How to migrate only some users to M365 Exchange Online email service

Written by Nick Li

Nick Li is a web developer and web designer who works for Concentric Digital. He helps others to add values to their WordPress website, and develop cross-platform application using Ionic framework and Angular JS!

November 11, 2021

Why do I want to migrate only some users on a domain to Microsoft Exchange Online while leaving other users in existing email service?

While it is usually advised NOT to use two sepearte email services for a domain, as it generate a lot of headache down the road, there are many valid reasons why you may want to move only some of the users from your current existing email service to Microsoft 365 (M365) Exchange Online.

  • you are just testing out M365 business for your organisation and you don’t want to migrate all the users until you are certain you want to migrate all the users.
  • While Exchange Online license is relatively cheap, it is still a considerable ongoing cost, and you may want to upgrade only the M365 Exchange Online for some team memebers (e.g. Marketing & Sales Team) but not for other teams that may have a significant number of team members that don’t utilize the email much (e.g. production line workers).

Whatever your reason is, this guide is written to help others like us who recently struggle to find all the required information to set it up probably.

Overview

Let me put this forward – You cannot achieve this simply by MX records. While you can have multiple MX records with different priority, it was not intended for multiple email server, but rather backup server when one fails. It does not forward to the next server down the record list when the first server on the record received the mail and cannot deliver.

You will need to setup email forwarding, either from M365 Exchange Online to your email server with a connector, or from your email server to M365 using whatever functionality you have.

Microsoft actually has a pretty decent guide on how to achieve that but it can be confusing, as it lacks explaination and the steps involve setting up both forwarding from M365 Exchange Online to your email server, as well as your email server to M365, which is not neccessary. You can find the guide here.

Having said that, this is no task for non-technical person. If you need help migrating to M365 Exchange Online, we are Microsoft Partners, send us an email and we can discuss on how we can help you.

So… should I forward M365 exchange to my email server or vice versa

While one may works better than another depending on your scenerio, I suggest you treat M365 exchange as your primary server (hence your MX record to M365 exchange) and forward the email to your other email server instead for 2 reasons:

  • If you are testing the M365 exchange out, most lucky the outcome is you will migrate some if not all your users in the end. Might as well it up to M365 first, then when you decide to migrate fully, all you need to do is setup the users with license on M365, and pretty much no chance of error from that point, even if you forgot to turn the connector off.
  • It does not require your email server to have email forwarding functionality, so pretty much any email server or service you are using will be compitable. Most importantly, email forwarding from your email service may not support “forward all undeliverable email” , which means you will have to setup forwarding rules for each of the user that you are migrating to M365.

For this guide we are going to focus on the method of forwarding M365 exchange to an external email server.

Prerequisite & Limitations

  • You need to have access to accounts that have permission allowing you to setup connectors in Exchange.
  • You must manage your Microsoft 365 DNS records at your DNS hosting provider, rather than have Microsoft 365 manage these records for you.
  • You need to know the address for your email server, which you can find in your existing DNS MX records.
  • Since you are spliting your users between two servers, you will need to manage your users separately in different locations.

Step 1: Verify that you own the domain you want to use & create users (If you have not already done so)

  1. Sign in to the Microsoft 365 admin center with your work or school account.
  2. Select Settings > Domains in the left navigation pane.
  3. On the Domains page, select Add domain.
  4. Type the domain name in the box, select Use this domain, and then select Continue.
  5. Select the services you want to test with your domain, like email and instant messaging.
  6. On the Verify domain page, follow the step-by-step instructions, amd then select Verify.It takes between a few minutes and 72 hours for DNS changes to take effect.When verification is successful, you are asked to modify your DNS records.
  7. In the Microsoft 365 admin center left navigation, select Users > Active users.
  8. Create accounts for users that you want to migrate.For each account, select + Add a user, and fill out the required information, including the password method you want to test.To ensure a user’s email stays the same, the User name field must match the user’s current email address.
  9. Choose the appropriate license with Exchange Online Plan, click Next, and then click Finish adding.
  10. Next to User name, select your custom domain name from the drop-down list.
  11. Select Create  then Close.

Step 2: Change the domain to Internal Relay Mode

  1. In the Exchange admin center, in the Mail flow section, select Accepted domains, and then select the domain you want to modify.
  2. Double-click to open the window, and then select Internal Relay. Internal Relay is basically saying ” Email is delivered to known recipients in M365 or is relayed to your own email server if the recipients aren’t known to M365″.
  3. Select Save. This setting might require a few minutes to take effect.

Step 3: Unblock the existing email server (optional)

Microsoft 365 uses Exchange Online Protection (EOP) for spam protection. EOP might block your existing mail server if it detects a high volume of spam being forwarded by your current mail server. If you trust the spam protection for your other email provider, you can unblock the server in Microsoft 365.

  1. In the Exchange admin center navigation pane, select Protection, and then select Connection filter.
  2. In the IP Allow list, select +, and add the mail server IP address for your current email provider.

Step 4:Set up a connector from Microsoft 365 or Office 365 to your email server

  1. To create a connector in Microsoft 365 or Office 365, click Admin, and then click Exchange to go to the Exchange admin center. Next, click mail flow, and click connectors.
  2. To start the setup wizard, click the plus symbol +. On the first screen, choose From Office 365 and To Your Organization Mail server.
  3. You can simply apply the connector to “All accepted domains” if you only have one validated domain in your tenant, or you should define only which domains such connector should be applied.
  4. When asked for external email server address, use the one that you found in your current MX record for the domain. (e.g. mx.yourhosting.com)
  5. You will asked to provide an existing email to validate the connector. You need to provide one that you are NOT migrating and existing on your other email server. Make sure your connector validates before migrating to next step or otherwise you may have data loss as you email are not forwarded properly.

Step 5: Update DNS records

  1. Back to your M365 Admin, Select Settings > Domains in the left navigation pane.
  2. Click on the Domain you are migrating and setup the record as needed with one exception: If you already have a Sender Policy Framework (SPF) record for your previous email provider, instead of creating a new SPF (TXT) record for Exchange Online, add “include:spf.protection.outlook.com” to the current TXT record.For example, “v=spf1 mx include:adatum.com include:spf.protection.outlook.com ~all”.If you don’t have an SPF record, modify the one recommended by Microsoft 365 to include the domain for your current email provider, and add spf.protection.outlook.com. This authorizes outgoing messages from both email systems.
  3. You may delete your other MX records now, but I suggest you to test the mail flow first before removing them.

Step 6: Test mail flow and migration of contents

  1. Sign in to Outlook Web App using the credentials for any users that you have migrated to M365, test by sending email to and from users between M365 Exchange Online and external email server.
  2. Also test the deliverability to another 3rd email service provider (e.g. Gmail) just to be sure.
  3. Migrate the email contents using the bulk email migration tools, or if you are only migrating few (e.g. 3 -4 users), you may choose to use the .PST export and import.

Conclusion

That’s it! You are done setting this up, it is a bit hacky and quite a bit of work to be honest, but that is definitely doable if your organisation or client decide to have M365 and another email service running at the same time. Leave us a comment below and share with us the reason why you are setting this up!

You May Also Like…

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *