Mail Forwarders User Guide

Overview:

  1. Introduction
  2. When To Use It
  3. Pre-requisites
  4. Google and Office 365 Configuration
  5. Cloudiway Configuration
  6. Applying the Forwarders
  7. Additional Documentation

 

  1. Introduction

When performing a staged migration, it can be challenging to ensure that users receive their email during the transition.  Cloudiway’s Forwarder feature allows you to directly control when forwarding is applied to a mailbox.

The basic concept is when mailboxes are created in the target, before starting the migration, forwarding is applied to the target mailboxes sending email to the source mailboxes, and not leaving a copy of the email in the destination.  As users are cut over, the forwarding is flipped so that the users that are cut over begin receiving email in their target mailbox but if they still receive emails in the source mailbox, they are forwarded to the target mailboxes without leaving a local copy.  All of this is maintained using the Cloudiway migration Platform.

The forwarding option is included as part of your mailbox migration purchase.  However, if you are new to the concepts of mail migration projects, forwarding, etc., you may want to consider ordering Consulting Services in addition to the licenses to help maximize the usage of this and all other Cloudiway tools.

This guide assumes that you already have knowledge of the Cloudiway Mail migration tool, how it is configured, and how it is used.

It is a good idea to set up and test this feature on a few test mailboxes (or IT Team guinea pigs!) prior to applying forwarders to all mailboxes. This helps you understand the process from beginning to end, and helps you test your configuration before applying forwarders across your organization.

 

  1. When To Use It

Cloudiway’s Forwarder feature is intended to be used during staged migration between 2 tenants  (Google and/or Office 365).  If you are doing a big bang/cutover style migration where all users are cut over at once, this feature may not be beneficial to you.  However, in large projects when batches of users can cut over at different times, the forwarding option can be quite useful.

Please ensure you understand the concepts and steps below. This feature manages your company’s email flow and delivery. Cloudiway is not responsible for any incorrect configurations that cause any problems including loss of emails, productivity, etc., as a result of an incorrect configuration.

 

  1. Pre-Requisites

User Mailboxes

The first pre-requisite to consider is that the user mailboxes must be provisioned and licensed prior to setting up forwarding.  You may do this at the beginning of the project for all users, or maybe provision the accounts at the last possible second prior to migrating data and cutting the user over.

Likewise, the source accounts need to remain online and licensed during the transition.  Otherwise, there is no mailbox to apply forwarding rules.  If your project plan requires that you immediately provision, migrate and decommission accounts as part of license management or another reason, this feature will not be useful for your project.

Which Domain to Forward to

When applying forwarding rules, the SMTP domain that you forward email to is a vital component that requires additional planning and coordination.

In Office to Office migration scenarios, you may simply be able to use the onmicrosoft.com domain associated with each tenant.  When migrating between Google Workspace and Office, you will need to define a unique SMTP domain for each tenant.  This could be the onmicrosoft.com technical alias of O365 and the built-in technical domain in Google (something like domain.test-google-a.com), but they could also be separate custom domains that you own either for this project or for other reasons.

Aliases

When you determine which domains to forward to, each of your user mailboxes will need to have an alias applied associated with that domain.  In some cases, the Cloudiway tool can do this for you.  See the section below on alias creation for more information.

 

  1. Google and Office 365 Configuration

Office 365 Tenant Configuration

Allow external forwarding

 By default, Office 365 does not allow forwarding outside of your tenant as this could be seen as a spamming technique.  The restriction is described here:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-worldwide

And the procedure to allow external forwarding is explained here:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-worldwide

In short, from the Microsoft 365 Defender portal you need to create a tenant wide outbound policy that has Automatic forwarding rules enabled:

Automatic forwarding rules

Forwarders and aliases will be created by Cloudiway using PowerShell commands.

Office 365 Service account

The Migration account defined in the Cloudiway connector needs permissions to run exchange online PowerShell cmdlets (set-mailbox). Exchange online administrators have this permission by default.

It can also be granted to non-admins through the Exchange Admin roles (Mail Recipient management).

Enable Basic Authentication For The Office 365 Service account

Basic authentication is needed for PowerShell operations in the Office 365 tenant.

These are the steps to enable basic authentication for the Office 365 service account:

1- Connect to Exchange Online

Connect-ExchangeOnline

2- Create a new Authentication Policy called “AllowBasicAuth”

New-AuthenticationPolicy -Name "AllowBasicAuth"

3- Set the attribute “AllowBasicAuthPowershell” of this Authentication Policy to true.

Set-AuthenticationPolicy -Identity "AllowBasicAuth" -AllowBasicAuthPowershell:$true

4- Add the Office 365 service account to this Authentication Policy

Set-User -Identity admin@domain.com  -AuthenticationPolicy "AllowBasicAuth"

For more information you can check this article from Microsoft:

Google Tenant Configuration

Google Feeds

When using the mail migration tools for Google tenants, you will be familiar with allowing the Cloudiway Google App permission to your mailboxes.  This process is defined in this article.

