This document will walk you through the environment preparation and MigrationWiz steps necessary to perform your migration from one Microsoft 365 Personal Archives instance to another Microsoft 365 Personal Archives instance.
MigrationWiz
MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.
First Migration?
If this is your first time performing a migration, we have created a Migration Planning & Strategy Guide to walk you through planning, set-up, and general migration best practices.
Prerequisites
It is important to highlight and meet the following prerequisites for a smooth migration project.
Licensing
We recommend that you purchase User Migration Bundle licenses for this migration scenario. User Migration Bundle licenses allow the performance of multiple migrations with a single license. For questions on licensing, visit MigrationWiz Licenses.
To use your license by following the next steps:
- Purchase Licenses.
- Create a Customer.
- Apply Licenses.
- Review Considerations.
Important
If you have already completed a mailbox migration project against this Source environment, steps two and three will already have been completed. The endpoints that were created for your mailbox migration project can be used for your in-place archive migration project.
Purchase licenses by following the steps below:
- Sign in to your BitTitan account.
- In the top navigation bar, click Purchase.
- Click the Select button and choose User Migration Bundle licenses.
- Enter the number of licenses you want to purchase. Click Buy Now.
- Enter a Billing address if applicable.
- Click Next.
- Review the Order Summary and enter a payment method.
- Click Place Your Order.
Create Customer on MSPComplete by performing these steps:
- Click the Add button in the top navigation bar
- Click the Add Customer button on the All Customers page
- Select the appropriate workgroup in the left navigation pane and click All Customers.
- Click Add Customer.
- Enter the new customer’s information in the Add Customer form. Primary Email Domain and Company Name are required. The rest are optional.
- Click Save.
- Repeat steps 1 through 4 for each customer you want to add.
Perform these steps on MSPComplete:
- Select the correct workgroup on the top of the left navigation pane.
Important
This is the workgroup which the customer and migration projects were created under. Your account must be part of the workgroup if the project was not created under your account. - Click Customers on the left navigation pane.
- Click the customer that employs the user to whom you want to use the User Migration Bundle license.
- Click the Users tab at the top of the page.
- Apply the license to the users by checking the box to the left of their emails.
- Click the Apply User Migration Bundle License button at the top of the page.
Tip
We recommend adding users to the Customer page with the vanity domain. Then apply the User Migration Bundle Licenses, before editing to show the .onmicrosoft domain, if the .onmicrosoft domain will be used for the migration. - Click Confirm if at least one unassigned User Migration Bundle license is available for each selected user.
Important
If there are no User Migration Bundle licenses currently available to be assigned and your role in the workgroup is Manager or higher, the form that appears provides all the necessary information and will walk you through the steps of purchasing User Migration Bundle licenses.
Licenses are released once payment has been received:
- Licenses are available immediately upon payment if you purchase via credit card.
- If you purchase via wire transfer (100+ licenses), the licenses will be available once payment is received and accepted.
- We do not accept purchase orders because of processing overhead.
In both cases, you will be notified by email that payment has been accepted and licenses are available in your account upon notification.
For more information on licensing, including coupon redemption and other licensing types, see our Licensing FAQ.
Limitations
- App password usage, MFA/2FA, and ADFS are not supported for the migration service account being used by this endpoint.
- The maximum individual file size supported by MigrationWiz is 60GB.
- Items located in the root folder of the source primary mailbox are not migrated. Only items located in the source archive mailbox are migrated.
- Exchange Web Services (EWS) must be enabled for the mailboxes in the Exchange Online tenant for this migration type
Important
If the In-Place Archive mailbox being migrated is more than 100 GB in size and auto-expanding archiving is enabled for the In-Place Archive mailbox in the destination tenant, the migration may take 30 days or more to complete due to the auto-expanding archiving process not making space available immediately in the destination archive mailbox when moving data.
More information on how auto-expanding works with archive mailboxes can be found outlined by Microsoft here: Office 365: Auto-Expanding Archives FAQ
If you have additional questions, please contact BitTitan support.
Below is a list of items that will and will not be migrated. Note that these items frequently change, so review this list before any migration projects.
