Direct answer: A Microsoft 365 migration is the process of transferring email, files, user accounts and collaboration tools from on-premises servers to Microsoft’s cloud platform. For Belgian SMBs, it becomes relevant when existing servers are end-of-life, security compliance is under pressure, or teams need flexible remote access. A successful migration follows six structured phases- assessment, tenant preparation, pilot, full migration, validation and aftercare- and requires deliberate security configuration, backup planning and user training. Without these, the new environment carries the same risks as the old one.
When is migrating to Microsoft 365 the right choice?
A migration to Microsoft 365 is worth considering when one or more of the following situations apply:
- Your server runs Windows Server 2012 or older- Microsoft no longer provides security updates for these versions
- Your on-premises Exchange server causes reliability or security concerns
- Employees work across multiple locations and struggle to collaborate effectively
- File sharing relies on VPN access or mapped network drives
- Backups are incomplete, unreliable or difficult to restore
- IT costs continue to rise due to ageing hardware and licences
- You are planning an office move or infrastructure refresh
When is Microsoft 365 not the right choice?
Microsoft 365 is not always the correct answer. If your business depends on software that can only run locally- such as legacy ERP, production or industry-specific systems- a hybrid setup may remain the better option. A technical assessment should determine what fits your environment, not a default preference for cloud.
What does a Microsoft 365 migration actually include?
A Microsoft 365 migration is the planned transfer of email, files, user identities and collaboration tools from on-premises servers to Microsoft’s cloud services. It typically covers Exchange Online, SharePoint, OneDrive, Microsoft Teams and Microsoft Entra ID (formerly Azure AD).
Depending on your environment, a migration typically covers the following components:
| Component | What migrates |
| Email– Exchange Online | Mailboxes, calendars, contacts and shared mailboxes move to Microsoft’s cloud email platform |
| Files– SharePoint & OneDrive | Shared folders reorganised into SharePoint libraries; personal data moves to OneDrive with controlled access rights |
| Collaboration– Microsoft Teams | Internal chat, meetings and video calls, tightly integrated with email and files |
| Identity & access– Microsoft Entra ID | User accounts, permissions and access policies centrally managed in the cloud |
| Device management– Microsoft Intune | Laptops and mobile devices secured and managed without relying on a local server |
What does not migrate automatically?
Business applications such as accounting packages and ERP systems that require a dedicated database or local server do not migrate automatically. These can continue to run on-premises, be hosted in a data centre, or be migrated to Azure separately where appropriate.
What are the six phases of a controlled Microsoft 365 migration?
A structured migration is used when organisations need to move from on-premises infrastructure to the cloud without downtime, data loss or security gaps. It follows a defined sequence of phases, each with a specific scope and validation step before the next begins.
- Assessment– Inventory of existing servers, applications, users, data volumes and dependencies. Risks are identified and a tailored migration plan is created.
- Tenant preparation– Configuration of the Microsoft 365 tenant: domain linking, base security settings, user creation and access structure.
- Pilot migration– A small group of users migrates first to validate the approach and fine-tune settings before full rollout.
- Full migration– Phased transfer of mailboxes, files and collaboration tools, with clear communication to employees throughout.
- Validation and cut-over– Data is verified, email routing is switched, and the old environment remains available temporarily as a fallback.
- Aftercare, training and managed support– Users are trained, documentation is delivered, and the environment moves into ongoing monitoring and support.
What mistakes should you avoid during a Microsoft 365 migration?
Most migration problems are avoidable. Common causes of failure include:
- Skipping the assessment– leads to broken integrations or missing data after go-live
- No pre-migration backup– removes the recovery option if something goes wrong during the process
- Insufficient user training– causes operational friction even after a technically clean migration
- Decommissioning the old server too soon– removes the fallback before the new environment is fully validated
- Treating security as an afterthought– a new Microsoft 365 tenant is not secure by default and requires deliberate configuration
A migration is as much an organisational change as a technical one.
What happens to Active Directory during a Microsoft 365 migration?
Active Directory (AD) is an on-premises directory service, typically running on Windows Server, that manages user accounts, passwords, group policies and device access within a local network. Microsoft Entra ID (formerly Azure Active Directory) is its cloud equivalent, used by Microsoft 365 to manage identity and access. The two are related but not the same system.
For most Belgian SMBs migrating to Microsoft 365, Active Directory is one of the most misunderstood parts of the transition. The question is not whether AD disappears- it is how identity is handled during and after the move.
