Office 365 to Amazon WorkMail Migration Guide

Overview:

  1. Mail migration with Cloudiway
    1. Cutover migration
      1. Cutover migration benefits
      2. Cutover migration considerations
    2. Staged migration
      1. Staged migration benefits
      2. Staged migration considerations
  2. Security
  3. Performance
  4. Mail migration scope
    1. What can be migrated
    2. Migration limitations
    3. Considerations
    4. Audience
  5. Pre-migration configuration
    1. Before you start
    2. Set up an Office 365/Exchange account with impersonation privileges
    3. Set up an Exchange On-Premises account via PowerShell
    4. Set up an Amazon WorkMail account with impersonation privileges
  6. Use the Cloudiway platform to migrate your mail
    1. Allocate mail migration licenses
    2. Create your source connector
    3. Create your target connector
    4. Configure the global settings for migration
    5. Import or create your users
      1. Option 1: CSV import
      2. Option 2: Import Users tool
      3. Option 3: Single user creation details
    6. Activate and monitor your migration
    7. Migrate permissions globally
  7. Post-migration options
    1. Link calendar meeting entries
    2. Migrate existing mail archives
  8. Troubleshooting

1. Office 365 to Amazon Workmail migration with Cloudiway

Cloudiway’s mail migration solution helps businesses perform elaborate technical migrations through a simple SaaS interface. As a result, mail migrations require no additional software installation or overhead, and migrations can be performed securely and quickly.

The Cloudiway platform is flexible enough to support all types of migration paths. Your migration strategy will depend on your business setup, type and size. Whichever migration path you choose, Cloudiway provides all the essential features including automatic account provisioning, license assignment, archive migration, mail routing and calendar coexistence (free/busy scheduling).

Two of the most common migration strategies are cutover and staged migrations. Cutover strategies involve migrating all mailboxes over a weekend, ready for your users on Monday morning. Staged strategies provide more flexible migration options, as discussed below.

1.1. Cutover migration

You migrate everybody over a weekend and perform a single migration pass. This strategy is the simplest to implement. After you have switched your MX records to point to the new system, you start mailbox migration.

Cutover migration is therefore a strategy where the entire company is switched at the same time.

1.1.1. Cutover migration benefits

  • Fastest, simplest form of migration.
  • Your users can start using the new mail system immediately.
  • New mails are received in the target messaging system.
  • Old mails are migrated in a single pass.

1.1.2. Cutover migration considerations

You can combine your cutover migration with pre-staging, if required. In this case, during the days or weeks leading up to your cutover, you would migrate all mails up to a week or so ago along with calendars and contacts, then on the day of your cutover, you would run a quick delta pass to migrate the remaining items.

1.2. Staged migration

A staged migration allows you to migrate batches of mailboxes over the course of a few weeks or months. This strategy is useful for migrations with large volumes of data (very full mailboxes or many mailboxes) and you estimate that you won’t be able to do your migration over a single weekend.

Cloudiway offers you additional flexibility in your approach to a staged migration. For example, you could migrate the last six months of emails over a weekend and leave older emails and email archives to be migrated after cutover, explaining to users that their older emails will appear soon.

Prestaging is also an option on the Cloudiway platform. For example, you could perform a multi-pass migration where you migrate most mailbox items before performing the final cutover. During the days or weeks leading up to your cut-over, you would migrate all the mails up to a week or so ago along with calendars and contacts, then on the day of your cutover, you would run a quick delta pass to migrate the remaining items.

Cloudiway provides a number of options to help you find the best strategy for a staged mail migration. We provide coexistence services, plus mail routing, and batch migration of users, which you can define in any way you like. Basically, you can choose who, when and what gets migrated during each pass.

1.2.1. Staged migration benefits

  • Many flexible migration strategies when using the Cloudiway platform.
  • Allows more time before final cutover, avoiding tight deadlines.
  • Complex migrations can be completed without disrupting end users.
  • Can be performed in batches according to your needs.

