G Suite (IMAP) to Microsoft 365 Migration Guide

This is the migration guide for a mailbox from G Suite, using the IMAP endpoint, to Microsoft 365. This guide contains all the steps needed for your migration. Other useful resources and information are also linked or included.  

MigrationWiz

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects. 

First migration?

We have created a guide on scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.

Prerequisites

It is important to highlight and meet the following prerequisites for a smooth migration project.

Licensing

We recommend that you purchase User Migration Bundle licenses for this migration scenario. User Migration Bundle licenses allow the performance of multiple migrations with a single license. For questions on licensing, visit MigrationWiz Licenses.

To use your license by following the next steps:

  1. Purchase Licenses.
  2. Create a Customer.
  3. Apply Licenses.
  4. Review Considerations.
Purchase Licenses Create a Customer Apply Licenses Considerations

Purchase licenses by following the steps below:

  1. Sign in to your BitTitan account. 
  2. In the top navigation bar, click Purchase.
  3. Click the Select button and choose User Migration Bundle licenses.
  4. Enter the number of licenses you want to purchase. Click Buy Now.
  5. Enter a Billing address if applicable.
  6. Click Next.
  7. Review the Order Summary and enter a payment method.
  8. Click Place Your Order.

Limitations

  • We are not able to support migrations with two-factor or multifactor authentication. 
  • App passwords are not supported for the Microsoft 365 endpoint. 
  • The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.
  • Some item types are not migrated. Click the bar below to expand the full list of what item types are and are not migrated. We are constantly working to create a better migration experience for you, so these items may change.

Besides, you should consider the following points when performing a G Suite (IMAP) to Microsoft 365 Migration: 

  • When migrating from G Suite as a source, contacts in Contact Groups (which look like subfolders of the Contacts folder) will migrate to the top-level contacts folder on the destination. Folders will be created for each group but the contacts will not be sorted into those folders.
  • Calendars can have multiple Owners. An Owner is anyone with "Make changes and manage sharing" permissions, so shared calendars will be migrated to users with these permissions by default.

Important

All accounts being migrated must be in Active status in the tenant. Users that are set to a status of Inactive accounts cannot fully migrate and fail in the project.

Migrated Items

Which items are migrated?

Always migrated

  • Inbox.
  • Folders/Labels.
  • Email.
  • Muted Email (as regular email).
  • Contacts.
  • Calendars (including links for Google Hangouts within calendar meetings).
  • Calendar Notifications.

Links for Google Hangouts are a new default feature added to Google Meetings. Microsoft 365 does not have the corresponding property to map. Therefore, when migrating to Microsoft 365, the links for Google Hangouts are added to the beginning of the meeting description body text on Microsoft 365.

What items are not migrated?

Not Migrated in Any Instance

  • Calendar Reminders.
  • Appointments.
  • Google Spaces.
  • Google Spaces Chats.
  • Chat message attachments.
  • Google Groups for Business (including forums and collaborative inboxes).

Not Migrated As Source

  • Calendar Attachments.
  • Calendar Reminders.
  • Tasks.
  • Chats and chat history.
  • Google Categories (i.e., the Google category flags: Social, Promotions, Updates, Forums).
  • Email attachments that are links to Google Drive.
  • Some calendar colors.
  • Personal Folder and Calendar Permissions.
  • Mailbox Rules.
  • Automatic Replies (Out of Office Messages).

Important

All color category meta tags are transferred over, but Microsoft 365 does not have direct color mappings from Google G Suite, so certain colors do not get mapped over, thus the colors are not displayed in Microsoft 365 for the calendar entries.

Not Migrated As Destination

  • Calendar Attachments.
  • Exceptions of recurring appointments.
  • Google Groups for Business (including forums and collaborative inboxes).

With Google API Endpoint at Source

With this endpoint, all items listed above migrate as before. However, utilizing the API endpoint enables migration of the following items as well. The following items are not migrated via the IMAP endpoint. 

  • Google Categories (Category flags, i.e. Social, Promotions, Updates, Forums).
  • Snoozed and Scheduled emails - these are migrated like regular emails to custom destination labels. Their properties are not migrated.

For additional features and limitations, please visit MigrationWiz: Migrated and Not Migrated Items.

