Microsoft’s Tenant to Tenant Migration Vision Lacks Coverage and Depth
Those who listened to Microsoft’s virtual Ignite session on Supporting Mergers, Acquisitions, and Divestitures in Microsoft 365 might have concluded that Office 365 tenant restructuring was about to become possible. It’s not.
What’s really happening is that Microsoft is taking on the easiest parts of tenant to tenant migrations: cross-tenant mailbox migration (now in public preview) and the announcement of a preview to move SharePoint Online and OneDrive for Business files, lists, pages, and news (here’s the application to join). A video demo of the SharePoint/OneDrive transfer capabilities is included in the Ignite session.
Advantages Leveraged by Microsoft
As they develop a tenant restructuring strategy, Microsoft is leveraging assets they already have, including:
- Experience of moving mailbox and documents between Office 365 datacenter regions for multi-geo tenants.
- A decade of knowledge about how to move hundreds of millions of mailboxes into Office 365 from on-premises Exchange servers using the Exchange Mailbox Replication Service (first introduced in Exchange 2010). Moving batches of mailboxes between tenants is a little (but not a lot more) complex than moving batches from on-premises to the cloud.
- Hybrid connectivity linking Exchange Online and Exchange on-premises.
- The Mover acquisition and their toolset for moving SharePoint and OneDrive content.
- Redirects used to maintain page links when SharePoint Online site URLs are renamed.
- Cloud components such as Azure Key Vault.
- Azure Active Directory synchronization and B2B capabilities (for People Search across multiple tenants).
- Microsoft’s own experience of acquiring companies with Office 365 tenants (they move data from the acquired company’s tenant into the Microsoft tenant).
Good Building Blocks But…
These are great building blocks, but the envisaged solution is limited and doesn’t address the needs of organizations who need to combine multiple Office 365 tenants or split the data belonging to a subset of Office 365 accounts in a tenant and move the data to another tenant. Why? There’s no mention of Teams, Yammer, Planner, or Power Automate in the grand plan, and it looks as if mailboxes moved to a new tenant need to have a new profile created, including building a new OST.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Microsoft’s approach doesn’t accommodate information protected with rights management or other encryption schemes which depend on users being able to authenticate against Azure Active Directory. The Ignite session briefly touches on using MIP (sensitivity) labels to protect SharePoint content after it is moved to the target tenant. I’m much more worried about maintaining access to encrypted content after it is moved to the target tenant, a challenge that’s similar to that when an organization decides to exit Office 365 and move to another platform.
To be fair to Microsoft, they acknowledge that they need to take a phased approach across Office 365 core services (Exchange, SharePoint, OneDrive, and Teams) because of the engineering complexity involved in dealing with the different types of data.
The sheer amount of data that tenants build up inside Office 365 also increases complexity, as anyone who has had to transfer mega-gigabyte mailboxes can attest. The fact that all the data is inside Microsoft’s datacenter network makes this task easier than migrations which must transfer data across the internet.
Data Only the Start
Remember that moving data is only part of a tenant merge. Policies need to be adjusted as well. You might have to recreate Data Loss Prevention policies, sharing policies, retention policies, and label publication policies. You might need to recreate trainable classifiers to use with auto-label policies or communication compliance policies. User profiles will need to be repopulated with new business titles, photos, and organization information, and so on. Branding for sites might need to be adjusted and hub and communication sites rebuilt. Licensing of accounts might need to be reviewed to ensure that the transferred user accounts have the correct licenses. In short, data is a start, not the complete picture.
The thing is that technology can automate a lot but not everything involved in restructuring. The devil is very much in the detail, and people will still be needed to take care of the finer points of tenant management before and after data is transferred.
ISVs Understand the Challenge
The challenges described in the presentation is a well-traveled road for ISVs who specialize in tenant to tenant migration tools like Quest, Quadrotech, AvePoint, and BitTitan. ISVs have invested heavily to work around issues which exist in Microsoft standard tools and technologies and to develop their own approaches to dealing with moving user accounts and other objects like shared mailboxes and groups. For example, some have optimized data transfer protocols to move mailboxes and documents at high transfer rates between tenants while including comprehensive logging and restart features. Another example is the way ISVs use beta Graph APIs to deal with Teams conversations (but not chats).
Microsoft has handicapped ISVs by not delivering APIs to allow access to all the data involved in tenant restructuring. It’s hoped that a positive side-effect of Microsoft entering the space will be faster development and provision of APIs to handle high-fidelity, high-speed transfer of data for all Office 365 workloads to another tenant.
Microsoft Entering Space is Goodness
In case people think I am being overly critical of what Microsoft is trying to do, it’s only because they are so late to the game. Customers have needed to deal with tenant splits and joins since the early days of the service. Nearly ten years after the launch of Office 365, Microsoft has finally acknowledged that the problem exists. I welcome that.
The presence of Microsoft in the space will accelerate progress in tenant-to-tenant solutions. The combination of base technology delivered by Microsoft and the more specialized tools developed by ISVs (who need to do this to prove added value over what Microsoft has) should make a spectrum of tools available to customers. Let’s hope the new tools make tenant restructuring easier and less expensive than it is today.