You will need to add two additional feeds to the application:

https://www.googleapis.com/auth/gmail.settings.basic,

https://www.googleapis.com/auth/gmail.settings.sharing

Google forwarding domains

Google also has a specific restriction on applying forwarders in your tenant.  The domain of the forwarding email address must belong to a domain registered in the Google list of domains. The process is described here.

There are 2 different scenarios, when you are migrating from one domain name to a new one or when you are also migrating the domain to the target.

If you are migrating from one domain name to a new one, you don’t need to purchase a new domain. You can register the target domain in the source tenant and directly use it as the redirection domain. Below are the settings that you will use.

Google Office 365
Source.com

Register target.com in the Google tenant and forward emails to this domain.

Target.com

Allow forwarding in your tenant, and forward emails to source.com

If you are migrating the domain to the target, then you need a technical intermediate domain which can be the built-in tenant domain or a new purchased domain:

Google Office 365
domain.com

Register a Google technical domain in your Google tenant, google-technical-domain.com or use the Google built-in technical alias domain.test-google-a.com to receive emails forwarded from O365.

Register your O365 technical domain o365-technical-domain.com or the tenantname.onmicrosoft.com domain in your Google tenant and forward emails to this domain.

domain.com

Forward emails to google-technical-domain.com or to the Google built-in technical alias domain.test-google-a.com.

Register an O365 technical domain o365-technical-domain.com in O365 or use the tenantname.onmicrosoft.com domain to receive forwarded email from Google.

In short, you need to register the O365 technical domain in your Google tenant to prove that you own the domain.  This can be done by adding the domain as user alias domain in your tenant Domains area of your admin console.

This involves a process of adding a TXT record to your external DNS.  The process is detailed in the “Add a domain” step by step wizard.

If you are using the onmicrosoft.com domain as the destination technical domain, you can add the Google TXT record in the Microsoft 365 admin center, go to Settings / Domains, select the tenant domain, click on DNS records tab and then add the TXT record:

Microsoft 365 Admin Center

Once validated, the O365 technical domain appears as registered in the Google domain list.

 

  1. Cloudiway Configuration

Once your basic tenant configuration is complete, you can now set up the Cloudiway tools to apply the forwarding rules on your mailboxes.

Global Settings

 In your Mail Migration Global Settings

Set “Forwarder Settings” to “Enable.” This will give you options to configure based on your project needs.

Create Alias

Enable this feature for a same domain migration scenario, if you want Cloudiway platform to create aliases for you in both the source and target mailboxes.  Please ensure that you will not have any alias conflicts in your tenants.  For example. If you have two Bob Smith’s, please be sure that their aliases, whatever you decide to use, are assigned to the correct Bob Smith.

Whether or not you use this feature, the alias should be formatted using the email prefix of the user defined in the mail migration “User List” along with the domain listed in the “Technical Domain” in the Global Settings.

For example,

If the migration user is:

Source: flast@tenantA.com and Target: First.Last@tenantB.com

The mailbox alias should be:

Source: flast@source-techncialdomain.com and Target: First.Last@target-technicaldomain.com

Note:  If you have decided to use the built-in technical alias in Google Workspace, please be sure that the mailboxes have the alias correctly applied to them. The Cloudiway tools will not be able to set an alias using that domain.

Create Target Forwarders

Enable this feature to ensure that the target mailboxes will receive a forwarder back to the source mailbox.  Usually, this is Enabled.

Technical Domain

Each of your connectors that supports mailbox migration will be displayed at the bottom of the Forwarders Global Settings list.  Here you will click Modify and add the Technical Domain (or alias domain) you have chosen as your forwarder domain associated with each tenant connector.  In other words, add the alias of the source tenant to the source connector, and alias domain of the target tenant to the target connector.

Forwarders Global Settings

If the source and destination primary SMTP domains are different, you just need to set as the technical domain the own domain:

Forwarders Global Settings Different Domains

Save your settings.

 

  1. Applying the Forwarders

 Before applying the forwarders in a staged migration, you will need to populate your mail migration User List.  Once that step has been completed, you can begin the initial forwarding on all mailboxes to be migrated in the corresponding user batch to forward email to the source mailboxes.

To do this, select the users or the user batch and click on the Forwarders button, and select Forward Email to Source.  This will create a forwarder on all target mailboxes to send email to the source mailbox aliases, and not leave a copy of the email in the target.

Forward Email to Source

You will then start the migration of the mailboxes in the batch by clicking on Migration button and then Start.

When you are ready to cut over the users of the batch, select them, click the Forwarders button, and choose Cutover.  This will remove the target mailbox forwarder, add a forwarder on the source mailbox to forward to the target alias, it will not leave a copy of the email in the source, and perform one more migration delta pass, so you don’t need to submit another migration pass from Migration button.

 

  1. Additional Documentation

Forwarding vs. Mail Routing

For office 365

https://docs.microsoft.com/fr-fr/powershell/module/exchange/set-mailbox?view=exchange-ps

Set-Mailbox  -ForwardingSmtpAddress

For Google

https://developers.google.com/gmail/api/reference/rest/v1/users.settings.forwardingAddresses

Cloud Migration Cloudiway
Want to try?
BOOK A DEMO
Cloud Migration Questions
Any questions?
Contact