1.2.2. Staged migration considerations

Staged migrations tend to be more complicated than single cutover migrations. Therefore, it’s important that you have planned your approach thoroughly prior to starting any migration.

2. Security

For more information about security, please refer to this article.

3. Performance

For more information about migration performance, please refer to this article.

4. Mail migration scope

4.1. What can be migrated

When moving from Office 365 to Amazon WorkMail, these mail-related items can be migrated:

  • Emails
  • Contacts
  • Calendars
  • Secondary Calendars
  • Folders
  • Delegations
  • Rooms and resources
  • Litigation hold archives (each mailbox requires one separate archive license)
  • Inbound Rules

4.2. Migration limitations

Amazon WorkMail currently doesn’t support archiving. Archive mail can still be migrated to Amazon WorkMail, but it is treated the same as non-archived mail. Litigation hold folders are also not currently supported by Amazon WorkMail. Shared Mailboxes are also not currently supported, and Amazon WorkMail doesn’t include tasks, journals or notes so these cannot be migrated.

4.3. Considerations

Migration takes place between existing mailboxes. This means that mailboxes must exist in the target at the time of migration. Please ensure that all mailboxes to be migrated to Amazon WorkMail have had their target mailbox created in the target domain. This also applies to resources.

During migration, Outlook profiles are not recreated by default. Although this is the responsibility of the system administrators performing the migration, Cloudiway provides a tool to perform this task. Please contact Cloudiway for more information.

To migrate a user, you must use the primary source and target SMTP address rather than an alias.

PST files are not migrated as these are normally stored locally, where the Cloudiway platform has no access. To migrate mail in a PST file, import it back into the user’s mailbox prior to migration.

If you’re migrating from Exchange On-Premises, you have an extra option available called ‘selfmigration’. In some circumstances, you might not get have access to an account with impersonation privileges. In this case, selecting the self-migration option on the Cloudiway platform will still allow migration to take place, even without those privileges. An email notification will be sent to the end user with a migration link. After clicking on the link, the user will be asked to enter their credentials. Once entered, the migration will start automatically using the username/password entered.

4.4. Audience

This guide is aimed at experienced system administrators who are capable of connecting to remote systems and using a variety of administration tools.

Although we provide support for our own products, we do not provide support for third party products such as PowerShell or server administration of Exchange of Amazon WorkMail.

If you are concerned you might have any difficulty completing these steps, please consider a solution with our consulting team, contactable via presales@cloudiway.com. This will ensure a fast, costeffective and stress-free implementation.

5. Pre-migration configuration

5.1. Before you start

Before you start, you will need to ensure you have the details outlined in the following table. You will only need the items associated with your chosen target. The sections below the table only need to be followed if they related to your target. We recommend you create accounts especially for migration. After migration, simply delete the accounts.

NameDescriptionLocation
Cloudiway loginStores details and provides communication between the systems you already use.https://apps.cloudiway.com
Knowledge base accessOur extensive knowledge base is always accessible, with videos, troubleshooting tools, samples and more.https://kb.cloudiway.com
Source: Office 365

Office 365 account with impersonation privileges

Used for impersonation to access mailboxes. This doesn’t have to be the tenant’s admin account. However, it must be an admin account if you wish to migrate permissions. The account must be able to bypass SSO and authenticate using username/password credentials with the format: user@tenant.onmicrosoft.com (with a password set to never expire).Exchange Admin Center.

We provide steps below to set up an account with impersonation privileges.

Source: Exchange On-Premises

Exchange account and secure port

Used for impersonation to access mailboxes. This doesn’t have to be the main admin account. However, it must be an administrator account if you wish to migrate the permissions. The account must be able to bypass SSO and authenticate using username/password credentials (with a password set to never expire). This is not required if self-migration is used. The Cloudiway platform needs to connect to Exchange securely. Use SSL port 443.Your Exchange server

If you can’t access an account with impersonation privileges, you can use the self-migration option.

Amazon WorkMail migration accountUsed for impersonation to access mailboxes. It can be any user.Amazon WorkMail Console

We provide the steps below to set up access.

