Exchange to Microsoft 365 Migration
Enterprise-grade migration methodology from 25+ years and 500+ Exchange deployments. Cutover, staged, and hybrid approaches for 100 to 50,000+ mailboxes.
Exchange to Microsoft 365 Migration: What Enterprise IT Leaders Need to Know in 2026
How do you migrate from Exchange to Microsoft 365? Exchange to Microsoft 365 migration follows five phases: (1) Assess your environment — inventory every mailbox, public folder, distribution group, transport rule, and third-party integration. (2) Choose the right approach — cutover for under 150 mailboxes, staged for 150-2,000, hybrid for 2,000+. (3) Prepare infrastructure — deploy Azure AD Connect, verify DNS, provision licenses, and configure hybrid if needed. (4) Migrate in waves — move mailboxes in planned batches with validation at each checkpoint. (5) Optimize and decommission — update MX records, disable on-premises servers, enforce modern authentication, and train users. The entire process takes 2 weeks to 6 months depending on scale and complexity.
With Exchange Server 2016 and 2019 both reaching end of extended support in October 2025, the migration clock is no longer ticking — it has already expired. Organizations still running on-premises Exchange are operating on infrastructure that no longer receives security patches from Microsoft. Every month of delay increases exposure to zero-day vulnerabilities, compliance audit findings, and the operational burden of maintaining aging hardware.
At EPC Group, we have been migrating Exchange environments since Exchange 5.5 — before the platform even had a web-based client. Over 25 years and more than 500 Exchange migration engagements, we have developed a methodology that eliminates the three most common failure points: mailbox corruption going undetected until migration day, public folder hierarchies that exceed Exchange Online limits, and third-party applications that silently break when SMTP relay configurations change.
This guide covers everything you need to plan and execute a successful Exchange to Microsoft 365 migration in 2026. Whether you are moving 100 mailboxes from a single Exchange 2019 server or orchestrating a 50,000-mailbox hybrid migration across multiple Active Directory forests, the principles and decision frameworks here reflect real-world enterprise experience — not theoretical best practices. For broader Microsoft 365 consulting guidance, see our dedicated service page.
Why Migrate from Exchange Server Now: End of Life Is Already Here
Microsoft ended extended support for both Exchange Server 2016 and Exchange Server 2019 on October 14, 2025. If your organization is still running either version, you are operating without a safety net. No more security updates. No more hotfixes. No more support tickets to Microsoft when something breaks at 2 AM on a Friday.
The risk is not hypothetical. Exchange Server has been one of the most targeted platforms for cyberattacks over the past five years. The ProxyLogon and ProxyShell vulnerabilities in 2021 compromised tens of thousands of on-premises Exchange servers worldwide. The Hafnium attacks demonstrated that nation-state actors specifically target unpatched Exchange infrastructure. Without ongoing security patches, your Exchange server is a known attack surface with no defensive updates coming.
Security Risk Elimination
Exchange Online receives security updates within hours of discovery. On-premises Exchange 2016/2019 receives nothing after October 2025. Every unpatched CVE becomes a permanent vulnerability in your environment.
Infrastructure Cost Savings
On-premises Exchange requires server hardware, Windows Server licenses, storage arrays, backup infrastructure, and dedicated administration. Exchange Online eliminates all of this — typically saving $15-$30 per mailbox per month in total cost of ownership.
Feature Velocity
Exchange Online receives monthly feature updates including Copilot for Outlook integration, Loop components in email, intelligent scheduling, and advanced anti-phishing. On-premises Exchange has been feature-frozen since 2019.
Anywhere Access
Exchange Online provides native mobile access, web-based Outlook, and seamless integration with Teams, SharePoint, and OneDrive. No more VPN requirements, OWA certificate management, or ActiveSync troubleshooting.
Microsoft has released Exchange Server Subscription Edition (SE) as the on-premises successor, but it is primarily designed as a hybrid management endpoint — not as a long-term alternative to Exchange Online. Microsoft's strategic investment, feature development, and security engineering resources are overwhelmingly directed toward Exchange Online. The message from Redmond is clear: the future of enterprise email is in the cloud.
