This is the migration guide for a mailbox from G Suite, using the IMAP endpoint, to Microsoft 365. This guide contains all the steps needed for your migration. Other useful resources and information are also linked or included.
First migration?
We have created a guide on scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.
Limitations
MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.
MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects.
We are not able to support migrations with two-factor or multifactor authentication.
App passwords are not supported for the Microsoft 365 endpoint.
The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.
Some item types are not migrated. Click the bar below to expand the full list of what item types are and are not migrated. We are constantly working to create a better migration experience for you, so these items may change.
Besides, you should consider the following points when performing a G Suite (IMAP) to Microsoft 365 Migration:
- When migrating from G Suite as a source, contacts in Contact Groups (which look like subfolders of the Contacts folder) will migrate to the top level contacts folder on the destination. Folders will be created for each group but the contacts will not be sorted into those folders.
- Calendars can have multiple Owners. An Owner is anyone with "Make changes and manage sharing" permissions, so shared calendars will be migrated to users with these permissions by default.
Important
All accounts being migrated must be in Active status in the tenant. Users that are set to a status of Inactive accounts cannot fully migrate and fail in the project.
Always migrated
- Inbox.
- Folders/Labels.
- Email.
- Muted Email (as regular email).
- Contacts.
- Calendars (including links for Google Hangouts within calendar meetings).
- Calendar Notifications.
Links for Google Hangouts are a new default feature added to Google Meeting. Microsoft 365 does not have the corresponding property to map. Therefore, when migrating to Microsoft 365, the links for Google Hangouts are added to the beginning of the meeting description body text on Microsoft 365.
Not Migrated in Any Instance
- Calendar Reminders.
- Appointments.
- Google Spaces.
- Google Spaces Chats.
- Chat message attachments.
- Google Groups for Business (including forums and collaborative inboxes).
Not Migrated As Source
- Calendar Attachments.
- Calendar Reminders.
- Tasks.
- Chats and chat history.
- Google Categories (i.e., the Google category flags: Social, Promotions, Updates, Forums).
- Email attachments that are links to Google Drive.
- Some calendar colors.
Important
All color category meta tags are transferred over, but Microsoft 365 does not have direct color mappings from Google G Suite, and so certain colors do not get mapped over, thus the colors are not displayed in Microsoft 365 for the calendar entries.
Not Migrated As Destination
- Calendar Attachments.
- Exceptions of recurring appointments.
- Google Groups for Business (including forums and collaborative inboxes).
With Google API Endpoint at Source
With this endpoint, all items listed above migrate as before. However, utilizing the API endpoint enables migration of the following items as well. The following items are not migrated via the IMAP endpoint.
- Google Categories (Category flags, i.e. Social, Promotions, Updates, Forums).
- Snoozed and Scheduled emails - these are migrated like regular emails to custom destination labels. Their properties are not migrated.
Relationship fields do not migrate fully from Gmail. The mapping is as follows:
Content.content |
Contact body |
Description in the body |
Sensitivity |
Sensitivity |
|
Priority |
Importance |
|
Initials |
Initials |
|
Nickname |
NickName |
|
Name.FullName |
Subject |
|
Name.FullName |
FileAs |
|
Name.GivenName |
GivenName |
|
Name.FamilyName |
Surname |
|
Name.NameSuffix |
Generation |
|
Name.AdditionalName |
MiddleName |
|
Organization (primary) |
CompanyName |
Also stores name, department, title and job descriptions |
Organizations (non-primary) |
Companies |
Also stores name, department, title and job descriptions |
Emails |
EmailAddresses |
Only first 3 are stored. Rest are stored in overflow properties. |
IMs |
ImAddresses |
Only first 3 are stored. Rest are stored in overflow properties. |
Phone numbers |
PhoneNumbers Types:
|
If any number is already set, we append to overflow contact properties |
Postal Addresses |
Physical Addresses Types:
|
If any address is already set, we append to overflow contact properties. Also stores city, country or region, postal code, state and street |
Events |
Wedding Anniversary (only for anniversary) |
Rest are stored in overflow properties |
Relations (value = "assistant") |
AssistantName |
|
Relations (value = "child") |
Children |
|
Relations (value = "domestic-partner") |
SpouseName |
|
Relations (value = "manager") |
Manager |
|
Relations (value = "partner") |
SpouseName |
|
Relations (value = "spouse") |
SpouseName |
|
Relations (value = others) |
Others stored in overflow properties |
|
Mileage |
Mileage |
|
ContactPhotoInBytes |
Attachments |
|
User defined fields |
All stored in overflow properties |
|
Name.GivenNamePhonetics + Name.AdditionalNamePhonetics |
Stored as extended property |
|
Name.FamilyNamePhonetics |
Stored as extended property |
|
contactEntry.Name.NamePrefix |
Stored as extended property |
|
Birthday |
Stored as extended property |
|
Websites |
Stored as extended property |
|
Preparing the Source
Recommended Actions
The following sections are recommended to ensure that the migration of all data is possible and to prevent failures.