Which is the migration mapping?

Relationship fields do not migrate fully from Gmail. The mapping is as follows: 

Google contact field

Mapping in O365

Remarks

Content.content

Contact body

Description in the body

Sensitivity

Sensitivity

 

Priority

Importance

 

Initials

Initials

 

Nickname

NickName

 

Name.FullName

Subject

 

Name.FullName

FileAs

 

Name.GivenName

GivenName

 

Name.FamilyName

Surname

 

Name.NameSuffix

Generation

 

Name.AdditionalName

MiddleName

 

Organization (primary)

CompanyName

Also stores name, department, title and job descriptions

Organizations (non-primary)

Companies

Also stores name, department, title and job descriptions

Emails

EmailAddresses

Only first 3 are stored. Rest are stored in overflow properties.

IMs

ImAddresses

Only first 3 are stored. Rest are stored in overflow properties.

Phone numbers

PhoneNumbers

Types:

  • home

  • home fax

  • mobile

  • pager

  • work

  • work fax

  • other

If any number is already set, we append to overflow contact properties

Postal Addresses

Physical Addresses

Types:

  • home

  • work

  • other

If any address is already set, we append to overflow contact properties.

Also stores city, country or region, postal code, state and street

Events

Wedding Anniversary (only for anniversary)

Rest are stored in overflow properties

Relations (value = "assistant")

AssistantName

 

Relations (value = "child")

Children

 

Relations (value = "domestic-partner")

SpouseName

 

Relations (value = "manager")

Manager

 

Relations (value = "partner")

SpouseName

 

Relations (value = "spouse")

SpouseName

 

Relations (value = others)

Others stored in overflow properties

 

Mileage

Mileage

 

ContactPhotoInBytes

Attachments

 

User defined fields

All stored in overflow properties

 

Name.GivenNamePhonetics + Name.AdditionalNamePhonetics

Stored as extended property

 

Name.FamilyNamePhonetics

Stored as extended property

 

contactEntry.Name.NamePrefix

Stored as extended property

 

Birthday

Stored as extended property

 

Websites

Stored as extended property

 

Prepare the Source Environment

Recommended Actions

The following sections are recommended to ensure that the migration of all data is possible and to prevent failures.

Set up API scopes with OAuth

BitTitan products use OAuth 2.0 to authenticate to G Suite and utilize the G Suite (IMAP) endpoint in MigrationWiz. This applies to both mailbox and document migration projects. To obtain access to your G Suite data, it is necessary to add specifically allowed API scopes to the MigrationWiz project.

  • These steps must be followed whenever there is a migration project either to or from G Suite that will utilize the G Suite (IMAP) endpoint. If migrating using the G Suite (Gmail API) with your service account, use the following migration guide instead:
    G Suite (Gmail API) to Exchange Online (Microsoft 365) Migration Guide
  • Enabling access is required for both G Suite mailbox and Google Drive document migration projects.
  • Mailbox migration projects require that a G Suite administrator grant access to the BitTitan client ID and scopes listed in this article.
  • Document migration projects require that a G Suite Super administrator grant access to the BitTitan client ID and scopes listed in this article and enable the API access. The steps to do this are included at the bottom of this article.

Steps in the G Suite Admin Console

Complete these steps to grant BitTitan client ID access to the appropriate scopes:

  1. Go to https://admin.google.com and authenticate as a Super Administrator.
  2. Click Security. If you do not see the security icon on your admin console home page, you do not have the necessary rights on your account to make these changes. Request Super Administrator access from the customer to implement these changes.
  3. Click Advanced settings. Google limits accessing and changing this setting to only G Suite Super Administrator accounts.
  4. You will now have one of two options, depending on whether your tenant has been updated to the new Google API or not. 
    • Old Google Tenant
      1. Go to the G Suite admin page at google.com
      2. Click on Security.
      3. Click on Advanced Settings.
      4. Click Manage API Client Access.
    • OR If your account shows the latest UI updates from Google:
      1. Go to the G Suite admin page at google.com
      2. Click on Security.
      3. Click on Overview.
      4. Scroll down and click API Controls.
      5. Under ‘Domain-wide delegation’, click Manage domain-wide delegation.
      6. On the Manage domain-wide delegation page, click Add new.
  5. Click MANAGE DOMAIN WIDE DELEGATION.
  6. Click Add New.
  7. Enter 113321175602709078332 into the Client ID field. 
  8. Enter  the following groups of scopes into the OAuth Scopes (comma-delimited) field:
    • G Suite as the Source (read-only scopes):
      https://mail.google.com/, https://www.google.com/m8/feeds, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive, https://sites.google.com/feeds/, https://www.googleapis.com/auth/gmail.settings.sharing, https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/contacts.other.readonly 
  9. Click Authorize. The client name is 113321175602709078332 (make sure there are no leading or trailing spaces, as this may cause the error "URL ends with an invalid top-level domain name."). This will grant BitTitan products access to the appropriate scopes.

