G Suite (IMAP) to Microsoft 365 Migration Guide

This is the migration guide for a mailbox from G Suite, using the IMAP endpoint, to Microsoft 365. This guide contains all the steps needed for your migration. Other useful resources and information are also linked or included.  

First migration?

We’ve created a guide on scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.

For a list of items that are and are not moved with MigrationWiz, see Migrated and Not Migrated Items. Note that these items will vary by source and destination, so check the proper environment listings carefully. This list is updated frequently, so we strongly suggest checking back regularly during your migration project.

MigrationWiz

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects. 

We are not able to support migrations with two-factor or multifactor authentication. 

 Important: Migrating from a G Suite/Gmail endpoint requires an administrator email address which matches the end user domain.

Preparing the Source

Recommended Actions

The following sections are recommended to ensure that the migration of all data is possible and to prevent failures.

Set up API scopes with OAuth

BitTitan products use OAuth 2.0 to authenticate to G Suite  and utilize the G Suite (IMAP) endpoint in MigrationWiz. This is applicable to both mailbox and document migration projects. In order to obtain access to your G Suite data, it is necessary to add specifically allowed API scopes to the MigrationWiz project.

  • These steps must be followed whenever there is a migration project either to or from G Suite that will utilize the G Suite (IMAP) endpoint. For instructions on using the Gmail API endpoint, see  MigrationWiz - Mailbox Migration - Set up Google API for migrating mailboxes.
  • Enabling access is required for both G Suite mailbox and Google Drive document migration projects.
  • Mailbox migration projects require that a G Suite administrator grant access to the BitTitan client ID and scopes listed in this article.
  • Document migration projects require that a G Suite Super administrator grant access to the BitTitan client ID and scopes listed in this article and enable the API access. The steps to do this are included at the bottom of this article.

Steps in the G Suite Admin Console

Complete these steps to grant BitTitan client ID access to the appropriate scopes:

  1. Go to https://admin.google.com and authenticate as a Super Administrator.
  2. Click Security. If you do not see the security icon on your admin console home page, you do not have the necessary rights on your account to make these changes. Request Super Administrator access from the customer to implement these changes.
  3. Click Advanced settings. Google limits accessing and changing this setting to only G Suite Super Administrator accounts.
  4. You will now have one of two options, depending on whether your tenant has been updated to the new Google API or not. 

Old Google Tenant:

  • Go to the G Suite admin page at google.com
  • Click on Security
  • Click on Advanced Settings
  • Click Manage API Client Access.

OR If your account shows the latest UI updates from Google, as shown below:mceclip1.png

  • Go to the G Suite admin page at google.com
  • Click on Security
  • Click Advanced Settings
  • Under ‘Domain-wide delegation’, click Manage domain-wide delegation
  • On the Manage domain-wide delegation page, click Add new
  1. Click MANAGE DOMAIN WIDE DELEGATION.
  2. Click Add New.
  3. Enter 113321175602709078332 into the Client ID field. 
  4. Enter  the following groups of scopes into the OAuth Scopes (comma-delimited) field:
    • G Suite as the Source (read-only scopes):
      https://mail.google.com/, https://www.google.com/m8/feeds, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive, https://sites.google.com/feeds/, https://www.googleapis.com/auth/gmail.settings.sharing, https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/contacts.other.readonly 
  5. Click Authorize. The client name is 113321175602709078332 (make sure there are no leading or trailing spaces, as this may cause the error "URL ends with an invalid top-level domain name."). This will grant BitTitan products access to the appropriate scopes.

Enable IMAP Access

Ensure IMAP access is enabled for all users. For details on how to check this, refer to the Google support article here.

Enable Folder Size Limits

  1. Ensure the folder size limits on IMAP folders have been removed for all users. For each user:
  2. Click the gear icon
  3. Click Settings
  4. Select Forwarding and POP/IMAP tab
  5. Select Folder Size Limits
  6. Select the radio button for Do not limit the number of messages in an IMAP folder (default).

This is an end user setting, which can only be set on a per-user basis. Therefore, we recommend that you send instructions to your end users to check this setting. 

Sample communication to end users:

Action Required - Due Date XX/XX/XX We are preparing to migrate your environment. To ensure a seamless migration, certain end user settings must be verified. Follow the directions below to remove the folder limits on your account migration. Failure to do so in a timely manner may result in lost items. G Suite has a setting that can limit the number of messages in an IMAP folder. If this is configured, this will restrict MigrationWiz so that it can only retrieve and migrate that number of messages from each folder.

