6 Easy Steps for an Office 365 Tenant to Tenant Migration

Performing an Office 365 tenant-to-tenant migration is a big task for any company to take on. There is a process in setting up a “trust relationship” between the two and that process involves downtime, cutover times, custom modifications and settings. This will vary each time you start looking into a tenant-to-tenant migration, as will the complexity of each migration.

In a recent project we were requested to split a tenant that for many years had been on the same environment. This presented a challenge in finding detailed configuration customized for the two domains, rules and security policies that had the two domains intertwined that  must be found and duplicated, moving of user data that involved separating two company’s data, as well as setting up the new tenant itself.

It might sound daunting at first, but fundamentally the best approach as always is just taking it one step at a time.  This guide will help you understand those steps and prepare you for a successful migration.

Let me walk you through the fundamentals along with some of the challenges we came across.

Before you even think about setting anything up, you will need to understand the company’s needs.

  • What is the requirement? In our case, move everything related to one domain to a new tenant
  • What is the time frame? We were given a month or so, which was a very reasonable allocation given the tenant size. This can stretch to over a much longer period for larger and more complex migrations.
  • Which users need to be moved? Start with a basic search of users on the domain, investigate each user and mailboxes for unique forward rules and aliases
  • What data to move across? Start to build an understanding via meetings or emails with the business, confirming the users and data and working from there. This can vary from SharePoint, to One Drive, to Azure resources. (SharePoint is a separate beast to tackle)
  • What Configuration has been done on the tenant for the domain related users? Again, communication with the business or relevant stakeholder is key here. You will need to understand the environment first.
  • What can we do after the migration is completed? There are always company assets that don’t take priority at the time of your planning and what might be left behind if not in the original migration. It's good to take note of these and make it a topic to discuss once the original migration is completed.

Now you have a scope and some goals to start working on. This process we would refer to as the “Pre-Migration” process, and it can get quite in-depth depending on the business' needs and therefore utilizing tools to assist you with accurate reports is recommended. 

Setup up the new environment:
Simple right? Go and try a quick google search and you'll find many different methods and approaches. Try this one link instead https://products.office.com/en-us/business/compare-more-office-365-for-business-plans. This link will help you setup a trial tenant for Business, which you will be able to start with.
The follow steps are some guidelines we recommend you follow. 

Step 1 – Domain Preparation

    • Setup Admin accounts (Create a Global Admin)
    • Add licensing to the new tenant or request the business procure them from their supplier
    • Setup the Domain (You will start the process here but you don’t have to complete until Step 4)
    • Create users' mailboxes (If you don’t complete the step above then you will have change the Alias and the make the domain the primary email)
    • Setup Resource Mailboxes, distribution groups, Shared Mailboxes
    • Create mail flow rules
    • Setup duplicate security policies from the old tenant

Step 2 – Verification of the Domain and Trust Relationship between Tenants

    • Start the process of verifying the domain (don’t complete it yet if the business is still using the older tenant)
    • Create TXT records in DNS
    • Create the Cross-tenant trust relationship between the two tenants


You will have to ensure that the domain is in use for only one target tenant lest the verification process should fail.  Microsoft state It will now take around 72 hours for the change to take effect. Ours took about 4 hours.

Step 3 – Planning the Move

    • Note down the lowest value of Time To Live (TTL) on the Mail Exchanger (MX) record of the primary email domain
    • Confirm the date and time of the Move with the business

Step 4 – Implementing the Migration

    • Change the primary MX record to an unreachable value to stop the flow of inbound mail to the Old tenant. 
    • Ensure removal of all New objects from the primary mail domain in the Old tenant before the transfer of Office 365 mailbox to another account.
    • The final step is preparing the target domain by verifying the source tenant in the target domain. One should ensure to initiate this step one hour after performing the previous actions.
    • Confirm all licenses have been assigned


Step 5 – Migration of mailboxes

    • Create the cutover migration batch. (Exchange Migration will take you thought the steps and help you create the CSV needed. (Just a note, the CSV format can be a bit tricky)
    • Start the cutover migration batch
    • Route your email directly to the New Mailboxes from the Old Tenant. (Only if there is a need and/or they have Alias setup on the Old Tenant)
    • Delete the cutover migration batch


Step 6 – Final Phase for users and Signatures

    • We found Signatures didn’t get migrated, This will have to be done either from the users side or in a 3rd party Signature Portal if used
    • Test mail flow in and out of New tenant.
    • Testing, testing, testing.
    • Perform user acceptance testing with a portion of business users


Our migration went fairly smoothly, but we did have our set of issues, from Teams Numbers porting, to redirecting emails bouncing, but we quickly worked through the issues as they came up and the client was live within the accepted time frame.

Here are some issues we picked up along the way which might help you:

Manage suggested recipients in the To, Cc, and Bcc boxes with Auto-Complete

Enabling External Sharing on the New tenant:
With the new tenant we found that external sharing is not enabled by default, this of course is really important for security reasons, but there will be a time when you need them and in our case we needed to make sure the Old Tenant was forwarding mails to the New Tenant.

How to enable automatic forwarding for all your Microsoft 365 mailboxes

1.  Log in to your Office 365 Security & Compliance portal and go to Threat management->Anti-spam section.

2.  Click the arrow next to Outbound spam filter policy setting and click the Edit policy button.

3.  Click the arrow next to Automatic forwarding, then select On - Forwarding is enabled from the dropdown. Click Save.

How to enable automatic forwarding for individual Microsoft 365 mailboxes

1.  Log in to your Office 365 Security & Compliance portal and go to Threat management->Anti-spam section.

2.  Click the Create an outbound policy button.

3.  Name your new outbound spam filter policy and add some Description, then click the arrow next to Automatic forwarding and select On - Forwarding is enabled from the dropdown.

4. Click the arrow next to Applied to and then the Add a condition button. From the dropdown list select the Sender is condition, then click in the Add a tag field to add the mailbox(es) for which you'd like to allow the automatic forwarding. Once you have all mailboxes added click Save.