For organizations with regulatory constraints that require on-premises infrastructure — such as certain government agencies subject to ITAR or classified data requirements — Exchange Server SE provides a supported path. But for the vast majority of enterprises, including those in healthcare, finance, and commercial government, Exchange Online with appropriate compliance configurations (GCC, GCC High) is both the most secure and most cost-effective option available today.
Exchange Migration Approaches Compared
Choosing the right migration approach is the single most consequential decision in your Exchange to Microsoft 365 project. The wrong choice can add months to your timeline and tens of thousands of dollars to your budget.
| Approach | Best For | Exchange Versions | Duration | Coexistence | Complexity | User Impact |
|---|---|---|---|---|---|---|
| Cutover | Under 150 mailboxes | Exchange 2013, 2016, 2019 | 1-2 weeks | No — all-at-once | Low | Medium — weekend cutover |
| Staged | 150-2,000 mailboxes | Exchange 2003, 2007 | 4-8 weeks | Partial — batch-based | Medium | Low — phased rollout |
| Hybrid | 2,000+ mailboxes | Exchange 2013, 2016, 2019, SE | 6 weeks - 6 months | Full — indefinite coexistence | High | Minimal — seamless |
| IMAP | Non-Exchange mail systems | Gmail, Zimbra, Dovecot, any IMAP | 2-6 weeks | No | Low-Medium | Medium — mail only |
Cutover Migration: Fast but Limited
Cutover migration is the simplest approach — you create a migration batch that includes every mailbox, and Exchange Online pulls the data over a few days. Once synchronization completes, you switch MX records and decommission on-premises Exchange. The entire process can execute over a single weekend for small organizations.
The hard limit is 150 mailboxes. Microsoft technically supports up to 2,000 mailboxes via cutover, but in practice performance degrades significantly above 150. More importantly, cutover migration is all-or-nothing — there is no option to move a subset of users first and validate. If something goes wrong, you roll back the entire organization. For these reasons, we recommend cutover only for organizations under 150 mailboxes with straightforward configurations.
Staged Migration: Legacy Exchange Path
Staged migration was designed specifically for Exchange 2003 and 2007 environments. It allows you to migrate mailboxes in batches, providing a phased transition path. Each batch synchronizes independently, and users are migrated in groups based on department, location, or business unit.
In 2026, staged migration is rare because most organizations have already moved past Exchange 2003/2007. However, we still encounter it in government agencies and regulated industries where hardware refresh cycles are exceptionally long. If your organization is still on Exchange 2007, staged migration combined with a directory synchronization tool is your most reliable path forward.
Hybrid Migration: The Enterprise Standard
Hybrid migration is what 90% of enterprise organizations choose, and for good reason. It provides full coexistence between on-premises Exchange and Exchange Online — users can send mail, share calendars, and access free/busy information seamlessly regardless of which system hosts their mailbox. The Hybrid Configuration Wizard (HCW) automates the setup of send/receive connectors, organization relationships, and OAuth authentication between environments.
The biggest advantage of hybrid is flexibility. You can migrate 50 users per week, 500 per week, or pause entirely without disrupting service. Mailbox moves happen in the background — users continue working in Outlook and only notice the change when they restart the application. This makes hybrid the only viable approach for organizations where downtime has direct revenue impact. Our team at EPC Group has configured hybrid environments spanning multiple Active Directory forests, resource forest topologies, and multi-geo Microsoft 365 tenants.
IMAP Migration: Non-Exchange Sources
IMAP migration handles non-Exchange mail systems — Gmail, Zimbra, Dovecot, Kerio Connect, MDaemon, and any server that supports IMAP4. The critical limitation is that IMAP migration only moves email messages. Calendars, contacts, tasks, rules, and auto-replies do not transfer. For organizations migrating from Google Workspace, Microsoft provides specific Google Workspace migration tools that handle calendar and contact migration alongside mail.
Pre-Migration Assessment Checklist
Every failed Exchange migration we have been called in to remediate shared one thing in common: an inadequate assessment phase. This checklist reflects 500+ engagements worth of hard-won lessons.