What are the three identity scenarios in a Microsoft 365 migration?
| Scenario | What it means | Best suited for |
| Cloud-only identity | User accounts are created and managed directly in Microsoft Entra ID. No on-premises AD is involved. | Organisations with no existing AD, or those doing a clean break from on-premises infrastructure |
| Hybrid identity with Entra Connect sync | On-premises AD remains in place and syncs user accounts to Entra ID using Microsoft Entra Connect. Users log in with the same credentials on-premises and in the cloud. | Organisations that still run local servers, applications or devices that depend on on-premises AD |
| Full cloud migration (AD decommission) | On-premises AD is replaced entirely by Entra ID. Devices are joined to Entra ID directly (Entra Join). Group policies are replaced by Microsoft Intune policies. | Organisations ready to remove all on-premises servers and move to a fully cloud-managed environment |
Which scenario is most common for Belgian SMBs?
Most SMBs start with a hybrid identity setup during the migration- keeping on-premises AD running and syncing it to Entra ID via Entra Connect. This allows the Microsoft 365 migration to proceed without disrupting existing logins, devices and applications. Once the migration is complete and local dependencies are resolved, the organisation can decide whether to decommission on-premises AD entirely or maintain the hybrid model long-term.
A full cloud-only identity model is realistic for smaller organisations with no legacy applications and a willingness to re-enrol devices to Entra ID. It requires more upfront planning but eliminates the need to maintain a local domain controller.
What happens to group policies and device management?
On-premises Active Directory uses Group Policy Objects (GPOs) to enforce settings on Windows devices. In a cloud-managed environment, GPOs are replaced by Microsoft Intune policies, which apply to devices enrolled in Entra ID regardless of location. Migrating from GPOs to Intune policies is a separate workstream within the broader migration and should be included in the assessment phase.
How is Microsoft 365 secured after migration?
Microsoft 365 security configuration is the process of deliberately enabling and tuning the platform’s built-in security controls to match an organisation’s risk profile and compliance requirements. A new tenant is not secure by default- controls must be explicitly configured based on the chosen licence plan.
Depending on the chosen Microsoft 365 plan, a secure setup typically includes:
- Multi-factor authentication (MFA)
- Conditional Access based on user, device and location
- Endpoint protection via Microsoft Defender
- Email protection against phishing and malware
- Data Loss Prevention (DLP) and sensitivity labels
- Audit logging for compliance and incident investigation
A correctly configured Microsoft 365 environment also forms the technical foundation for capabilities such as Microsoft Copilot.
Does Microsoft 365 include backup- and why does it matter?
Microsoft 365 backup is an independent solution- either a third-party tool or a Microsoft add-on- that creates point-in-time copies of Exchange, SharePoint, OneDrive and Teams data. Microsoft’s native retention policies are not equivalent to backup: deleted or overwritten data can become permanently unrecoverable after retention limits expire.
- Independent backups of mailboxes, files and collaboration data
- Granular restores- individual emails, files or folders
- Protection against ransomware, accidental deletion and retention gaps
Backup planning should be part of the migration project from the start, not a decision made after go-live.
What determines the cost of a Microsoft 365 migration?
There is no fixed price. The cost depends on:
- Number of users
- Volume and structure of existing data
- Complexity of the current environment and Active Directory setup
- Hybrid or phased migration requirements
- Security and compliance requirements (e.g. NIS2, GDPR)
A technical assessment produces a defined scope, a project estimate and licence recommendations based on actual usage- not a default package.
Frequently asked questions (FAQ)
Can we keep working during the migration?
Yes. A phased approach limits disruption. The final cut-over is typically planned outside business hours.
Will files be lost during the migration?
No. Data is migrated methodically, verified at each step, and the old environment remains available as a fallback during the transition period.
What happens to our Active Directory when we move to Microsoft 365?
It depends on your environment. Most organisations maintain on-premises AD during the migration and sync it to Microsoft Entra ID using Entra Connect. Whether AD is decommissioned afterwards depends on remaining local dependencies such as servers, applications and devices.
Do all employees need the same Microsoft 365 licence?
Not necessarily. Licence mixes are common and are assigned based on role and actual usage. Recommendations are made after the assessment.
What happens to our accounting or ERP software?
Cloud-native tools migrate directly. Applications that require a local or dedicated server are assessed individually- they can remain on-premises, move to a hosted environment or migrate to Azure.
Is Microsoft 365 secure enough for sensitive data?
Yes- when configured correctly. Security controls must be deliberately set up based on your risk profile and compliance obligations (GDPR, NIS2). The default configuration is not sufficient.
Does Microsoft 365 include backup?
No. Microsoft’s native retention policies are not a backup. A dedicated backup solution should be planned as part of the migration, not added after go-live.
How long does a Microsoft 365 migration take?
Duration depends on the number of users, data volume and environment complexity. A phased migration for a typical SMB (15–100 users) generally takes between two and eight weeks from assessment to aftercare.
Request a free technical assessment to receive a migration scope, realistic timeline and licence recommendations based on your actual environment.
