ZIMBRA TO MICROSOFT 365 MIGRATION

1. Introduction : Zimbra to Microsoft 365 Migration

This guide is about Zimbra to Microsoft 365 Migration. It can also be used for Zimbra to Exchange On Premises as the configuration is identical.

Cloudiway’s mail migration solution helps businesses perform elaborate technical migrations through a simple SaaS interface. As a result, your Zimbra to Microsoft 365 Migration require no additional software installation or overhead, and migrations can be performed securely and quickly.

The Cloudiway platform is flexible enough to support all types of migration paths. Your migration strategy will depend on your business setup, type and size. Whichever migration path you choose, Cloudiway provides all the essential features including automatic account provisioning, license assignment and mail routing.

Two of the most common migration strategies are cutover and staged migrations. Cutover strategies involve migrating all mailboxes over a weekend, ready for your users on Monday morning. Staged strategies provide more flexible migration options, as discussed on this page.

Cutover VS Staged: The Best Migration Strategy

2. Zimbra to Microsoft 365 Migration : Security

Performing your Zimbra to Microsoft 365 Migration in a secure way is important. Cloudiway respects all the security best practices. Please refer to this article for more information.

3. Zimbra to Microsoft 365 Migration: Performance

Cloudiway takes care of the overall performance of the platform during your Zimbra to Microsoft 365 Migration , details can be found in this article.

4. Zimbra to Microsoft 365 Migration scope

4.1. What can be migrated

All of the following mail-related items can be migrated during the Zimbra to Microsoft 365 Migration:

Emails
Folders
Contacts
Calendars
Secondary calendars
Permissions

4.2 Migration limitations

Zimbra to Microsoft 365 Migration can be performed by an administrator if you have the hand to create an account that has access to all mailboxes.

If this is not the case, you have the option to migrate in self service mode. Please be advised that the migration of calendars and contacts for Zimbra in Self Service mode cannot be migrated, because it requires a call to the Admin API’s.

4.3 Considerations

Migration takes place between existing mailboxes. This means that mailboxes must exist in the target at the time of migration. Please ensure that all mailboxes to be migrated have had their target mailbox created in the target domain (steps are included in this guide).

4.4 Audience

This guide is aimed at experienced system administrators who are capable of connecting to remote systems and using a variety of administration tools.

Although we provide support for our own products, we do not provide support for third party products such as PowerShell or server administration of Zimbra, Microsoft 365 or Exchange.

If you are concerned you might have any difficulty completing these steps, please consider a solution with our consulting team. We will ensure a fast, cost-effective, and stress-free implementation.

5. Pre-migration configuration

5.1 Before you start

Before you start, you will need to ensure you have the details outlined in the following table.

Name	Name	Location
Cloudiway login	Stores details and provides communication between the systems you already use.	https://portal.cloudiway.com/
Help Center	Our extensive knowledge base is always accessible, with videos, troubleshooting tools, samples and more.	https://help.cloudiway.com/
Microsoft 365 account with impersonation privileges	Used for impersonation to access mailboxes (read or write). This doesn’t have to be the tenant’s admin account. However, it must be an administrator account if you wish to migrate the permissions. The account must be able to bypass SSO and authenticate using username/password credentials with the format: user@tenant.onmicrosoft.com (with a password set to never expire).	We recommend you create a non-federated domain account (on your *.onmicrosoft.com domain) especially for migration. After all migrations are complete, simply delete this account. We provide steps below to help you set up an account with impersonation privileges if you don’t already have one.

5.2. Zimbra to Microsoft 365 Migration : How it works

The Cloudiway migration solution is a SaaS platform.

The migration requires the Zimbra server to be accessible from the SaaS platform.

Cloudiway uses Exchange Web Services API (EWS) to migrate emails, contacts, and calendars. It is using PowerShell for mailbox permissions,shared, rooms and resources.

Note: all network operations are performed over TLS 1.2.

