This guide covers the steps necessary to migrate an instance of Google Vault to Microsoft 365.
First migration?
This migration guide contains the necessary steps to perform the actual migration, but there are many steps to preparing for migration. If this is your first time performing a migration, we have created a Migration Planning & Strategy Guide to walk you through planning, set-up, and general migration best practices.
Prerequisites
Licensing
Purchase and apply User Migration Bundle licenses for all the users being migrated. For this migration type, we suggest the User Migration Bundle. For questions on licensing, visit MigrationWiz Licenses.
- User Migration Bundle Licenses have unlimited data available per license.
- User Migration Bundle Licenses are applied to the customer's users and expire 12 months after their purchase date.
- Document, Personal Archive, and DeploymentPro projects are all included when using User Migration Bundle Licenses.
- This license type must be applied manually.
To use your license by following the next steps:
- Purchase Licenses.
- Create a Customer.
- Apply Licenses.
- Review Considerations.
Purchase licenses by following the steps below:
- Sign in to your BitTitan account.
- In the top navigation bar, click Purchase.
- Click the Select button and choose User Migration Bundle licenses.
- Enter the number of licenses you want to purchase. Click Buy Now.
- Enter a Billing address if applicable.
- Click Next.
- Review the Order Summary and enter a payment method.
- Click Place Your Order.
Create Customer on MSPComplete by performing these steps:
- Click the Add button in the top navigation bar
- Click the Add Customer button on the All Customers page
- Select the appropriate workgroup in the left navigation pane and click All Customers.
- Click Add Customer.
- Enter the new customer’s information in the Add Customer form. Primary Email Domain and Company Name are required. The rest are optional.
- Click Save.
- Repeat steps 1 through 4 for each customer you want to add.
Perform these steps on MSPComplete:
- Select the correct workgroup on the top of the left navigation pane.
Important
This is the workgroup which the customer and migration projects were created under. Your account must be part of the workgroup if the project was not created under your account. - Click Customers on the left navigation pane.
- Click the customer that employs the user to whom you want to use the User Migration Bundle license.
- Click the Users tab at the top of the page.
- Apply the license to the users by checking the box to the left of their emails.
- Click the Apply User Migration Bundle License button at the top of the page.
Tip
We recommend adding users to the Customer page with the vanity domain. Then apply the User Migration Bundle Licenses, before editing to show the .onmicrosoft domain, if the .onmicrosoft domain will be used for the migration. - Click Confirm if at least one unassigned User Migration Bundle license is available for each selected user.
Important
If there are no User Migration Bundle licenses currently available to be assigned and your role in the workgroup is Manager or higher, the form that appears provides all the necessary information and will walk you through the steps of purchasing User Migration Bundle licenses.
Licenses are released once payment has been received:
- Licenses are available immediately upon payment if you purchase via credit card.
- If you purchase via wire transfer (100+ licenses), the licenses will be available once payment is received and accepted.
- We do not accept purchase orders because of processing overhead.
In both cases, you will be notified by email that payment has been accepted and licenses are available in your account upon notification.
For more information on licensing, including coupon redemption and other licensing types, see our Licensing FAQ.
Limitations
- Archived Email Folders and emails can be migrated from Google Vault only.
- MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.
- We are not able to support migrations with two-factor or multifactor authentication.
- The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.
- Items located in the root folder of the mailbox are not migrated.
Azure Storage Account (BLOB)
Buy an Azure subscription.
Create an Azure storage account. Note this information somewhere for use during the endpoint process.
- Visit https://portal.azure.com
- Click New.
- Select Storage > Storage account.
- Enter a name for your storage account.
- Choose Resource Manager for the Deployment model.
- Choose Blob storage for the Account kind with Standard performance. If you are using the v2 endpoint for a document migration, do NOT select Blob Storage, you will instead need to select STORAGEV2 (general purpose v2) with Standard performance.
- In the Replication field, select Locally Redundant Storage (LRS).
- Select the subscription in which you want to create the new storage account.
- Specify a new resource group or select an existing resource group.
- Select the geographic location for your storage account.
- Do NOT select to enable Data Lake Storage Gen2.
- Click Create to create the storage account.
- Now the storage account appears in the storage list.
To obtain your Access Key
- Log on to the Azure portal
- Click Dashboard.
- Click All Resources.
- Click All Subscriptions.
- Click Storage Account name .
- Click Settings.
- Click Access Key.
- Make a note of the Storage Account Name and the Primary Access Key. These will need to be entered when creating your MSPComplete Destination Endpoint.
