οθόνης 2026 05 26 112848

Exchange Online Cross-Tenant Mailbox Migration Explained

Latest Updates

Organizations often have to perform Cross-Tenant Mailbox migration if their business is about to undergo a merger, divestiture, acquisition, or restructuring. The process involves the transfer of mailbox data, permissions, and user configurations between separate Microsoft 365 tenants hosting Exchange Online environments.

Admins can carry out this task using Exchange Admin Center (EAC), PowerShell migration scripts, or Microsoft-native migration tools. Considering the complex nature of the procedures involved in these methods, businesses also prefer using automated Exchange migration tools for the task. Here is a detailed explanation of all these aspects of the topic.

What does the term ‘Tenant’ mean in cross-tenant mailbox migration?

In the Microsoft environment, you can call a tenant a dedicated and isolated cloud space created for an organization to securely manage mailbox data. Intended for a single organization, this isolated environment may include Microsoft 365, Azure, or Exchange Online.

For example, when your organization creates an account in Azure or Microsoft 365, Microsoft provides you with a dedicated tenant. This tenant functions as the organization’s secure and private space within the Microsoft Cloud infrastructure during the cross-tenant mailbox migration. The organizations use this space to store and manage users, mailboxes, policies, licenses, and configurations.

Major Prerequisites for Exchange Online cross-tenant mailbox migration

Before you start migrating cross-tenant mailboxes, here are some prerequisites to consider

Get the tenant ID

To initiate the migration, you should have a valid tenant ID of the source tenant and the target tenant. The steps to obtain a tenant ID are as follows:

  • Log in to your Microsoft Admin Centre account
  • Open entra.micrososft.com > tenant overview
  • Look for the Tenant ID property and copy it.
  • Use the Tenant ID wherever you have to differentiate between the source tenant and the target tenant

Admin permissions

  • Both the source and target tenants need global administrator rights
  • The Exchange Online admin must have the permission to create and manage migration batches
  • Permissions to access Azure Active Directory (AD) and Exchange Admin Center (EAC) is crucial in both tenants.

Requirement regarding MailUser

Before migration, the migrating mailbox must appear as a Mail-Enabled User (MailUser) in the target tenant.

  • The MailUser must own a correct External Email Address pointing in the direction of the source mailbox
  • The LegacyExchangeDN of the source mailbox must have a proxy address on the target MailUser

Licensing

  • The MailUser must have a valid Exchange Online license assigned by the target tenant before migration
  • The migration batch will not work at the target tenant’s end if there is no active license

Migration support

  • Only Exchange Online mailboxes should get support for migrations
  • There should be restricted or no support for on-premises, shared, archive, and resource mailboxes
  • The source mailbox must be active and accessible before the migration begins

 

Organization Relationship

  • The source and target tenants must share a trusted organizational relationship
  • Both tenants must have migration endpoints configured correctly to facilitate cross-tenant communication

How to do Cross-Tenant Mailbox Migration?

Here are the crucial steps to perform cross-tenant mailbox migration:

Prepare the target tenant

  • Sign in to Microsoft Entra Admin Center using the target tenant administrator credentials
  • Look for Manage Microsoft Entra ID and select View
  • Choose App registrations in the navigation pane.
  • Click New registration to get the Register an application page
  • Navigate to Supported account types > Accounts in any organizational directory (Any Azure AD directory – Multi-tenant)
  • In the Redirect URI (optional) option, choose Web
  • In the rectangular bar next to it, type https://office.com, and select Register
  • On the top-right of the page, check the dialog box that shows a notification about the successful creation of the app.
  • Return to the home page and navigate to Microsoft Entra ID > App registrations
  • Look for Owned applications, and then select the app you created
  • Copy the Application (client) ID from the Essentials This information will be useful in creating a URL for the target tenant
  • From the navigation pane, choose API permissions to check the permissions assigned to your app
  • The app just created will have Read permissions by default. Since these permissions will play no role in the mailbox migration, you can remove them.
  • To add permission for the migration of the mailbox, select Add a permission
  • In the resulting Request API permissions window, select APIs my organization uses
  • Search for Office 365 Exchange Online, and select it.
  • Choose Application Permissions
  • In the Select Permissions bar, click the arrow corresponding to Mailbox and expand it
  • Select Migration > Click the Add permissions button
  • From the navigation pane, choose Certificates & Secrets > Client Secrets > New client Secret
  • Next, you will see the ” Add a client secret window, in which you will need to type a description and configure your expiration settings

This will successfully create a migration application. The next step will be to allow consent to the application.

Grant Consent

  • Get back to the Microsoft Entra ID landing page
  • From the navigation pane, select Enterprise applications
  • Look for the migration app you created, select it, and then select API Permissions.
  • Choose Grant admin consent for [your tenant]
  • In the resulting browser window, select Accept
  • Navigate back to your portal window and click Refresh to ensure your acceptance.
  • Create the URL to send to your source tenant administrator (trusted partner)
  • This will allow them to accept the application and enable mailbox migration

Here is the sample URL: https://login.microsoftonline.com/contoso.onmicrosoft.com/adminconsent?client_id=[application_id_of_the_app_you_just_created]&redirect_uri=https://office.com

 

Establish the organization Relationship and Migration Endpoint

After preparing the target Tenant and granting permissions, the next move is to create a relationship and Exchange Online migration endpoint. This will require you to:

  • Connect to Exchange Online PowerShell in the target Exchange Online tenant.
  • Create a fresh migration point to migrate cross-tenant mailboxes. Use the code as shown below:
  • Create a fresh organization relationship object or modify the current one to your source tenant. Here is the command.

The dedicated Microsoft webpage provides the PowerShell commands to perform all these steps in detail.

Prepare the source tenant

Now, prepare the source tenant or the current mailbox ready. This requires you to accept the migration application and configure the organization relationship.

  • Open your browser and paste the URL link given by your trusted partner earlier to grant permission to the mailbox migration application:

https://login.microsoftonline.com/contoso.onmicrosoft.com/adminconsent?client_id=[application_id_of_the_app_you_just_created]&redirect_uri=https://office.com

  • As the pop-up appears, accept the application. Alternatively, you may log in to your Microsoft Entra Admin Center to look for the application under Enterprise applications
  • Establish a connection with the Exchange Online PowerShell on the Source tenant
  • Next, create a fresh organization relationship object or change the existing one to your target tenant in the Exchange Online PowerShell by using the command below:

 

Prepare target user objects for moving data

  • The target tenant and Exchange Online system must have the users marked with attributes to facilitate the cross-tenant moves.
  • A system, not set up properly in the target tenant, will fail to migrate users

Verify the Migration Configuration

To test cross-tenant mailbox migration configuration, run the following command from the target tenant:

Start mailbox migration

To initiate the migration of mailboxes, use the New-MigrationBatch command to create migration batches, as given below:

The CSV file format can be as follows:

[email protected]

[email protected]

[email protected]

Challenges with the manual migration method

The detailed manual method can help you to perform Exchange Online cross-tenant mailbox migration with success. However, it is too detail-oriented, requiring you to have an in-depth knowledge of the involved technical jargon. If you are new to this environment, this process may appear cumbersome and extremely prone to error. Some other common issues, such as permission errors, ExchangeGUID mismatch, mail routing problems, and more, may also arise. To avoid such problems, admins use exchange migration tools.

Using the Exchange migration tool for Exchange Online cross-tenant mailbox migration

The third-party Exchange migration tools available online simplify the task of Exchange Online cross-tenant mailbox migration appreciably. Besides performing cross-tenant mailbox migration only, these tools also help to move public folders. These applications provide multifarious benefits, such as:

  • Exchange to Office 365 & Vice Versa Migration
  • Extend support for Cross-Forest, Same Domain, & Cross-Domain Migration
  • Exchange to Exchange migration, including primary mailboxes, archive mailboxes, and public folders
  • Provide the facility for Concurrent Mailbox Migration
  • Support for Cutover, Staged & Hybrid Migration Support

Among the many exchange migration applications used for mailbox migration, Stellar Migrator for Exchange is a credible option.

Conclusion

If your company is undergoing a merger, restructuring, acquisition, or divestiture, you will need to do an Exchange Online cross-tenant data migration. To perform this task, you can use Exchange Admin Center, PowerShell migration scripts, or native migration tools from Microsoft. Before proceeding, it is crucial to abide by the major prerequisites for migration.

These include getting the source and target tenant ID, seeking necessary admin permissions, fulfilling MailUser requirements, licensing, migration support, and so on. Performing the Exchange Online cross-tenant mailbox migration is a multi-step process that requires you to have penetrating knowledge of PowerShell commands and the ingrained concepts.

Considering the long procedure, it is prone to error as well. To avoid these technical hassles, you can seek the help of an automated Exchange migration tool. Alongside migrating mailboxes, these applications can also move public folders. Stellar Migrator for Exchange is a feasible tool to consider for this purpose.

About The Author

Ednaleena Cowan

Ednaleena Cowan is a distinguished VR/AR software engineer at Core Virtual Tech. With a keen focus on developing immersive technologies, Ednaleena has played a key role in creating innovative solutions for the company. Her background in Computer Science, combined with her expertise in advanced virtual reality environments, has made her an integral part of the team’s success.

Must Read