sync: auto-sync from GURU-5070 at 2026-06-25 19:18:08
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-06-25 19:18:08
This commit is contained in:
@@ -0,0 +1,72 @@
|
||||
# Birth Biologic — Google Workspace → Microsoft 365 mail migration (scope)
|
||||
|
||||
Scoping doc for moving Birth Biologic's live mail off Google Workspace onto their existing M365
|
||||
tenant. Started 2026-06-25. Process reference: `projects/msp-tools/runbooks/google-workspace-to-m365-migration.md`.
|
||||
|
||||
## Why now / current state
|
||||
|
||||
Birth Biologic has an **M365 Business Premium** tenant (`birthbiologic.com`) with **mailboxes
|
||||
already provisioned**, but **mail still flows to Google Workspace** — i.e. they're half-staged for a
|
||||
cutover that was never finished. Confirmed 2026-06-25:
|
||||
|
||||
- **M365 tenant:** `birthbiologic.com` (Business Premium). 13 licensed EXO mailboxes provisioned.
|
||||
- **MX:** → **Google Workspace** (`aspmx.l.google.com` + alts) — **live mail is on Google, not M365.**
|
||||
- **DNS host:** **SiteGround** (`ns1/ns2.us92.siteground.us`). **Registrar:** **Name.com.**
|
||||
- **Web:** `www` → Google Cloud `35.215.115.203` (separate from mail; not in scope).
|
||||
|
||||
## Prerequisite status (gates)
|
||||
|
||||
| Prereq | Status | Notes |
|
||||
|---|---|---|
|
||||
| **Google super-admin on source tenant** | **MISSING — must obtain** | No Birth Biologic Google creds in the vault (only RMM enrollment). ACG's `acg-msp-access` SA is **not** delegated to `birthbiologic.com`. **This is the #1 blocker.** |
|
||||
| M365 target mailboxes provisioned | **Mostly done** | 13 mailboxes exist; verify licensing covers everyone who needs mail (see the 2 enabled-no-mailbox accounts below). |
|
||||
| Domain verified in M365 | Assumed (tenant uses `birthbiologic.com`) | Confirm the domain is verified and ready to receive (don't cut MX yet). |
|
||||
| DNS edit access for MX cutover | **Pending** | SiteGround DNS — Mike accepting the SiteGround **collaborator invite** (released from EOP quarantine 2026-06-25). Registrar Name.com (for NS only; MX lives in SiteGround zone). |
|
||||
|
||||
## Target (M365) mailbox inventory — known
|
||||
|
||||
**13 provisioned EXO mailboxes:** Alicia Meneely, Ashley Williams, Brandy Burgess, Christina Cox,
|
||||
Julie Beck, Kristin Steen, Lastashia May, Mary Ster, Mindi Maher, Savanna Abron, Vicki Fountain,
|
||||
plus `operations@` and `sysadmin@` (Computer Guru).
|
||||
|
||||
**2 enabled accounts WITHOUT a mailbox** (decide before migration): **Mei Mei Senthavy**
|
||||
(`msenthavy@`), **Valerie VanEaton** (`vvaneaton@`) — enabled, no license/mailbox. If they're active
|
||||
mail users on Google, they need a license + mailbox provisioned as migration targets.
|
||||
|
||||
**Disabled / former staff** (no migration): Ally Boutte, Anica Raso, Phim Nelson, Kaileigh Hoffman.
|
||||
**Guests (external, not migrated):** `christyrogers@trainingumbrella.com`, `clients@calm-ops.com`.
|
||||
|
||||
## Source (Google) inventory — TODO (needs Google admin)
|
||||
|
||||
Once super-admin access is obtained, pull from the Google Admin console:
|
||||
- Full user/mailbox list + **sizes** (drives migration time), and reconcile against the M365 target list.
|
||||
- **Shared/delegated mailboxes**, **groups/distribution lists**, **aliases**, **calendars/resources** —
|
||||
recreate in M365 deliberately (don't assume they come across as user mailboxes).
|
||||
- Who is actually active (esp. Mei Mei / Valerie).
|
||||
- Any retention/legal need before Google decommission (no PHI noted, but confirm).
|
||||
|
||||
## Proposed method
|
||||
|
||||
**MS native "Migration from Google Workspace"** (free, mail + calendar + contacts, delta sync) — the
|
||||
default per the runbook. Birth Biologic is a small org with target mailboxes already in place, so the
|
||||
native path fits cleanly. Reuse the `acg-msp-access` SA by adding its client_id + the migration scopes
|
||||
to Birth Biologic's domain-wide delegation (needs their Google super-admin), or create a per-job SA.
|
||||
|
||||
## Cutover sequence (planned)
|
||||
|
||||
1. Obtain Google super-admin; vault it (`clients/birth-biologic/google-workspace.sops.yaml`).
|
||||
2. Enable Gmail/Calendar/Contacts/Directory APIs; add SA domain-wide delegation w/ migration scopes in Birth Biologic's Google Admin.
|
||||
3. Provision/license any missing target mailboxes (Mei Mei, Valerie if active); recreate shared mailboxes/groups.
|
||||
4. Confirm `birthbiologic.com` verified in M365 (no MX change yet).
|
||||
5. EAC → migration batch (Google Workspace) → CSV of mailboxes → initial + incremental sync; validate.
|
||||
6. Lower MX/autodiscover TTL in **SiteGround** DNS.
|
||||
7. **Cutover:** flip MX → M365, update SPF (`include:spf.protection.outlook.com`), enable/publish DKIM (2 CNAMEs), autodiscover CNAME → `autodiscover.outlook.com`, review DMARC. Final delta sync. Finalize batch.
|
||||
8. Reconfigure clients to M365; remove Google licenses; remove SA delegation; cancel Workspace.
|
||||
|
||||
## Open questions for Mike / client
|
||||
|
||||
- **Can we get Google super-admin** on Birth Biologic's Workspace tenant (from the client / Annise)? Without it the native + IMAP paths are blocked.
|
||||
- Are **Mei Mei Senthavy** and **Valerie VanEaton** active mail users (need mailboxes), or dormant?
|
||||
- Any **shared mailboxes / groups / aliases** on the Google side to recreate?
|
||||
- Desired **cutover window** / acceptable brief mail-delivery delay during MX propagation.
|
||||
- Migrate **calendar + contacts** too (native does), or **mail only**?
|
||||
Reference in New Issue
Block a user