Mailbox Inventory
- Total mailbox count by type (user, shared, resource, equipment)
- Mailbox size distribution — identify outliers exceeding 50GB
- Archive mailbox inventory and size
- Inactive/disabled mailbox audit
- Mailbox delegate and permission mapping (Send-As, Full Access)
- Distribution group and dynamic distribution group inventory
Public Folder Audit
- Total public folder count and hierarchy depth
- Public folder size (individual and aggregate)
- Mail-enabled public folder inventory
- Public folder permission assignments
- Identify public folders convertible to Teams/SharePoint
- Check against Exchange Online limits (250K folders, 100 PF mailboxes)
Security & Compliance
- Transport rule inventory and conversion feasibility
- DLP policy documentation
- Litigation hold and in-place hold inventory
- Journaling configuration and archive requirements
- Retention policies and tags
- Certificate inventory (SSL/TLS, SMTP relay)
Infrastructure Dependencies
- Third-party applications using SMTP relay
- CRM/ERP integrations with Exchange (Salesforce, SAP, Dynamics)
- Multi-function printer/scanner email configurations
- Monitoring and alerting tool integrations
- VoIP/unified messaging dependencies
- Network bandwidth assessment for migration throughput
Hybrid Architecture Deep Dive
Exchange hybrid is more than a migration tool — it is an architectural pattern that enables indefinite coexistence between on-premises Exchange and Exchange Online. Understanding the components of a hybrid deployment is essential for planning, troubleshooting, and eventually decommissioning on-premises infrastructure.
Azure AD Connect: The Identity Bridge
Azure AD Connect (now Microsoft Entra Connect) synchronizes your on-premises Active Directory to Azure AD. It handles user identity synchronization, password hash sync or pass-through authentication, group membership, and Exchange attributes like proxy addresses and mailbox GUIDs. For Exchange hybrid, Azure AD Connect must synchronize Exchange-specific attributes that enable the hybrid mail flow and free/busy sharing. We configure Azure AD Connect with password hash synchronization as the authentication method for 90% of deployments — it provides the best resilience and enables features like leaked credential detection. Organizations requiring no cloud password storage can use pass-through authentication or federation with AD FS, though both add operational complexity.
Hybrid Configuration Wizard (HCW)
The HCW automates the complex configuration required for Exchange hybrid. It creates send and receive connectors for secure mail flow between on-premises and Exchange Online, configures organization relationships for free/busy sharing, sets up OAuth authentication for cross-premises features, and configures the Mailbox Replication Service (MRS) endpoint that handles mailbox moves. Modern hybrid also supports a minimal hybrid configuration that uses the Hybrid Agent — a lightweight connector that eliminates the need for inbound firewall rules and public IP addresses for on-premises Exchange servers. We recommend the Hybrid Agent for organizations that want to minimize their on-premises footprint while maintaining migration capability.
Mail Flow in Hybrid: Centralized vs. Decentralized
Hybrid mail flow supports two models. Centralized transport routes all outbound internet mail through on-premises Exchange — useful when you have compliance appliances (DLP, encryption gateways) that must inspect all mail before it leaves the organization. Decentralized transport allows Exchange Online mailboxes to send directly to the internet through Exchange Online Protection. Most organizations start with centralized transport during migration (to maintain existing compliance controls) and switch to decentralized transport after migration completes. EPC Group documents the mail flow architecture and transition plan as part of every hybrid engagement.
Decommissioning On-Premises Exchange After Migration
A common misconception is that you can simply turn off on-premises Exchange servers once all mailboxes are in Exchange Online. In reality, if you used hybrid migration, you need to keep at least one Exchange server running as a management endpoint for recipient attribute management — unless you transition to Exchange Server SE or adopt cloud-only management with Microsoft's supported tools. Microsoft has been working toward eliminating this requirement, and Exchange Server SE provides a cleaner decommission path. We include detailed decommission planning in every hybrid migration engagement, including the specific steps to remove Exchange servers from Active Directory cleanly.
Mailbox Migration Planning and Wave Strategy
Mailbox migration is not a single event — it is a carefully sequenced operation that unfolds over weeks or months. The wave strategy determines which users migrate when, and getting it wrong creates cascading problems with delegate access, shared mailbox availability, and team productivity.
Our standard wave strategy follows this sequence: Wave 0 is the pilot group — IT staff and early adopters who can provide feedback and tolerate minor issues. Wave 1 targets departments with minimal cross-team dependencies and low shared mailbox usage. Wave 2 through Wave N progressively migrate remaining departments, keeping teams with heavy delegate access and shared mailboxes together in the same wave. The final wave migrates executive assistants, shared mailboxes, and resource mailboxes last, because these accounts typically have the most complex permission structures.