Create an Azure public blob container named migrationwiz. Confirm that the blob container is empty and accessible. MigrationWiz is the default container name that MigrationWiz looks for. This can be modified in the Advanced Options of the MigrationWiz project.
Prepare the Source Environment
Prerequisites for Google Vault Migrations
Migrating from Google Vault is a three-step process:
-
Identify the data to be exported from Google Vault.
- Complete export or targeted data.
-
Search, Export and Upload Files (to Azure) using BitTitan Google Vault Extractor.
-
Search Google Vault.
-
Export and download the contents from Google Vault.
-
Use UploaderWiz to upload the locally stored files to Azure Blob storage.
-
-
Migrate the data using MigrationWiz.
- It is suggested to migrate the results into the Recoverable Items Folder in the primary Microsoft 365 mailbox but can be migrated to any location (Primary mailbox or Archive mailbox).
Export Server: It is required that BitTitan Google Vault Extractor be run from a locally managed server. This export server is set up and maintained by the customer. The export server is a requirement and not provided by BitTitan. This server can be a local workstation, an on-premise server, or a virtual server.
Set up and Configure the Google Vault Extractor
Google Vault OAuth Client API Setup
BitTitan’s Google Vault Extractor allows for the use of your own OAuth Client API, rather than the BitTitan shared API. This option has many benefits and allows for greater control over throttling and security. It’s not a requirement of the migration, but BitTitan recommends this option.
Google Vault OAuth Client API Setup
List of Users to Export
BitTitan’s Google Vault Extractor requires a .txt file with the email addresses of the users that need to be extracted. As part of migration planning, you will need to consider batching the users into multiple text files. The extractor will systematically work its way down the list and process each user in a serial means. It is recommended that each user list contains no more than fifty users to easily manage the batch. You will also need to plan out the storage requirements for the list of users. If the list contains fifty users and those fifty users add up to 100GB in exported data volume, the local export server needs to have the required free space.
Sample input file:
Microsoft 365 Mailboxes
Important
If you are migrating into the Recoverable Items Folder of the user's mailbox, make sure the user is on Litigation Hold in Microsoft 365. If you do not, the data will be automatically deleted in Microsoft 365. Learn how to place the mailboxes on Litigation Hold from this TechNet article.Identify the data to be exported from Google Vault
The key to a successful Google Vault migration is to properly identify the data you want to extract from Google Vault. The key to getting data out of Google Vault is to search for it and then export the search results. The search is the key to successfully exporting the data required. To correctly search the data, use Google Search Terms to target the data required. BitTitan Google Vault Extractor will programmatically search, export, and download the results automatically and at scale.
It is recommended that you review the Google Vault Best Practices Guide and Use the Google Vault Extractor for more information.
Search, Export, and Upload Files (to Azure) using BitTitan Google Vault Extractor and UploaderWiz
- From the Export Server, open an administrative command prompt.
- Navigate to your working directory.
- Run the command to Search, Export, Download, and Upload (optional). Build your export command depending on the data export requirements.
GoogleVaultExport.lnk -process-start-args "-command exportandupload -clientid GOOGLE CLIENT ID -clientSecret GOOGLE CLIENT SECRET -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms ""label:^deleted"""
Example: Search, Export, Download, then Upload automatically not using your own Google Vault OAuth Client API Setup:
GoogleVaultExport.lnk -process-start-args "-command exportandupload -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms ""label:^deleted"""
-
This will automatically launch a browser window for authentication. Log in with the Google Administrator Account and select that account to authenticate for access to Google Vault data.
Important
To switch to a different Google Administrator account after logging in, you can use the reset option:GoogleVaultExport.exe "-comand reset"
- Once access is granted, the extractor will run in the command window.
-
When completed:
-
Confirm that all expected Google Vault data is available in the Azure BLOB if you used the option to extract and upload or
-
Manually upload the results to the Azure BLOB if you used the option to only extract.
-
-
Troubleshooting:
- Run the extraction again. The extractor will skip any users with a .done file and only re-try the ones with a .fail.
- Refer to the Troubleshooting Google Vault Extractor KB article.
Important
Storage management is critical on the Export Server.
Prepare the Destination Environment
Important
If you are migrating into the Recoverable Items Folder of the mailbox, make sure the user is on Litigation Hold in Microsoft 365. If you do not, the data will be automatically deleted in Microsoft 365.
