Microsoft 365 Personal Archives to Microsoft 365 Personal Archives Migration Guide

This document will walk you through the environment preparation and MigrationWiz steps necessary to perform your migration from one Microsoft 365 Personal Archives instance to another Microsoft 365 Personal Archives instance. 

MigrationWiz

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

First Migration?

If this is your first time performing a migration, we have created a Migration Planning & Strategy Guide to walk you through planning, set-up, and general migration best practices.

Prerequisites

It is important to highlight and meet the following prerequisites for a smooth migration project.

Licensing

We recommend that you purchase User Migration Bundle licenses for this migration scenario. User Migration Bundle licenses allow the performance of multiple migrations with a single license. For questions on licensing, visit MigrationWiz Licenses.

To use your license by following the next steps:

  1. Purchase Licenses.
  2. Create a Customer.
  3. Apply Licenses.
  4. Review Considerations.

Important

If you have already completed a mailbox migration project against this Source environment, steps two and three will already have been completed. The endpoints that were created for your mailbox migration project can be used for your in-place archive migration project.

Purchase Licenses Create a Customer Apply Licenses Considerations

Purchase licenses by following the steps below:

  1. Sign in to your BitTitan account. 
  2. In the top navigation bar, click Purchase.
  3. Click the Select button and choose User Migration Bundle licenses.
  4. Enter the number of licenses you want to purchase. Click Buy Now.
  5. Enter a Billing address if applicable.
  6. Click Next.
  7. Review the Order Summary and enter a payment method.
  8. Click Place Your Order.

Limitations

  • App password usage, MFA/2FA, and ADFS are not supported for the migration service account being used by this endpoint.
  • The maximum individual file size supported by MigrationWiz is 60GB.
  • Items located in the root folder of the source primary mailbox are not migrated. Only items located in the source archive mailbox are migrated.
  • Exchange Web Services (EWS) must be enabled for the mailboxes in the Exchange Online tenant for this migration type

Important

If the In-Place Archive mailbox being migrated is more than 100 GB in size and auto-expanding archiving is enabled for the In-Place Archive mailbox in the destination tenant, the migration may take 30 days or more to complete due to the auto-expanding archiving process not making space available immediately in the destination archive mailbox when moving data.

More information on how auto-expanding works with archive mailboxes can be found outlined by Microsoft here: Office 365: Auto-Expanding Archives FAQ
If you have additional questions, please contact BitTitan support.

Below is a list of items that will and will not be migrated. Note that these items frequently change, so review this list before any migration projects.

Migrated Items

Please click the bars below to check the migrated and non-migrated items. We are constantly working to create a better migration experience for you so these items may change over time.

Which items are migrated?
  • Inbox
  • Folders
  • Email
  • Contacts
  • Calendars
  • Tasks
  • Journals
  • Notes
  • Server-Side Rules
  • Folder Permissions
  • Post (when the destination is Exchange or Microsoft 365)
Which items are not Migrated?
  • Safe Sender/Block Lists
  • In-line images in Tasks
  • Calendar acceptance status emails

Prepare the Source Exchange Online Environment

EWS (Exchange Web Services) Access in Exchange Online

Microsoft has announced significant updates to how Exchange Web Services (EWS) access will be managed in Exchange Online, effective April 2025.

After this change EWS access will only be allowed if both the organization-level and user-level EWSEnabled settings are set to True. If either setting is set to False, EWS access will be blocked. For further information regarding this topic, please review the following Microsoft article. If you need assistance on this topic, please contact BitTitan's support team.

Retirement of Exchange Web Services in Exchange Online

Microsoft has officially announced that Exchange Web Services (EWS) requests will be blocked in Exchange Online beginning October 1, 2026. Read Microsoft’s announcement.

At this time, no action is required from MigrationWiz users. We are taking the necessary steps to transition to Microsoft Graph API and ensure continued service without disruption.

Modern Authentication Requirements

The steps listed in the Required Permission for Performing M365 Mailbox and Archive Migrations article apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in the mailbox and archive mailbox. Use a Global Administrator for the configuration steps.

Please review the documentation before preparing the source.

Create a Migration Service Account

Create a migration service account in Microsoft 365 for the tenant, this account does not require any admin role assigned. However, it must have full access to the user mailboxes or have the required API Permissions.

We recommend adding the necessary API permissions to the Modern Authentication app you are using for your O365 mailbox or archive mailbox endpoint. You can follow the steps outlined in this guide, as this is BitTitan's recommended approach.

Deprecation of Microsoft Application Impersonation Role

From February 2025, Microsoft has started the depreciation process to remove the Application Impersonation role from O365. Exchange On-premise and Hosted Exchange are not affected by these changes. For further information please see this article.

If you are currently using Application Impersonation for your migrations, there is no telling when that will eventually fail. It is highly recommended that you switch to using the new API permission process to avoid delays in your project due to permission failures.

Prepare the Destination Exchange Online Environment

EWS (Exchange Web Services) Access in Exchange Online

Microsoft has announced significant updates to how Exchange Web Services (EWS) access will be managed in Exchange Online, effective April 2025.