Enable IMAP Access

Ensure IMAP access is enabled for all users. For details on how to check this, refer to the Google support article here.

Enable Folder Size Limits

Ensure the folder size limits on IMAP folders have been removed for all users. For each user:

  1. Click the gear icon
  2. Click Settings
  3. Select the Forwarding and POP/IMAP tab
  4. Select Folder Size Limits
  5. Select the radio button for Do not limit the number of messages in an IMAP folder (default).

This is an end-user setting, which can only be set on a per-user basis. Therefore, we recommend that you send instructions to your end users to check this setting. 

Sample Communication to End Users

Action Required - Due Date XX/XX/XX We are preparing to migrate your environment. To ensure a seamless migration, certain end-user settings must be verified. Follow the directions below to remove the folder limits on your account migration. Failure to do so on time may result in lost items. G Suite has a setting that can limit the number of messages in an IMAP folder. If this is configured, this will restrict MigrationWiz so that it can only retrieve and migrate that number of messages from each folder.

  1. Log in to your Gmail account.
  2. Click on the gear icon in the upper right-hand side of the window, and choose Settings.
  3. Click on the Forwarding and POP/IMAP tab.
  4. Under the IMAP Access heading, look for Folder Size Limits.
  5. Ensure that Do not limit the number of messages in an IMAP folder (default) is selected.

To further clarify the implications of this setting: If the limit has been set (e.g., to 1,000 as per the default suggestion), then if folders contain more than 1000 items, they will be truncated at 1000 items. This means that MigrationWiz will only be able to migrate 1000 emails from each folder. Thank you for your assistance. If you have any questions or concerns, please contact [Help Desk].

Export mailboxes to CSV file(s)

From the Google Admin portal:

  1. Click Users.
  2. Click ⁝ (3 vertical dots).
  3. Download Users.
  4. Download All Users.
  5. Click OK.
  6. Save.

Prepare the Destination Environment

Create Administrator Account

Create a Global Administrator or a delegated admin with full access rights or permissions account in Microsoft 365 to be used for migration or use the Global Administrator or delegated admin with full access rights or permissions account for the tenant. To have administrative permissions to migrate mailbox data, grant the account permissions on each mailbox.

  • Having administrative access to the Microsoft 365 control panel to manage users does not mean the same account has permission to access all mailboxes for migration.
  • Having delegated admin access to accounts does not provide enough access.

Enabling an administrative account the ability to access Microsoft 365 user mailboxes can be performed by adding the Impersonation role or Full Access mailbox permissions.  The below steps will explain how to configure the permissions access for both options.

Updated Mailbox Permission Steps to Use in Place of the Application Impersonation Role

Starting in May 2024, Microsoft announced that they will begin blocking the assignment of the Application Impersonation role in Exchange Online and that in February 2025, they will completely remove this role and its feature set from Exchange Online, for more information click here.
If you do not already have an admin account with the Application Impersonation role assigned, use the steps outlined in the following KB to add the necessary API permissions (to use in place of the Application Impersonation role) to the Modern Authentication app you are using for your O365 mailbox or archive mailbox endpoint.
Impersonation

To enable the admin account to impersonate users, run the below PowerShell command:

$cred = Get-Credential

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection

Import-PSSession $session

Enable-OrganizationCustomization

New-ManagementRoleAssi​gnment -Role ApplicationImpersonation -User <admin_user_name>

Remove-PSSession $session

More information about this PowerShell command can be found here.

  • MigrationWiz uses delegation by default to log in to individual user mailboxes using administrative credentials specified on the connector. 