  1. Log in to your Gmail account.
  2. Click on the gear icon in the upper right-hand side of the window, and choose Settings.
  3. Click on the Forwarding and POP/IMAP tab.
  4. Under the IMAP Access heading, look for Folder Size Limits.
  5. Ensure that Do not limit the number of messages in an IMAP folder (default) is selected.

To further clarify the implications of this setting: If the limit has been set (e.g., to 1,000 as per the default suggestion), then if folders contain more than 1000 items, they will be truncated at 1000 items. This means that MigrationWiz will only be able to migrate 1000 emails from each folder. Thank you for your assistance. If you have any questions or concerns, please contact [Help Desk].

Export mailboxes to CSV file(s)

From the Google Admin portal:

  1. Click Users
  2. Click ⁝ (3 vertical dots)
  3. Download Users
  4. Download All Users
  5. Click OK
  6. Save

Preparing the Destination

Create Administrator Account

Create a Global Administrator or a delegated admin with full access rights or permissions account in Microsoft 365 to be used for migration or use the Global Administrator or delegated admin with full access rights or permissions account for the tenant. In order to have administrative permissions to migrate mailbox data, grant the account permissions on each mailbox.

  • Having administrative access to the Microsoft 365 control panel to manage users does not mean the same account has permissions to access all mailboxes for migration.
  • Having delegated admin access to accounts does not provide enough access.

Enabling an administrative account the ability to access Microsoft 365 user mailboxes can be performed by adding the Impersonation role or Full Access mailbox permissions.  The below steps will explain how to configure the permissions access for both options.

Impersonation

To enable the admin account to impersonate users, run the below PowerShell command:

$cred = Get-Credential

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection

Import-PSSession $session

Enable-OrganizationCustomization

New-ManagementRoleAssi​gnment -Role ApplicationImpersonation -User <admin_user_name>

Remove-PSSession $session

More information about this PowerShell command can be found here.

  • MigrationWiz uses delegation by default to log in to individual user mailboxes using administrative credentials specified on the connector. 

It is highly recommended to use impersonation when migrating from or to Office 365.

Benefits:

Using impersonation, it is possible to stop sharing the throttling quota and connection limits associated with a single administrative account. ​Instead, the throttling quota of each user is used to log in to each user mailbox.

Using impersonation means:

  • Eliminating most "Connection did not succeed" errors
  • Allowing migration of more mailboxes concurrently
  • Reducing the impact of throttling and connection limits
  • Using an admin account without assigning a license to it
Full Access

To manually grant administrative access for migration, execute the following remote PowerShell commands: 

$cred = Get-Credential

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection

Import-PSSession $session

Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false -User MigrationWiz

Remove-PSSession $session

  • The command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
  • In the script above, the username "MigrationWiz" should be replaced with the name of the administrative account that was set up, by following the instructions in this Knowledge Base article.
  • This username is the Administrative Username that needs to be entered under the project's Source or Destination settings, within MigrationWiz, when checking the box labeled Use Administrative Login.

Set Up User Accounts

Set up user accounts on the destination Microsoft 365 tenant and assign licenses. These can be created in several ways. (The following links are to external articles.)

Create an Administrator Account

Create an administrator account in Microsoft 365 to be used for migration or use the global admin account for the tenant. The administrator account must have either full access to the user mailboxes or be granted impersonation rights. We recommend using impersonation as it will help reduce the likelihood of the migration being throttled by Microsoft. For specific steps to set impersonation manually, follow the steps in Prepare the Source.

Test Administrator Access

Test that the administrator can access user mailboxes. Test access to the tenantname.onmicrosoft.com addresses, not to the domainname.com addresses. Make sure that the tenantname.onmicrosoft.com account is attached to each mailbox in Microsoft 365. By default, it should be attached, but if not, it will need to be added as an alias to each account. This can be done through the Microsoft 365 admin portal or via PowerShell scripts. 

MSPComplete Steps

Create Customer

  1. Click the Add button in the top navigation bar
  2. Click the Add Customer button on the All Customers page
  3. In the left navigation pane, select the appropriate workgroup and then click All Customers.
  4. Click Add Customer.
  5. Enter the new customer’s information in the Add Customer form. Primary Email Domain and Company Name are required. The rest are optional.
  6. Click Save.
  7. Repeat steps 1 through 4 for each customer you want to add. 

Purchase licenses

We recommend that you purchase the User Migration Bundle license for this migration scenario. User Migration Bundle licenses allow multiple types of migrations to be performed with a single license. They also allow DeploymentPro to be used to configure Outlook email profiles. For questions on licensing, visit MigrationWiz Licenses

To purchase licenses:

  1. Sign in to your BitTitan account. 
  2. In the top navigation bar, click Purchase.
  3. Click the Select button and choose User Migration Bundle licenses.
  4. Enter the number of licenses you want to purchase. Click Buy Now.
  5. Enter a Billing address if applicable.
  6. Click Next.
  7. Review the Order Summary and enter a payment method.
  8. Click Place Your Order.