After this change EWS access will only be allowed if both the organization-level and user-level EWSEnabled settings are set to True. If either setting is set to False, EWS access will be blocked. For further information regarding this topic, please review the following Microsoft article. If you need assistance on this topic, please contact BitTitan's support team.

Retirement of Exchange Web Services in Exchange Online

Microsoft has officially announced that Exchange Web Services (EWS) requests will be blocked in Exchange Online beginning October 1, 2026. Read Microsoft’s announcement.

At this time, no action is required from MigrationWiz users. We are taking the necessary steps to transition to Microsoft Graph API and ensure continued service without disruption.

Modern Authentication Requirements

The steps listed in the Required Permission for Performing M365 Mailbox and Archive Migrations article apply to both the source and destination tenant when they are Exchange Online, in regards to Exchange Web Services (EWS) in the mailbox and archive mailbox. Use a Global Administrator for the configuration steps.

Please review the documentation before preparing the destination.

Create a Migration Service Account

Create a migration service account in Microsoft 365 for the tenant, this account does not require any admin role assigned. However, it must have full access to the user mailboxes or have the required API Permissions.

We recommend adding the necessary API permissions to the Modern Authentication app you are using for your O365 mailbox or archive mailbox endpoint. You can follow the steps outlined in this guide, as this is BitTitan's recommended approach.

Deprecation of Microsoft Application Impersonation Role

From February 2025, Microsoft has started the depreciation process to remove the Application Impersonation role from O365. Exchange On-premise and Hosted Exchange are not affected by these changes. For further information please see this article.

If you are currently using Application Impersonation for your migrations, there is no telling when that will eventually fail. It is highly recommended that you switch to using the new API permission process to avoid delays in your project due to permission failures.

Set up Accounts

Set up accounts on Microsoft 365 and assign licenses. These can be created in several ways:

MigrationWiz Steps

Create a Migration Project

Create a Personal Archive Migration project.

  1. Click the Go to My Projects button.
  2. Click the Create Project button.
  3. Select Personal Archive Migration Project.
  4. Click Next Step.
  5. Enter a  Project Name and select a Customer.
  6. Click Next Step.
  7. Select endpoints or follow the steps below to create new endpoints.
  8. Click Save Project.

Endpoints

Endpoints are created through MigrationWiz. If you select an existing endpoint from the dropdown, it will only show ten endpoints. If you have more than ten, you may need to search it.

Consider that endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.

Create your Endpoints

Perform these steps for both the source and destination endpoints.

  1. Click New.
  2. Name the endpoint (It is highly recommended to create a unique name for your source and destination endpoints) 
  3. Under Endpoint Type, select the endpoint from the options below that corresponds with the type of Microsoft 365 tenant being used:
    • Microsoft 365, this option is also used for GCC Commercial tenants
    • Microsoft 365 (Germany)
    • Microsoft 365 (US Government), use this option for GCC High tenants only
  4. Enter the administrator username and password in the fields. This should be the corresponding migration service account created in the steps for preparing the source or destination. 
  5. Click Add. 
  6. Complete the Application (client) ID, the Directory (tenant) ID, and the Client Secret fields. 
    Destination-M365Region.png

Application (client) ID, Directory (tenant) ID, and Client Secret

For Microsoft 365 Mailbox and Archive migrations, MigrationWiz adds the Application (client) ID, Directory (tenant) ID, and Client Secret fields.

While the Application (client) ID and the Directory (tenant) ID are mandatory, the Client Secret field is not. It will depend on the permissions of the user account that performs the migration. Please review the following information before the creation of your M365 endpoints.

  • Do not use the client secret value if you use delegated permissions (not the most recommended approach). When using delegated permissions, do not select the Use Impersonation to Authenticate checkbox in the source/destination tab of your project's advanced options.

  • The client secret value is mandatory if you using the API Permissions approach.

  • If you already have a migration service account with the Impersonation role enabled (not using the API Permissions approach) the client secret value is not mandatory. Please leave the Client Secret field empty.

    Warning

    Keep in mind that Microsoft has started removing the application impersonation role from O365, meaning there is no telling when that will eventually fail. It is highly recommended that you switch to the API Permissions approach.

For more information about how to get the Application (client) ID and Directory (tenant) ID values from the Application Registration, please review step 3 of this article.

Region of Destination Tenant

The Region of Destination Tenant feature optimizes migration performance and speed by identifying the region closest to the destination tenant (continent-level). For Microsoft 365 endpoints, MigrationWiz detects and selects the appropriate region automatically once you create and save your project.

Please note that each time you edit your project endpoints, the following message will appear at the top of your project window (where XXXX is the detected region):

Automatically detected destination tenant's region and assigned to the 'Bittitan Datacenter' in XXXX.

For this migration type, you cannot manually change the region of the destination tenant. In case you need to modify it, contact our support team.

Endpoint Validation

Once the information has been provided for both, the source and destination endpoint, and the customer selects Save and Go to Summary, MigrationWiz performs an endpoint validation check.

