Why Checklists Prevent Migration Failures
In 28 years of Microsoft 365 consulting, EPC Group has observed that 80% of migration failures stem from inadequate pre-migration planning, not technical execution problems. The technology works. The tools are mature. What fails is the organizational preparation: licenses not procured in time, network capacity not assessed, users not informed, and compliance controls not configured before regulated data moves to the cloud.
This checklist is the distillation of hundreds of enterprise migrations. Every item exists because its absence caused a real problem in a real migration.
Phase 1: License Planning and Procurement
- ☐ Determine license type needed per user role (E1, E3, E5, F1, F3)
- ☐ Calculate total license count including buffer (5-10% for growth)
- ☐ Evaluate add-on licenses needed (Power BI Pro, Project, Visio, Copilot)
- ☐ Identify shared mailbox, room mailbox, and resource mailbox requirements
- ☐ Procure licenses through EA, CSP, or direct purchase
- ☐ Assign licenses to pilot group users first
- ☐ Document license assignment matrix by department and role
Phase 2: Identity and Directory Readiness
- ☐ Run Azure AD Connect Health assessment on Active Directory
- ☐ Remediate AD errors (duplicate attributes, invalid characters, orphaned objects)
- ☐ Align UPN suffixes with email domains (user@company.com, not user@internal.local)
- ☐ Install and configure Azure AD Connect (or verify existing configuration)
- ☐ Configure password hash sync or pass-through authentication
- ☐ Test single sign-on (SSO) functionality
- ☐ Verify multi-factor authentication (MFA) enrollment for all administrators
- ☐ Document service accounts and their cloud equivalents
Phase 3: Network and Bandwidth Assessment
- ☐ Run Microsoft 365 network connectivity test from all major office locations
- ☐ Measure current bandwidth utilization during peak hours
- ☐ Calculate additional bandwidth needed for Microsoft 365 (10-20 Kbps per user baseline)
- ☐ Configure network routes to bypass proxy/inspection for Microsoft 365 endpoints
- ☐ Update firewall rules to allow Microsoft 365 IP ranges and URLs
- ☐ Plan migration bandwidth windows (schedule large data transfers for off-hours)
- ☐ Test VPN capacity for remote workers accessing Microsoft 365
Phase 4: Email Migration Scope
- ☐ Inventory all mailboxes (user, shared, room, equipment, discovery)
- ☐ Document mailbox sizes and identify outliers (>25 GB)
- ☐ Inventory distribution lists and mail-enabled security groups
- ☐ Inventory mail flow rules and transport rules
- ☐ Identify public folder usage and plan migration strategy
- ☐ Document email archiving and retention requirements
- ☐ Select migration approach (cutover, staged, or hybrid)
- ☐ Create migration batch schedule with department sign-off
Phase 5: SharePoint and OneDrive Planning
- ☐ Inventory existing SharePoint sites and content databases
- ☐ Inventory file servers targeted for SharePoint migration
- ☐ Design SharePoint Online site architecture (hub sites, team sites, communication sites)
- ☐ Define OneDrive vs. SharePoint content placement rules
- ☐ Inventory custom SharePoint solutions, workflows, and InfoPath forms
- ☐ Plan remediation for incompatible customizations
- ☐ Configure external sharing policies
- ☐ Set storage quotas by site collection
Phase 6: Security and Compliance Configuration
- ☐ Configure Conditional Access policies (MFA, device compliance, location-based)
- ☐ Set up Data Loss Prevention (DLP) policies for sensitive content types
- ☐ Configure sensitivity labels and auto-labeling policies
- ☐ Set up retention policies and retention labels
- ☐ Enable audit logging (unified audit log)
- ☐ Configure Microsoft Defender for Office 365 (anti-phishing, safe links, safe attachments)
- ☐ Set up eDiscovery cases if litigation hold is required
- ☐ Execute BAA with Microsoft (healthcare organizations)
- ☐ Verify GCC/GCC High tenant configuration (government agencies)
Phase 7: User Communication and Training
- ☐ Draft communication plan with timeline (4 weeks before through 60 days after)
- ☐ Send executive announcement email explaining the migration and business rationale
- ☐ Create FAQ document for common user questions
- ☐ Develop role-based training materials (end users, managers, IT staff)
- ☐ Schedule live training sessions for each department
- ☐ Identify and train champion users in each department (1 per 25 users)
- ☐ Set up migration helpdesk with extended hours during cutover
- ☐ Prepare day-of migration instructions for users
Phase 8: Pilot Testing
- ☐ Select pilot group (50-100 users across departments and roles)
- ☐ Execute pilot migration with full validation checklist
- ☐ Test all workloads: email, calendar, SharePoint, OneDrive, Teams
- ☐ Test third-party application integrations
- ☐ Test mobile device access and MDM policies
- ☐ Collect pilot user feedback and address issues
- ☐ Document lessons learned and update migration plan
- ☐ Obtain go/no-go decision from stakeholders
Phase 9: DNS Cutover and Go-Live
- ☐ Reduce MX record TTL to 5 minutes 48 hours before cutover
- ☐ Update MX records to point to Exchange Online
- ☐ Update SPF record to include Microsoft 365
- ☐ Configure DKIM signing for the domain
- ☐ Set DMARC policy (start with p=none, monitor, then enforce)
- ☐ Update autodiscover DNS records
- ☐ Verify mail flow with internal and external test messages
- ☐ Monitor migration dashboard for batch completion
Phase 10: Post-Migration and Rollback
- ☐ Document rollback procedures (MX revert, mailbox restore from source)
- ☐ Define rollback decision criteria and authority
- ☐ Keep source mail system operational for 30 days post-migration
- ☐ Monitor helpdesk ticket volume and categorize migration-related issues
- ☐ Conduct 7-day and 30-day post-migration reviews
- ☐ Decommission source systems after validation period
- ☐ Update IT documentation and runbooks for Microsoft 365 operations
- ☐ Schedule 90-day adoption review with stakeholders
Frequently Asked Questions
What are the essential steps in an Office 365 migration checklist?
