Migrating between Microsoft 365 tenants is one of the most complex IT projects an organization can undertake. Whether driven by mergers, acquisitions, rebranding, or organizational restructuring, a tenant-to-tenant migration requires meticulous planning across mailboxes, SharePoint, OneDrive, Teams, and Azure AD. This guide covers the complete technical process with actionable steps.
Understanding Tenant-to-Tenant Migration
A tenant-to-tenant migration moves users, data, and configurations from one Microsoft 365 tenant to another. Unlike a simple mailbox migration, this involves transferring identity data, licensing, security policies, compliance settings, and collaboration data across two completely separate environments.
Key Components to Migrate
- Azure Active Directory: User accounts, groups, security policies, conditional access rules, MFA settings
- Exchange Online: Mailboxes, shared mailboxes, distribution lists, calendars, contacts, mail flow rules
- SharePoint Online: Sites, document libraries, permissions, metadata, versioning history
- OneDrive for Business: User files, sharing settings, sync client configurations
- Microsoft Teams: Teams, channels, conversations, files, tabs, apps
- Security & Compliance: DLP policies, retention labels, sensitivity labels, eDiscovery cases
Pre-Migration Planning Phase
1. Inventory and Assessment
Before touching any data, conduct a thorough inventory:
# PowerShell: Export all mailboxes with sizes
Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics |
Select-Object DisplayName, TotalItemSize, ItemCount |
Export-Csv C:\Migration\MailboxInventory.csv
# Export all SharePoint sites
Get-SPOSite -Limit All |
Select-Object Url, StorageUsageCurrent, Template |
Export-Csv C:\Migration\SharePointSites.csv
# Export all Teams
Get-Team | Select-Object DisplayName, GroupId, Visibility |
Export-Csv C:\Migration\TeamsInventory.csv2. Domain Transfer Planning
The most critical dependency is the vanity domain. A domain can only exist in one tenant at a time. The migration requires:
- Removing the domain from the source tenant (temporarily using
onmicrosoft.comaddresses) - Adding and verifying the domain in the target tenant
- Updating DNS records (MX, autodiscover, SPF, DKIM, DMARC)
This is the step that causes the most disruption. Plan a maintenance window of 4-8 hours for DNS propagation.
3. Licensing Preparation
Ensure sufficient licenses exist in the target tenant before migration begins. Users need active licenses to receive migrated data. Use Get-MsolAccountSku to verify available license counts.
The 5-Phase Migration Process
Phase 1: Pre-Stage Identity
Create user accounts in the target tenant with temporary UPNs (using the onmicrosoft.com domain). Match source attributes like immutableId and mail to ensure proper object matching.
# Create user in target tenant
New-MsolUser -DisplayName "John Smith" `
-UserPrincipalName "john.smith@targetorg.onmicrosoft.com" `
-ImmutableId "matching-source-guid" `
-UsageLocation "IN" -LicenseAssignment "targetorg:ENTERPRISEPACK"Phase 2: Mailbox Migration
Use a third-party migration tool like BitTitan MigrationWiz, Quest, or ShareGate. Native Microsoft tools do not support direct tenant-to-tenant mailbox migration.
- Configure migration endpoints in both tenants
- Run a pre-stage migration (delta sync) to copy historical mail
- Schedule the cutover during low-activity hours
- Perform a final incremental sync after MX record change
Phase 3: SharePoint and OneDrive
SharePoint migration requires special attention to:
- Permission mapping between source and target users
- Custom columns and content types
- Workflows (Power Automate flows need recreation)
- Large file handling (files over 15GB need special treatment)
Phase 4: Domain Cutover
This is the critical window:
- Remove vanity domain from source tenant
- Add domain to target tenant and verify via DNS TXT record
- Update MX records to point to target tenant
- Update UPNs in target tenant to use vanity domain
- Update autodiscover, SPF, DKIM, DMARC records
- Perform final delta sync of mailboxes
Phase 5: Post-Migration Validation
- Verify mail flow in both directions
- Test calendar sharing and free/busy lookup
- Validate SharePoint site access and permissions
- Reconnect Outlook profiles on user machines
- Re-authenticate mobile devices
- Test Teams functionality and channel access
Common Pitfalls and Solutions
| Pitfall | Impact | Solution |
|---|---|---|
| DNS propagation delays | Mail delivery failures for 24-48 hours | Lower TTL to 300 seconds one week before cutover |
| Outlook profile corruption | Users cannot access new mailbox | Create new Outlook profiles; use autodiscover |
| Teams data loss | Chat history not migrated | Export chats before migration; Teams 1:1 chats cannot be migrated |
| Conditional Access conflicts | Users locked out of target tenant | Recreate CA policies in target; test with pilot group first |
| Shared mailbox permissions | Users lose access to shared resources | Re-apply Full Access and Send-As permissions post-migration |
Timeline Estimation
For a typical 200-user organization:
- Planning & assessment: 2 weeks
- Pre-staging and testing: 1-2 weeks
- Data pre-migration: 1-2 weeks (depending on volume)
- Cutover weekend: 1-2 days
- Post-migration support: 1-2 weeks
Get Expert Migration Support
At PCCVDI Solutions, we have executed dozens of tenant-to-tenant migrations for organizations across India. Our proven 5-phase methodology minimizes downtime and ensures zero data loss. Whether you are migrating 50 users or 5,000, our certified Microsoft engineers handle every aspect from planning through post-migration support. Contact our migration team for a free assessment of your migration requirements.