Migrated Items
Please click the bars below to check the migrated and non-migrated items. We are constantly working to create a better migration experience for you so these items may change over time.
- Inbox
- Folders
- Contacts
- Calendars
- Tasks
- Journals
- Notes
- Server-Side Rules
- Folder Permissions
- Post (when the destination is Exchange or Microsoft 365)
- Safe Sender/Block Lists
- In-line images in Tasks
- Calendar acceptance status emails
Prepare the Source Exchange Online Environment
EWS (Exchange Web Services) Access in Exchange Online
Microsoft has announced significant updates to how Exchange Web Services (EWS) access will be managed in Exchange Online, effective April 2025.
After this change EWS access will only be allowed if both the organization-level and user-level EWSEnabled settings are set to True. If either setting is set to False, EWS access will be blocked. For further information regarding this topic, please review the following Microsoft article. If you need assistance on this topic, please contact BitTitan's support team.
Retirement of Exchange Web Services in Exchange Online
Microsoft has officially announced that Exchange Web Services (EWS) requests will be blocked in Exchange Online beginning October 1, 2026. Read Microsoft’s announcement.
At this time, no action is required from MigrationWiz users. We are taking the necessary steps to transition to Microsoft Graph API and ensure continued service without disruption.
Modern Authentication Requirements
The steps listed in the Required Permission for Performing M365 Mailbox and Archive Migrations article apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in the mailbox and archive mailbox. Use a Global Administrator for the configuration steps.
Please review the documentation before preparing the source.
Create a Migration Service Account
Create a migration service account in Microsoft 365 for the tenant, this account does not require any admin role assigned. However, it must have full access to the user mailboxes or have the required API Permissions.
We recommend adding the necessary API permissions to the Modern Authentication app you are using for your O365 mailbox or archive mailbox endpoint. You can follow the steps outlined in this guide, as this is BitTitan's recommended approach.
Deprecation of Microsoft Application Impersonation Role
From February 2025, Microsoft has started the depreciation process to remove the Application Impersonation role from O365. Exchange On-premise and Hosted Exchange are not affected by these changes. For further information please see this article.
If you are currently using Application Impersonation for your migrations, there is no telling when that will eventually fail. It is highly recommended that you switch to using the new API permission process to avoid delays in your project due to permission failures.
Prepare the Destination Exchange Online Environment
EWS (Exchange Web Services) Access in Exchange Online
Microsoft has announced significant updates to how Exchange Web Services (EWS) access will be managed in Exchange Online, effective April 2025.
After this change EWS access will only be allowed if both the organization-level and user-level EWSEnabled settings are set to True. If either setting is set to False, EWS access will be blocked. For further information regarding this topic, please review the following Microsoft article. If you need assistance on this topic, please contact BitTitan's support team.
Retirement of Exchange Web Services in Exchange Online
Microsoft has officially announced that Exchange Web Services (EWS) requests will be blocked in Exchange Online beginning October 1, 2026. Read Microsoft’s announcement.
At this time, no action is required from MigrationWiz users. We are taking the necessary steps to transition to Microsoft Graph API and ensure continued service without disruption.
Modern Authentication Requirements
The steps listed in the Required Permission for Performing M365 Mailbox and Archive Migrations article apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in the mailbox and archive mailbox. Use a Global Administrator for the configuration steps.
Please review the documentation before preparing the destination.
Create a Migration Service Account
Create a migration service account in Microsoft 365 for the tenant, this account does not require any admin role assigned. However, it must have full access to the user mailboxes or have the required API Permissions.
We recommend adding the necessary API permissions to the Modern Authentication app you are using for your O365 mailbox or archive mailbox endpoint. You can follow the steps outlined in this guide, as this is BitTitan's recommended approach.
Deprecation of Microsoft Application Impersonation Role
From February 2025, Microsoft has started the depreciation process to remove the Application Impersonation role from O365. Exchange On-premise and Hosted Exchange are not affected by these changes. For further information please see this article.
