Exchange to Microsoft 365 Migration
Enterprise-grade migration methodology from 29 years and 500+ Exchange deployments. Cutover, staged, and hybrid approaches for 100 to 50,000+ mailboxes.
Last updated: 2026 · Read time: ~10 minutes
Key Facts
- Exchange Server 2019 end-of-life: October 2025. No more security patches.
- EPC Group has migrated 3.7 million+ mailboxes with zero data loss.
- Migration approaches: cutover (under 150), staged (150–2,000), hybrid (2,000+), IMAP (non-Exchange sources).
- Typical timeline: 1–2 weeks (cutover) to 8–16 weeks (hybrid enterprise).
- Microsoft Solutions Partner — Modern Work designation. 29 years of Microsoft consulting.
Exchange to Microsoft 365 Migration: What Enterprise IT Leaders Need to Know in 2026
How do you migrate from Exchange to Microsoft 365? Migrating from Exchange to Microsoft 365 involves five key phases:
- Assess your environment: Inventory every mailbox, public folder, distribution group, transport rule, and third-party integration.
- Choose the right approach: Use cutover for under 150 mailboxes, staged for 150-2,000, and hybrid for 2,000+.
- Prepare infrastructure: Deploy Azure AD Connect, verify DNS, provision licenses, and configure hybrid if needed.
- Migrate in waves: Move mailboxes in planned batches, validating at each checkpoint.
- Optimize and decommission: Update MX records, disable on-premises servers, enforce modern authentication, and train users.
The entire process can take between 2 weeks to 6 months, depending on scale and complexity.
Exchange Server 2016 and 2019 will reach the end of extended support in October 2025. The time to migrate has already passed. Organizations still using on-premises Exchange are on systems that no longer receive security updates from Microsoft.
Every month of delay increases risks, including:
- Exposure to zero-day vulnerabilities
- Compliance audit findings
- Operational burden of maintaining old hardware
At EPC Group, we have been migrating Exchange environments since Exchange 5.5, even before the platform had a web-based client. With over 29 years of experience and more than 500 Exchange migration projects, we have created a proven methodology. This approach addresses the three most common failure points:
- Mailbox corruption that goes undetected until migration day.
- Public folder hierarchies that exceed Exchange Online limits.
- Third-party applications that fail when SMTP relay configurations change.
This guide covers everything you need to plan and execute a successful Exchange to Microsoft 365 migration in 2026. Whether you are moving 100 mailboxes from a single Exchange 2019 server or orchestrating a 50,000-mailbox hybrid migration across multiple Active Directory forests, the principles and decision frameworks here reflect real-world enterprise experience — not theoretical best practices. For broader Microsoft 365 consulting guidance, see our dedicated service page.
Why Migrate from Exchange Server Now: End of Life Is Already Here
Microsoft ended extended support for both Exchange Server 2016 and Exchange Server 2019 on October 14, 2025. If your organization is still using either version, you are without a safety net. This means:
- No more security updates.
- No more hotfixes.
- No more support tickets to Microsoft when something breaks at 2 AM on a Friday.
The risk is significant. Exchange Server has been a key target for cyberattacks in the last five years. In 2021, the ProxyLogon and ProxyShell vulnerabilities impacted tens of thousands of on-premises Exchange servers worldwide. Additionally, the Hafnium attacks revealed that nation-state actors specifically target unpatched Exchange systems.
Without regular security patches, your Exchange server becomes a known attack surface. This means there are no defensive updates available.
Security Risk Elimination
Exchange Online receives security updates within hours of discovery. On-premises Exchange 2016/2019 receives nothing after October 2025. Every unpatched CVE becomes a permanent vulnerability in your environment.
Infrastructure Cost Savings
On-premises Exchange requires server hardware, Windows Server licenses, storage arrays, backup infrastructure, and dedicated administration. Exchange Online eliminates all of this — typically saving $15-$30 per mailbox per month in total cost of ownership.
