This is the migration guide for a mailbox from G Suite, using the IMAP endpoint, to Microsoft 365. This guide contains all the steps needed for your migration. Other useful resources and information are also linked or included.
MigrationWiz
MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.
MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects.
First migration?
We have created a guide on scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.
Prerequisites
It is important to highlight and meet the following prerequisites for a smooth migration project.
Licensing
We recommend that you purchase User Migration Bundle licenses for this migration scenario. User Migration Bundle licenses allow the performance of multiple migrations with a single license. For questions on licensing, visit MigrationWiz Licenses.
To use your license by following the next steps:
- Purchase Licenses.
- Create a Customer.
- Apply Licenses.
- Review Considerations.
Purchase licenses by following the steps below:
- Sign in to your BitTitan account.
- In the top navigation bar, click Purchase.
- Click the Select button and choose User Migration Bundle licenses.
- Enter the number of licenses you want to purchase. Click Buy Now.
- Enter a Billing address if applicable.
- Click Next.
- Review the Order Summary and enter a payment method.
- Click Place Your Order.
Create Customer on MSPComplete by performing these steps:
- Click the Add button in the top navigation bar
- Click the Add Customer button on the All Customers page
- Select the appropriate workgroup in the left navigation pane and click All Customers.
- Click Add Customer.
- Enter the new customer’s information in the Add Customer form. Primary Email Domain and Company Name are required. The rest are optional.
- Click Save.
- Repeat steps 1 through 4 for each customer you want to add.
Perform these steps on MSPComplete:
- Select the correct workgroup on the top of the left navigation pane.
Important
This is the workgroup which the customer and migration projects were created under. Your account must be part of the workgroup if the project was not created under your account. - Click Customers on the left navigation pane.
- Click the customer that employs the user to whom you want to use the User Migration Bundle license.
- Click the Users tab at the top of the page.
- Apply the license to the users by checking the box to the left of their emails.
- Click the Apply User Migration Bundle License button at the top of the page.
Tip
We recommend adding users to the Customer page with the vanity domain. Then apply the User Migration Bundle Licenses, before editing to show the .onmicrosoft domain, if the .onmicrosoft domain will be used for the migration. - Click Confirm if at least one unassigned User Migration Bundle license is available for each selected user.
Important
If there are no User Migration Bundle licenses currently available to be assigned and your role in the workgroup is Manager or higher, the form that appears provides all the necessary information and will walk you through the steps of purchasing User Migration Bundle licenses.
Licenses are released once payment has been received:
- Licenses are available immediately upon payment if you purchase via credit card.
- If you purchase via wire transfer (100+ licenses), the licenses will be available once payment is received and accepted.
- We do not accept purchase orders because of processing overhead.
In both cases, you will be notified by email that payment has been accepted and licenses are available in your account upon notification.
For more information on licensing, including coupon redemption and other licensing types, see our Licensing FAQ.
Limitations
- App password usage, MFA/2FA, and ADFS are not supported for the migration service accounts being used for this migration scenario.
- The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.
- Some item types are not migrated. Click the bar below to expand the full list of what item types are and are not migrated. We are constantly working to create a better migration experience for you, so these items may change.
Besides, you should consider the following points when performing a G Suite (IMAP) to Microsoft 365 Migration:
- When migrating from G Suite as a source, contacts in Contact Groups (which look like subfolders of the Contacts folder) will migrate to the top-level contacts folder on the destination. Folders will be created for each group but the contacts will not be sorted into those folders.
- Calendars can have multiple Owners. An Owner is anyone with "Make changes and manage sharing" permissions, so shared calendars will be migrated to users with these permissions by default.
Important
All accounts being migrated must be in Active status in the tenant. Users that are set to a status of Inactive accounts cannot fully migrate and fail in the project.
Migrated Items
Please click the bars below to check the migrated and non-migrated items. We are constantly working to create a better migration experience for you so these items may change over time.
Always migrated
- Inbox.
- Folders/Labels.
- Email.
- Muted Email (as regular email).
- Contacts.
- Calendars (including links for Google Hangouts within calendar meetings).
- Calendar Notifications.
Links for Google Hangouts are a new default feature added to Google Meetings. Microsoft 365 does not have the corresponding property to map. Therefore, when migrating to Microsoft 365, the links for Google Hangouts are added to the beginning of the meeting description body text on Microsoft 365.