If you are currently using Application Impersonation for your migrations, there is no telling when that will eventually fail. It is highly recommended that you switch to using the new API permission process to avoid delays in your project due to permission failures.
Set up Accounts
Set up accounts on Microsoft 365 and assign licenses. These can be created in several ways:
- Manually, one at a time. Microsoft instructions to add users individually
- By bulk import, via CSV file. Microsoft instructions to bulk-add users
- By PowerShell script. TechNet article
- Enable Archiving for the destination mailboxes if that is your intended target.
MigrationWiz Steps
Create a Migration Project
Create a Personal Archive Migration project.
- Click the Go to My Projects button.
- Click the Create Project button.
- Select Personal Archive Migration Project.
- Click Next Step.
- Enter a Project Name and select a Customer.
- Click Next Step.
- Select endpoints or follow the steps below to create new endpoints.
- Click Save Project.
Endpoints
Endpoints are created through MigrationWiz. If you select an existing endpoint from the dropdown, it will only show ten endpoints. If you have more than ten, you may need to search it.
Consider that endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.
Create your Endpoints
Perform these steps for both the source and destination endpoints.
- Click New.
- Name the endpoint (It is highly recommended to create a unique name for your source and destination endpoints)
- Under Endpoint Type, select the endpoint from the options below that corresponds with the type of Microsoft 365 tenant being used:
- Microsoft 365, this option is also used for GCC Commercial tenants
- Microsoft 365 (Germany)
- Microsoft 365 (US Government), use this option for GCC High tenants only
- Enter the administrator username and password in the fields. This should be the corresponding migration service account created in the steps for preparing the source or destination.
- Click Add.
- Complete the Application (client) ID, the Directory (tenant) ID, and the Client Secret fields.
Application (client) ID, Directory (tenant) ID, and Client Secret
For Microsoft 365 Mailbox and Archive migrations, MigrationWiz adds the Application (client) ID, Directory (tenant) ID, and Client Secret fields.
While the Application (client) ID and the Directory (tenant) ID are mandatory, the Client Secret field is not. It will depend on the permissions of the user account that performs the migration. Please review the following information before the creation of your M365 endpoints.
-
Do not use the client secret value if you use delegated permissions (not the most recommended approach). When using delegated permissions, do not select the Use Impersonation to Authenticate checkbox in the source/destination tab of your project's advanced options.
-
The client secret value is mandatory if you using the API Permissions approach.
- If you already have a migration service account with the Impersonation role enabled (not using the API Permissions approach) the client secret value is not mandatory. Please leave the Client Secret field empty.
Warning
Keep in mind that Microsoft has started removing the application impersonation role from O365, meaning there is no telling when that will eventually fail. It is highly recommended that you switch to the API Permissions approach.
For more information about how to get the Application (client) ID and Directory (tenant) ID values from the Application Registration, please review step 3 of this article.
Region of Destination Tenant
The Region of Destination Tenant feature optimizes migration performance and speed by identifying the region closest to the destination tenant (continent-level). For Microsoft 365 endpoints, MigrationWiz detects and selects the appropriate region automatically once you create and save your project.
Please note that each time you edit your project endpoints, the following message will appear at the top of your project window (where XXXX is the detected region):
Automatically detected destination tenant's region and assigned to the 'Bittitan Datacenter' in XXXX.
For this migration type, you cannot manually change the region of the destination tenant. In case you need to modify it, contact our support team.
Endpoint Validation
Once the information has been provided for both, the source and destination endpoint, and the customer selects Save and Go to Summary, MigrationWiz performs an endpoint validation check.
This validation tests the migration service account credentials entered into the project and the Modern Authentication setup only. If there is an issue, the screen redirects to the endpoint and provides an error message or flyout that can be selected for more information regarding the error.
Common Errors when Configuring Your Endpoint
For more information on the AADSTS700016, AADSTS90002, and ADDSTS50126 issues review the Common Errors Using Modern Authentication page.
Add Users
Important
Suppose the domain name is migrated to the new destination tenant. In that case, it is strongly recommended that users in the migration project be migrated using the .onmicrosoft.com domain names for both the source and destination email addresses, rather than using the vanity domain. To do this, add the users using their Vanity Domain and once they are in the project, select all the users and click the Change Domains option in the menu to bulk change them to using the .onmicrosoft.com domain.