Set up API scopes with OAuth
BitTitan products use OAuth 2.0 to authenticate to G Suite and utilize the G Suite (IMAP) endpoint in MigrationWiz. This is applicable to both mailbox and document migration projects. In order to obtain access to your G Suite data, it is necessary to add specifically allowed API scopes to the MigrationWiz project.
- These steps must be followed whenever there is a migration project either to or from G Suite that will utilize the G Suite (IMAP) endpoint. If migrating using the G Suite (Gmail API) with your own service account, use the following migration guide instead:
G Suite (Gmail API) to Exchange Online (Microsoft 365) Migration Guide - Enabling access is required for both G Suite mailbox and Google Drive document migration projects.
- Mailbox migration projects require that a G Suite administrator grant access to the BitTitan client ID and scopes listed in this article.
- Document migration projects require that a G Suite Super administrator grant access to the BitTitan client ID and scopes listed in this article and enable the API access. The steps to do this are included at the bottom of this article.
Steps in the G Suite Admin Console
Complete these steps to grant BitTitan client ID access to the appropriate scopes:
- Go to https://admin.google.com and authenticate as a Super Administrator.
- Click Security. If you do not see the security icon on your admin console home page, you do not have the necessary rights on your account to make these changes. Request Super Administrator access from the customer to implement these changes.
- Click Advanced settings. Google limits accessing and changing this setting to only G Suite Super Administrator accounts.
- You will now have one of two options, depending on whether your tenant has been updated to the new Google API or not.
Old Google Tenant
- Go to the G Suite admin page at google.com
- Click on Security
- Click on Advanced Settings
- Click Manage API Client Access.
OR If your account shows the latest UI updates from Google:
- Go to the G Suite admin page at google.com
- Click on Security
- Click on Overview
- Scroll down and click API Controls
- Under ‘Domain-wide delegation’, click Manage domain-wide delegation
- On the Manage domain-wide delegation page, click Add new
- Click MANAGE DOMAIN WIDE DELEGATION.
- Click Add New.
- Enter 113321175602709078332 into the Client ID field.
- Enter the following groups of scopes into the OAuth Scopes (comma-delimited) field:
-
G Suite as the Source (read-only scopes):
https://mail.google.com/, https://www.google.com/m8/feeds, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive, https://sites.google.com/feeds/, https://www.googleapis.com/auth/gmail.settings.sharing, https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/contacts.other.readonly
-
G Suite as the Source (read-only scopes):
- Click Authorize. The client name is 113321175602709078332 (make sure there are no leading or trailing spaces, as this may cause the error "URL ends with an invalid top-level domain name."). This will grant BitTitan products access to the appropriate scopes.
Enable IMAP Access
Ensure IMAP access is enabled for all users. For details on how to check this, refer to the Google support article here.
Enable Folder Size Limits
- Ensure the folder size limits on IMAP folders have been removed for all users. For each user:
- Click the gear icon
- Click Settings
- Select Forwarding and POP/IMAP tab
- Select Folder Size Limits
- Select the radio button for Do not limit the number of messages in an IMAP folder (default).
This is an end user setting, which can only be set on a per-user basis. Therefore, we recommend that you send instructions to your end users to check this setting.
Sample communication to end users
Action Required - Due Date XX/XX/XX We are preparing to migrate your environment. To ensure a seamless migration, certain end user settings must be verified. Follow the directions below to remove the folder limits on your account migration. Failure to do so in a timely manner may result in lost items. G Suite has a setting that can limit the number of messages in an IMAP folder. If this is configured, this will restrict MigrationWiz so that it can only retrieve and migrate that number of messages from each folder.
- Log in to your Gmail account.