Not Migrated in Any Instance
- Calendar Reminders.
- Appointments.
- Google Spaces.
- Google Spaces Chats.
- Chat message attachments.
- Google Groups for Business (including forums and collaborative inboxes).
Not Migrated As Source
- Calendar Attachments.
- Calendar Reminders.
- Tasks.
- Chats and chat history.
- Google Categories (i.e., the Google category flags: Social, Promotions, Updates, Forums).
- Email attachments that are links to Google Drive.
- Some calendar colors.
- Personal Folder and Calendar Permissions.
- Mailbox Rules.
- Automatic Replies (Out of Office Messages).
Important
All color category meta tags are transferred over, but Microsoft 365 does not have direct color mappings from Google G Suite, so certain colors do not get mapped over, thus the colors are not displayed in Microsoft 365 for the calendar entries.
Not Migrated As Destination
- Calendar Attachments.
- Exceptions of recurring appointments.
- Google Groups for Business (including forums and collaborative inboxes).
With Google API Endpoint at Source
With this endpoint, all items listed above migrate as before. However, utilizing the API endpoint enables migration of the following items as well. The following items are not migrated via the IMAP endpoint.
- Google Categories (Category flags, i.e. Social, Promotions, Updates, Forums).
- Snoozed and Scheduled emails - these are migrated like regular emails to custom destination labels. Their properties are not migrated.
For additional features and limitations, please visit MigrationWiz: Migrated and Not Migrated Items.
Relationship fields do not migrate fully from Gmail. The mapping is as follows:
|
Content.content |
Contact body |
Description in the body |
|
Sensitivity |
Sensitivity |
|
|
Priority |
Importance |
|
|
Initials |
Initials |
|
|
Nickname |
NickName |
|
|
Name.FullName |
Subject |
|
|
Name.FullName |
FileAs |
|
|
Name.GivenName |
GivenName |
|
|
Name.FamilyName |
Surname |
|
|
Name.NameSuffix |
Generation |
|
|
Name.AdditionalName |
MiddleName |
|
|
Organization (primary) |
CompanyName |
Also stores name, department, title and job descriptions |
|
Organizations (non-primary) |
Companies |
Also stores name, department, title and job descriptions |
|
Emails |
EmailAddresses |
Only first 3 are stored. Rest are stored in overflow properties. |
|
IMs |
ImAddresses |
Only first 3 are stored. Rest are stored in overflow properties. |
|
Phone numbers |
PhoneNumbers Types:
|
If any number is already set, we append to overflow contact properties |
|
Postal Addresses |
Physical Addresses Types:
|
If any address is already set, we append to overflow contact properties. Also stores city, country or region, postal code, state and street |
|
Events |
Wedding Anniversary (only for anniversary) |
Rest are stored in overflow properties |
|
Relations (value = "assistant") |
AssistantName |
|
|
Relations (value = "child") |
Children |
|
|
Relations (value = "domestic-partner") |
SpouseName |
|
|
Relations (value = "manager") |
Manager |
|
|
Relations (value = "partner") |
SpouseName |
|
|
Relations (value = "spouse") |
SpouseName |
|
|
Relations (value = others) |
Others stored in overflow properties |
|
|
Mileage |
Mileage |
|
|
ContactPhotoInBytes |
Attachments |
|
|
User defined fields |
All stored in overflow properties |
|
|
Name.GivenNamePhonetics + Name.AdditionalNamePhonetics |
Stored as extended property |
|
|
Name.FamilyNamePhonetics |
Stored as extended property |
|
|
contactEntry.Name.NamePrefix |
Stored as extended property |
|
|
Birthday |
Stored as extended property |
|
|
Websites |
Stored as extended property |
|
Prepare the Source Environment
Recommended Actions
The following sections are recommended to ensure that the migration of all data is possible and to prevent failures.
Mailbox migration projects require that a G Suite administrator grant access to the BitTitan client ID and scopes listed in this article.
- Enabling access is required for both G Suite mailbox and Google Drive document migration projects.
- Mailbox migration projects require that a G Suite administrator grant access to the BitTitan client ID and scopes listed in this article.