Feature Velocity
Exchange Online receives monthly feature updates including Copilot for Outlook integration, Loop components in email, intelligent scheduling, and advanced anti-phishing. On-premises Exchange has been feature-frozen since 2019.
Anywhere Access
Exchange Online provides native mobile access, web-based Outlook, and seamless integration with Teams, SharePoint, and OneDrive. No more VPN requirements, OWA certificate management, or ActiveSync troubleshooting.
Microsoft has launched Exchange Server Subscription Edition (SE) as the on-premises successor. However, it mainly serves as a hybrid management endpoint rather than a long-term substitute for Exchange Online.
Microsoft focuses its strategic investment, feature development, and security engineering on Exchange Online. The message from Redmond is clear: the future of enterprise email is in the cloud.
Organizations with regulatory constraints often need on-premises infrastructure. This is especially true for certain government agencies that must follow ITAR or classified data requirements. For these cases, Exchange Server SE offers a supported path.
However, for most enterprises, including those in healthcare, finance, and commercial government, Exchange Online is the better choice. It provides:
- Enhanced security
- Cost-effectiveness
- Compliance configurations (GCC, GCC High)
Exchange Migration Approaches Compared
Choosing the right migration approach is the single most consequential decision in your Exchange to Microsoft 365 project. The wrong choice can add months to your timeline and tens of thousands of dollars to your budget.
| Approach | Best For | Exchange Versions | Duration | Coexistence | Complexity | User Impact |
|---|---|---|---|---|---|---|
| Cutover | Under 150 mailboxes | Exchange 2013, 2016, 2019 | 1-2 weeks | No — all-at-once | Low | Medium — weekend cutover |
| Staged | 150-2,000 mailboxes | Exchange 2003, 2007 | 4-8 weeks | Partial — batch-based | Medium | Low — phased rollout |
| Hybrid | 2,000+ mailboxes | Exchange 2013, 2016, 2019, SE | 6 weeks - 6 months | Full — indefinite coexistence | High | Minimal — seamless |
| IMAP | Non-Exchange mail systems | Gmail, Zimbra, Dovecot, any IMAP | 2-6 weeks | No | Low-Medium | Medium — mail only |
Cutover Migration: Fast but Limited
Cutover migration is the easiest method. You create a migration batch that includes all mailboxes. Exchange Online then transfers the data over a few days. Once synchronization is finished, you switch MX records and decommission your on-premises Exchange. This entire process can be completed in a single weekend for small organizations.
The hard limit for cutover migration is 150 mailboxes. Microsoft technically supports up to 2,000 mailboxes, but performance drops significantly beyond 150.
Cutover migration is an all-or-nothing process. You cannot move a group of users first to test the migration. If problems occur, you must roll back the entire organization.
For these reasons, we recommend cutover migration only for organizations with:
- Fewer than 150 mailboxes
- Straightforward configurations
Staged Migration: Legacy Exchange Path
Staged migration was created for Exchange 2003 and 2007 environments. It enables you to move mailboxes in batches, allowing for a gradual transition. Each batch syncs independently, and users are moved in groups according to:
- Department
- Location
- Business unit
By 2026, staged migration is uncommon. Most organizations have upgraded from Exchange 2003/2007. However, we still see it in government agencies and regulated industries. These sectors often have long hardware refresh cycles.
If your organization is still using Exchange 2007, consider these options:
- Staged migration
- Directory synchronization tool
This combination is your most reliable path forward.
Hybrid Migration: The Enterprise Standard
Hybrid migration is the choice of 90% of enterprise organizations, and for good reason. It allows full coexistence between on-premises Exchange and Exchange Online. Users can send mail, share calendars, and access free/busy information seamlessly, no matter which system hosts their mailbox.