- Click on the gear icon in the upper right-hand side of the window, and choose Settings.
- Click on the Forwarding and POP/IMAP tab.
- Under the IMAP Access heading, look for Folder Size Limits.
- Ensure that Do not limit the number of messages in an IMAP folder (default) is selected.
To further clarify the implications of this setting: If the limit has been set (e.g., to 1,000 as per the default suggestion), then if folders contain more than 1000 items, they will be truncated at 1000 items. This means that MigrationWiz will only be able to migrate 1000 emails from each folder. Thank you for your assistance. If you have any questions or concerns, please contact [Help Desk].
Export mailboxes to CSV file(s)
From the Google Admin portal:
- Click Users.
- Click ⁝ (3 vertical dots).
- Download Users.
- Download All Users.
- Click OK.
- Save.
Preparing the Destination
Create Administrator Account
Create a Global Administrator or a delegated admin with full access rights or permissions account in Microsoft 365 to be used for migration or use the Global Administrator or delegated admin with full access rights or permissions account for the tenant. In order to have administrative permissions to migrate mailbox data, grant the account permissions on each mailbox.
- Having administrative access to the Microsoft 365 control panel to manage users does not mean the same account has permissions to access all mailboxes for migration.
- Having delegated admin access to accounts does not provide enough access.
Enabling an administrative account the ability to access Microsoft 365 user mailboxes can be performed by adding the Impersonation role or Full Access mailbox permissions. The below steps will explain how to configure the permissions access for both options.
To enable the admin account to impersonate users, run the below PowerShell command:
$cred = Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
Enable-OrganizationCustomization
New-ManagementRoleAssignment -Role ApplicationImpersonation -User <admin_user_name>
Remove-PSSession $session
More information about this PowerShell command can be found here.
- MigrationWiz uses delegation by default to log in to individual user mailboxes using administrative credentials specified on the connector.
It is highly recommended to use impersonation when migrating from or to Office 365.
Benefits
Using impersonation, it is possible to stop sharing the throttling quota and connection limits associated with a single administrative account. Instead, the throttling quota of each user is used to log in to each user mailbox.
Using impersonation means:
- Eliminating most "Connection did not succeed" errors
- Allowing migration of more mailboxes concurrently
- Reducing the impact of throttling and connection limits
- Using an admin account without assigning a license to it
To manually grant administrative access for migration, execute the following remote PowerShell commands:
$cred = Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session
Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false -User MigrationWiz
Remove-PSSession $session
- The command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
- In the script above, the username "MigrationWiz" should be replaced with the name of the administrative account that was set up, by following the instructions in this Knowledge Base article.
- This username is the Administrative Username that needs to be entered under the project's Source or Destination settings, within MigrationWiz, when checking the box labeled Use Administrative Login.
Set Up User Accounts
Set up user accounts on the destination Microsoft 365 tenant and assign licenses. These can be created in several ways. (The following links are to external articles.)
Create an Administrator Account
Create an administrator account in Microsoft 365 to be used for migration or use the global admin account for the tenant. The administrator account must have either full access to the user mailboxes or be granted impersonation rights. We recommend using impersonation as it will help reduce the likelihood of the migration being throttled by Microsoft. For specific steps to set impersonation manually, follow the steps in Prepare the Source.
Test Administrator Access
Test that the administrator can access user mailboxes. Test access to the tenantname.onmicrosoft.com addresses, not to the domainname.com addresses. Make sure that the tenantname.onmicrosoft.com account is attached to each mailbox in Microsoft 365. By default, it should be attached, but if not, it will need to be added as an alias to each account. This can be done through the Microsoft 365 admin portal or via PowerShell scripts.
Modern Authentication Requirements
The steps listed below apply to both the source and/or destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in mailbox, archive mailbox, and public folder projects. Use a Global Administrator for the configuration steps.
For setup steps that include images, see under Enabling Modern Authentication for EWS between MigrationWiz and your Exchange Online Tenant in the following KB: Authentication Methods for Microsoft 365 (All Products) Migrations
Important
Failure to perform the steps for your Microsoft 365 endpoints, can result in failed jobs with 401 errors like the following in your project: Http POST request to 'autodiscover-s.outlook.com' failed - 401 Unauthorized
The administrator account being used for the project needs to be excluded from any MFA/2FA policies or Conditional Access policies that can block access for the administrator account. This requirement does not apply to the items or users being migrated in the project.
