All Ready?  Here are some important things to do before making the migration:

Clean up the existing Active Directory:

  • Remove duplicate proxyAddress and userPrincipalName attributes.
  • Update blank and invalid userPrincipalName attributes with valid userPrincipalName attributes.
  • Remove invalid and questionable characters in the givenName, surname (sn), sAMAccountName, displayName, mail, proxyAddresses, mailNickname, and userPrincipalName attributes. For details about preparing attributes, see Reference: Directory objects and attributes used by Office 365.

Enabling assesses existing AD and provides recommendations to optimize before you duplicate bogus attributes into Office 365.

Assess your inbox sizes and Internet bandwidth

Understanding much available Internet bandwidth is available and the amount of mail to migrate will help approximate how many mailboxes you can move at a time and how long it will take.  Enabling uses calculators to determine and set real expectations, so that you can plan your cutover period accordingly.

Decide what to do with old email

Archived emails and psts need to be moved to the cloud.  There are several options to do so, varying from manual processes to paid-for tools that automate the process.  Enabling explains the options and provide quotes to allow customers to choose the best mix between convenience and cost.

Decide upon a Sign on strategy:

For enterprise users these days, single-sign-on is an expectation, not a luxury. When moving email, SharePoint, or other applications to Office 365, there are several ways to accomplish SSO.

-          Active Directory Federation Services – this is the most mature but most complicated of the models. Servers are deployed on premises and act as an intermediary between the customer’s Active Directory and the Office 365 environment. One ADFS server must go in the intranet and an ADFS proxy goes in the DMZ. For high availability for SSO, duplicate servers are required. With four servers to administer, ADFS may not be optimal for customers looking to streamline their data center footprint.


-          Azure Active Directory – Microsoft Azure offers a highly available option for SSO whereby customers rent a domain controller in the cloud that peers to their Active Directory over the Internet. Instead of running and administering ADFS, companies can minimize their footprint but still have SSO to Office 365, as well as to 2200+ SAAS applications such as SalesForce, Dropbox, etc. See the graphic below.


-          Same-Sign-On through DirSync – most Office 365 customers use DirSync to send updated AD information into the cloud. This removes the need to make changes in both AD and online when adding or deleting users. DirSync also offers a same-sign on capability, which in most cases provides the same experience as Single-Sign-On. The differences are in password resets/refreshes which require occasional user interaction, but day to day, users know no difference.


-          Third party identity brokers – Okta and others have had similar functionality as Azure AD for some time. They act as middlemen between on-premises AD and Office 365, as well as third party SAAS providers. Cost and service levels vary.


Enabling thoroughly explains the options and helps customers choose a future proofed authentication and SSO strategy.

Ensure the System Requirements are met:

 In the past, organizations have delayed upgrading their Office apps because they wait for a desktop refresh or some other event to make the change to the user machine.  With Office Online, Microsoft moves at a much faster pace and installs new software without an enterprise admin or users having the choice.  Systems must be able to handle the evergreen software.