I'm looking for guidance on migrating from one Microsoft 365 tenant to another while keeping the existing domain. We have two tenants: Tenant A (which we'll keep) and Tenant B (which we plan to abandon). The domain attached to Tenant B needs to be moved to Tenant A, and this involves approximately 30 user accounts and 15 workstations. We're using ForensIT ProfWiz and BitTitan MigrationWiz for data migration. Since we're experienced with these kinds of migrations, we understand the need for things like lowering DNS TTL and updating UPNs. What complicates this situation is that once we disconnect the domain from Tenant B, users will no longer be able to log into their machines until we connect the domain to Tenant A. What is the best practice for handling a situation like this to avoid user disruption? I'd love to hear your suggestions or standard operating procedures for this type of migration.
2 Answers
Be aware that if you disconnect the domain from Tenant B, you will effectively lock everyone out until the cutover is complete. Make sure to prepare accordingly. Here are a few tips:
1. Before cutting over, stop any SCIM/SSO from Tenant B to prevent UPN changes from syncing.
2. Ensure you have a clear plan for any SSO you use with other applications, as you don’t want to get locked out of those.
3. If you're using managed devices, erase them and set them up under the new accounts. For enrolled devices, you can simply unenroll and re-enroll them.
You'll also need to manage Intune settings such as freeing up VPP licenses to transfer to the new tenant, so be mindful of that.
This is really helpful, I appreciate it! I will definitely check on those Intune tasks as well.
Considering a subdomain could be a feasible alternative. This way, you'd have the machines and accounts on different domains within the same tenant, which might offer a smoother user experience. Plus, it allows you to pre-migrate the machines and could simplify the process on migration day! Just a thought!
That might be the way to go! It sounds like it would help avoid the hassles of a direct domain swap. I’ll explore this option further, thank you!
Thanks for the tips! When you mention logging everyone out, do you recommend deploying the migration files before doing so? We don't have any SSO issues to worry about, and it's a small business setup without Apple devices, so I think we're mostly clear.