Google Vault to Microsoft 365 Migration Guide

This guide covers the steps necessary to migrate an instance of Google Vault to Microsoft 365. 

First migration?

This migration guide contains the necessary steps to perform the actual migration, but there are many steps to preparing for migration. If this is your first time performing a migration, we have created a Migration Planning & Strategy Guide to walk you through planning, set-up, and general migration best practices.


Archived Email Folders and emails can be migrated from Google Vault only.

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

We are not able to support migrations with two-factor or multifactor authentication. 

The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.

Items located in the root folder of the mailbox are not migrated. 

Prerequisites for Google Vault Migrations 

Migrating from Google Vault is a three-step process: 

  1. ​​Identify the data to be exported from Google Vault.

a. Complete export or targeted data. 

2. Search, Export and Upload Files (to Azure) using BitTitan Google Vault Extractor.

a. Search Google Vault. 

b. Export and download the contents from Google Vault.

c. Use UploaderWiz to upload the locally stored files to Azure Blob storage. 

3. Migrate the data using MigrationWiz.

a. It is suggested to migrate the results into the Recoverable Items Folder in the primary Microsoft 365 mailbox but can be migrated to any location (Primary mailbox or Archive mailbox).

Export Server: It is required that BitTitan Google Vault Extractor be run from a locally managed server. This export server is set up and maintained by the customer. The export server is a requirement and not provided by BitTitan. This server can be a local workstation, an on-premise server, or a virtual server. 

Set up and Configure the Google Vault Extractor 

Azure Storage Account (BLOB) 

Buy an Azure subscription.

Create an Azure storage account. Note this information somewhere for use during the endpoint process.

  1. Visit ​​​
  2. Click New.​
  3. Select Storage > Storage account.
  4. Enter a name for your storage account.​
  5. Choose Resource Manager for the Deployment model.
  6. Choose Blob storage for the Account kind with Standard performance. If you are using the v2 endpoint for a document migration, do NOT select Blob Storage, you will instead need to select STORAGEV2 (general purpose v2) with Standard performance.
  7. In the Replication field, select Locally Redundant Storage (LRS).
  8. Select the subscription in which you want to create the new storage account.
  9. Specify a new resource group or select an existing resource group.
  10. Select the geographic location for your storage account.
  11. Do NOT select to enable Data Lake Storage Gen2.
  12. Click Create to create the storage account.
  13. Now the storage account appears in the storage list.​

To obtain your Access Key

  1. Log on to the Azure portal
  2. Click Dashboard.
  3. Click All Resources.
  4. Click All Subscriptions.
  5. Click Storage Account name .
  6. Click Settings.
  7. Click Access Key.
  8. Make a note of the Storage Account Name and the Primary Access Key. These will need to be entered when creating your MSPComplete Destination Endpoint. 

Create an Azure public blob container named migrationwiz. Confirm that the blob container is empty and accessible. MigrationWiz is the default container name that MigrationWiz looks for. This can be modified in the Advanced Options of the MigrationWiz project. 

Google Vault OAuth Client API Setup 

BitTitan’s Google Vault Extractor allows for the use of your own OAuth Client API, rather than the BitTitan shared API. This option has many benefits and allows for greater control over throttling and security. It’s not a requirement of the migration, but BitTitan recommends this option 

Google Vault OAuth Client API Setup 

List of Users to Export 

BitTitan’s Google Vault Extractor requires a .txt file with the email addresses of the users that need to be extracted. As part of migration planning, you will need to consider batching the users into multiple text files. The extractor will systematically work its way down the list and process each user in a serial means. It is recommended that each user list contains no more than fifty users to easily manage the batch. You will also need to plan out the storage requirements for the list of users. If the list contains fifty users and those fifty users add up to 100GB in exported data volume, the local export server needs to have the required free space.  