Create the Admin Account
Add an admin in Microsoft 365 to use for this migration, or use the global admin account for the tenant.
Set up Accounts
Set up accounts on Microsoft 365 and assign licenses. These can be created in several ways:
- Manually, one at a time. Microsoft instructions to add users individually.
- By bulk import, via CSV file. Microsoft instructions to bulk add users.
- By PowerShell script. TechNet article.
- Place the mailboxes on Litigation Hold.
Modern Authentication Requirements
The steps listed in the Obtain Client and Tenant ID Settings for Mailbox and Exchange Online Migrations section of the Authentication Methods Migrations KB apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in mailbox, archive mailbox, and public folder projects. Use a Global Administrator for the configuration steps.
Please review the documentation before preparing the destination.
MigrationWiz Steps
Create a Personal Archive Migration Project
Create a Personal Archive Migration project.
- Click the Go to My Projects button.
- Click the Create Project button.
- Select Personal Archive Migration.
- Click Next Step.
- Enter a Project name and select a Customer.
- Click Next Step.
Endpoints
Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.
If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.
Select a Google Vault (Azure Storage) source endpoint or create a new endpoint.
Create a Source Endpoint
- Click New.
- Name the endpoint.
- Select type Google Vault (Azure Storage).
- Enter Storage Account Name and Access Key in the fields provided.
- Click Add.
- Click Next Step.
Select an existing Office 365 destination endpoint or create a new destination endpoint.
Create a Destination Endpoint
- Click New.
- Name the endpoint.
-
Select Office 365 for the endpoint type.
-
Fill in the required fields.
- Click Add.
- Click Next Step.
- Click Save and Go to Summary.
Add Items
- Select Add > Autodiscover Items.
- Edit Destination email addresses as needed to set the Destination mailbox to ingest each file into.
- Click the Edit Item icon to the right of the row.
- Under Destination Email Address, enter the mailbox this file will be ingested into.
Advanced Options
Support Tab
Add the following advanced options:
- GoogleVaultCustomEndpointSuffix=Azure URI This allows you to choose your Azure location.
Filtering Tab
When “Recoverable Items' is selected, add the folder filter ^(?!Permanently Deleted)
to prevent incorrect migration statistics. Note that without this Folder filter, MigrationWiz will map all source folders to the destination “Deletions” folder which causes migration statistics to be incorrect.
Source/Destination Tab
Set the Destination to migrate data into DESTINATION: MICROSOFT OFFICE 365 > Migrate to: Mailbox or Archive or Recoverable Items.
Best practices recommend you migrate into the Recoverable Items Folder so the user does not have access to the data. The default setting is Mailbox in MigrationWiz.
Audit Log Options Tab
Enable Audit Logging. This option provides a detailed audit trail and log of all the actions taken during a migration. The audit log includes entries for actions performed against items, such as item read at the Source, item skipped, item created at the Destination, item-level errors that occurred during migration, etc. These are logged to a SQL Azure database that you create and own. You are then able to build on top of the data by creating customized reports that provide the transparency necessary for security and compliance.
Run Verify Credentials
You may verify the credentials of items in MigrationWiz without migrating data or consuming any licenses.
- Open the Project containing items you wish to validate.
- Select the items you wish to validate.
- Click the Start button in your dashboard.
- Select Verify Credentials from the drop-down list.
Notify Users
Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration.
Perform a full migration pass
Delta migrations are not supported for Google Vault migrations. Google Vault migrations only require a single Full Migration pass.
- Check the box next to the line item you wish to migrate.
- From the top navigation, click Start then select Full Migration.
- Under the Select what to migrate section, choose which item types to migrate.
- Click Start Migration.
Request Statistics
Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.
Post-Migration Steps
The following can be deleted:
-
On the Google Vault admin portal:
-
Matter files that were created for each query
-
Downloaded Matter files
-
The client OAuth Client API (if one was created)
-
-
On the client computer being used to run the Google Vault Extractor:
- The Google Vault Extractor and directory
-
On Azure:
- Azure storage containers used for uploading the extracted matter files into.
- The Azure storage account, if it was set up just for the Google Vault project.
-
On MigrationWiz:
- Your Google Vault MigrationWiz project
Important
This is optional because MigrationWiz has a 180-day auto-delete policy.
- Your Google Vault MigrationWiz project
-
On Office 365:
-
Endpoints that were created for this project
-
If a separate account was created for migrating the Google Vault items to Office 365 (e.g., migrationwiz@domain.com), this account can be deactivated and removed.
-