The Hybrid Configuration Wizard (HCW) simplifies the setup process. It automates the configuration of:
- Send/receive connectors
- Organization relationships
- OAuth authentication between environments
The biggest advantage of hybrid is flexibility. You can migrate 50 users per week, 500 users per week, or pause the process without disrupting service. Mailbox moves happen in the background, so users can keep working in Outlook. They only notice the change when they restart the application.
This makes hybrid the best choice for organizations where downtime directly affects revenue.
Our team at EPC Group has configured hybrid environments that include:
- Multiple Active Directory forests
- Resource forest topologies
- Multi-geo Microsoft 365 tenants
IMAP Migration: Non-Exchange Sources
IMAP migration is compatible with non-Exchange mail systems. This includes Gmail, Zimbra, Dovecot, Kerio Connect, MDaemon, and any server that supports IMAP4.
However, it has a key limitation:
- IMAP migration only transfers email messages.
- Other items like calendars, contacts, tasks, rules, and auto-replies do not migrate.
For organizations migrating from Google Workspace, Microsoft offers specific tools for migration. These tools can handle:
- Calendar migration
- Contact migration
- Email migration
Pre-Migration Assessment Checklist
Every failed Exchange migration we have been called in to remediate shared one thing in common: an inadequate assessment phase. This checklist reflects 500+ engagements worth of hard-won lessons.
Mailbox Inventory
- Total mailbox count by type (user, shared, resource, equipment)
- Mailbox size distribution — identify outliers exceeding 50GB
- Archive mailbox inventory and size
- Inactive/disabled mailbox audit
- Mailbox delegate and permission mapping (Send-As, Full Access)
- Distribution group and dynamic distribution group inventory
Public Folder Audit
- Total public folder count and hierarchy depth
- Public folder size (individual and aggregate)
- Mail-enabled public folder inventory
- Public folder permission assignments
- Identify public folders convertible to Teams/SharePoint
- Check against Exchange Online limits (250K folders, 100 PF mailboxes)
Security & Compliance
- Transport rule inventory and conversion feasibility
- DLP policy documentation
- Litigation hold and in-place hold inventory
- Journaling configuration and archive requirements
- Retention policies and tags
- Certificate inventory (SSL/TLS, SMTP relay)
Infrastructure Dependencies
- Third-party applications using SMTP relay
- CRM/ERP integrations with Exchange (Salesforce, SAP, Dynamics)
- Multi-function printer/scanner email configurations
- Monitoring and alerting tool integrations
- VoIP/unified messaging dependencies
- Network bandwidth assessment for migration throughput
Hybrid Architecture Deep Dive
Exchange hybrid is more than a migration tool — it is an architectural pattern that enables indefinite coexistence between on-premises Exchange and Exchange Online. Understanding the components of a hybrid deployment is essential for planning, troubleshooting, and eventually decommissioning on-premises infrastructure.
Azure AD Connect: The Identity Bridge
Azure AD Connect (now Microsoft Entra Connect) synchronizes your on-premises Active Directory with Azure AD. It manages user identity synchronization, password hash sync, pass-through authentication, group membership, and Exchange attributes such as proxy addresses and mailbox GUIDs.
For Exchange hybrid setups, Azure AD Connect must synchronize Exchange-specific attributes. This synchronization allows for hybrid mail flow and free/busy sharing.
We configure Azure AD Connect with password hash synchronization as the authentication method for 90% of deployments. This method provides:
- Best resilience
- Support for leaked credential detection
- Organizations that need no cloud password storage can use pass-through authentication.
- Federation with AD FS is another option, but both methods add operational complexity.
Hybrid Configuration Wizard (HCW)
The HCW automates the complex setup needed for Exchange hybrid. It performs several key tasks:
- Creates send and receive connectors for secure mail flow between on-premises and Exchange Online.
- Configures organization relationships for free/busy sharing.
- Sets up OAuth authentication for cross-premises features.
- Configures the Mailbox Replication Service (MRS) endpoint for mailbox moves.