- Document migration projects require that a G Suite Super administrator grant access to the BitTitan client ID and scopes listed in this article and enable the API access. The steps to do this are included at the bottom of this article.
Grant MigrationWiz OAuth 2.0 access to G Suite
BitTitan products use OAuth 2.0 to authenticate to G Suite and utilize the G Suite (IMAP) endpoint in MigrationWiz. This applies to both mailbox and document migration projects. To configure the OAuth access within your G Suite environment, follow the directions in this article.
Enabling access is required for both G Suite mailbox and Google Drive document migration projects. In order to access your G Suite data, it is necessary to add specifically allowed API scopes to the MigrationWiz project.
Steps in the G Suite Admin Console
Complete these steps to grant BitTitan client ID access to the appropriate scopes:
- Go to https://admin.google.com and authenticate as a Super Administrator.
- In the admin console, go to Menu
> Click Security > Access and data control > API controls> Manage Domain Wide Delegation.
Warning
If you do not see the security icon on your admin console home page, your account does not have the necessary rights to make these changes.
Google limits settings access and configuration to only G Suite Super Administrator accounts. - Click Add New.
- Enter 113321175602709078332 into the Client ID field.
Important
Make sure there are no leading or trailing spaces, as this may cause the error "URL ends with an invalid top-level domain name." - Enter the following groups of scopes into the OAuth Scopes (comma-delimited) field:
-
G Suite as the Source (read-only scopes):
https://mail.google.com/, https://www.google.com/m8/feeds, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive, https://sites.google.com/feeds/, https://www.googleapis.com/auth/gmail.settings.sharing, https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/contacts.other.readonly
-
G Suite as the Source (read-only scopes):
- Click Authorize.
The client's name is 113321175602709078332. This will grant BitTitan products access to the appropriate scopes.
Enable IMAP Access
Ensure IMAP access is enabled for all users. For details on how to check this, refer to the Google support article here.
Enable Folder Size Limits
Ensure the folder size limits on IMAP folders have been removed for all users. For each user:
- Click the gear icon.
- Click Settings.
- Select the Forwarding and POP/IMAP tab.
- Select Folder Size Limits.
- Select the radio button for Do not limit the number of messages in an IMAP folder (default).
This is an end-user setting, which can only be set on a per-user basis. Therefore, we recommend that you send instructions to your end users to check this setting.
Sample Communication to End Users
Action Required - Due Date XX/XX/XX We are preparing to migrate your environment. To ensure a seamless migration, certain end-user settings must be verified. Follow the directions below to remove the folder limits on your account migration. Failure to do so on time may result in lost items. G Suite has a setting that can limit the number of messages in an IMAP folder. If this is configured, this will restrict MigrationWiz so that it can only retrieve and migrate that number of messages from each folder.
- Log in to your Gmail account.
- Click on the gear icon in the upper right-hand side of the window, and choose Settings.
- Click on the Forwarding and POP/IMAP tab.
- Under the IMAP Access heading, look for Folder Size Limits.
- Ensure that Do not limit the number of messages in an IMAP folder (default) is selected.
To further clarify the implications of this setting: If the limit has been set (e.g., to 1,000 as per the default suggestion), then if folders contain more than 1000 items, they will be truncated at 1000 items. This means that MigrationWiz will only be able to migrate 1000 emails from each folder. Thank you for your assistance. If you have any questions or concerns, please contact [Help Desk].
Export mailboxes to CSV file(s)
From the Google Admin portal:
- Click Users.
- Click ⁝ (3 vertical dots).
- Download Users.
- Download All Users.
- Click OK.
- Save.
Prepare the Destination Environment
EWS (Exchange Web Services) Access in Exchange Online
Microsoft has announced significant updates to how Exchange Web Services (EWS) access will be managed in Exchange Online, effective April 2025.
After this change EWS access will only be allowed if both the organization-level and user-level EWSEnabled settings are set to True. If either setting is set to False, EWS access will be blocked. For further information regarding this topic, please review the following Microsoft article. If you need assistance on this topic, please contact BitTitan's support team.
Retirement of Exchange Web Services in Exchange Online
Microsoft has officially announced that Exchange Web Services (EWS) requests will be blocked in Exchange Online beginning October 1, 2026. Read Microsoft’s announcement.