5.3. Source Prerequisites

There are two modes of migration:

Migration with an admin account that has all necessary delegations to all mailboxes. You need to provision a Zimbra full admin with access to all user mailboxes.
Self-service migration (when it’s not possible to have a delegated admin account). Check out this article for additional information.

Scenario 2 will be used in case Zimbra is a hosted service where the provider cannot give you an account that have permissions to all mailboxes. In this case, you would use the standard self service mode where users migrate themselves by entering their credentials into a form.

Cloudiway migration platform migrates the mails using IMAP.
Contacts and calendars are migrated using the native Zimbra APIs.

Imap ports:
143: Standard IMAP port
993: IMAP over SSL
You will use one of the two ports.

Zimbra admin port: 7071
By default, the Zimbra admin port is 7071. Cloudiway migration platforms needs to connect to the admin platform in order to retrieve information.

Web service ports:
By default, Zimbra web services are accessible through SSL port 443

Firewall rules:
If you want to set up a specific firewall rule, please log a ticket through our Support portal to get our IP address.

5.4. Target Prerequisites

5.4.1. Create a Microsoft 365 service account

To perform the migration, we recommend creating a Microsoft 365 account (service account) with impersonation privileges dedicated to the migration, that can be deleted once the migration is completed. This migration account is used to access the target mailboxes and needs to be provided in a Microsoft 365 Connector. It must be configured with multi-factored authentication (MFA) and SSO (ADFS) turned off. To deactivate MFA on your Office365 migration account (guide: https://help.cloudiway.com/article/deactivate-mfa-on-your-office365-migration-account/).

5.4.2. Azure Active Directory Application

EWS API calls are performed through an Azure Active Directory Application which is granted specific permissions.

You can either create an Azure Active Directory Application manually or let the platform create one for you (if your migration account is global admin).

Please consult how to create the Azure Active Directory Application and associated permissions.

5.4.3. Create your user mailboxes

Cloudiway migrates between existing user mailboxes and does not provide a tool to provision user mailboxes. Therefore, the user mailboxes must be created prior to the migration. You can set up user accounts on the target Microsoft 365 tenant in several ways. (The following links are to Microsoft documentation.)

5.4.4. Create a partial archive from a normal inbox (optional)

Creating a partial archive of emails provides a number of benefits. From a migration perspective, the biggest benefit is reduced bandwidth. End-users who access mail via Outlook have their mailbox locally cached (in .ost file format). After a mail migration, Outlook will download all migrated mailboxes the first time users access their mailboxes. Therefore, if many users are likely to access Outlook at around the same time after migration (for example, if you’ve completed a cutover migration one weekend before staff arrive at 9am Monday morning), your bandwidth might slow down due to a glut of downloads.

This can be avoided by partially migrating data to the online archive. For example, you could choose to migrate all items older than 1 year to a mail archive, which would be performed prior to the final cutover. The data will remain online and accessible from each user’s inbox as an In-Place Archive
folder. The most recent 1 year of emails will be migrated and downloaded when each user first logs in, reducing overall bandwidth usage due to smaller mailbox sizes.

Note: you must ensure that In-Place archiving is switched on within your Exchange Admin center (you can bulk-activate using the instructions on TechNet as https://technet.microsoft.com/enus/library/jj984357(v=exchg.150).aspx).

In-Place archives at the source are treated differently to standard mail and are not migrated by default. You can buy a mail archive quota package to perform an archive migration (see section 6.7).

5.5. Mapping Table

During the migration, Cloudiway uses a mapping table to perform the conversion of email addresses in email headers, calendar items, and mailbox permissions.

Important: the mapping table must be exhaustive, any missing email address will not be converted, and would end up with loss of mailbox permissions, unrepayable emails and broken calendar items. Cloudiway automatically populates this mapping table when source mailboxes are discovered by Get List functionality explained below. However, make sure if the mapping table was populated automatically that you are not missing any email address.

6. Zimbra to Microsoft 365 Migration

6.1. Create your source and target connectors

For Cloudiway to migrate your email, it needs to be able to communicate with both your source and target domains. To do this, Zimbra to Microsoft 365 Migration requires connectors that will store the credentials used to connect to the endpoints. You will need to set up a connector for each source tenant you wish to migrate and each target tenant that mail should be migrated to.