This validation tests the migration service account credentials entered into the project and the Modern Authentication setup only. If there is an issue, the screen redirects to the endpoint and provides an error message or flyout that can be selected for more information regarding the error.

Common Errors when Configuring Your Endpoint

For more information on the AADSTS700016, AADSTS90002, and ADDSTS50126 issues review the Common Errors Using Modern Authentication page.

Add Users

Important

Suppose the domain name is migrated to the new destination tenant. In that case, it is strongly recommended that users in the migration project be migrated using the .onmicrosoft.com domain names for both the source and destination email addresses, rather than using the vanity domain. To do this, add the users using their Vanity Domain and once they are in the project, select all the users and click the Change Domains option in the menu to bulk change them to using the .onmicrosoft.com domain. 

Add the user accounts that will be migrated to the project. This may be done in several ways, depending on the size of the project. Steps for each option are in the accordion below, simply click to show the option you select and follow the guidance there. The Autodiscover option is not available for this migration type.

Small Migrations

For small migrations, it is easy to add users one at a time using the Quick Add option. The steps for this are below. 

Larger Migrations

For larger migrations, we recommend either using the Bulk Add option.

Quick Add
This option allows you to add items one at a time. To do so, you only have to provide an email address if you entered administrative credentials when setting up the project. If you did not, enter the following user information:
  • An email address
  • Login name
  • Password
  • Mailbox status
Bulk Add

Bulk Add uses a CSV containing the source and destination email addresses for the users to add the users to the project. If migrating only a specific group from a tenant, we recommend using the Bulk Add option.

MigrationWiz allows you to bulk import mailboxes into the system.

To import one or more mailboxes:

  1. Sign in to your MigrationWiz account.
  2. Select the Project for which you want to perform the bulk import.
  3. Click on Add.
  4. Click on Bulk Add.
  5. Follow the instructions on the page.

Advanced Options

The following options are the most valuable for this migration scenario.

Support Tab

Required Settings

This is a required step for this type of migration. There are two variations of this option:

  • If the domain remains the same in the new destination tenant, use: "RecipientMapping=@sourcetenantname.onmicrosoft.com->@destinationdomainname.com" (replace @sourcetenantname and @destinationdomainname with your domains). 
  • If the domain is changing in the new destination tenant, use: "RecipientMapping=@sourcedomainname->@destinationdomainname" (replace @sourcetenantname and @destinationdomainname with your domains). 

The RecipientMapping above is just an example. Do not copy this verbatim. It needs to be changed to reflect the sourcetenantname.onmicrosoft.com account name and the customer Destination domain name. More than one remapping expression can be used.

This is a very important step for Microsoft 365 to Microsoft 365 migrations. It ensures that archived email can be replied to after migration because it will be mapped to the new Destination domain name rather than using the old sourcetenantname.onmicrosoft.com account name (which will no longer be available, once the tenant is retired).

Default Options for Microsoft 365 Endpoints

By default, some fields are view-only. In other words, you cannot edit or remove them from the support options page. To edit them, you need to edit the source or destination endpoint of your project.

Among these default options, you can find ModernAuthClientIdExport, ModernAuthTenantIdExport, ModernAuthClientSecretExport, ModernAuthClientIdImport, ModernAuthTenantIdImport, and ModernAuthClientSecretImport. 

The support options above are required when configuring your endpoint.

Important

Keep in mind that the ModernAuthClientSecretExport and the ModernAuthClientSecretImport support options are text-masked.

Warning

You cannot update the default Advanced Options, in case you try to modify or add new ones the following message arises.
Duplicate Support Option.png

Source/Destination Tab

We recommend a Maximum concurrent migrations low value, such as 20. Keep in mind that his number cannot be changed after performing a migration

For now, the new API Permissions approach does require the Use Impersonation to Authenticate box checked for your O365 endpoints along with the Client secret value that you supplied during the Endpoint creation.

Important

Set your preferred Destination. The default is to migrate into the primary mailbox, not the archive mailbox at the Destination. To change this, set Destination: Microsoft Office 365 migrate to: Archive under the Source/Destination in the advanced options of the project.

Archive Mailbox option.png

Run Verify Credentials

  1. ​Sign in to your MigrationWiz account.
  2. Open the Project containing items you wish to validate.
  3. Select the items you wish to validate.
  4. Click on the Start button in your dashboard.
  5. Select Verify Credentials from the drop-down list.

Once complete, the results of the verification will be shown in the Status section.​ 

Notify Users

Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration.

Run Migration

For archive migrations, we recommend only running a Full Pass Migration, rather than following the Pre-Stage Migration strategy (typically used with mailbox migration projects).

Since the archive migration project is typically performed after the mailbox migration project has been completed (or at the same time), this guide does not include the steps for MX record cutover.

Full Pass

  1. Select the users.
  2. Click the Start button from the top.
  3. Select Full Migration.
  4. Click Start Migration.

Run Retry Errors

Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.

If problems persist, contact Support.

Request Statistics

Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.

Was this article helpful?
1 out of 5 found this helpful