Within each wave, the actual mailbox move happens in the background. The MRS (Mailbox Replication Service) performs an initial sync of the mailbox data, then incrementally syncs new items until you complete the migration batch. The completion step is what actually switches the user to Exchange Online — this is typically scheduled during off-hours and takes only minutes per mailbox. Users need to restart Outlook to connect to their new mailbox location, and Outlook auto-discovers the new endpoint through Autodiscover.
Critical planning detail: always migrate a user and their delegates together. If User A has granted Full Access to User B, migrating User A without User B creates a cross-premises delegate scenario that works but introduces latency. Migrating both in the same wave provides the best experience for both users.
Public Folder and Calendar/Contact Migration
Public Folders: Migrate, Convert, or Retire
Public folders are often the most challenging component of an Exchange migration. Organizations that have run Exchange for 15-20 years frequently have thousands of public folders, many of which are orphaned, duplicated, or unused. The first step is always a usage audit — we analyze folder access patterns to identify which public folders are actively used, which are referenced occasionally, and which have not been accessed in years.
For actively used public folders, you have three options: migrate them to Exchange Online public folders (supported via batch migration scripts), convert them to Microsoft 365 Groups or shared mailboxes (better for collaboration), or migrate content to SharePoint document libraries or Teams channels (best for document-centric folders). EPC Group recommends converting to modern collaboration tools wherever possible — public folders are a legacy construct, and SharePoint migration provides a more robust, searchable, and permission-controlled alternative.
Calendar and Contact Migration
Calendar data migrates automatically with the mailbox in cutover and hybrid migrations. However, calendar delegate permissions, resource mailbox configurations, and room booking policies require separate validation. Resource mailboxes (conference rooms, equipment) should be migrated early because they affect the entire organization's scheduling capability.
Contact migration is straightforward for individual mailbox contacts but becomes complex when organizations use public folder contacts as a shared address book. These shared contact lists should be migrated to shared mailbox contacts or Microsoft 365 group contacts. External contact objects in Exchange (mail contacts and mail users) synchronize through Azure AD Connect and appear in the Global Address List automatically after directory sync.
Security and Compliance During Migration
Migration is a period of elevated risk. Data is in transit, authentication configurations are changing, and users may temporarily have access to both old and new systems. Here is how we maintain security and compliance throughout.
Healthcare (HIPAA)
- All migration traffic encrypted with TLS 1.2+ — PHI never transmitted in plaintext
- BAA verification for Microsoft 365 tenant and any third-party migration tools
- Audit logging enabled before first mailbox moves — required for PHI access tracking
- Sensitivity labels applied to migrated mailboxes containing ePHI
- Post-migration validation of DLP policies protecting PHI in email
- Exchange Online message encryption configured for external PHI transmission
Financial Services (SOC 2)
- Change management documentation for every migration wave
- Chain of custody records for data movement between systems
- Access control verification at each migration checkpoint
- Transport rule conversion audit with before/after comparison
- eDiscovery hold verification — litigation holds must persist through migration
- Privileged access workstation requirements for migration administrators
Government (FedRAMP)
- GCC or GCC High tenant provisioning based on data classification
- Migration tools must be FedRAMP-authorized at appropriate impact level
- CUI handling procedures during data transfer
- NIST 800-53 control documentation for migration procedures
- Network boundary documentation for hybrid configuration
- Incident response plan specific to migration-period vulnerabilities
EPC Group includes compliance validation as a formal phase in every regulated Exchange migration. Our Azure consulting team works alongside the migration team to ensure that Azure AD Conditional Access, Microsoft Purview, and Exchange Online Protection are configured correctly before any regulated mailbox data moves to the cloud.
Post-Migration Optimization
Migration completion is not the finish line — it is the starting point for optimization. Too many organizations move mailboxes to Exchange Online and then continue operating exactly as they did on-premises, missing the cloud-native capabilities that justify the migration investment.
Disable Legacy Protocols
Turn off IMAP, POP3, SMTP AUTH, and basic authentication. Enforce modern authentication (OAuth 2.0) and Conditional Access policies. This single step eliminates the most common attack vector against Exchange Online mailboxes — password spray attacks against legacy protocols.
