Guides · Microsoft 365

A Microsoft 365 migration checklist that avoids disasters

Published June 24, 2026 · by Computer Dojo

Moving to Microsoft 365 is a well-trodden path — and also where we clean up the most self-inflicted messes. Almost every “the migration went wrong” story traces back to a step skipped or done out of order. Here’s the sequence we use, in the order we use it.

1. Plan and inventory (before you touch anything)

  • Take stock. How many mailboxes, how much data, which shared mailboxes and distribution lists, what’s in file shares and personal drives.
  • Map every sender and integration. Your CRM, invoicing tool, scanner-to-email, marketing platform — anything that sends mail as you or connects to your mailbox. These are what break on cutover if you forget them.
  • Right-size licensing. Match plans to actual need; don’t buy Business Premium for everyone reflexively (though its security features are often worth it).
  • Set a realistic timeline and a rollback plan. Migrations are boring when planned and terrifying when rushed.

2. Stand up the tenant

  • Create the tenant, add and verify your domain, and configure the admin accounts.
  • Pre-stage DNS but don’t flip mail routing yet — that’s the cutover step, deliberately last.

3. Identity and security — do this early, not “later”

This is the step most often deferred and most often regretted.

  • Create accounts and groups; decide on cloud-only vs. hybrid identity.
  • Turn on MFA for everyone, and set up Conditional Access. This is non-negotiable in 2026 — unprotected M365 accounts are the number-one small-business breach vector.
  • Apply a security baseline (Microsoft’s Security Defaults at minimum; tailored Conditional Access policies if you can).
  • Configure Intune for device management if you’re managing endpoints.

4. Migrate the data

  • Mailboxes — run a pre-sync well ahead of cutover so the final delta is small.
  • Files — move file shares and personal drives to SharePoint and OneDrive, with a sane folder structure rather than a straight dump.
  • Teams and collaboration — set up Teams, channels, and permissions to match how people actually work.

5. Cutover with minimal downtime

  • Flip the MX record and update autodiscover to route mail to Microsoft 365.
  • Run the final mailbox delta sync so nothing sent during the transition is lost.
  • Re-check email authentication. New mail platform means your SPF record must include the new sender, DKIM must be re-published, and DMARC must still pass — this is the single most common post-migration mistake. (See our guide to SPF, DKIM, and DMARC for the details.)

6. Secure and harden

  • Configure Microsoft Defender for Office 365 (anti-phishing, safe links, safe attachments).
  • Set up backup. Microsoft 365 replicates your data but does not back it up the way you think — a third-party backup for mail and files protects you from accidental deletion, ransomware, and retention gaps.
  • Turn on audit logging and basic DLP if you handle sensitive data.

7. People and post-migration

  • Train your team — even a 30-minute session on the new mail, file, and Teams experience prevents a week of confusion.
  • Provide a clear support path for the first two weeks (this is when questions spike).
  • Decommission the old system on a schedule — not immediately, not never.
  • Revisit licensing after 30 days and right-size based on real usage.

The pattern behind the pitfalls

Notice that the disasters cluster in two places: identity/security done too late, and email authentication forgotten at cutover. Get those two right and the rest is logistics.

A tenant-to-tenant move, a first-time migration, or a hybrid setup each has its own wrinkles, but the sequence holds. If you’d rather not run it yourself — or you want a second set of eyes on a plan — this is bread-and-butter work for our Microsoft 365 and IT support teams. And once you’re live, our free Online Health Check will confirm your email authentication survived the cutover.