It is highly recommended to use impersonation when migrating from or to Office 365.

Benefits

Using impersonation, it is possible to stop sharing the throttling quota and connection limits associated with a single administrative account. ​Instead, the throttling quota of each user is used to log in to each user's mailbox.

Using impersonation means:

  • Eliminating most "Connection did not succeed" errors
  • Allowing migration of more mailboxes concurrently
  • Reducing the impact of throttling and connection limits
  • Using an admin account without assigning a license to it
Full Access

To manually grant administrative access for migration, execute the following remote PowerShell commands: 

$cred = Get-Credential

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection

Import-PSSession $session

Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false -User MigrationWiz

Remove-PSSession $session

  • The command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.
  • In the script above, the username "MigrationWiz" should be replaced with the name of the administrative account that was set up, by following the instructions in this Knowledge Base article.
  • This username is the Administrative Username that needs to be entered under the project's Source or Destination settings, within MigrationWiz, when checking the box labeled Use Administrative Login.

Set Up User Accounts

Set up user accounts on the destination Microsoft 365 tenant and assign licenses. These can be created in several ways. (The following links are to external articles.)

Create an Administrator Account

Create an administrator account in Microsoft 365 to be used for migration or use the global admin account for the tenant. The administrator account must have either full access to the user mailboxes or be granted impersonation rights. We recommend using impersonation as it will help reduce the likelihood of the migration being throttled by Microsoft. For specific steps to set impersonation manually, follow the steps in Prepare the Source.

Test Administrator Access

Test that the administrator can access user mailboxes. Test access to the tenantname.onmicrosoft.com addresses, not to the domainname.com addresses. Make sure that the tenantname.onmicrosoft.com account is attached to each mailbox in Microsoft 365. By default, it should be attached, but if not, it will need to be added as an alias to each account. This can be done through the Microsoft 365 admin portal or via PowerShell scripts. 

Modern Authentication Requirements

The steps listed in the Obtain Client and Tenant ID Settings for Mailbox and Exchange Online Migrations section of the Authentication Methods Migrations KB apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in mailbox, archive mailbox, and public folder projects. Use a Global Administrator for the configuration steps.

Please review the documentation before preparing the destination.

MigrationWiz Steps

Create a Mailbox Project

  1. Log in to MigrationWiz.
  2. Click the Go to My Projects button.
  3. Click the Create Project button.
  4. Select the Mailbox project type. 
  5. Click Next Step.
  6. Enter a Project name and select a Customer.
  7. Click Next Step.
  8. Select endpoints or follow the steps below to create new endpoints. 

Endpoints

Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.

If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.

You may either use existing endpoints or create new ones. 

Client Secret for Microsoft 365 Endpoints

For all Microsoft 365 Endpoints mailbox migrations (including archive migrations), MigrationWiz adds the Client Secret field, which is not always mandatory. It will depend on the permissions of the user account that performs the migration. Please review the following information before the creation of your M365 endpoints.

  • The client secret value is not mandatory if you use delegated permissions. Please leave the Client Secret field empty.

  • The client secret value is mandatory if you use the RBAC approach for application impersonation.

  • If you already have an admin account with the Impersonation role enabled (not using the RBAC approach) the client secret value is not mandatory. Please leave the Client Secret field empty.

Create a Source Endpoint

  1. Click Endpoints.
  2. Click Add Endpoint.
  3. Select G Suite (IMAP). 
  4. Enter the requested credentials.
  5. Click Add Endpoint. 

Create a Destination Endpoint

  1. Click Endpoints.
  2. Click Add Endpoint.
  3. Select Office 365. 
  4. Enter the requested credentials.
  5. Click Add Endpoint. 
  6. Complete the Application (client) ID, the Directory (tenant) ID, and the Client Secret fields, otherwise, you cannot save your project.

    Destintation Settings.png

  7. Click Next Step.

Important

When configuring the destination endpoint, do not forget to complete the client ID and the tenant ID fields for the Destination endpoint, otherwise, you cannot save your project migration.

Once the information has been provided for both, the source and/or destination endpoint, and the customer selects Save and Go to Summary, MigrationWiz performs an endpoint validation check for the Microsoft 365 endpoint.