Modern hybrid supports a minimal hybrid configuration with the Hybrid Agent. This lightweight connector eliminates the need for inbound firewall rules and public IP addresses for on-premises Exchange servers.
We recommend the Hybrid Agent for organizations that want to:
- Reduce their on-premises footprint
- Maintain migration capabilities
Mail Flow in Hybrid: Centralized vs. Decentralized
Hybrid mail flow supports two models:
- Centralized transport: This model routes all outbound internet mail through on-premises Exchange. It is useful when you have compliance appliances, such as DLP and encryption gateways, that must inspect all mail before it leaves the organization.
- Decentralized transport: This model allows Exchange Online mailboxes to send mail directly to the internet through Exchange Online Protection.
Most organizations begin with centralized transport during migration. This approach helps them keep their existing compliance controls. After migration is complete, they often switch to decentralized transport.
EPC Group documents the following as part of every hybrid engagement:
- Mail flow architecture
- Transition plan
Decommissioning On-Premises Exchange After Migration
Many think it's acceptable to turn off on-premises Exchange servers after moving all mailboxes to Exchange Online. This is a misconception. If you used hybrid migration, you need to keep at least one Exchange server active. This server serves as a management endpoint for recipient attribute management.
You can bypass this requirement by:
- Transitioning to Exchange Server SE
- Using cloud-only management with Microsoft’s supported tools
Microsoft is working to eliminate this requirement, and Exchange Server SE offers a simpler decommission path. We include detailed decommission planning in every hybrid migration engagement. This planning covers:
- Specific steps to remove Exchange servers from Active Directory cleanly.
Mailbox Migration Planning and Wave Strategy
Mailbox migration is not a single event — it is a carefully sequenced operation that unfolds over weeks or months. The wave strategy determines which users migrate when, and getting it wrong creates cascading problems with delegate access, shared mailbox availability, and team productivity.
Our standard wave strategy follows a clear sequence. Wave 0 is the pilot group, consisting of IT staff and early adopters. They can provide feedback and tolerate minor issues.
Wave 1 focuses on departments that have few cross-team dependencies and low use of shared mailboxes. Wave 2 and Wave N will gradually migrate the other departments. We ensure that teams with significant delegate access and shared mailboxes are grouped in the same wave.
The final wave migrates executive assistants, shared mailboxes, and resource mailboxes last. These accounts usually have the most complex permission structures.
During each wave, the mailbox move happens in the background. The MRS (Mailbox Replication Service) first syncs the mailbox data.
It then syncs new items gradually until the migration batch is complete.
The completion step switches the user to Exchange Online. This process is typically scheduled during off-hours and takes only a few minutes per mailbox.
After the switch, users need to restart Outlook to connect to their new mailbox location. Outlook will automatically find the new endpoint using Autodiscover.
It is essential to migrate a user and their delegates together. If User A has given Full Access to User B, migrating User A without User B creates a cross-premises delegate situation. This setup works but can lead to latency issues. Migrating both users in the same wave ensures the best experience for everyone involved.
Public Folder and Calendar/Contact Migration
Public Folders: Migrate, Convert, or Retire
Public folders can be the most difficult part of an Exchange migration. Organizations that have used Exchange for 15-20 years often have thousands of public folders. Many of these folders may be orphaned, duplicated, or unused.
The first step in the process is a usage audit. We analyze folder access patterns to identify:
- Public folders that are actively used
- Folders that are referenced occasionally
- Folders that have not been accessed in years
For actively used public folders, you have three options: migrate them to Exchange Online public folders (supported via batch migration scripts), convert them to Microsoft 365 Groups or shared mailboxes (better for collaboration), or migrate content to SharePoint document libraries or Teams channels (best for document-centric folders). EPC Group recommends converting to modern collaboration tools wherever possible — public folders are a legacy construct, and SharePoint migration provides a more robust, searchable, and permission-controlled alternative.