At this time, no action is required from MigrationWiz users. We are taking the necessary steps to transition to Microsoft Graph API and ensure continued service without disruption.
Modern Authentication Requirements
The steps listed in the Required Permission for Performing M365 Mailbox and Archive Migrations article apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in the mailbox, and archive mailbox. Use a Global Administrator for the configuration steps.
Please review the documentation before preparing the source.
Create a Migration Service Account
Create a migration service account in Microsoft 365 for the tenant, this account does not require any admin role assigned. However, it must have full access to the user mailboxes or have the required API Permissions.
We recommend adding the necessary API permissions to the Modern Authentication app you are using for your O365 mailbox or archive mailbox endpoint. You can follow the steps outlined in this guide, as this is BitTitan's recommended approach.
Deprecation of Microsoft Application Impersonation Role
From February 2025, Microsoft has started the depreciation process to remove the Application Impersonation role from O365. Exchange On-premise and hosted Exchange are not affected by these changes. For further information please see this article.
If you are currently using Application Impersonation for your migrations, there is no telling when that will eventually fail. It is highly recommended that you switch to using the new API permission process to avoid delays in your project due to permission failures.
Export the User List to a CSV File
This can be used when bulk-adding users to your MigrationWiz project later. You can copy and paste the user list into the Source and Destination Email columns within your MigrationWiz project dashboard under Add > Bulk Add.
To export the user list:
- Go to the Microsoft 365 admin portal.
- Click Users.
- Click Active Users.
- Click Export.
- Click Continue.
Be sure to save the CSV somewhere you can access it for upload later in the migration.
MigrationWiz Steps
Create a Mailbox Project
- Log in to MigrationWiz.
- Click the Go to My Projects button.
- Click the Create Project button.
- Select the Mailbox project type.
- Click Next Step.
- Enter a Project name and select a Customer.
- Click Next Step.
- Select endpoints or follow the steps below to create new endpoints.
- Click Save and Go to Summary.
Endpoints
Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.
If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.
You may either use existing endpoints or create new ones.
Create your Endpoints
Please review the following tabs to create your destination and source endpoints.
Create your source endpoint by following the next steps:
- Click Endpoints.
- Click Add Endpoint.
- Select G Suite (IMAP).
- Enter the requested credentials.
- Click Add and Next Step.
Create your destination endpoint by following the next steps:
- Click New.
- Name the endpoint.
-
Select Microsoft 365 for the endpoint type.
- Select one of the following credential options.
- Provide Credentials, the form expands to show more fields for username and password. MigrationWiz uses the credentials to access the service chosen. In most cases, you must provide credentials for a migration service account on those services, as this will enable MigrationWiz to have full access to the cloud service.
- Do not Provide Credentials, MigrationWiz requests credentials from end users before a migration can be started. This may slow your migration, as you are now dependent on end users to provide these credentials.
- Click Add Endpoint.
- Complete the Application (client) ID, the Directory (tenant) ID, and the Client Secret fields.
- Click Next Step.
- Click Save and Go to Summary.
Application (client) ID, Directory (tenant) ID, and Client Secret
For Microsoft 365 Mailbox and Archive migrations, MigrationWiz adds the Application (client) ID, Directory (tenant) ID, and Client Secret fields.
While the Application (client) ID and the Directory (tenant) ID are mandatory, the Client Secret field is not. It will depend on the permissions of the user account that performs the migration. Please review the following information before the creation of your M365 endpoints.
-
Do not use the client secret value if you use delegated permissions (not the most recommended approach). When using delegated permissions, do not select the Use Impersonation to Authenticate checkbox in the source/destination tab of your project's advanced options.
-
The client secret value is mandatory if you using the API Permissions approach.
- If you already have a migration service account with the Impersonation role enabled (not using the API Permissions approach) the client secret value is not mandatory. Please leave the Client Secret field empty.
Warning
Keep in mind that Microsoft has started removing the application impersonation role from O365, meaning there is no telling when that will eventually fail. It is highly recommended that you switch to the API Permissions approach.
For more information about how to get the Application (client) ID and Directory (tenant) ID values from the Application Registration, please review step 3 of this article.
Region of Destination Tenant
The Region of Destination Tenant feature optimizes migration performance and speed by identifying the region closest to the destination tenant (continent-level). For Microsoft 365 endpoints, MigrationWiz detects and selects the appropriate region automatically once you create and save your project.