 

5.2. Set up an Office 365/Exchange account with impersonation privileges

An Office 365 account with impersonation privileges can access up to 100 mailboxes concurrently. Therefore, by default, Cloudiway allows you to migrate 100 concurrent users. If you wish to speed up your migration, you should set up additional source connectors on the Cloudiway platform and associate different accounts with admin access to each one.

Below are the steps to show you how to set up impersonation using the Office 365 Exchange Admin Center. If you don’t already have impersonation set up, please follow the steps below.

If you’re using Exchange On-Premises, you can follow the steps below too. Remember, if you plan to use the ‘self-migration’ option, you don’t need to create this account at all.

  1. Login with your administrator account to the Office 365 portal/Exchange server
  2. Go to the Exchange admin center, then click on permissions and the admin roles
  3. Click on the plus sign (+) to create a new role
  4. Give your group a name and assign it the role of ApplicationImpersonation, then add a user to the group:
  5. Click on the Save button to save your group

5.3. Set up an Exchange On-Premises account via PowerShell

If you’re migrating from Exchange On-Premises, you can create a migration account with admin and impersonation permissions using your existing Exchange server interface or using the command line instructions shown in the steps below.

  1. Launch Exchange Management Shell to connect to your Exchange server
  2. Copy the commands below:
  3. Paste the command into the command prompt, ensuring you have updated
    mailmigration@drypizza.com” with your own mail migration account

5.4. Set up an Amazon WorkMail account with impersonation privileges

Below are the steps to show you how to set up impersonation using the Amazon WorkMail Console. We recommend that you create a user especially for mail migration at both your source and target.

  1. Login with your administrator account to the Amazon WorkMail Console
  2. Ensure that the region shown in the top right corner matches the region you set up for the Amazon WorkMail server (for example, US West (Oregon) is selected below):
  3. Scroll down to the Business Productivity and click on WorkMail to see a list of your WorkMail servers:
  4. Click on the target migration server to produce a list of all existing users:
  5. Click on Organization settings on the left, then the Migration settings tab:
  6. click on the Edit button and turn Mailbox permissions on
  7. Use the Select user button to add your mail migration account
  8. Click on the Save button to save your changes

Remember to make sure that all users, groups and resources are created on Amazon WorkMail prior to getting started with the Cloudiway migration platform. Mail migration can only begin if mail has a target inbox to be copied to.

6. Use the Cloudiway platform to migrate your mail

6.1. Allocate mail migration licenses

Please get in touch with Cloudiway (at sales@cloudiway.com) so that your  licenses can be organized and allocated to your Cloudiway account right away. By getting in touch now, the licenses will be available for use well before you need them.

6.2. Create your source connector

To facilitate mail migration, the Cloudiway platform needs to be able to communicate with both your source and target domains. To do this, Cloudiway uses connectors, which are configured on apps.cloudiway.com. You will need to set up a connector for each source tenant you wish to migrate and each target tenant that mail should be migrated to. Follow the steps below to configure Office 365 or Exchange On-Premises source connector.

If you’re migrating from Office 365, remember that each account with impersonation privileges can access up to 100 mailboxes concurrently. Therefore, by default, each Cloudiway connector can migrate 100 concurrent users. If you wish to speed up your migration, you should set up additional Office 365 source connectors on the Cloudiway platform and associate different accounts with admin access to each one.

If you’re migrating from Exchange On-Premises, the speed of migration is limited only by your hardware, network and software setup, so concurrent connectors on the Cloudiway platform are unlikely to increase throughput.

If you’re migrating from Exchange On-Premises and opting for self-migration, you can choose whether to send the activation notification to the user at their source mailbox or their target mailbox. The target mailbox notification can be used if users are already accessing the target system, allowing them to migrate their old mailbox at their leisure. The source mailbox notification can be used if users are still accessing the source system, allowing them to trigger their mailboxes to the target system when they’re ready to move.