Calendar and Contact Migration
Calendar data migrates automatically with the mailbox during cutover and hybrid migrations. However, you need to validate the following items separately:
- Calendar delegate permissions
- Resource mailbox configurations
- Room booking policies
Migrate resource mailboxes, such as conference rooms and equipment, early. This is important because they impact the scheduling capabilities of the entire organization.
Contact migration is simple for individual mailbox contacts. However, it gets complicated when organizations use public folder contacts as a shared address book. In this case, shared contact lists should be migrated to either shared mailbox contacts or Microsoft 365 group contacts.
External contact objects in Exchange, such as mail contacts and mail users, synchronize through Azure AD Connect. They automatically appear in the Global Address List after directory sync.
Security and Compliance During Migration
Migration involves a higher level of risk. During this time, data is moving, authentication settings are being updated, and users might have access to both old and new systems. We ensure security and compliance by following these steps:
- Monitoring data transfers closely.
- Updating authentication configurations promptly.
- Providing clear communication to users about system changes.
Healthcare (HIPAA)
- All migration traffic encrypted with TLS 1.2+ — PHI never transmitted in plaintext
- BAA verification for Microsoft 365 tenant and any third-party migration tools
- Audit logging enabled before first mailbox moves — required for PHI access tracking
- Sensitivity labels applied to migrated mailboxes containing ePHI
- Post-migration validation of DLP policies protecting PHI in email
- Exchange Online message encryption configured for external PHI transmission
Financial Services (SOC 2)
- Change management documentation for every migration wave
- Chain of custody records for data movement between systems
- Access control verification at each migration checkpoint
- Transport rule conversion audit with before/after comparison
- eDiscovery hold verification — litigation holds must persist through migration
- Privileged access workstation requirements for migration administrators
Government (FedRAMP)
- GCC or GCC High tenant provisioning based on data classification
- Migration tools must be FedRAMP-aligned consulting expertise at appropriate impact level
- CUI handling procedures during data transfer
- NIST 800-53 control documentation for migration procedures
- Network boundary documentation for hybrid configuration
- Incident response plan specific to migration-period vulnerabilities
EPC Group includes compliance validation as a formal phase in every regulated Exchange migration. Our Azure consulting team works alongside the migration team to ensure that Azure AD Conditional Access, Microsoft Purview, and Exchange Online Protection are configured correctly before any regulated mailbox data moves to the cloud.
Post-Migration Optimization
Migration completion is not the finish line — it is the starting point for optimization. Too many organizations move mailboxes to Exchange Online and then continue operating exactly as they did on-premises, missing the cloud-native capabilities that justify the migration investment.
Disable Legacy Protocols
Turn off IMAP, POP3, SMTP AUTH, and basic authentication. Enforce modern authentication (OAuth 2.0) and Conditional Access policies. This single step eliminates the most common attack vector against Exchange Online mailboxes — password spray attacks against legacy protocols.
Configure Exchange Online Protection (EOP)
Fine-tune anti-phishing policies, safe links, safe attachments, and anti-spoofing. Set up Zero-hour Auto Purge (ZAP) to retroactively remove malicious messages that bypassed initial scanning. Configure enhanced filtering for connectors if mail flows through a third-party service.
Implement Microsoft Purview
Configure sensitivity labels, retention policies, Data Loss Prevention rules, and eDiscovery. If you were using on-premises DLP transport rules, now is the time to migrate them to the cloud-native Purview DLP engine, which provides significantly more granular controls and better integration with Teams and SharePoint.
Enable Mailbox Auditing and Unified Audit Log
Mailbox auditing is enabled by default for Exchange Online mailboxes, but verify the audit actions being logged match your compliance requirements. Configure the Unified Audit Log for cross-service auditing including SharePoint, Teams, and Azure AD activity.
Deploy Copilot for Outlook
With mailboxes in Exchange Online, you can now deploy Copilot for Microsoft 365 to provide AI-powered email summarization, draft assistance, and intelligent scheduling. This is a productivity multiplier that only works with Exchange Online mailboxes.