Please note that each time you edit your project endpoints, the following message will appear at the top of your project window (where XXXX is the detected region):
Automatically detected destination tenant's region and assigned to the 'BitTitan Datacenter' in XXXX.
For this migration type, you cannot manually change the region of the destination tenant. In case you need to modify it, contact our support team.
Endpoint Validation
Once the information has been provided for both, the source and destination endpoint, and the customer selects Save and Go to Summary, MigrationWiz performs an endpoint validation check.
This validation tests the migration service account credentials entered into the project and the Modern Authentication setup only. If there is an issue, the screen redirects to the endpoint and provides an error message or flyout that can be selected for more information regarding the error.
Common Errors when Configuring Your Endpoint
For more information on the AADSTS700016, AADSTS90002, and ADDSTS50126 issues review the Common Errors Using Modern Authentication page.
Add Users
Add the user accounts that will be migrated to the project. MigrationWiz allows you to bulk import users into the system.
You may use Bulk Add, Quick Add, or add the accounts to the MSPComplete customer.
- An email address
- Login name
- Password
- Mailbox status
Bulk Add uses a CSV containing the source and destination email addresses for the users to add the users to the project. If migrating only a specific group from a tenant, we recommend using the Bulk Add option.
MigrationWiz allows you to bulk import mailboxes into the system.
To import one or more mailboxes:
- Sign in to your MigrationWiz account.
- Select the Project for which you want to perform the bulk import.
- Click Add.
- Click Bulk Add.
- Follow the instructions on the page.
Advanced Options
Advanced Options allow you to choose your notifications, filtering, maintenance, licensing, performance, and some configuration options.
Support Options are advanced configurations that make use of Powershell or code blocks to provide extra options or resources for your migration.
The following options are the most valuable for this migration scenario:
Support Tab
Recommended Options
The following options are most valuable for all G Suite migration scenarios:-
StoreOverflowGooglePropertiesInNotes=1
- StoreOverflowGooglePropertiesInNotesPrefix="enter your text here" Replace "enter your text here" with your message.
- SuppressReminderDays=X Replace "X" with a value from 1 to 365.
Default Options for Microsoft 365 Endpoints
By default, some fields are view-only. In other words, you cannot edit or remove them from the support options page. To edit them, you need to edit the source or destination endpoint of your project.
Among these default options, you can find ModernAuthClientIdExport, ModernAuthTenantIdExport, ModernAuthClientSecretExport, ModernAuthClientIdImport, ModernAuthTenantIdImport, and ModernAuthClientSecretImport.
The support options above are required when configuring your endpoint.
Important
Keep in mind that the ModernAuthClientSecretExport and the ModernAuthClientSecretImport support options are text-masked.
Warning
You cannot update the default Advanced Options, in case you try to modify or add new ones the following message arises.
Filtering Tab
- Under Filtering, add:
(^All Mail$|^All Mail/)
Run Verify Credentials
- Sign in to your MigrationWiz account.
- Open the Project containing items you wish to validate.
- Select the items you wish to validate.
- Click on the Start button in your dashboard.
- Select Verify Credentials from the drop-down list.
Once complete, the results of the verification will be shown in the Status section.
Notify Users
Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration.
Run Migration
In the MigrationWiz interface:
Pre-Stage pass
- Select the users you wish to migrate.
- Click the Start button from the top.
- Select Pre-Stage Migration.
- Under the Migration Scheduling section, from the drop-down list, select 90 days ago.
- Click Start Migration.
MX Record Cutover
Once confirmed that the Pre-stage migration has been completed successfully. Log into the DNS provider's portal, and change the primary MX record to reflect the DNS settings for the destination M365 tenant.
Full pass
- Select the users.
- Click the Start button from the top.
- Select Full Migration.
- Click Start Migration.
Run Retry Errors
Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.
If problems persist, contact Support.
Remove All Mail
- Remove the All Mail filter from Project Advanced Options, and run one final full migration pass.
- Under Project Advanced Options > Filtering section, delete:
(^All Mail$|^All Mail/) - Select the users.
- Click the Start button from the top, and select Full Migration.
- Click Start Migration.
Request Statistics
Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.