  1. From your browser, go to https://apps.cloudiway.com and login
    You can choose to manually set up your connectors, or you can use the simpler process of the wizard. The steps below will walk you through the manual process.
  2. Click on Mail Migration on the left, then Sources
  3. Click on the + New option at the bottom of the screen
  4. Click on Office 365 (or Exchange if you’re migrating from Exchange On-Premises) and type a meaningful name in Connector name
  5. Click on the Create button
  6. Type the email address of the account you set up with admin access in Administrator, then fill in the password fields
  7. For Exchange On-Premises, also add the server name, server version and whether to allow self-migration
  8. If you’ve chosen self-migration, click on Source or Target, depending on whether you wish users to migrate their email before migration (choose Source) or after migration (choose Target)
    You can also choose None for now and choose on a per-user basis prior to migration
  9. Click on the Save button at the bottom of the screen

6.3. Create your target connector

For Cloudiway to migrate your email, it needs to be able to communicate with both your source and target domains. To do this, Cloudiway uses connectors, which are configured on apps.cloudiway.com. You will need to set up a connector for each source you wish to migrate from and each target that you wish to migrate to. With your source connecter already set up, a target connector to Amazon WorkMail is now required.

  1. Ensure that you’re still in the Mail Migration of the Cloudiway platform.
  2. Click on the Targets menu on the left
  3. Click on the + New option at the bottom of the screen
  4. Click on Amazon WorkMail and type a meaningful name in Connector name

  5. Click on the Create button
  6. Change the server region if required, type the domain and email address of the account you set up with admin access in Administrator, then fill in the password fields
    Notice the option at the bottom to automatically migrate old emails (switched off by default)
  7. Click on the Save button without activating the archive option (as Amazon doesn’t yet support archive functionality)

6.4. Configure the global settings for migration

Now that you have set up at least one source and target connector, you’re ready to configure your global settings. Using the Cloudiway platform, this is simply a matter of selecting what you want to migrate.

By default, the global migration settings are configured to migrate everything but the Trash folder. You can toggle these and change the date and time settings from the Global Settings option on the Cloudiway platform.

Most of the options are self-explanatory. The Convert Email Address option needs further explanation. When activated, this option rewrites email addresses found in the header and replaces source email addresses with their corresponding target email addresses.

For example, if Bob sends an email to his colleague, Chloe, from his source address bob@source.com to chloe@source.com and a week later, after migration, chloe@target.com replies to Bob, the Cloudiway platform has already updated SMTP header in Bob’s original email in her inbox, so her reply will be sent to bob@target.

For migrations where the only email address change is the domain name (such as Bob’s email address above), the Cloudiway platform uses the domain name defined in the target connector to convert source email addresses.

For migrations where both the domain name and the username change (for example, bob@source.com becomes newbob@target.com), the Cloudiway platform already uses a mapping table to link each user. This mapping table is also used by the Convert Email Addresses option in this situation. Therefore, it’s important that all users exist in the mapping table before migration begins (this guide contains instructions).

Note that users in the mapping table do not require a license until you’re ready to migrate them. Therefore, you can assign the ‘No license’ option to all your users prior to migration. Having a complete mapping table is also required if you plan to use Cloudiway’s free/busy calendar tool in conjunction with mail migration.

The Convert Email Address option is switched on by default (and is best left on). Make sure your user list is up to date to benefit from this functionality.

X.500 address migration: The Cloudiway platform automatically converts any X.500 addresses to SMTP during migration.

  1. From the same Mail Migration area of https://apps.cloudiway.com, click on Global Settings
    By default, the global migration settings are configured to migrate everything but the Trash folder. You can toggle these and change the date and time settings in Edit mode. Please refer to the text above these steps for more information on the Convert Email Addresses option.
  2. Click on the Edit button at the bottom of the screen
    The grey buttons will turn blue, indicating you can now edit these to your preferred global migration plan.
  3. Update any settings you wish to alter, remembering that time and dates are set to the UTC time zone
  4. Click on the Save button at the bottom of the screen to update your global settings

6.5. Import or create your users

There are a number of ways to add users that you wish to migrate. These include:

  • CSV file upload;
  • Cloudiway’s Import Users tool (using IAM); and,
  • creation of single users.