Decommission On-Premises Infrastructure
Follow Microsoft documented decommission procedures to remove Exchange servers from Active Directory cleanly. Retain backups of Exchange databases for the period required by your retention policies. Update firewall rules, DNS records, and certificates associated with the decommissioned infrastructure.
Common Exchange Migration Pitfalls
These are real problems we have encountered and resolved in production Exchange migrations. Each one has cost at least one organization a week or more of unplanned remediation work.
Oversized Mailboxes Blocking Migration
Exchange Online limits primary mailboxes to 50GB (or 100GB with E3/E5 licensing). Mailboxes exceeding the target limit fail to migrate. Run a pre-migration size report and enforce archive policies before migration begins.
SMTP Relay Applications Breaking
Multi-function printers, monitoring systems, and LOB applications that relay mail through on-premises Exchange lose connectivity when the server is decommissioned. Map every SMTP relay source and reconfigure for Exchange Online SMTP relay or direct send.
Autodiscover Not Resolving
After MX record changes, Outlook clients must discover the new mailbox location via Autodiscover. Incorrect DNS configuration, stale Autodiscover records, or corporate firewalls blocking Autodiscover endpoints cause Outlook to fail silently. Test Autodiscover resolution before and after cutover.
Delegate Permissions Silently Broken
Send-As, Send-on-Behalf, and Full Access permissions do not always survive cross-premises migration cleanly. Export all delegate permissions before migration and validate them after each wave. Automated post-migration permission checks are essential.
Mobile Devices Requiring Reconfiguration
ActiveSync profiles on iOS and Android devices may need to be removed and re-added after migration. For managed devices (Intune), push updated Exchange Online profiles before migration. For unmanaged BYOD devices, communicate reconfiguration steps clearly.
Transport Rules Not Converting 1:1
On-premises transport rules sometimes use conditions or actions that do not have exact Exchange Online equivalents. Audit every transport rule, test conversion in a pilot, and document any rules that require redesign or replacement with Purview DLP policies.
Timeline and Cost Estimates by Organization Size
These estimates reflect EPC Group's actual engagement data across 500+ Exchange migrations. Your timeline and cost may vary based on complexity factors including compliance requirements, third-party integrations, and public folder volume.
| Mailboxes | Approach | Assessment | Planning | Pilot | Execution | Validation | Total | Cost Range |
|---|---|---|---|---|---|---|---|---|
| 100 | Cutover | 1 week | 1 week | N/A | 1 weekend | 3 days | 2-3 weeks | $15,000-$30,000 |
| 500 | Staged / Hybrid | 2 weeks | 2 weeks | 1 week | 2-3 weeks | 1 week | 6-8 weeks | $40,000-$80,000 |
| 1,000 | Hybrid | 2 weeks | 2-3 weeks | 1 week | 3-4 weeks | 1-2 weeks | 8-12 weeks | $75,000-$150,000 |
| 5,000+ | Hybrid | 3-4 weeks | 3-4 weeks | 2 weeks | 8-16 weeks | 2-3 weeks | 4-6 months | $200,000-$500,000+ |
EPC Group's cost ranges cover our professional services for assessment, planning, execution, and post-migration support. These costs do not include Microsoft 365 licensing fees, which differ by plan:
- Business Basic: $6/user/month
- E3: $36/user/month
- E5: $57/user/month
If your organization already has Microsoft 365 licenses, the migration cost will only include the professional services component.
EPC Group provides fixed-fee Exchange migration accelerators starting at $25,000 for organizations with simple environments. These accelerators feature:
- A defined scope
- A guaranteed timeline
- A fixed price — no hourly billing surprises
Contact us for a scoping call to see if your environment qualifies for accelerator pricing.