Sample input file:


Microsoft 365 Mailboxes 

Important Note

If you are migrating into the Recoverable Items Folder of the user's mailbox, make sure the user is on Litigation Hold in Microsoft 365. If you do not, the data will be automatically deleted in Microsoft 365. Learn how to place the mailboxes on Litigation Hold from this TechNet article.

Identify the data to be exported from Google Vault 

The key to a successful Google Vault migration is to properly identify the data you want to extract from Google Vault. The key to getting data out of Google Vault is to search for it and then export the search results. The search is the key to successfully exporting the data required. To correctly search the data, use Google Search Terms to target the data required. BitTitan Google Vault Extractor will programmatically search, export, and download the results automatically and at scale. 

It is recommended that you review the Google Vault Best Practices Guide and Use the Google Vault Extractor for more information.  

Search, Export, and Upload Files (to Azure) using BitTitan Google Vault Extractor and UploaderWiz 

1. From the Export Server, open an administrative command prompt. 

2. Navigate to your working directory.

3. Run the command to Search, Export, Download, and Upload (optional). Build your export command depending on the data export requirements 

GoogleVaultExport.lnk -process-start-args "-command exportandupload -clientid GOOGLE CLIENT ID -clientSecret GOOGLE CLIENT SECRET -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms ""label:^deleted"""

Example: Search, Export, Download, then Upload automatically not using your own Google Vault OAuth Client API Setup: 
GoogleVaultExport.lnk -process-start-args "-command exportandupload -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms ""label:^deleted""" 

4. This will automatically launch a browser window for authentication. Log in with the Google Administrator Account and select that account to authenticate for access to Google Vault data.  


To switch to a different Google Administrator account after logging in, you can use the reset option:
GoogleVaultExport.exe "-comand reset"


5. Once access is granted, the extractor will run in the command window.

6. When completed: 

a. Confirm that all expected Google Vault data is available in the Azure BLOB if you used the option to extract and upload or

b. Manually upload the results to the Azure BLOB if you used the option to only extract.


The extractor will download two files from Google; the compressed zip folder with the data and an XML file, and a .done file, which indicates a successful extraction. It will do this for each user in the input file. If the extractor fails on a user, it will create a .fail file for the user. 


7. Troubleshooting:

a. Run the extraction again. The extractor will skip any users with a .done file and only re-try the ones with a .fail. 

b. Refer to the Troubleshooting Google Vault Extractor KB article.


Storage management is critical on the Export Server.  

Prepare the Destination Environment 

Important Note

If you are migrating into the Recoverable Items Folder of the mailbox, make sure the user is on Litigation Hold in Microsoft 365. If you do not, the data will be automatically deleted in Microsoft 365. 

Create the admin account

Add an admin in Microsoft 365 to use for this migration, or use the global admin account for the tenant. 

Set up accounts

Set up accounts on Microsoft 365 and assign licenses. These can be created in several ways:

Modern Authentication Requirements

The steps listed in the Obtain Client and Tenant ID Settings for Mailbox and Exchange Online Migrations section of the Authentication Methods Migrations KB apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in mailbox, archive mailbox, and public folder projects. Use a Global Administrator for the configuration steps.

Please review the documentation before preparing the destination.

Purchase licenses

We recommend that you purchase the User Migration Bundle license for this migration scenario. User Migration Bundle licenses allow multiple types of migrations to be performed with a single license. They also allow DeploymentPro to be used to configure Outlook email profiles. For questions on licensing, visit MigrationWiz Licenses

To purchase licenses

  1. Sign in to your BitTitan account. 
  2. In the top navigation bar, click Purchase.
  3. Click the Select button and choose User Migration Bundle licenses.
  4. Enter the number of licenses you want to purchase. Click Buy Now.
  5. Enter a Billing address if applicable.
  6. Click Next.
  7. Review the Order Summary and enter a payment method.
  8. Click Place Your Order.

MigrationWiz Steps 

Create a Migration Project

Create a Personal Archive Migration project.