Regardless, each user will need to be assigned a license type.

6.5.1. Import or create your users

If you have a CSV file of all your users, you can upload the file to Cloudiway. The file must have the following fields in the header row:

FirstName;LastName;SourceEmail;TargetEmail;BatchName

Note that many browsers limit CSV file uploads to 5000 lines, so files larger than that should be split up and uploaded separately. Data already uploaded will not be overwritten, so you can upload as many files as required.

The BatchName field can be left blank. If required, you can use this field to name different batches so they can be run in a certain order. A sample CSV file is available for download during the steps outlined below.

  1. Ensure you’re still in the Mail Migration area of apps.cloudiway.com and go to User List
  2. Click on Manage on the action bar at the bottom and select Upload CSV

  3. If required, click on Download sample CSV and add your users to the CSV file using the sample headers (FirstName;LastName;SourceEmail;TargetEmail;BatchName)
  4. When you have a complete CSV file with the correct headers, click on the Upload button
  5. Locate your CSV file within your own file system, and double-click on it to select it
  6. Select the appropriate connectors in the Source and Target fields
  7. Select the Amazon Mail license type from the License drop-down list
  8. Click on the Upload button.
    If the CSV file format is not correct, you will see an error message on your screen:
  9. If you see any error messages, check your CSV file to ensure it has five columns with a separator between each and try uploading again
  10. Once the CSV file format is correct, you will see a confirmation message at the top of your screen:
  11. Check your email. When you have received confirmation that the upload has been completed, you can refresh the Cloudiway platform to display your imported users

6.5.2. Option 2: Import Users tool

Cloudiway’s Import Users tool helps you to retrieve users from your source tenant. The functionality works via Identity Access Management. The tool requires you to specify any transformation rules you wish to apply. It will then add new users in the Mail Migration User List view within the Cloudiway platform.

This is an advanced tool that is best used in partnership with Cloudiway consultants. If you are interested in using this option, please get in touch with your Cloudiway contact.

6.5.3. Option 3: Single user creation details

Many of our first-time customers create a single user for testing purposes. This provides a means of watching the migration process without affecting all users. Single users can also be created for migrations affecting just a few users.

  1. Go to the User List of the Mail Migration menu
  2. Click on Manage on the action bar at the bottom and select Create Single to display the following screen:
  3. Fill in all details for a new user, remembering to match Source Email with the user’s source email address and Target Email with the user’s target email address, and to assign an Amazon Mail license
  4. Click on the Create button
    The new user will be added to the Mail Migration / User List screen:
  5. Repeat steps 1 to 4 for any more users you’d like to create

6.6. Activate and monitor your migration

Now that you have performed all the pre-migration steps within your tenants and within Cloudiway, you’re ready to migrate. We recommend you run a test migration on a single user first to check that your configuration produces the outcome you expect.

To start your migration, select the users or batch you wish to migrate and click on Migration on the Action bar, then Start. Your batch will be scheduled and will begin as soon as resources are available. By default, a hundred migrations can be run concurrently per connector.

Don’t forget that Cloudiway migration platform supports delta passes and that migrations are therefore incremental; every time you restart the migration of a mailbox, only items that haven’t already been copied to the target will be migrated. The platform therefore does not duplicate items in the target.

6.7. Migrate permissions globally

You can globally migrate permissions for mailboxes through the Cloudiway platform. Note: once you start the process of setting permissions, it cannot be stopped! Make sure you’re ready.

  1. From the same Mail Migration area of https://apps.cloudiway.com, click on Global Actions

  2. Click on the Migrate Permissions option on the screen to display the following dialog box:
  3. Click on the Set button to trigger the process of setting permissions on all mailboxes

Please note that some of the tools shown on the Global Actions screen above are designed to work with Office 365 targets only, but Cloudiway developers are working to make these more broadly available. Their inclusion during Amazon WorkMail migrations is a high priority, so please contact Cloudiway if you’d like to test these features.

