Files
claudetools/clients/birth-biologic/docs/migration/google-to-m365-scope.md
Mike Swanson d1de83a6d3 sync: auto-sync from GURU-5070 at 2026-06-25 19:18:08
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-25 19:18:08
2026-06-25 19:19:46 -07:00

4.9 KiB

Birth Biologic — Google Workspace → Microsoft 365 mail migration (scope)

Scoping doc for moving Birth Biologic's live mail off Google Workspace onto their existing M365 tenant. Started 2026-06-25. Process reference: projects/msp-tools/runbooks/google-workspace-to-m365-migration.md.

Why now / current state

Birth Biologic has an M365 Business Premium tenant (birthbiologic.com) with mailboxes already provisioned, but mail still flows to Google Workspace — i.e. they're half-staged for a cutover that was never finished. Confirmed 2026-06-25:

  • M365 tenant: birthbiologic.com (Business Premium). 13 licensed EXO mailboxes provisioned.
  • MX:Google Workspace (aspmx.l.google.com + alts) — live mail is on Google, not M365.
  • DNS host: SiteGround (ns1/ns2.us92.siteground.us). Registrar: Name.com.
  • Web: www → Google Cloud 35.215.115.203 (separate from mail; not in scope).

Prerequisite status (gates)

Prereq Status Notes
Google super-admin on source tenant MISSING — must obtain No Birth Biologic Google creds in the vault (only RMM enrollment). ACG's acg-msp-access SA is not delegated to birthbiologic.com. This is the #1 blocker.
M365 target mailboxes provisioned Mostly done 13 mailboxes exist; verify licensing covers everyone who needs mail (see the 2 enabled-no-mailbox accounts below).
Domain verified in M365 Assumed (tenant uses birthbiologic.com) Confirm the domain is verified and ready to receive (don't cut MX yet).
DNS edit access for MX cutover Pending SiteGround DNS — Mike accepting the SiteGround collaborator invite (released from EOP quarantine 2026-06-25). Registrar Name.com (for NS only; MX lives in SiteGround zone).

Target (M365) mailbox inventory — known

13 provisioned EXO mailboxes: Alicia Meneely, Ashley Williams, Brandy Burgess, Christina Cox, Julie Beck, Kristin Steen, Lastashia May, Mary Ster, Mindi Maher, Savanna Abron, Vicki Fountain, plus operations@ and sysadmin@ (Computer Guru).

2 enabled accounts WITHOUT a mailbox (decide before migration): Mei Mei Senthavy (msenthavy@), Valerie VanEaton (vvaneaton@) — enabled, no license/mailbox. If they're active mail users on Google, they need a license + mailbox provisioned as migration targets.

Disabled / former staff (no migration): Ally Boutte, Anica Raso, Phim Nelson, Kaileigh Hoffman. Guests (external, not migrated): christyrogers@trainingumbrella.com, clients@calm-ops.com.

Source (Google) inventory — TODO (needs Google admin)

Once super-admin access is obtained, pull from the Google Admin console:

  • Full user/mailbox list + sizes (drives migration time), and reconcile against the M365 target list.
  • Shared/delegated mailboxes, groups/distribution lists, aliases, calendars/resources — recreate in M365 deliberately (don't assume they come across as user mailboxes).
  • Who is actually active (esp. Mei Mei / Valerie).
  • Any retention/legal need before Google decommission (no PHI noted, but confirm).

Proposed method

MS native "Migration from Google Workspace" (free, mail + calendar + contacts, delta sync) — the default per the runbook. Birth Biologic is a small org with target mailboxes already in place, so the native path fits cleanly. Reuse the acg-msp-access SA by adding its client_id + the migration scopes to Birth Biologic's domain-wide delegation (needs their Google super-admin), or create a per-job SA.

Cutover sequence (planned)

  1. Obtain Google super-admin; vault it (clients/birth-biologic/google-workspace.sops.yaml).
  2. Enable Gmail/Calendar/Contacts/Directory APIs; add SA domain-wide delegation w/ migration scopes in Birth Biologic's Google Admin.
  3. Provision/license any missing target mailboxes (Mei Mei, Valerie if active); recreate shared mailboxes/groups.
  4. Confirm birthbiologic.com verified in M365 (no MX change yet).
  5. EAC → migration batch (Google Workspace) → CSV of mailboxes → initial + incremental sync; validate.
  6. Lower MX/autodiscover TTL in SiteGround DNS.
  7. Cutover: flip MX → M365, update SPF (include:spf.protection.outlook.com), enable/publish DKIM (2 CNAMEs), autodiscover CNAME → autodiscover.outlook.com, review DMARC. Final delta sync. Finalize batch.
  8. Reconfigure clients to M365; remove Google licenses; remove SA delegation; cancel Workspace.

Open questions for Mike / client

  • Can we get Google super-admin on Birth Biologic's Workspace tenant (from the client / Annise)? Without it the native + IMAP paths are blocked.
  • Are Mei Mei Senthavy and Valerie VanEaton active mail users (need mailboxes), or dormant?
  • Any shared mailboxes / groups / aliases on the Google side to recreate?
  • Desired cutover window / acceptable brief mail-delivery delay during MX propagation.
  • Migrate calendar + contacts too (native does), or mail only?