4.9 KiB
Birth Biologic — Google Workspace → Microsoft 365 mail migration (scope)
Scoping doc for moving Birth Biologic's live mail off Google Workspace onto their existing M365
tenant. Started 2026-06-25. Process reference: projects/msp-tools/runbooks/google-workspace-to-m365-migration.md.
Why now / current state
Birth Biologic has an M365 Business Premium tenant (birthbiologic.com) with mailboxes
already provisioned, but mail still flows to Google Workspace — i.e. they're half-staged for a
cutover that was never finished. Confirmed 2026-06-25:
- M365 tenant:
birthbiologic.com(Business Premium). 13 licensed EXO mailboxes provisioned. - MX: → Google Workspace (
aspmx.l.google.com+ alts) — live mail is on Google, not M365. - DNS host: SiteGround (
ns1/ns2.us92.siteground.us). Registrar: Name.com. - Web:
www→ Google Cloud35.215.115.203(separate from mail; not in scope).
Prerequisite status (gates)
| Prereq | Status | Notes |
|---|---|---|
| Google super-admin on source tenant | MISSING — must obtain | No Birth Biologic Google creds in the vault (only RMM enrollment). ACG's acg-msp-access SA is not delegated to birthbiologic.com. This is the #1 blocker. |
| M365 target mailboxes provisioned | Mostly done | 13 mailboxes exist; verify licensing covers everyone who needs mail (see the 2 enabled-no-mailbox accounts below). |
| Domain verified in M365 | Assumed (tenant uses birthbiologic.com) |
Confirm the domain is verified and ready to receive (don't cut MX yet). |
| DNS edit access for MX cutover | Pending | SiteGround DNS — Mike accepting the SiteGround collaborator invite (released from EOP quarantine 2026-06-25). Registrar Name.com (for NS only; MX lives in SiteGround zone). |
Target (M365) mailbox inventory — known
13 provisioned EXO mailboxes: Alicia Meneely, Ashley Williams, Brandy Burgess, Christina Cox,
Julie Beck, Kristin Steen, Lastashia May, Mary Ster, Mindi Maher, Savanna Abron, Vicki Fountain,
plus operations@ and sysadmin@ (Computer Guru).
2 enabled accounts WITHOUT a mailbox (decide before migration): Mei Mei Senthavy
(msenthavy@), Valerie VanEaton (vvaneaton@) — enabled, no license/mailbox. If they're active
mail users on Google, they need a license + mailbox provisioned as migration targets.
Disabled / former staff (no migration): Ally Boutte, Anica Raso, Phim Nelson, Kaileigh Hoffman.
Guests (external, not migrated): christyrogers@trainingumbrella.com, clients@calm-ops.com.
Source (Google) inventory — TODO (needs Google admin)
Once super-admin access is obtained, pull from the Google Admin console:
- Full user/mailbox list + sizes (drives migration time), and reconcile against the M365 target list.
- Shared/delegated mailboxes, groups/distribution lists, aliases, calendars/resources — recreate in M365 deliberately (don't assume they come across as user mailboxes).
- Who is actually active (esp. Mei Mei / Valerie).
- Any retention/legal need before Google decommission (no PHI noted, but confirm).
Proposed method
MS native "Migration from Google Workspace" (free, mail + calendar + contacts, delta sync) — the
default per the runbook. Birth Biologic is a small org with target mailboxes already in place, so the
native path fits cleanly. Reuse the acg-msp-access SA by adding its client_id + the migration scopes
to Birth Biologic's domain-wide delegation (needs their Google super-admin), or create a per-job SA.
Cutover sequence (planned)
- Obtain Google super-admin; vault it (
clients/birth-biologic/google-workspace.sops.yaml). - Enable Gmail/Calendar/Contacts/Directory APIs; add SA domain-wide delegation w/ migration scopes in Birth Biologic's Google Admin.
- Provision/license any missing target mailboxes (Mei Mei, Valerie if active); recreate shared mailboxes/groups.
- Confirm
birthbiologic.comverified in M365 (no MX change yet). - EAC → migration batch (Google Workspace) → CSV of mailboxes → initial + incremental sync; validate.
- Lower MX/autodiscover TTL in SiteGround DNS.
- Cutover: flip MX → M365, update SPF (
include:spf.protection.outlook.com), enable/publish DKIM (2 CNAMEs), autodiscover CNAME →autodiscover.outlook.com, review DMARC. Final delta sync. Finalize batch. - Reconfigure clients to M365; remove Google licenses; remove SA delegation; cancel Workspace.
Open questions for Mike / client
- Can we get Google super-admin on Birth Biologic's Workspace tenant (from the client / Annise)? Without it the native + IMAP paths are blocked.
- Are Mei Mei Senthavy and Valerie VanEaton active mail users (need mailboxes), or dormant?
- Any shared mailboxes / groups / aliases on the Google side to recreate?
- Desired cutover window / acceptable brief mail-delivery delay during MX propagation.
- Migrate calendar + contacts too (native does), or mail only?