  1. Click the Go to My Projects button.
  2. Click the Create Project button.
  3. Select Personal Archive Migration.
  4. Click Next Step.
  5. Enter a Project name and select a Customer.
  6. Click Next Step.


Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.

If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.

Select a Google Vault (Azure Storage) source endpoint or create a new endpoint.

Create a Source Endpoint

    1. Click New.
    2. Name the endpoint.
    3. Select type Google Vault (Azure Storage).
    4. Enter Storage Account Name and Access Key in the fields provided. 
    5. Click Add.
    6. Click Next Step.

Select an existing Office 365 destination endpoint or create a new destination endpoint.

Create a Destination Endpoint

    1. Click New.
    2. Name the endpoint.
    3. Select Office 365 for the endpoint type.

    4. Fill in the required fields.

    5. Click Add.
    6. Click Next Step.
    7. Click Save and Go to Summary.

Add Items

  1. Select Add > Autodiscover Items. 
  2. Edit Destination email addresses as needed to set the Destination mailbox to ingest each file into.  
  3. Click the Edit Item icon to the right of the row.  
  4. Under Destination Email Address, enter the mailbox this file will be ingested into.

Set the Project Advanced Options

  • Set the Destination to migrate data into DESTINATION: MICROSOFT OFFICE 365 > Migrate to: Mailbox or Archive or Recoverable Items. Best practices recommend you migrate into the Recoverable Items Folder so the user does not have access to the data. The default setting is Mailbox in MigrationWiz.
    • When “Recoverable Items' is selected, add the folder filter ^(?!Permanently Deleted) to prevent incorrect migration statistics. Note that without this Folder filter, MigrationWiz will map all source folders to the destination “Deletions” folder which causes migration statistics to be incorrect.


  • OptionalAdd GoogleVaultCustomEndpointSuffix=Azure URI under Support/Support options. This allows you to choose your Azure location. 
  • Optional: Enable Audit Logging. This option provides a detailed audit trail and log of all the actions taken during a migration. The audit log includes entries for actions performed against items, such as item read at the Source, item skipped, item created at the Destination, item-level errors that occurred during migration, etc. These are logged to a SQL Azure database that you create and own. You are then able to build on top of the data by creating customized reports that provide the transparency necessary for security and compliance.

Run Verify Credentials

You may verify the credentials of items in MigrationWiz without migrating data or consuming any licenses.

  1. Open the Project containing items you wish to validate.
  2. Select the items you wish to validate.
  3. Click the Start button in your dashboard.
  4. Select Verify Credentials from the drop-down list.

Once complete, the results of the verification will be shown in the Status section.​ 

Notify Users

Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration. 

Perform a full migration pass

Delta migrations are not supported for Google Vault migrations. Google Vault migrations only require a single Full Migration pass.

  1. Check the box next to the line item you wish to migrate. 
  2. From the top navigation, click Start then select Full Migration.
  3. Under the Select what to migrate section, choose which item types to migrate. 
  4. Click Start Migration

Request Statistics

Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics. 

Post-Migration Steps 

The following can be deleted: 

  1. On the Google Vault admin portal: 

a. Matter files that were created for each query 

b. Downloaded Matter files 

c. The client OAuth Client API (if one was created)

2. On the client computer being used to run the Google Vault Extractor: 

a. The Google Vault Extractor and directory 

3. On Azure: 

a. Azure storage containers used for uploading the extracted matter files into.

b. The Azure storage account, if it was set up just for the Google Vault project. 

4. On MigrationWiz: 

a. Your Google Vault MigrationWiz project


This is optional because MigrationWiz has a 180-day auto-delete policy. 

5. On Office 365: 

a. Endpoints that were created for this project 

b. If a separate account was created for migrating the Google Vault items to Office 365 (e.g.,, this account can be deactivated and removed.  

Was this article helpful?
0 out of 0 found this helpful