Migration from Mimecast to Microsoft 365 …..over a nice Cup of Tea and Biscuit
We caught up with our migration guru, Dave Kellett, over a cup of tea & biscuit to pick his brains on the challenges folk face when migrating Mimecast email journals into Microsoft 365.
A few years ago, having a dedicated email ‘hygiene’ service to run alongside your Microsoft 365 environment was ‘essential’, with solutions like Mimecast and Proofpoint providing advanced anti-spam, anti-phishing, email journaling, eDiscovery, and so on.
Now, with continued investment from Microsoft into its cloud protection, data retention and eDiscovery capabilities, more and more organisations are reviewing their options as to whether they still need a separate service and deciding to make the move.
We have carried out many Mimecast migrations over the last few years, so read on for our tips to help with your move – especially if it involves a journal migration – which is like fitting a round peg into several square holes!
Want more expert advice?
Here’s the answers to the most common questions we get asked about Mimecast to Microsoft 365 migration:
What’s the best way to get our journal out of Mimecast?
Now, call me a cynic, but even if a cloud vendor could make it easy for you to bulk extract your data when you want to move on, providing this facility would be low on their list of priorities.
That’s why most migrations start with asking Mimecast for an extraction of your email journal.
This is a paid-for service carried out by staff at Mimecast and results in files that get shipped to you on a removable disk or more likely these days over FTP.
When you request an extract, make sure you ask for it in Exchange journal format (EJF). This format preserves all the original recipients, including BCC’d recipients and the members of distribution lists.
It’s important this information is preserved when it comes to eDiscovery.
For example, if BCC’d recipients are excluded, any future eDiscovery will exclude ‘hidden’ recipients of any emails.
Also make sure you’re sitting down for when they tell you the fee for your extraction.
Can we dodge the Mimecast exit fee?
Strategies for dodging the exit fee, such as using the Mimecast administrator to export all emails belonging to an individual user, or automating eDiscovery searches and downloading the results, are slow, exceptionally difficult to track and subject to ‘throttling’.
For example, mailbox exports can only be done in in batches of 10GB messages and a maximum of 2GB per file and Mimecast currently limits eDiscovery searches to return fewer than 50,000 messages a time.
So realistically speaking the answer is no: Unless you only have a small amount of data to move, or you’ve negotiated a ‘pre-nup’ in advance of signing with Mimecast, you can’t get away from having to pay to extract your data.
Should we take everything?
Lots of customers decide to migrate literally everything from the point that their Mimecast journaling service ‘kicked in’.
You may be able to migrate less than this, however.
Our tip is to seek advice from your legal team on how far back you need to go – it may not be as far back as you’ve been maintaining your journals.
And, if you’ve already applied the Microsoft 365 retention policies that mimic the effect of journaling, when was this done?
With this information you will be able to request a journal extract that falls within two dates, resulting in lower costs and a shorter migration time.
How quickly can we migrate?
If you’re migrating from a service like Mimecast where you are reliant on someone physically extracting data on your behalf, the timelines for extraction will be the biggest bottleneck in your move.
For example, we’ve heard of a client that had to wait 8 months to get a paid-for extract of less than 40GB from their email protection vendor.
As discussed, you can reduce overall migration timelines (and costs) by being selective in what you extract from Mimecast.
You can also use a ‘last in first out’ approach to speed up your migration. For example, you might prioritise emails less than 2 years old for your migration, and then top up beyond this later (or just let it ‘age in place’).
Rest assured, once you have your data out, it can be migrated into Microsoft 365 at a significantly faster rate!
Do we need to worry about chain of custody?
Any time an electronic record is physically moved between storage devices or locations, there’s potential to introduce risk. For example:
- If your data has be transferred via an interim storage device during the migration process, could it be tampered with or lost owing to a hardware corruption?
- If your data needs to be extracted into a neutral format before it can be re-imported into the new journal, could this lead to inadvertent data loss, such as mis-mapping of content or meta-data?
Given that Mimecast migrations typically start off with a physical extraction carried out by Mimecast personnel, into a general email format, it’s difficult to get the forensic, end-to-end assurances we would typically like.
We recommend that you get an accurate indication of how much data will be extracted and ensure this tallies up with what is delivered to you, and what gets migrated into Microsoft 365.
Ideally an audit should be produced to prove due diligence during each stage of your migration.
How does a regular email journal differ from Microsoft 365 ‘journaling’?
As we’ve already said, migrating a conventional email journal (such as that provided by Mimecast) into Microsoft 365 not easy.
This is because Microsoft 365 doesn’t offer a ‘like-for-like’ journal service.
If you want a simple explanation of how they differ, check out our famous ‘pirate video‘.
Instead of using a single instanced store, Microsoft 365 preserves your email records at an individual mailbox level and retains them according to retention policies you implement.
It also brings into play the following services to ensure all the relevant information is retained and discoverable:
- When a user deletes an email, the email gets removed from the user’s view, but is kept in special hidden folder (the Recoverable Items Folder (RIF)) where they are available to the eDiscovery process.
- Any BCC’d recipients will be retained indefinitely in the senders’ mailboxes.
- The members of any distribution lists (DLs) are expanded at the point of sending and stored in hidden headers in senders’ emails, so they are fully discoverable.
- Inactive mailboxes can be used to retain the emails of ‘leavers’ without a license penalty.
To CORRECTLY migrate data that’s in the ‘old’ journal format into this very different way of doing things, several things need to be addressed.
- Multi-instancing: By this we mean that a single-instanced email in a journal needs to be ‘re-hydrated’ back into multiple email instances. I.e., for everyone in your organisation that an email was FROM:, TO:, CC’d: or BCC’d on, or that was part of any distribution lists at the time.
- Handling Leavers: Your legacy journal will naturally hold emails exchanged by staff that are no longer with the organisation. You need to find the ‘right home’ for ex-employees’ email so they are properly included in any eDiscovery and records management.
- Handling Deleted Items: You’ll want to avoid popping emails back into users’ mailboxes if they’ve previously deleted them. It will cause mass confusion and concern.
It is possible to tackle all these areas, and that is something we can take care of in our migration service.
We can also guide you through another route which is to ‘chop up’ a journal and migrate it to several Microsoft 365 shared mailboxes.
Shared mailboxes need to be licenced, and they will give you 100GB of storage per shared mailbox.
However, taking the ‘shared mailbox’ route comes with caveats – not least when it comes to Microsoft’s own licencing terms, which states
“An IT administrator can’t create a shared mailbox and have users copy it (through the Cc or Bcc field, or through a transport rule) for the explicit purpose of archiving.”
We therefore always recommend organisations get written permission from Microsoft before pursuing this route.
Other things to be aware of when using shared mailboxes to hold legacy journals include
- You don’t know whose emails are in them.
- To carry out a complete eDiscovery your legal team might have to include ALL of them (it could be many thousands) even if they are doing a search involving just three members of staff.
- A few years down the track, the fact that these ‘mutant journal mailboxes’ exist might be lost in the annals of time. Bear in mind that Microsoft’s eDiscovery tools no longer need to be driven by the IT department – so you can see how their significance might be totally overlooked, and how they might be excluded from the eDiscovery workflow.
- Governance can be tricky – bear in mind you won’t be able to apply retention policies to shared mailboxes on anything other than date. That means your data is subject to blanket ‘longest retention date’ policies and you’ll risk retaining some data for longer than needed.
- A future divestiture which demands data to be separated according to different departments/people cannot be properly addressed.
There’s lots of ways in which we can solve or ease these issues, such as giving meaningful names to shared mailboxes relating to the date range of the data they contain, but the key thing is that you and your legal team understand the pros and cons and the future ramifications of your migration approach.
Can we just switch over to using Microsoft 365 email hygiene services?
Updating your MX records to divert your email traffic from Mimecast to Microsoft 365 is relatively easy, but check before you ‘throw the switch’.
Make sure that you have all the right retention and data governance policies in place AND that you are 100% happy with the email protection options you’ve configured in Microsoft 365.
To ensure this is the case for your organisation, we can help you analyse your security needs and make recommendations for ensuring Microsoft 365 is configured correctly before you jump ship.
Our team can provide help every step of the way, from thinking through the plan, liaising with Mimecast, executing the migration according to your wishes and reporting on migration status.
For a chat with one of our specialists, please get in touch.
Migrate your email archives to the cloud
Find out more about how Essential can help your migration to (or out of) Mimecast.