thing is that technology can automate a lot but not everything involved in restructuring. The devil is very much in the detail, and people will still be needed to take care of the finer points of tenant management before and after data is transferred.

ISVs Understand the Challenge

The challenges described in the presentation is a well-traveled road for ISVs who specialize in tenant to tenant migration tools like Quest, Quadrotech, AvePoint, and BitTitan. ISVs have invested heavily to work around issues which exist in Microsoft standard tools and technologies and to develop their own approaches to dealing with moving user accounts and other objects like shared mailboxes and groups. For example, some have optimized data transfer protocols to move mailboxes and documents at high transfer rates between tenants while including comprehensive logging and restart features. Another example is the way ISVs use beta Graph APIs to deal with Teams conversations (but not chats).

Microsoft has handicapped ISVs by not delivering APIs to allow access to all the data involved in tenant restructuring. It’s hoped that a positive side-effect of Microsoft entering the space will be faster development and provision of APIs to handle high-fidelity, high-speed transfer of data for all Office 365 workloads to another tenant.

Microsoft Entering Space is Goodness

In case people think I am being overly critical of what Microsoft is trying to do, it’s only because they are so late to the game. Customers have needed to deal with tenant splits and joins since the early days of the service. Nearly ten years after the launch of Office 365, Microsoft has finally acknowledged that the problem exists. I welcome that.

The presence of Microsoft in the space will accelerate progress in tenant-to-tenant solutions. The combination of base technology delivered by Microsoft and the more specialized tools developed by ISVs (who need to do this to prove added value over what Microsoft has) should make a spectrum of tools available to customers. Let’s hope the new tools make tenant restructuring easier and less expensive than it is today.

by Tony Redmond
Oct 12, 2020

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for Petri.com and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with c...

How to Grant Full Mailbox Access to Users in Office 365 and Exchange Server

Aug 4, 2023
Aug 08, 2023
Microsoft and AI: What Is the Copilot Semantic Index and How Does It Work?

Feb 6, 2024
Mar 21, 2024
Nested Microsoft 365 Groups: What You Need to Know

Jul 12, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.