Lack of access to mail for even a few hours can bring a company to a halt. In turn, badly transferred file permissions can make trouble even without an outside attack - all it takes is for data to suddenly become too widely available. That's why migration to Microsoft 365 is not just copying data. It's a project where good analysis, a detailed planned sequence of activities, a user-tailored communication plan, control of project risks and, finally, a short surge window count.
In this article you get a plan 30-60-90 days: what to prepare for the start, what to move „in the background”, how to plan the switchover (cutover) and how to implement security elements (identity, devices, data) so that the migration does not cripple the company. Along the way, I also show typical risks - because these, only appear in practice - in the slides everything works.
Why migrating to Microsoft 365 is a security project, not just a data transfer
For CISOs and IT directors, migration is the moment when the control model changes: access to data, logging, permissions, sharing and visibility of documents in the new environment. It's a good time to introduce Zero Trust configurations into the environment - controls based on identity, device and access policies start to matter more than traditional „edge security.”.
That's why it's worth treating the migration as an opportunity to get the security foundations in order: identities and groups, access rules (roles, devices), and data protection from day one (classification, labels, share control). Implementing this later will be more difficult and usually more painful.
How to choose the right migration mode: cutover, staged or hybrid
There is no one method that fits every organization. Microsoft makes it clear that the choice depends on the mail source, the scale, the pace of migration and whether you need a coexistence period.
- Cutover makes sense when you want to move everything in a short window and don't plan for long coexistence. It also has limitations of scale - in practice, it is not a good method for large enterprise environments.
- Staged is sometimes chosen with older Exchange environments and a larger number of mailboxes when you want to migrate in batches.
- Hybrid (including a minimal-hybrid variant) works well where coexistence and gradual user switching are important, especially in Exchange environments.
The bottom line: before you set dates, the choice of migration mode should be a design decision, not a „technical setup.” It affects risk, communication to users, and even the order of work (identity → data → cutover).
Most common operational risks during migration
Problems rarely stem from data transfer alone. They most often erupt in three areas:
1) Identity and order in the catalog
2) Files and permissions
File migration is not „folder dragging.” Microsoft describes it as a phased process (assess → remediate → prepare → migrate → onboard) that requires preparing the target system and onboarding users. If you skip these steps, system chaos is guaranteed.
3) Sharing and sensitive data
30-60-90 day plan: migrate to Microsoft 365 without paralyzing your business
First 30 days: foundations (identity, architecture, goal preparation)
Here you build a foundation that makes the rest of the work go more smoothly and without „putting out fires.”.
What we do in practice:
- Inventory: mail, files, integrations (ERP/CRM), retention and compliance.
- Directory order: inactive accounts, groups, permission rules.
- Decision on migration mode (cutover/staged/hybrid) and preliminary schedule.
- Target design: SharePoint structure, Teams naming rules, owners and governance.
- Pilot preparation and communication: who tests and how we collect feedback.
The result after 30 days: you have a plan, a target architecture and a structured base for secure transfer.
Days 31-60: security policies + background migrations + pilot
This is the stage that most determines whether the migration will go smoothly. You move the data in stages, run the controls and check them in the pilot.
Devices and conditional access
If you want to control access at the identity and device level, don't leave it to the tip. Planning (including hybrid scenarios) has its own requirements and deployment risks - it's best to „take off” early.
Data protection: sensitivity labels and Purview basics
Sensitivity labels help classify and protect data. Users can apply them in SharePoint/OneDrive (including from Teams). It's a good foundation for a safe start to working on new resources.
Background migration (pre-staging) and pilot
This is where you move control data: batches of files, selected mailboxes, run performance tests, access and sharing tests. The phased approach also works for file share → SharePoint/OneDrive migration - preparation and onboarding are not an add-on, but part of the project.
The result after 60 days: You have most of the risks tested in the pilot, and the data transfer does not force the downtime of the entire company.
Days 61-90: cutover, increments, onboarding and closing
At this stage, the hardest work is behind you. Cutover is supposed to be short and predictable.
What we do:
- Incremental transfer of changes (what occurred after pre-staging).
- Rewiring of routing and domains (according to the selected mode) and verification of operation.
- Launching Teams with short „how we work after migration” instructions.
- Stabilization: monitoring, quick fixes, fine-tuning rules for access and retention.
Microsoft describes the steps for preparing and rewiring routing in cutover scenarios - a good source for a checklist, even if you end up choosing a different mode.
The result after 90 days: environment runs stably, users work in the new model, and security policies are in place from day one - instead of becoming a separate „post-migration” project.
Want to move your business to Microsoft 365 without the chaos?
Migrating mail, files, Teams and permissions requires a good plan - especially when a company can't afford downtime. Find out how ISCG can help you safely migrate to Microsoft 365.
Communications
Communication is a key part of the change process and usually determines the success of a project.
We plan communications from the very beginning of implementation. We conduct a stakeholder analysis and prepare a whole plan on how we will inform them at each stage of the project. In more extensive migrations, communication is handled by a dedicated team that prepares internal migration leaders, who in turn can help their colleagues.
The communication plan is closely integrated with the project plan and determines who communicates what to whom and how - for example, how they are to log into the new environment and where the training materials are.
To manage change in the organization, we use the ADKAR methodology, which allows us to plan the various stages of change and the communications for them quite well.
How to get started without stalling the project (checklist for the first meeting)
To move quickly from conversation to plan, basic data is enough:
- Number of mailboxes and mail volume (plus archives, if any).
- Mail source (Exchange/Google/Lotus/IMAP) and whether you need coexistence.
- File volume, location (file share / SharePoint on-prem / other) and permission status.
- Key integrations (ERP/CRM and mail and file-related applications).
- Compliance requirements: retention, sensitive data, sharing rules.
FAQ - The most common questions about Microsoft HealthCheck
Will mail stop working during the migration?
A well-planned process minimizes the risk of downtime: you do most of the work in advance, in the background, and plan the moment of surge during off-peak hours. Microsoft describes the cutover steps as a sequence of preparation, migration and routing changes - it's a good idea to build on this when planning the cutover window.
Which migration method to choose: cutover, staged or hybrid?
It depends on the mail source, scale, pace and need for coexistence. Microsoft has guides to help you choose a path and understand the consequences of your choice.
What about folder permissions after file migration?
File share → SharePoint/OneDrive migration should include an assessment of the current state, preparation of the target environment and onboarding of users. This is the easiest way to avoid access chaos.
When to implement data protection (labels/DLP) - before or after migration?
It's best to prepare the foundation (sensitivity labels and ground rules) before sharing new resources widely. Labels also work in SharePoint and OneDrive, so get your sharing in order right away.
Do the devices and conditional access need to be ready before the environment goes live?
If you want to control access at the device and identity level - yes, plan ahead. Device deployment and hybrid scenarios can generate delays if left to the end of the project.
How to avoid Teams and SharePoint information chaos after migration?
This is held in check by standards: structure, naming, owners, rules for creating space and sharing. Onboarding and target preparation are part of the migration - not „add-ons for later.”.
Do you have a migration plan, but want to check the risks before taking off?
We will review the current environment, scale of migration, data sources, permissions and security requirements. Based on this, we will help you select a migration scenario to Microsoft 365 and plan the next steps without paralyzing your company.
Learn about our other services
Business applications
Services for applications and turnkey solutions in the area of process digitization and modern work environment.
Full support and optimization of IT infrastructure, ensuring stable development of your business.
IT infrastructure
Security of deployment and maintenance of Microsoft 365 and Azure services that enable flexible management and cost optimization.