Follow the steps on the pages below to configure Zimbra and Office 365 connectors:

Create Connectors guide

Create A zimbra Connector

Create a Microsoft 365 Connector

6.2. Configure the global settings for migration

Now that you have set up at least one source and target connector, you’re ready to configure your global settings. Using the Cloudiway platform, this is simply a matter of selecting what you want to migrate.

From the Mails area of https://portal.cloudiway.com, click on Global Settings

Most of the options are self-explanatory.

The Convert Email Address option needs further explanation. The Convert Email Address option is switched on by default (and is best left on). When activated, this option rewrites email addresses found in the email headers, calendar items and mailbox permissions and replaces source email addresses with their corresponding target email addresses in the mapping table. Therefore, it’s important that all users exist in the mapping table before migration begins.

Archive Mails Older Than is to migrate the emails older than specified date and time in the past to the target archive mailbox and Migrate Everything to Archives is to migrate all the emails to the target archive mailbox. See the 7.2. Migration to archives section for further information.

Click on the Save button at the bottom of the screen to update your global settings.

6.3. Import or create your users

Your Zimbra to Microsoft 365 Migration requires to fill your user list. There are a number of ways to add users that you wish to migrate. These include:

CSV file import.
Cloudiway’s mailbox discover tool (Get List).
Create a single user.

Regardless, each user will need to be assigned a license type — Trial (limited to 100 MB), Education, Standard, Archive, or No License (used for adding users to your mapping table regardless of migration plans).

Note that importing users into Cloudiway won’t create the user mailboxes in the target tenant. See 5.3. Create your user mailboxes

6.3.1. Option 1: CSV file import

If you have a CSV file of all your users, you can upload the file to Cloudiway. The file must have the following fields in the header row:

FirstName;LastName;SourceEmail;TargetEmail;SourceRecipientType;TargetRecipientType;BatchName

Note that many browsers limit CSV file uploads to 5000 lines, so files larger than that should be split up and uploaded separately. Data already uploaded will not be overwritten, so you can upload as many files as required.

The BatchName field can be left blank. If required, you can use this field to name different batches so they can be run in a certain order. A sample CSV file is available for download during the steps outlined below.

1. Ensure you’re still in the Mails Migration area of portal.cloudiway.com and go to User List

2. Click on MANAGE and select Import

3. If required, click on Download sample CSV and add your users to the CSV file using the sample headers (FirstName; LastName; SourceEmail; TargetEmail; BatchName)

4. When you have a complete CSV file with the correct headers, click on the BROWSE button

5. Locate your CSV file within your own file system, and double-click on it to select it

6. Select the appropriate connectors in the Source and Target fields

7. Click on the UPLOAD button.

8. If you see any error messages, check your CSV file to ensure it has seven columns, each with a separator (including the last) and try uploading again.

6.3.2. Option 2: Import Users tool

Cloudiway’s Import Users tool helps you to retrieve users from your source tenant. The functionality works via Identity Access Management. The tool requires you to specify any transformation rules you wish to apply. It will then add new users in the Mail Migration User List view within the Cloudiway platform.

This is an advanced tool that is best used in partnership with Cloudiway consultants. If you are interested in using this option, please get in touch with your Cloudiway contact.
6.3.3. Option 3: Create a single user

Many of our first-time customers create a single user for testing purposes. This provides a means of watching the migration process without affecting all users. Single users can also be created for migrations affecting just a few users.

Click on MANAGE > Create User and enter the following details:

For more information regarding the different fields, check out this article. Repeat the process for any more users you’d like to create.

6.4. Activate and monitor your migration

Now that you have performed all the pre-migration steps within your tenants and within Cloudiway, you’re ready to perform your Zimbra to Microsoft 365 Migration. We recommend you run a test migration on a single user first to check that your configuration produces the outcome you expect.

