50,000 Users. 3 Tenants. Production-safe.
How a major healthcare system merged three hospitals into one Microsoft 365 environment — without a single minute of clinical disruption.
Case Study Summary: A regional healthcare system with 3 hospitals, 50,000 users, and 180 TB of data needed to consolidate 3 separate Microsoft 365 tenants into one — while maintaining HIPAA compliance, keeping Epic EHR integrations running, and ensuring zero disruption to patient care. EPC Group completed the migration in 14 weeks with zero downtime, 99.97% data integrity, and $4.2 million in cost avoidance.
The Phone Call That Started Everything
The CIO's voice carried the weight of someone who hadn't slept well in weeks. “We acquired two hospitals in the last 18 months,” she said. “Now we have three separate Microsoft 365 tenants, three IT teams that don't talk to each other, and a board that wants one unified system by the end of Q3. Oh — and we can't take down a single clinical system for even a minute. People's lives depend on these systems staying up.”
This was not a technology problem. It was a patient safety problem wrapped in a technology wrapper. Fifty thousand healthcare professionals — physicians, nurses, pharmacists, lab technicians, administrative staff — relied on email, Teams, SharePoint, and OneDrive every single day to coordinate care. A migration failure would not just mean lost files or missed emails. It could mean a prescription notification that never arrived. A radiology report lost in transit. A care team unable to coordinate during a code blue.
The stakes were not theoretical. They were measured in lives.
The Challenge: Three Hospitals, Three Worlds
Each hospital had grown its own Microsoft 365 ecosystem organically. Hospital A — the original system — ran a mature E5 tenant with 22,000 users, deep SharePoint integration, and custom Power Platform applications tracking surgical inventory. Hospital B, acquired 18 months earlier, operated an E3 tenant with 16,000 users and a completely different folder structure, naming convention, and security model. Hospital C, the most recent acquisition, still had 12,000 users on a hodgepodge of E1 and E3 licenses with almost no governance.
The result was chaos. Physicians who worked across campuses had three separate email addresses. Scheduling a cross-hospital Teams meeting required external guest invitations. Patient data shared via SharePoint triggered HIPAA concerns because cross-tenant sharing couldn't be properly audited. The compliance team was losing sleep.
50,000 Total Users
Across 3 hospitals with different license tiers (E1, E3, E5), security models, and governance policies
180 TB of Data
12,000+ SharePoint sites, 8,500 Teams instances, millions of OneDrive files, and 15 years of email archives
47 EHR Integration Points
Epic EHR connected to M365 for clinical notifications, SSO, document management, and scheduling workflows
HIPAA Compliance
Protected Health Information across all three tenants required chain-of-custody documentation and encryption throughout migration
Board Deadline
The board mandated a single unified tenant by end of Q3 — a non-negotiable 18-week window from kickoff to completion
Zero Tolerance for Downtime
Clinical systems run 24/7/365. No maintenance windows. No "planned outages." Patient care cannot stop.
The Stakes: $2.3 Million Per Day of Disruption
The financial modeling was sobering. With 50,000 users and an average loaded cost of $46 per hour per employee, every hour of system downtime represented $2.3 million in lost productivity. But the true cost went far beyond payroll.
A failed migration could trigger a HIPAA breach investigation. The healthcare system processed 1.2 million patient encounters annually. If PHI was exposed or lost during migration, the Office for Civil Rights (OCR) could levy penalties up to $1.5 million per violation category. The compliance team calculated worst-case exposure at $12 million in potential HIPAA fines if the migration was handled carelessly.
Then there was the human cost. Emergency department physicians relied on Teams for real-time consults with specialists across campuses. Pharmacists received prescription verification notifications through Exchange-integrated workflows. Lab technicians shared results through SharePoint document libraries connected to the EHR. If any of these systems went dark — even briefly — patient care would be directly impacted.
What Was at Risk
“This isn't an IT project,” the CIO told her board. “This is an operational risk mitigation initiative. We need a partner who has done this before — at this scale, in healthcare, with zero margin for error.”