The essential steps are: license procurement and assignment, identity and directory readiness (Azure AD Connect configuration, UPN suffix alignment), network and bandwidth assessment, source environment inventory (mailboxes, SharePoint sites, file servers, custom applications), security and compliance configuration (DLP policies, retention labels, conditional access), pilot group selection and testing, user communication and training program, DNS cutover planning, rollback procedures documentation, and post-migration hypercare support plan. Each step should have defined success criteria and a responsible owner before migration begins.
How do you assess readiness for Office 365 migration?
Readiness assessment covers four domains: technical readiness (AD health, network capacity, DNS configuration, firewall rules), organizational readiness (executive sponsorship, change management resources, training capacity), data readiness (content inventory, cleanup status, permission audit), and compliance readiness (regulatory requirements mapped to Microsoft 365 controls, BAA execution for healthcare, GCC tenant provisioning for government). Use the Microsoft 365 network connectivity test tool and Azure AD Connect Health to validate technical readiness. Organizational readiness is best assessed through stakeholder interviews and a change impact assessment.
What compliance requirements must be met before migrating to Office 365?
Compliance requirements vary by industry. Healthcare organizations must execute a Business Associate Agreement (BAA) with Microsoft, configure HIPAA-compliant retention policies, and enable audit logging before migrating PHI. Financial services must configure communication archiving for SEC/FINRA compliance, implement information barriers, and verify data residency settings. Government agencies may need GCC or GCC High tenants for FedRAMP compliance. All regulated industries should configure Data Loss Prevention (DLP) policies, sensitivity labels, and retention policies before migration, not after. These controls must be active when the first piece of regulated data enters the tenant.
How to create a communication plan for Office 365 migration?
An effective migration communication plan includes five phases: awareness (4 weeks before — announce the migration, explain why, set expectations), preparation (2 weeks before — share training resources, explain what changes and what stays the same), execution (migration week — daily status updates, helpdesk escalation paths, known issues), validation (post-migration — confirm completion, gather feedback, address issues), and optimization (30-60 days post — share tips, highlight new capabilities, celebrate adoption milestones). Use multiple channels: email for formal announcements, Teams/Slack for real-time updates, intranet for self-service resources, and in-person sessions for executive updates.
What testing should be done before going live with Office 365?
Pre-go-live testing should cover: mail flow testing (internal, external, distribution lists, shared mailboxes), calendar functionality (scheduling, room bookings, delegate access), SharePoint/OneDrive access and sync (file upload, sharing, co-authoring), Teams functionality (chat, calls, meetings, channel access), mobile device access (Outlook mobile, Teams mobile, OneDrive app), third-party application integration (CRM, ERP, LOB apps that integrate with email or SharePoint), security controls (conditional access policies, DLP rules, sensitivity labels), and disaster recovery procedures (backup verification, restore testing). Test with a pilot group of 50-100 users representing all departments and roles for at least 2 weeks before broader rollout.
Need Help with Your Office 365 Migration?
EPC Group has guided hundreds of enterprise organizations through successful Microsoft 365 migrations. Start with a structured readiness assessment based on this checklist to identify gaps before they become problems.
Schedule a Migration Readiness AssessmentErrin O'Connor
CEO & Chief AI Architect at EPC Group | 28+ years Microsoft consulting | Microsoft Press author