7. Post-migration options

7.1. Link calendar meeting entries

This task runs on all mailboxes defined in the user list, and tries to link meeting entries for owners and attendees. When completed, attendees and owners can send and receive updates on appointments.

  1. Ensure you’re still in the Mail Migration area of apps.cloudiway.com and go to Global Actions

  2. Click on Link Calendars, and from the pop-up dialog box, click on the Link button A message will appear on the Mail Migration / Global Actions screen confirming that the process has started:

NOTE: Remember, you can always check progress on the Mail Migration Dashboard

7.2. Migrate existing mail archives

Archive mailboxes and In-Place archives at the source are treated differently to standard mail and are not migrated by default: all existing mail archives are ignored during standard mail migration. Mail archive quota packages can be bought if you wish to migrate any type of mail archive.

There are several important considerations when migrating mail to Amazon WorkMail:

  1. Amazon WorkMail currently doesn’t support any native inbox archiving functionality, so even though mail archives can be migrated to WorkMail, all archiving functionality will be lost.
  2. Mail archives can be entirely migrated to a separate WorkMail inbox (incurring an extra license cost) or directly to an inbox, or a mixture of both, but remember, all archiving functionality will be lost no matter which option you choose.

If you still wish to migrate mail archives to Amazon WorkMail, the most straightforward way to is to create a new target connector to use especially for archive migrations. This allows you to begin an archive migration even if a user’s inbox migration is ongoing.

For example, the following steps are required to migrate a user who has an inbox and an archive:

  1. Create a source connector for standard email migration
  2. Create a target connector
  3. Create a mail user with a standard license and link to both the source and target connectors
  4. Buy one or more mail archive quota packages
  5. Create new source and target connectors specifically for mail archive migration (optional; recommended to optimum throughput)
  6. Create an archive user and link the user to both the source and target connector

If you have followed this user guide, you will have already performed steps 1, 2 and 3. You can now perform steps 4 to 6 for the archive migration.

For example, if Bob has a normal mailbox and an In-Place archive, he will appear on the Cloudiway platform twice: once in the standard User List section and once in the Archive user list section. Bob’s entry in the User List section will be associated with the standard mail migration license, so archive mail will be ignored. Bob’s entry in the Archive user list section will be associated with the same connectors, but associated with the mail archive quota package, so only archive mail will be migrated.

As these two migrations are treated separately, you have the flexibility to migrate archives before, during or after the standard mailbox migration has taken place. If you choose to migrate both at the same time, make sure you have set up new connectors especially for archive migration with different admin credentials to ensure you achieve maximum throughput. This recommendation is followed in the steps below.

  1. Create new source and target connectors as previously, and remember, you can choose to specify a different admin account if you wish to perform different types of migrations at the same time (such as an archive migration and a standard email migration)
  2. Remember to include the word Archive in each new connector name so they’re easy to identify later.

    Remember, any mail archives sent to Amazon Workmail will appear as standard mail. Amazon WorkMail doesn’t yet include a built-in tool for archiving new mail, so new mails can only be moved into folders, rather than archived.
  3. Click on the Archive menu of the Cloudiway platform
  4. The archive migration user list area will appear:
  5. Add any In-Place archive mailbox users to this user list area (see section 6.5 if you need a refresher the different ways users can be added) and ensure you assign the new source and target connectors to each archive user
  6. To start the migration, select the users or batch in the user list and click on the Migration menu on the action bar, then click on the Start button

8. Troubleshooting

Cloudiway provides an extensive knowledge base with many resources, including common error messages, video guides and downloads.

Please visit the entire knowledge base here (where you can search for keywords or read through topics): https://kb.cloudiway.com/

The knowledge base also contains information on how you can ask for further support, should you require it.

Free trial
Want to try?
Free trial
Contact
Any questions?
Contact