Cloudiway is an incremental migration platform that supports delta passes. Every time you restart the migration of a mailbox, only items that haven’t already been copied to the target will be migrated and for those already migrated items that have been modified in the source will be updated in the target. The platform, therefore, does not duplicate items in the target, just updates them.

The migration strategy usually consists of at least 2 migration passes, one before the cutover and another pass after the cutover:

1^st migration pass: which migrates the majority of the mailbox. Select mailboxes, click on MIGRATION, then the Start button. Explained below in more detail.
Cutover: You have to manually remove the domain from the source tenant, attach it to the target tenant and change the MX record in your DNS server. This is not automated by Cloudiway.
2^nd migration pass, delta pass: which migrates what hasn’t been migrated and updates modified items. Select mailboxes, click on MIGRATION, then the Start button. Explained below in more detail.
3^nd migration pass, delta pass: 24 hours after cutover you can submit an additional delta pass to make sure no residual email is left behind due to DNS propagation delays. Select mailboxes, click on MIGRATION, then the Start button. Explained below in more detail.

You can submit as many migration passes as you want for 3 months and until consuming the amount of GBs allowed by the assigned licenses but usually, you only need one before the cutover and another after the cutover. Find out more about the delta migration passes:

What a migration pass takes to complete depends on a lot of factors. Find out more about the migration performance:

If you have moved the source domain and need to perform one more delta pass, the Switch Domain global action will need to be used:

You can create user batches from the Batches tab to easily group subset of mailboxes. Click on the + icon and enter a batch name:

After creating the different batch, under Users tab, select the users you want to assign to a specific batch, click on BATCH button and Add to Batch:

To start your Zimbra to Microsoft 365 Migration, select the users or batch you wish to migrate.

For users, under Users tab, select all the users you want to submit and click on MIGRATION, then the Start button.

For user batch, under Batches tab, select the user batch you want to submit and click on MIGRATION, then the Start button.

Your migrations will be scheduled and will begin as soon as cloud resources are available.

7. Other migration options

7.1. Mailbox permissions migration

You can migrate mailbox permissions for mailboxes through the Cloudiway platform.

Migration of permission isn’t performed during the migration of the mailboxes but through a dedicated job.

The migration of the permissions will migrate permissions on the mailboxes, on the primary and secondary calendars.

If permissions were applied to mail-enabled security group, the mail enable security group must exist at the destination for the permission to be applied correctly.

Click on User List, select the users, go to MIGRATION, then click on Migrate Permissions

NOTE: Once you start the process of permissions migration, it cannot be stopped.

7.2. Migration to archive mailboxes

The Zimbra mailboxes can be migrated to the Office 365 online mailboxes, to the Office 365 archives, or to a mix of both.

During the Zimbra to Microsoft 365 Migration, a single mailbox can be split into the online mailbox and archive.

Note: to migrate content to archives, In-Place archiving must be enabled for the user, learn more: https://technet.microsoft.com/enus/library/jj984357(v=exchg.150).aspx.

In the Cloudiway platform, you can migrate either only old emails or all the emails to the target archive mailbox. So 2 options:

From the Global Settings section, Archive Mails Older Than is to migrate the emails older than specified date and time in the past to the target archive mailbox. Keep Migrate Everything to Archives disabled.

In this example emails older than April 7 2020 will be migrated to the archive mailbox:

Click on the Save button, when your migration starts, any emails older than the date you specified will be migrated to an In-Place archive. More recent items will be migrated to the target mailbox.

From the Global Settings section, Migrate Everything to Archives is to migrate all the emails to the target archive mailbox. In the Mail Global Settings, enable Migrate Everything to Archives and all emails will be migrated to the target archive mailbox:

Click on the Save button, when your migration starts, all emails will be migrated to an In-Place archive.

8. Troubleshooting

Cloudiway provides an extensive Help Center, also known as knowledge base, with many resources, including common error messages, guides, and downloads.

Please visit the Help Center here (where you can search for keywords or read through topics): https://help.cloudiway.com/

The Help Center also contains information on how you can ask for further support.