The Solution: Sleep Through Your Migration
EPC Group's approach was built on a single principle: no weekend war rooms. The migration should be so transparent, so seamless, that end users wouldn't know it happened until they received the “Welcome to your new environment” email.
Zero-Downtime Coexistence Architecture
Instead of a “big bang” cutover — the approach that has killed countless migrations — EPC Group deployed a coexistence architecture. All three source tenants continued operating normally while the target tenant was built in parallel. Mail flow was dual-routed so email arrived in both environments simultaneously. Calendar free/busy lookup worked cross-tenant through federated trust. Users in different wave groups could continue collaborating without interruption.
Wave-Based Migration Strategy
EPC Group divided the 50,000 users into 8 migration waves, carefully sequenced to minimize cross-team disruption. Each wave included a mix of users from all three hospitals, organized by department and collaboration patterns. Clinical departments were migrated during historically low-census periods. Administrative departments were migrated mid-week to avoid Monday and Friday peak loads.
The pilot wave — 1,500 users from across all three hospitals — ran for three full weeks. This was not a checkbox exercise. EPC Group's team sat with physicians, nurses, and IT staff to observe their workflows in the new environment. Every integration point was tested. Every edge case was documented. By the time wave two began, the migration runbook was battle-tested.
EHR Integration Protection
The 47 Epic EHR integration points were the most sensitive component. EPC Group created a parallel integration environment in the target tenant and ran both in tandem for four weeks before cutting over. Clinical notifications, SSO authentication, and document management workflows were validated by clinical informaticists — not just IT engineers. The EHR team from each hospital signed off before their users were migrated.
HIPAA Chain of Custody
Every piece of data that moved between tenants was logged. EPC Group's proprietary migration tool generates a chain-of-custody record for every item: source location, destination location, timestamp, checksum, encryption status, and the identity of the migration engineer responsible. The resulting audit trail — over 2.3 million individual records — was delivered to the Chief Compliance Officer as a HIPAA Migration Compliance Report. When the OCR audit team reviewed the migration six months later, they cited it as “exemplary documentation.”
Coexistence Architecture
Dual mail flow, cross-tenant federation, transparent cutover
Wave-Based Migration
8 waves, ~6,000 users each, sequenced by department and collaboration patterns
EHR Protection
47 Epic integration points validated by clinical informaticists before cutover
Migration Timeline: 18 Weeks from Kickoff to Hypercare
Discovery & Architecture
Inventoried 50,000 users across 3 tenants. Mapped 12,000+ SharePoint sites, 8,500 Teams instances, 180 TB of data. Identified 47 EHR integration points. Designed target tenant architecture.
Pilot Migration
Migrated 500 users from each hospital (1,500 total pilot). Validated Epic EHR integration. Tested physician workflows, clinical scheduling, and administrative processes. Achieved 99.99% data integrity in pilot.
Wave Migration
Migrated ~6,000 users per week in 8 waves. Clinical staff migrated during low-census periods. Administrative staff migrated department by department. Real-time dashboard tracked progress across all three source tenants.
72-Hour Cutover
DNS cutover executed Friday evening. All three source tenants deactivated by Sunday night. Monday morning: 50,000 users on single tenant. Help desk handled 127 tickets — a 0.25% issue rate.
Hypercare & Optimization
24/7 support team for first 2 weeks. License optimization saved $380K annually. Conditional Access policies unified. HIPAA compliance validation report delivered to CIO and Chief Compliance Officer.
The Results: Monday Morning, Business as Usual
The final cutover happened on a Friday evening. By Sunday night, all 50,000 users were on a single tenant. Monday morning, they logged in and went to work. Most didn't even notice.
“I have been through three major IT migrations in my career. Every single one involved weekend war rooms, angry clinicians, and months of cleanup. This was the first time I woke up on Monday morning after a migration and felt... nothing. No fires. No escalations. Just 50,000 people doing their jobs. That's what zero downtime actually means.”
