What is Azure Active Directory? Part 4: Azure AD Migration

Thanks for sticking with me on this series of posts about Azure AD! So far, we have explored the question, “What is Azure Active Directory?” and delved into both Azure AD management and Azure AD security. Today, let’s turn to Azure AD migration — both your initial migration to Azure AD and the Azure migrations you might face once you’re in the cloud.

Migrating to Azure AD and Office 365

An Azure Active Directory migration is a complex and critical project. The secret to success? If you follow my blog at all, you know exactly what I’m going to say: Follow proven best practices! In this case, I recommend Quest’s four-step methodology: prepare, migrate, coexist and manage.


The first step is to assess your source environment and clean it up. Start by taking a hard look at your Active Directory, which has probably gotten a little (or a lot!) messy over the years or decades. Look for inactive user and computer accounts and delete them; you’ll simplify your migration and close off security gaps at the same time. Also take a hard look at your security groups — a migration is a perfect opportunity to right-size permissions and start rigorously enforcing the least-privilege principle to improve security and regulatory compliance. Be sure you can review nested groups so you know exactly what access rights each account has. Don’t forget about directly assigned permissions; eliminate as many of those as possible to simplify permissions review and management and enhance security.

Then do the same for your Exchange environment. Take an inventory of exactly what email, calendars and folders you have, and pare them down to what you actually need; archive old data that you might need but that you have no current use for. Be sure to consider not just Exchange mailboxes but Outlook PSTs, third-party email archives and other data sources in the planning process.

Sorry, you’re still not done! You still have to think about all the data and applications you want to move into your cloud storage and services like SharePoint Online and OneDrive for Business. But the process is the same: Get a comprehensive inventory of what you have, clean it up, and think carefully about what you want to migrate and what you want to keep on premises.

You might face pressure to “Just get the migration done already!” but trust me, taking the time to prepare thoroughly will make the migration much faster and less risky, and help ensure that the target environment actually meets your organization’s needs.


The migration itself should proceed in phases. You want to move groups of users and resources in a thoughtful way, respecting both users’ collaboration needs and business realities, such as quarter-end deadlines when any disruption would be particularly painful for a particular team or department. Testing and pilot projects will help reduce risk, but remember that things will go wrong, so be sure you can roll back migration tasks easily. Management will undoubtedly want regular status updates, so you’ll want both a clear migration management interface and easy reporting capabilities.


Most Azure AD migrations take time to complete — not just a weekend, but weeks or months. You need to ensure that everyone can remain productive throughout the project, whether their account and the resources they need have been moved to the cloud or still on premises. In short, you need seamless directory and free/busy coexistence, along with updated SharePoint Online permissions and Skype for Business Online links.


Last but not least, you have to be prepared to effectively manage your new Azure AD and Office 365 environment and keep it secure. I covered those topics in my earlier blog posts in this series on Azure AD management and Azure AD security, so I won’t repeat all of that here.

Tenant-to-tenant migrations

Once you’re in the cloud, a lot of the migration burden shifts from you to Microsoft. You won’t have to worry about hardware or software upgrades; that’ll all be taken care of for you as part of your subscription. However, as your organization grows and changes — especially if you have merger and acquisition (M&A) activity — you will likely need to migrate directories, mailboxes and shared data from one Office 365 tenant to another. And, odds are, you’ll be under tremendous pressure to get it done quickly, so it’s especially valuable to have the right tools at hand and already be experienced using them.

The good news is, the process involves the same four steps — prepare, migrate, coexist and manage. Since we just covered them in detail, I can be brief here:


Determine which accounts need to be migrated and when, so you can avoid unnecessary work, duplication and delays.


Next, you need to migrate the accounts and copy directories. Be sure your tool can update permissions on file systems, workstations and SharePoint Online. You’ll also need to migrate mailboxes, Skype for Business Online accounts, OneDrive folders and other data from the source tenant to the target tenant. As with any migration, it’s essential to have a dashboard that enables you to schedule and monitor migration jobs in real time, granularly roll back any failed or problematic jobs, and keep stakeholders informed.


To ensure a smooth transition for users, ensure you have not just directory coexistence but calendar sharing and email domain name coexistence between the tenants.


Finally, be sure you have the tools and strategies you need to effectively manage your consolidated tenant.

How Quest can help

Trying to complete migrations with manual processes and native tools dramatically increases the chances of delays, mistakes, security issues and outright failure. For example, accounts, mailboxes and other critical data can easily be overlooked or incompletely transferred, and permissions can be granted improperly in the target environment. Therefore, it’s definitely worth investing in the right tools.

Reduce your AD attack surface

Reduce your AD attack surface.

See where you’re exposed and how to remediate it.

As we saw in my “What is Active Directory?” series of blog posts, Quest is your go-to vendor for everything Active Directory — and that includes Azure Active Directory as well. Our solutions will help you conquer your Azure AD and Office 365 migrations by giving you the power to perform each of the four migration steps efficiently, accurately and securely.

I covered several of these solutions in my post on Active Directory migration, so here let me just address tenant-to-tenant migrations. On Demand Migration enables you to deliver an effective and secure Office 365 tenant-to-tenant migration with day one coexistence, and its sister solution, On Demand Migration for Email, simplifies the process of moving email, calendars and folders. Even better, you can manage and control everything from a single SaaS console, so you don’t have to install or maintain any migration software

Moving on

That’s it for Azure AD migrations. Stayed tuned for the final blog post in this “What is Azure AD?” series:

Part 5: Azure AD reporting

About the Author

Jennifer LuPiba

Jennifer LuPiba is the Chair of the Quest Software Customer Advisory Board, engaging with and capturing the voice of the customer in such areas as cybersecurity, disaster recovery, management and the impact of mergers and acquisitions on Microsoft 365, Azure Active Directory and on-premises Active Directory. She also writes thought leadership articles and blogs aimed at the c-suite to evangelize the importance of these areas to their overall business. She chairs The Experts Conference, a yearly event focused on pure Active Directory and Office 365 training at the 300 and 400 level for the boots-on-the-ground Microsoft admins and managers.

Related Articles