EPC Group Exchange Migration Track Record
500+
Exchange migrations completed
25+
Years of Exchange expertise
99.97%
Mailbox migration success rate
0
Data loss incidents in production
Related Resources
Microsoft 365 Consulting Services
Full-service Microsoft 365 deployment, governance, and optimization for enterprise.
Read moreAzure Cloud Consulting
Azure infrastructure, migration, and hybrid cloud architecture for enterprise workloads.
Read moreSharePoint Migration Services
Enterprise SharePoint migration methodology, pricing, and compliance frameworks.
Read moreFrequently Asked Questions
How do you migrate from Exchange to Microsoft 365?
Exchange to Microsoft 365 migration follows five phases: (1) Pre-migration assessment — inventory mailboxes, public folders, distribution groups, transport rules, and third-party integrations. (2) Choose migration approach — cutover for under 150 mailboxes, staged for 150-2,000, hybrid for 2,000+, or IMAP for non-Exchange sources. (3) Prepare the environment — configure Azure AD Connect, verify domains, set up MX records, and provision licenses. (4) Execute migration — move mailboxes in waves with validation checkpoints, typically during off-hours. (5) Post-migration optimization — decommission on-premises servers, update DNS, configure Exchange Online Protection, and train users. EPC Group has completed 500+ Exchange migrations across Fortune 500 organizations.
How long does an Exchange to Microsoft 365 migration take?
Timeline depends on mailbox count and complexity. For 100 mailboxes with a cutover migration: 1-2 weeks. For 500 mailboxes with a staged migration: 4-6 weeks. For 1,000 mailboxes with a hybrid migration: 6-10 weeks. For 5,000+ mailboxes with a hybrid migration in a regulated industry: 3-6 months. Factors that extend timelines include public folder migrations, journal mailbox archives, third-party application dependencies (CRM, ERP integrations), compliance validation for HIPAA or SOC 2, and complex transport rule conversions.
What is the difference between cutover, staged, and hybrid Exchange migration?
Cutover migration moves all mailboxes at once in a single batch — best for organizations with fewer than 150 mailboxes running Exchange 2013 or later. Staged migration moves mailboxes in batches over weeks — designed for Exchange 2003/2007 environments with 150-2,000 mailboxes. Hybrid migration maintains coexistence between on-premises Exchange and Exchange Online — required for organizations with 2,000+ mailboxes, complex routing, or extended coexistence needs. IMAP migration is for non-Exchange mail systems like Gmail, Zimbra, or Dovecot. Most enterprise organizations choose hybrid because it provides the smoothest user experience with no mailbox access downtime during migration.
How much does Exchange to Microsoft 365 migration cost?
Exchange migration costs vary by scale: 100 mailboxes (cutover) costs $15,000-$30,000. 500 mailboxes (staged/hybrid) costs $40,000-$80,000. 1,000 mailboxes (hybrid) costs $75,000-$150,000. 5,000+ mailboxes (hybrid with compliance) costs $200,000-$500,000+. These estimates include assessment, planning, execution, and post-migration support. Additional costs to budget for: Microsoft 365 licensing ($12-$57/user/month depending on plan), Azure AD Connect infrastructure, third-party migration tools if needed, and user training. EPC Group offers fixed-fee Exchange migration accelerators starting at $25,000.
Is Exchange Server 2016 end of life in 2025?
Yes. Exchange Server 2016 reached end of extended support on October 14, 2025. This means Microsoft no longer provides security updates, bug fixes, or technical support. Running Exchange 2016 after this date creates significant security and compliance risks — unpatched Exchange servers are among the most commonly exploited attack vectors. Exchange Server 2019 reaches end of extended support on October 14, 2025 as well. Microsoft has released Exchange Server Subscription Edition (SE) as the on-premises successor, but the strategic direction is Exchange Online within Microsoft 365. Organizations still running Exchange 2016 or 2019 should treat migration as an urgent security priority.
What happens to public folders during Exchange migration?
Public folders require a separate migration process from mailbox migration. Microsoft provides the public folder migration scripts (batch migration) that convert on-premises public folders to Microsoft 365 public folder mailboxes. The process: (1) Run pre-migration scripts to inventory public folder hierarchy and permissions. (2) Generate CSV mapping files for source-to-target folder mapping. (3) Create migration batches and initiate synchronization. (4) Complete final sync and cut over. Key considerations: Microsoft 365 supports up to 250,000 public folders and 100 public folder mailboxes. Organizations exceeding these limits need to archive or restructure. Many organizations also use this migration as an opportunity to convert public folders to shared mailboxes, Microsoft Teams channels, or SharePoint document libraries.
How do you maintain email flow during Exchange hybrid migration?
Hybrid migration maintains seamless email flow through the Hybrid Configuration Wizard (HCW), which establishes secure mail flow connectors between on-premises Exchange and Exchange Online. During coexistence: internal users can email each other regardless of which system hosts their mailbox. Free/busy calendar sharing works across both environments. The Global Address List (GAL) remains unified through Azure AD Connect directory synchronization. Mail routing uses the Organization Relationship and send/receive connectors configured by HCW. MX records can point to either on-premises or Exchange Online Protection during migration — we recommend switching MX to EOP early to benefit from advanced threat protection. The hybrid topology is fully supported by Microsoft and can run indefinitely during extended migrations.
What security considerations apply during Exchange migration?
Exchange migration introduces several security considerations: (1) Data in transit — all migration traffic should use TLS 1.2+ encryption; hybrid uses certificate-based authentication. (2) Credential management — Azure AD Connect service accounts need strict access controls and monitoring. (3) MX record transition — the window when MX records propagate creates a brief period where mail may route to either system; plan for this with appropriate TTL settings. (4) Conditional Access — configure Azure AD Conditional Access policies before migrating mailboxes to prevent authentication bypass. (5) Legacy protocols — migration is the ideal time to disable IMAP, POP3, and basic authentication in favor of modern authentication (OAuth 2.0). (6) Data Loss Prevention — configure Exchange Online DLP policies to match or exceed on-premises transport rules before migration. (7) For regulated industries, ensure compliance holds and litigation holds transfer correctly.
Can you migrate Exchange journal mailboxes and archives?
Yes, but journal and archive mailboxes require special handling. Exchange journal mailboxes often contain terabytes of data subject to regulatory retention requirements. Options: (1) Migrate journal data to Exchange Online archive mailboxes with auto-expanding archives (unlimited storage). (2) Migrate to a third-party archiving solution like Veritas Enterprise Vault or Mimecast. (3) Use Microsoft Purview for compliance-grade retention and eDiscovery. In-place archives migrate alongside primary mailboxes during hybrid migration. Personal archives (.PST files) can be ingested using the Microsoft 365 Import Service or network upload. EPC Group always performs a journal mailbox audit before migration to identify data that can be purged versus data subject to legal hold.
What are the most common Exchange migration failures and how do you prevent them?
The five most common Exchange migration failures: (1) Oversized mailboxes exceeding Exchange Online limits — prevented by pre-migration mailbox size audit and archive policy enforcement. (2) Corrupted mailbox items blocking migration — detected by running New-MailboxRepairRequest before migration. (3) Permission and delegate access breaking — prevented by mapping all Send-As, Send-on-Behalf, Full Access, and calendar delegate permissions before migration. (4) Transport rules not converting correctly — prevented by manual rule audit and recreation in Exchange Online. (5) Third-party applications losing connectivity — prevented by comprehensive application dependency mapping during assessment. EPC Group runs automated pre-flight checks that catch 95% of these issues before they affect a single user.
Start Your Exchange to Microsoft 365 Migration
Get a free migration assessment including mailbox inventory, approach recommendation, timeline estimate, and fixed-fee pricing. No obligation, no hourly billing for the assessment.