Configure Exchange Online Protection (EOP)
Fine-tune anti-phishing policies, safe links, safe attachments, and anti-spoofing. Set up Zero-hour Auto Purge (ZAP) to retroactively remove malicious messages that bypassed initial scanning. Configure enhanced filtering for connectors if mail flows through a third-party service.
Implement Microsoft Purview
Configure sensitivity labels, retention policies, Data Loss Prevention rules, and eDiscovery. If you were using on-premises DLP transport rules, now is the time to migrate them to the cloud-native Purview DLP engine, which provides significantly more granular controls and better integration with Teams and SharePoint.
Enable Mailbox Auditing and Unified Audit Log
Mailbox auditing is enabled by default for Exchange Online mailboxes, but verify the audit actions being logged match your compliance requirements. Configure the Unified Audit Log for cross-service auditing including SharePoint, Teams, and Azure AD activity.
Deploy Copilot for Outlook
With mailboxes in Exchange Online, you can now deploy Copilot for Microsoft 365 to provide AI-powered email summarization, draft assistance, and intelligent scheduling. This is a productivity multiplier that only works with Exchange Online mailboxes.
Decommission On-Premises Infrastructure
Follow Microsoft documented decommission procedures to remove Exchange servers from Active Directory cleanly. Retain backups of Exchange databases for the period required by your retention policies. Update firewall rules, DNS records, and certificates associated with the decommissioned infrastructure.
Common Exchange Migration Pitfalls
These are real problems we have encountered and resolved in production Exchange migrations. Each one has cost at least one organization a week or more of unplanned remediation work.
Oversized Mailboxes Blocking Migration
Exchange Online limits primary mailboxes to 50GB (or 100GB with E3/E5 licensing). Mailboxes exceeding the target limit fail to migrate. Run a pre-migration size report and enforce archive policies before migration begins.
SMTP Relay Applications Breaking
Multi-function printers, monitoring systems, and LOB applications that relay mail through on-premises Exchange lose connectivity when the server is decommissioned. Map every SMTP relay source and reconfigure for Exchange Online SMTP relay or direct send.
Autodiscover Not Resolving
After MX record changes, Outlook clients must discover the new mailbox location via Autodiscover. Incorrect DNS configuration, stale Autodiscover records, or corporate firewalls blocking Autodiscover endpoints cause Outlook to fail silently. Test Autodiscover resolution before and after cutover.
Delegate Permissions Silently Broken
Send-As, Send-on-Behalf, and Full Access permissions do not always survive cross-premises migration cleanly. Export all delegate permissions before migration and validate them after each wave. Automated post-migration permission checks are essential.
Mobile Devices Requiring Reconfiguration
ActiveSync profiles on iOS and Android devices may need to be removed and re-added after migration. For managed devices (Intune), push updated Exchange Online profiles before migration. For unmanaged BYOD devices, communicate reconfiguration steps clearly.
Transport Rules Not Converting 1:1
On-premises transport rules sometimes use conditions or actions that do not have exact Exchange Online equivalents. Audit every transport rule, test conversion in a pilot, and document any rules that require redesign or replacement with Purview DLP policies.
Timeline and Cost Estimates by Organization Size
These estimates reflect EPC Group's actual engagement data across 500+ Exchange migrations. Your timeline and cost may vary based on complexity factors including compliance requirements, third-party integrations, and public folder volume.
| Mailboxes | Approach | Assessment | Planning | Pilot | Execution | Validation | Total | Cost Range |
|---|---|---|---|---|---|---|---|---|
| 100 | Cutover | 1 week | 1 week | N/A | 1 weekend | 3 days | 2-3 weeks | $15,000-$30,000 |
| 500 | Staged / Hybrid | 2 weeks | 2 weeks | 1 week | 2-3 weeks | 1 week | 6-8 weeks | $40,000-$80,000 |
| 1,000 | Hybrid | 2 weeks | 2-3 weeks | 1 week | 3-4 weeks | 1-2 weeks | 8-12 weeks | $75,000-$150,000 |
| 5,000+ | Hybrid | 3-4 weeks | 3-4 weeks | 2 weeks | 8-16 weeks | 2-3 weeks | 4-6 months | $200,000-$500,000+ |
These cost ranges include EPC Group's professional services for assessment, planning, execution, and post-migration support. They do not include Microsoft 365 licensing costs, which vary by plan (Business Basic at $6/user/month, E3 at $36/user/month, E5 at $57/user/month). For organizations with existing Microsoft 365 licenses, the migration cost is the professional services component only.