— Chief Information Officer, Multi-Hospital Healthcare Network
What Production-Safe Cutover Actually Looked Like
The 72-hour cutover window deserves closer examination, because this is where most migrations fail. EPC Group's approach eliminated the risk factors that derail traditional cutovers.
Friday 6:00 PM: The migration team initiated the final delta sync across all three source tenants. Because the coexistence architecture had been running for weeks, this was not a massive data transfer — it was a small incremental sync of changes made that day. Total delta: 12 GB across 50,000 mailboxes.
Friday 11:00 PM: DNS MX records were updated for all three source domains. Email began routing to the target tenant. The change propagated within 45 minutes — well within the TTL window EPC Group had pre-staged days earlier.
Saturday 8:00 AM: Identity cutover completed. All 50,000 users could authenticate against the target tenant. Source tenant access was maintained in read-only mode as a safety net.
Sunday 6:00 PM: Final validation completed. Item counts matched across all workloads. EHR integrations confirmed operational. Compliance team signed off.
Monday 7:00 AM: 50,000 users logged in. The help desk received 127 tickets — most related to Outlook profile reconfiguration, which was resolved by a self-service script EPC Group had pre-deployed. That is a 0.25% issue rate, compared to the industry average of 5-8% for migrations at this scale.
Financial Impact
$1.8M/year saved
$1.2M/year saved
$12M exposure eliminated
$2.3M/hour protected
Technical Architecture: How It Worked
For the technical leaders reading this case study, here is the architecture that made zero downtime possible at 50,000 users.
Identity Layer
Azure AD Connect synced all three source tenants to the target. Cross-tenant trust enabled seamless authentication during coexistence. Conditional Access policies were migrated and tested in report-only mode before enforcement.
Mail Flow
Transport rules in Exchange Online routed mail to both source and target simultaneously. After DNS cutover, mail routed directly to target. Source mailboxes were kept in forwarding mode for 30 days to catch stragglers.
SharePoint & OneDrive
EPC Group's proprietary tool migrated 12,000+ sites with full version history, permissions, and metadata. Sites were migrated in dependency order — parent hub sites first, then associated team sites — to preserve navigation and search.
Teams
8,500 Teams instances migrated with channels, tabs, files, and conversation history. Cross-tenant Teams federation maintained collaboration during migration waves.
Compliance
Retention policies, DLP rules, sensitivity labels, and eDiscovery cases were recreated in the target tenant and validated against HIPAA requirements before any data was migrated.
Frequently Asked Questions
How do you migrate Microsoft 365 tenants in healthcare without downtime?
EPC Group uses a coexistence architecture where both source and target tenants operate simultaneously. Mail flow is dual-routed, calendar free/busy lookup works cross-tenant, and users are migrated in waves during off-peak hours. Physicians, nurses, and administrative staff never experience an interruption because the cutover happens transparently at the DNS and identity layer while the user continues working. Our proprietary migration tool handles incremental syncs continuously so no data is lost between the initial copy and final cutover.
How long does a 50,000-user Microsoft 365 tenant migration take?
A migration of this scale typically requires 12-16 weeks of active migration work, preceded by 4-6 weeks of discovery, planning, and pilot testing. EPC Group completed this healthcare migration in 14 weeks total, including a 3-week pilot phase, 8 weeks of batch migration (approximately 6,000 users per week), and a 72-hour final cutover window. The total project timeline including hypercare was 18 weeks. Our proprietary tool processes 50-100 GB per hour, which is critical at this scale where total data volume exceeded 180 TB.
How do you maintain HIPAA compliance during a Microsoft 365 migration?