Apply licenses

  1. Select the correct workgroup on the top of the left navigation pane. This is the workgroup that the customer and migration project were created under. Your account must be part of the workgroup if the project was not created under your account.
  2. On the left navigation pane, click Customers.
  3. Click the customer that employs the user to whom you want to apply a User Migration Bundle license.
  4. Click the Users tab at the top of the page.
  5. Check the box to the left of the email for the user(s) to whom you want to apply a license.
  6. Click the Apply User Migration Bundle License button at the top of the page. It is recommended that users be added to the Customer page with the vanity domain. Then have the User Migration Bundle Licenses applied, before editing to show the .onmicrosoft domain, if the .onmicrosoft domain will be used for the migration.
  7. If there is at least one unassigned User Migration Bundle license available for each selected user, click Confirm.

MigrationWiz Steps

Create a Mailbox Project

  1. Log in to MigrationWiz.
  2. Click the Go to My Projects button.
  3. Click the Create Project button.
  4. Select the Mailbox project type. 
  5. Click Next Step.
  6. Enter a Project name and select a Customer.
  7. Click Next Step.
  8. Select endpoints or follow the steps below to create new endpoints. 

Endpoints

Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.

If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.

You may either use existing endpoints, or create new ones. 

To create a new source endpoint:

  1. Click Endpoints
  2. Click Add Endpoint
  3. Select G Suite (IMAP). 
  4. Enter the requested credentials
  5. Click Add Endpoint. 

To create a new destination endpoint:

  1. Click Endpoints
  2. Click Add Endpoint
  3. Select Office 365. 
  4. Enter the requested credentials
  5. Click Add Endpoint. 

Add Users

Add the user accounts that will be migrated to the project. MigrationWiz allows you to bulk import users into the system.

You may use Bulk Add, Quick Add, or add the accounts to the MSPComplete customer. 

Bulk Add

To import one or more accounts:

  1. Sign in to your MigrationWiz account.
  2. Select the Project for which you want to perform the bulk import.
  3. Click on  Add .
  4. Click on  Bulk Add .
  5. Follow the instructions on the page.

Quick Add

This option allows you to add items o​ne at a time. You need to enter an email address, login name, and password for each user if you didn't enter administrative credentials when setting up the project. You only have to provide an email address if you entered administrative credentials when setting up the project.

Add Advanced Options

Advanced Options allow you to choose your notifications, filtering, maintenance, licensing, performance, and some configuration options.

Support Options are advanced configurations that make use of Powershell or code blocks to provide extra options or resources for your migration.

The following options are the most valuable for this migration scenario:

Global Options

The following options are most valuable for all G Suite migration scenarios:
  • Set to use impersonation at the Destination. Checkmark the Use impersonation at Destination box. 
  • Under Filtering, add: (^All Mail$|^All Mail/) 
  • Under Support/Support options, add: StoreOverflowGooglePropertiesInNotes=1 
  • Under Support/Support options, add: StoreOverflowGooglePropertiesInNotesPrefix="enter your text here" (Replace "enter your text here" with your message.)
  • Under Support/Support options, add: SuppressReminderDays=X (Replace "X" with a value from 1 to 365.)

Run Verify Credentials

  1. ​Sign in to your MigrationWiz account​.
  2. Open the Project containing items you wish to validate​.
  3. Select the items you wish to validate.
  4. Click on the Start button in your dashboard.
  5. Select Verify Credentials from the drop-down list.

Once complete, the results of the verification will be shown in the Status section.​ 

Notify Users

Notify users that a migration is occurring. Send email to all users telling them the time and date of the migration. 

Run Migration

In the MigrationWiz interface:

Pre-Stage pass

  1. Select the users you wish to migrate
  2. Click the Start button from the top
  3. Select Pre-Stage Migration
  4. Under the Migration Scheduling section, from the drop-down list, select 90 days ago
  5. Click Start Migration.

Full pass

  1. Select the users
  2. Click the Start button from the top
  3. Select Full Migration
  4. Click Start Migration

Run Retry Errors

Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.

If problems persist, contact Support.

Remove All Mail

  1. Remove the All Mail filter from Project Advanced Options, and run one final full migration pass.
  2. Under Project Advanced Options > Filtering section, delete: (^All Mail$|^All Mail/) 
  3. Select the users
  4. Click the Start button from the top, select Full Migration
  5. Click Start Migration.

Request Statistics

Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.

Was this article helpful?
8 out of 13 found this helpful