Add the user accounts that will be migrated to the project. This may be done in several ways, depending on the size of the project. Steps for each option are in the accordion below, simply click to show the option you select and follow the guidance there. The Autodiscover option is not available for this migration type.
Small Migrations
For small migrations, it is easy to add users one at a time using the Quick Add option. The steps for this are below.
Larger Migrations
For larger migrations, we recommend either using the Bulk Add option.
- An email address
- Login name
- Password
- Mailbox status
Bulk Add uses a CSV containing the source and destination email addresses for the users to add the users to the project. If migrating only a specific group from a tenant, we recommend using the Bulk Add option.
MigrationWiz allows you to bulk import mailboxes into the system.
To import one or more mailboxes:
- Sign in to your MigrationWiz account.
- Select the Project for which you want to perform the bulk import.
- Click on Add.
- Click on Bulk Add.
- Follow the instructions on the page.
Advanced Options
The following options are the most valuable for this migration scenario.
Support Tab
Required Settings
This is a required step for this type of migration. There are two variations of this option:
- If the domain remains the same in the new destination tenant, use: "RecipientMapping=@sourcetenantname.onmicrosoft.com->@destinationdomainname.com" (replace @sourcetenantname and @destinationdomainname with your domains).
- If the domain is changing in the new destination tenant, use: "RecipientMapping=@sourcedomainname->@destinationdomainname" (replace @sourcetenantname and @destinationdomainname with your domains).
The RecipientMapping above is just an example. Do not copy this verbatim. It needs to be changed to reflect the sourcetenantname.onmicrosoft.com account name and the customer Destination domain name. More than one remapping expression can be used.
This is a very important step for Microsoft 365 to Microsoft 365 migrations. It ensures that archived email can be replied to after migration because it will be mapped to the new Destination domain name rather than using the old sourcetenantname.onmicrosoft.com account name (which will no longer be available, once the tenant is retired).
Default Options for Microsoft 365 Endpoints
By default, some fields are view-only. In other words, you cannot edit or remove them from the support options page. To edit them, you need to edit the source or destination endpoint of your project.
Among these default options, you can find ModernAuthClientIdExport, ModernAuthTenantIdExport, ModernAuthClientSecretExport, ModernAuthClientIdImport, ModernAuthTenantIdImport, and ModernAuthClientSecretImport.
The support options above are required when configuring your endpoint.
Important
Keep in mind that the ModernAuthClientSecretExport and the ModernAuthClientSecretImport support options are text-masked.
Warning
You cannot update the default Advanced Options, in case you try to modify or add new ones the following message arises.
Source/Destination Tab
We recommend a Maximum concurrent migrations low value, such as 20. Keep in mind that his number cannot be changed after performing a migration
For now, the new API Permissions approach does require the Use Impersonation to Authenticate box checked for your O365 endpoints along with the Client secret value that you supplied during the Endpoint creation.
Important
Set your preferred Destination. The default is to migrate into the primary mailbox, not the archive mailbox at the Destination. To change this, set Destination: Microsoft Office 365 migrate to: Archive under the Source/Destination in the advanced options of the project.
Run Verify Credentials
- Sign in to your MigrationWiz account.
- Open the Project containing items you wish to validate.
- Select the items you wish to validate.
- Click on the Start button in your dashboard.
- Select Verify Credentials from the drop-down list.
Once complete, the results of the verification will be shown in the Status section.
Notify Users
Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration.
Run Migration
For archive migrations, we recommend only running a Full Pass Migration, rather than following the Pre-Stage Migration strategy (typically used with mailbox migration projects).
Since the archive migration project is typically performed after the mailbox migration project has been completed (or at the same time), this guide does not include the steps for MX record cutover.
Full Pass
- Select the users.
- Click the Start button from the top.
- Select Full Migration.
- Click Start Migration.
Run Retry Errors
Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.
If problems persist, contact Support.
Request Statistics
Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.