EPC Group offers fixed-fee Exchange migration accelerators starting at $25,000 for organizations with straightforward environments. These accelerators include a defined scope, guaranteed timeline, and fixed price — no hourly billing surprises. Contact us for a scoping call to determine if your environment qualifies for accelerator pricing.
EPC Group Exchange Migration Track Record
500+
Exchange migrations completed
25+
Years of Exchange expertise
99.97%
Mailbox migration success rate
0
Data loss incidents in production
Related Resources
Microsoft 365 Consulting Services
Full-service Microsoft 365 deployment, governance, and optimization for enterprise.
Read moreAzure Cloud Consulting
Azure infrastructure, migration, and hybrid cloud architecture for enterprise workloads.
Read moreSharePoint Migration Services
Enterprise SharePoint migration methodology, pricing, and compliance frameworks.
Read moreFrequently Asked Questions
How do you migrate from Exchange to Microsoft 365?
Exchange to Microsoft 365 migration follows five phases: (1) Pre-migration assessment — inventory mailboxes, public folders, distribution groups, transport rules, and third-party integrations. (2) Choose migration approach — cutover for under 150 mailboxes, staged for 150-2,000, hybrid for 2,000+, or IMAP for non-Exchange sources. (3) Prepare the environment — configure Azure AD Connect, verify domains, set up MX records, and provision licenses. (4) Execute migration — move mailboxes in waves with validation checkpoints, typically during off-hours. (5) Post-migration optimization — decommission on-premises servers, update DNS, configure Exchange Online Protection, and train users. EPC Group has completed 500+ Exchange migrations across Fortune 500 organizations.
How long does an Exchange to Microsoft 365 migration take?
Timeline depends on mailbox count and complexity. For 100 mailboxes with a cutover migration: 1-2 weeks. For 500 mailboxes with a staged migration: 4-6 weeks. For 1,000 mailboxes with a hybrid migration: 6-10 weeks. For 5,000+ mailboxes with a hybrid migration in a regulated industry: 3-6 months. Factors that extend timelines include public folder migrations, journal mailbox archives, third-party application dependencies (CRM, ERP integrations), compliance validation for HIPAA or SOC 2, and complex transport rule conversions.
What is the difference between cutover, staged, and hybrid Exchange migration?
Cutover migration moves all mailboxes at once in a single batch — best for organizations with fewer than 150 mailboxes running Exchange 2013 or later. Staged migration moves mailboxes in batches over weeks — designed for Exchange 2003/2007 environments with 150-2,000 mailboxes. Hybrid migration maintains coexistence between on-premises Exchange and Exchange Online — required for organizations with 2,000+ mailboxes, complex routing, or extended coexistence needs. IMAP migration is for non-Exchange mail systems like Gmail, Zimbra, or Dovecot. Most enterprise organizations choose hybrid because it provides the smoothest user experience with no mailbox access downtime during migration.
How much does Exchange to Microsoft 365 migration cost?
Exchange migration costs vary by scale: 100 mailboxes (cutover) costs $15,000-$30,000. 500 mailboxes (staged/hybrid) costs $40,000-$80,000. 1,000 mailboxes (hybrid) costs $75,000-$150,000. 5,000+ mailboxes (hybrid with compliance) costs $200,000-$500,000+. These estimates include assessment, planning, execution, and post-migration support. Additional costs to budget for: Microsoft 365 licensing ($12-$57/user/month depending on plan), Azure AD Connect infrastructure, third-party migration tools if needed, and user training. EPC Group offers fixed-fee Exchange migration accelerators starting at $25,000.
Is Exchange Server 2016 end of life in 2025?