Configuring Modern Authentication to work with MigrationWiz for mailbox, archive mailbox, and public folder projects in Exchange Online is now the default method after Microsoft discontinued support for Basic Authentication in Exchange Online after December 2022. The following Microsoft documentation outlines this change in more detail. Should you have additional questions on how this change may impact your tenant, please contact Microsoft to assist with providing that information: Deprecation of Basic authentication in Exchange Online
The Azure Security Defaults must also be disabled in the tenant. (This is often enabled by default for all new Exchange Online tenants and there is no workaround for this requirement). For steps on where to enable/disable the Azure Security Defaults, see Enabling security defaults in the following Microsoft documentation. To disable, set Enable Security defaults to No: Security defaults in Azure AD
Modern Authentication Steps- Log in to the Azure AD admin console with a Global Administrator login.
- Select Azure Active Directory in the Azure Active Directory Admin Center.
- Select App Registrations, which is found under Manage.
- Select New Registration at the top of the screen.
- Give the app a distinct name. You can change this later if necessary.
- Select the Accounts in any organizational directory button.
- Under Redirect Uri, select Public Client (mobile & desktop) and set it to urn:ietf:wg:oauth:2.0:oob
- Click Register.
- Go back to App registrations.
- Select the App you just created.
- In the Overview, you will find a ClientId (aka Application) and Directory (Tenant) ID.
- Copy both of these to another application, such as Notepad, for use later in this process.
- Under the Manage menu, select Authentication.
- Set the option Allow public client flows to Yes.
- Click Save.
- From the Manage menu, select API permissions.
- If API permission named User.Read under Microsoft Graph is already present, this can be removed. The Microsoft Graph API is not applicable to this project type and is not used.
- Select Add a Permission.
-
Select APIs my organization uses.
-
Scroll down and select Office 365 Exchange Online.
-
Then select Delegated Permissions.
-
Select EWS
- Check the box under EWS for EWS.AccessAsUser.All.
- Click Add permissions. This permission only allows the OAuth application (MigrationWiz) to be associated with EWS.
Important
This does not grant access to all mailbox data. - Click Grant admin consent.
- Click Yes to confirm the settings.
- In MigrationWiz, select the project that needs to be configured for Modern Authentication.
- Click the Edit Project menu.
- Select Advanced Options.
- Under Support Options enter the ClientID and TenantID information you saved earlier in the following format:
- If enabling Modern Authentication for the Source:
ModernAuthClientIdExport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
ModernAuthTenantIdExport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
- If enabling Modern Authentication for the Destination:
ModernAuthClientIdImport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-
ModernAuthTenantIdImport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
- Enter the specific ClientID and TenantID for your tenant in place of the xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.
- These options can be entered for either the Source or the Destination, or both, depending on the settings on the tenants.
- These options need to be configured for each MigrationWiz project that needs to have Modern Authentication enabled.
- If enabling Modern Authentication for the Source:
- Run a Verify Credentials to confirm that MigrationWiz can connect using Modern Authentication.
- Click on the item that was verified. There will be a message in the MigrationWiz Migration Information page that Modern Authentication is being used. This message will show in the “Migration Errors” box; however, it is not an error. This is just a message confirming that Modern Authentication is now active and being used for the connection.
MSPComplete Steps
Create Customer
- Click the Add button in the top navigation bar
- Click the Add Customer button on the All Customers page
- In the left navigation pane, select the appropriate workgroup and then click All Customers.
- Click Add Customer.
- Enter the new customer’s information in the Add Customer form. Primary Email Domain and Company Name are required. The rest are optional.
- Click Save.
- Repeat steps 1 through 4 for each customer you want to add.
Purchase licenses
We recommend that you purchase the User Migration Bundle license for this migration scenario. User Migration Bundle licenses allow multiple types of migrations to be performed with a single license. They also allow DeploymentPro to be used to configure Outlook email profiles. For questions on licensing, visit MigrationWiz Licenses
To purchase licenses:
- Sign in to your BitTitan account.
- In the top navigation bar, click Purchase.
- Click the Select button and choose User Migration Bundle licenses.
- Enter the number of licenses you want to purchase. Click Buy Now.
- Enter a Billing address if applicable.
- Click Next.
- Review the Order Summary and enter a payment method.
- Click Place Your Order.