This validation tests the administrator credentials entered into the project and the Modern Authentication setup only. If there is an issue, the screen redirects to the endpoint and provides an error message or flyout that can be selected for more information regarding the error.

Common Errors when Configuring Your Endpoint

For more information, review the AADSTS700016, AADSTS90002, and ADDSTS50126 issues on the Common Errors Using Modern Authentication page.

Add Users

Add the user accounts that will be migrated to the project. MigrationWiz allows you to bulk import users into the system.

You may use Bulk Add, Quick Add, or add the accounts to the MSPComplete customer. 

Quick Add
This option allows you to add items one at a time. To do so, you only have to provide an email address if you entered administrative credentials when setting up the project. If you did not, enter the following user information:
  • An email address
  • Login name
  • Password
  • Mailbox status
Bulk Add

Bulk Add uses a CSV containing the source and destination email addresses for the users to add the users to the project. If migrating only a specific group from a tenant, we recommend using the Bulk Add option.

MigrationWiz allows you to bulk import mailboxes into the system.

To import one or more mailboxes:

  1. Sign in to your MigrationWiz account.
  2. Select the Project for which you want to perform the bulk import.
  3. Click Add.
  4. Click Bulk Add.
  5. Follow the instructions on the page.

Advanced Options

Advanced Options allow you to choose your notifications, filtering, maintenance, licensing, performance, and some configuration options.

Support Options are advanced configurations that make use of Powershell or code blocks to provide extra options or resources for your migration.

The following options are the most valuable for this migration scenario:

Support Tab

Recommended Options

The following options are most valuable for all G Suite migration scenarios:
  • StoreOverflowGooglePropertiesInNotes=1 

  • StoreOverflowGooglePropertiesInNotesPrefix="enter your text here" Replace "enter your text here" with your message.
  • SuppressReminderDays=X Replace "X" with a value from 1 to 365.

Default Options for Microsoft 365 Endpoints

By default, some fields are view-only. In other words, you cannot edit or remove them from the support options page. To edit them, you need to edit the source or destination endpoint of your project.

Among these default options, you can find ModernAuthClientIdExport, ModernAuthTenantIdExport, ModernAuthClientSecretExport, ModernAuthClientIdImport, ModernAuthTenantIdImport, and ModernAuthClientSecretImport. 

The support options above are required when configuring your endpoint.

Important

Keep in mind that the ModernAuthClientSecretExport and the ModernAuthClientSecretImport support options are text-masked.

Warning

You cannot update the default Advanced Options, in case you try to modify or add new ones the following message arises.
Duplicate Support Option.png

Source/Destination Tab

  • Set to use impersonation at the Destination. Checkmark the Use impersonation at Destination box. 

Filtering Tab

  • Under Filtering, add: (^All Mail$|^All Mail/) 

Run Verify Credentials

  1. ​Sign in to your MigrationWiz account​.
  2. Open the Project containing items you wish to validate.
  3. Select the items you wish to validate.
  4. Click on the Start button in your dashboard.
  5. Select Verify Credentials from the drop-down list.

Once complete, the results of the verification will be shown in the Status section.​ 

Notify Users

Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration. 

Run Migration

In the MigrationWiz interface:

Pre-Stage pass

  1. Select the users you wish to migrate.
  2. Click the Start button from the top.
  3. Select Pre-Stage Migration.
  4. Under the Migration Scheduling section, from the drop-down list, select 90 days ago.
  5. Click Start Migration.

MX Record Cutover

Once confirmed that the Pre-stage migration has been completed successfully. Log into the DNS provider's portal, and change the primary MX record to reflect the DNS settings for the destination M365 tenant.

Full pass

  1. Select the users.
  2. Click the Start button from the top.
  3. Select Full Migration.
  4. Click Start Migration.

Run Retry Errors

Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.

If problems persist, contact Support.

Remove All Mail

  1. Remove the All Mail filter from Project Advanced Options, and run one final full migration pass.
  2. Under Project Advanced Options > Filtering section, delete: (^All Mail$|^All Mail/) 
  3. Select the users.
  4. Click the Start button from the top, and select Full Migration.
  5. Click Start Migration.

Request Statistics

Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.

Was this article helpful?
12 out of 20 found this helpful