Migrating From Standalone Exchange Online Protection (EOP) to Office 365

By BDO Digital| July 21, 2014

Exchange Online Protection (EOP) is Microsoft’s offering in the hosted email security space. While Microsoft Exchange Server is the global standard in on-premise business email, their cloud-based EOP service provides spam, virus and malware protection for end-users. Although the platform has gone through several rebrands and changes since being acquired by Microsoft from FrontBridge Technologies in 2005, it most recently replaced Forefront Online Protection for Exchange (FOPE) in 2013. Read my blog to learn more.

Recently, many mid-market businesses have been looking to migrate from their on-premise Microsoft Exchange environment to Office 365 and Microsoft Exchange Online for email. These solutions can help reduce their infrastructure footprint and minimize the maintenance overhead from running a redundant email platform in-house by shifting that responsibility to Microsoft. Exchange Online Protection is built-in and included, free of charge to each Office 365 e-mail user. This provides for the same enterprise-class spam and virus protection after migration to the cloud. However, the presence of a pre-existing standalone EOP subscription enhances the need for careful planning and expertise during the discovery phase of your email migration.

Recently, BDO Digital completed an Office 365 email migration for one of our managed services clients in which their source environment was protected by Exchange Online Protection. This client receives over 30,000 inbound messages daily, so maintaining and protecting their email environment is business-critical. Despite sharing an administrative portal login interface, Exchange Online Protection and Office 365 cannot co-exist under the same domain name. Largely because of the various back-end Receive connectors needed to properly filter email messages for spam, unfortunately there is not a straightforward method for moving a domain name between accounts. Thus, during our project planning, we determined the following steps to be necessary:

  1. Establish an after-hours maintenance window and change inbound mail flow (MX records) to bypass Exchange Online Protection, routing mail directly to the Exchange Server for a brief period.
  2. After DNS has fully propagated, decommission the EOP tenant account and allow each domain name to be removed from Microsoft’s system.
  3. Initialize the Office 365 tenant account and perform domain verification.
  4. Immediately set up a hybrid coexistence (with directory synchronization of user objects between Active Directory and Office 365) in Exchange Server and configure the appropriate routing connectors in Office 365 to begin syncing objects for spam protection.
  5. Re-route inbound mail flow to point at Office 365 for spam protection for all mailboxes, even while they still reside on the Exchange Server.
  6. Finally, we can begin the process of mailbox moves into Office 365 Exchange Online.

The nature of our multi-competency Microsoft Gold Partnership underscores the technical expertise that BDO Digital's infrastructure engineers maintain in Office 365 and many other cloud technologies. Through a multi-phased approach that includes a network health evaluation and discovery, along with careful project planning, our goal is to make your Office 365 migration as smooth as possible. BDO Digital has deep and diverse experience completing migrations from a wide array of platforms, not limited to just Exchange Server. The next time you are looking for a partner to handle your email migration, give BDO Digital a call.To learn more about planning your migration path to Microsoft Exchange, please join us for our next complimentary Unified Communications event.

Transforming business for the digital age