Apply licenses
- Select the correct workgroup on the top of the left navigation pane. This is the workgroup that the customer and migration project were created under. Your account must be part of the workgroup if the project was not created under your account.
- On the left navigation pane, click Customers.
- Click the customer that employs the user to whom you want to apply a User Migration Bundle license.
- Click the Users tab at the top of the page.
- Check the box to the left of the email for the user(s) to whom you want to apply a license.
- Click the Apply User Migration Bundle License button at the top of the page. It is recommended that users be added to the Customer page with the vanity domain. Then have the User Migration Bundle Licenses applied, before editing to show the .onmicrosoft domain, if the .onmicrosoft domain will be used for the migration.
- If there is at least one unassigned User Migration Bundle license available for each selected user, click Confirm.
MigrationWiz Steps
Create a Mailbox Project
- Log in to MigrationWiz.
- Click the Go to My Projects button.
- Click the Create Project button.
- Select the Mailbox project type.
- Click Next Step.
- Enter a Project name and select a Customer.
- Click Next Step.
- Select endpoints or follow the steps below to create new endpoints.
Endpoints
Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.
If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.
You may either use existing endpoints, or create new ones.
To create a new source endpoint:
- Click Endpoints.
- Click Add Endpoint.
- Select G Suite (IMAP).
- Enter the requested credentials.
- Click Add Endpoint.
To create a new destination endpoint:
- Click Endpoints.
- Click Add Endpoint.
- Select Office 365.
- Enter the requested credentials.
- Click Add Endpoint.
Add Users
Add the user accounts that will be migrated to the project. MigrationWiz allows you to bulk import users into the system.
You may use Bulk Add, Quick Add, or add the accounts to the MSPComplete customer.
- An email address
- Login name
- Password
- Mailbox status
Bulk Add uses a CSV containing the source and destination email addresses for the users to add the users to the project. If migrating only a specific group from a tenant, we recommend using the Bulk Add option.
MigrationWiz allows you to bulk import mailboxes into the system.
To import one or more mailboxes:
- Sign in to your MigrationWiz account.
- Select the Project for which you want to perform the bulk import.
- Click Add.
- Click Bulk Add.
- Follow the instructions on the page.
Add Advanced Options
Advanced Options allow you to choose your notifications, filtering, maintenance, licensing, performance, and some configuration options.
Support Options are advanced configurations that make use of Powershell or code blocks to provide extra options or resources for your migration.
The following options are the most valuable for this migration scenario:
Global Options
The following options are most valuable for all G Suite migration scenarios:- Set to use impersonation at the Destination. Checkmark the Use impersonation at Destination box.
- Under Filtering, add:
(^All Mail$|^All Mail/)
- Under Support/Support options, add:
StoreOverflowGooglePropertiesInNotes=1
- Under Support/Support options, add:
StoreOverflowGooglePropertiesInNotesPrefix="enter your text here"
(Replace "enter your text here" with your message.) - Under Support/Support options, add:
SuppressReminderDays=X
(Replace "X" with a value from 1 to 365.)
Run Verify Credentials
- Sign in to your MigrationWiz account.
- Open the Project containing items you wish to validate.
- Select the items you wish to validate.
- Click on the Start button in your dashboard.
- Select Verify Credentials from the drop-down list.
Once complete, the results of the verification will be shown in the Status section.
Notify Users
Notify users that a migration is occurring. Send email to all users telling them the time and date of the migration.
Run Migration
In the MigrationWiz interface:
Pre-Stage pass
- Select the users you wish to migrate
- Click the Start button from the top
- Select Pre-Stage Migration
- Under the Migration Scheduling section, from the drop-down list, select 90 days ago
- Click Start Migration.
MX Record Cutover
Once confirmed that the Pre-stage migration has completed successfully. Log into the DNS provider's portal, change the primary MX record to reflect the DNS settings for the destination M365 tenant.
Full pass
- Select the users
- Click the Start button from the top
- Select Full Migration
- Click Start Migration
Run Retry Errors
Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.
If problems persist, contact Support.
Remove All Mail
- Remove the All Mail filter from Project Advanced Options, and run one final full migration pass.
- Under Project Advanced Options > Filtering section, delete:
(^All Mail$|^All Mail/)
- Select the users
- Click the Start button from the top, select Full Migration
- Click Start Migration.
Request Statistics
Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.