Yes. Exchange Server 2016 reached end of extended support on October 14, 2025. This means Microsoft no longer provides security updates, bug fixes, or technical support. Running Exchange 2016 after this date creates significant security and compliance risks — unpatched Exchange servers are among the most commonly exploited attack vectors. Exchange Server 2019 reaches end of extended support on October 14, 2025 as well. Microsoft has released Exchange Server Subscription Edition (SE) as the on-premises successor, but the strategic direction is Exchange Online within Microsoft 365. Organizations still running Exchange 2016 or 2019 should treat migration as an urgent security priority.
What happens to public folders during Exchange migration?
Public folders require a separate migration process from mailbox migration. Microsoft provides the public folder migration scripts (batch migration) that convert on-premises public folders to Microsoft 365 public folder mailboxes. The process: (1) Run pre-migration scripts to inventory public folder hierarchy and permissions. (2) Generate CSV mapping files for source-to-target folder mapping. (3) Create migration batches and initiate synchronization. (4) Complete final sync and cut over. Key considerations: Microsoft 365 supports up to 250,000 public folders and 100 public folder mailboxes. Organizations exceeding these limits need to archive or restructure. Many organizations also use this migration as an opportunity to convert public folders to shared mailboxes, Microsoft Teams channels, or SharePoint document libraries.
How do you maintain email flow during Exchange hybrid migration?
Hybrid migration maintains seamless email flow through the Hybrid Configuration Wizard (HCW), which establishes secure mail flow connectors between on-premises Exchange and Exchange Online. During coexistence: internal users can email each other regardless of which system hosts their mailbox. Free/busy calendar sharing works across both environments. The Global Address List (GAL) remains unified through Azure AD Connect directory synchronization. Mail routing uses the Organization Relationship and send/receive connectors configured by HCW. MX records can point to either on-premises or Exchange Online Protection during migration — we recommend switching MX to EOP early to benefit from advanced threat protection. The hybrid topology is fully supported by Microsoft and can run indefinitely during extended migrations.
What security considerations apply during Exchange migration?
Exchange migration introduces several security considerations: (1) Data in transit — all migration traffic should use TLS 1.2+ encryption; hybrid uses certificate-based authentication. (2) Credential management — Azure AD Connect service accounts need strict access controls and monitoring. (3) MX record transition — the window when MX records propagate creates a brief period where mail may route to either system; plan for this with appropriate TTL settings. (4) Conditional Access — configure Azure AD Conditional Access policies before migrating mailboxes to prevent authentication bypass. (5) Legacy protocols — migration is the ideal time to disable IMAP, POP3, and basic authentication in favor of modern authentication (OAuth 2.0). (6) Data Loss Prevention — configure Exchange Online DLP policies to match or exceed on-premises transport rules before migration. (7) For regulated industries, ensure compliance holds and litigation holds transfer correctly.
Can you migrate Exchange journal mailboxes and archives?
Yes, but journal and archive mailboxes require special handling. Exchange journal mailboxes often contain terabytes of data subject to regulatory retention requirements. Options: (1) Migrate journal data to Exchange Online archive mailboxes with auto-expanding archives (unlimited storage). (2) Migrate to a third-party archiving solution like Veritas Enterprise Vault or Mimecast. (3) Use Microsoft Purview for compliance-grade retention and eDiscovery. In-place archives migrate alongside primary mailboxes during hybrid migration. Personal archives (.PST files) can be ingested using the Microsoft 365 Import Service or network upload. EPC Group always performs a journal mailbox audit before migration to identify data that can be purged versus data subject to legal hold.
What are the most common Exchange migration failures and how do you prevent them?
The five most common Exchange migration failures: (1) Oversized mailboxes exceeding Exchange Online limits — prevented by pre-migration mailbox size audit and archive policy enforcement. (2) Corrupted mailbox items blocking migration — detected by running New-MailboxRepairRequest before migration. (3) Permission and delegate access breaking — prevented by mapping all Send-As, Send-on-Behalf, Full Access, and calendar delegate permissions before migration. (4) Transport rules not converting correctly — prevented by manual rule audit and recreation in Exchange Online. (5) Third-party applications losing connectivity — prevented by comprehensive application dependency mapping during assessment. EPC Group runs automated pre-flight checks that catch 95% of these issues before they affect a single user.
Start Your Exchange to Microsoft 365 Migration
Get a free migration assessment including mailbox inventory, approach recommendation, timeline estimate, and fixed-fee pricing. No obligation, no hourly billing for the assessment.