HIPAA compliance during migration requires: (1) a Business Associate Agreement (BAA) covering all migration infrastructure, (2) encryption of PHI in transit using TLS 1.2+ and at rest using AES-256, (3) audit logging of every data movement operation with chain-of-custody documentation, (4) access controls limiting migration engineer access to only the data necessary for their role, (5) a post-migration compliance validation that maps all HIPAA Security Rule controls to the new environment, and (6) retention of migration logs for the HIPAA-required 6-year period. EPC Group provides a HIPAA Migration Compliance Report that serves as evidence for OCR audits.
What happens to EHR integrations during a Microsoft 365 tenant migration?
Electronic Health Record (EHR) systems like Epic and Cerner often integrate with Microsoft 365 through SMTP relay for clinical notifications, Azure AD for single sign-on, and SharePoint for document management. During migration, EPC Group maps every EHR integration point, creates a parallel integration in the target tenant, validates it during the pilot phase, and performs a synchronized cutover so the EHR system transitions seamlessly. In this case study, the Epic EHR integration was tested with a subset of clinical users for two weeks before the broader migration, ensuring zero disruption to clinical workflows.
What is the cost of a 50,000-user Microsoft 365 migration?
Enterprise healthcare migrations of this scale typically range from $500,000 to $1.5 million depending on complexity, compliance requirements, data volume, and timeline urgency. This engagement fell within that range and delivered $4.2 million in cost avoidance through eliminated duplicate licensing, consolidated IT staff, and avoided regulatory penalties. The ROI was realized within 8 months of migration completion. EPC Group provides fixed-fee pricing after discovery so healthcare organizations have budget certainty with no surprise costs.
Can you migrate Teams chat history and SharePoint sites between tenants?
Yes. EPC Group migrates the full spectrum of Microsoft 365 workloads including Teams chat history (1:1 chats and group chats), Teams channels and associated files, SharePoint sites with full version history and permissions, OneDrive files, Exchange mailboxes, calendar data, contacts, and Planner boards. For this healthcare client, we migrated 12,000+ SharePoint sites, 8,500 Teams instances, and 180 TB of total data. Our proprietary tool preserves metadata, timestamps, and permissions throughout, with checksum validation confirming data integrity on every item transferred.
Facing a Complex Microsoft 365 Migration?
Whether you are merging tenants, consolidating acquisitions, or migrating from Google — EPC Group delivers zero downtime at any scale. Talk to the team that holds the migration record.
Microsoft 365 Strategy: 2026 Considerations for Case Study Healthcare M365 Tenant Migration 50000 Users
Microsoft 365 GCC High vs Commercial tenant in 2026 governs whether a contractor can hold Controlled Unclassified Information (CUI) for federal work under CMMC Level 2 (110 NIST 800-171 controls) or Level 3 (134 controls). GCC High costs roughly 2x the commercial equivalent ($23-$57/user/mo) but is non-negotiable for any DoD prime or sub-prime handling CUI. Migration from Commercial to GCC High is a 14-22 week project at $350K-$950K all-in.
Microsoft 365 E5 vs E3 in 2026 is fundamentally a security and compliance decision. E5 ($57/user/mo) bundles Microsoft Defender for Endpoint Plan 2, Microsoft Defender for Cloud Apps, Insider Risk Management, Communication Compliance, Microsoft Sentinel-fed audit logs, Customer Lockbox, and Audit (Premium) 6-year retention; the full set is roughly $35/user/mo of additional value if purchased as E3 plus add-ons. For regulated industries, the E5 bundle is typically less expensive than the equivalent E3 stack.
Decision factors EPC Group evaluates
- GCC High vs Commercial tenant decision for federal contractors
- Customer Lockbox + Audit (Premium) configuration for regulated tenants
- Microsoft Purview Compliance Manager assessment baseline (HIPAA, SOC 2, GDPR, NIST AI RMF)
- E5 vs E3 + add-ons total-cost analysis at organization scale
- Microsoft Defender for Endpoint Plan 2 deployment versus Plan 1 + add-ons
For a tailored read on this topic in your specific tenant, contact EPC Group at contact@epcgroup.net or +1 (888) 381-9725. Engagement options at /pricing.