• Hamblett Consultancy Limited
Open

Category Archives: Google Workspace

Microsoft 365

Migrating your Business to Microsoft 365

Microsoft 365 is one of biggest collaboration systems in the world with a wealth of features and tools for your business, it is easy to see why it is one of the top choices for business. With its 50GB Mailboxes as standard and 25TB of Sharepoint Storage available to every business it is easy to see why it is so popular.  Hamblett Consultancy who have been a Microsoft Certified Partner since the company was formed, have done a lot of Microsoft 365 for businesses around the world and when we say a lot we mean several a week and it hasn’t slowed down. We are always perfecting our migration techniques to make sure the transition is as seamless as it can be.

 

Preparing for the Microsoft 365 Migration

Preparation is key when it comes to migrating from one system to Microsoft 365. Whether it is a straight forward migration from a company like Ionos to Microsoft 365 or a more complex legacy mail system to Microsoft 365, the process is always the same.

  1. Determine what and who is to be migrated from the current system(s) to Microsoft 365 – There is no point moving old users if they are not needed anymore. Archiving old mailboxes can be done in several different ways (Shared Mailboxes or .pst files placed in sharepoint).
  2. This is the ideal time to make sure your file structure is correct and data is in the correct place.
  3. Migrating data from several places or workstations into the centralised structure before the migration will save time on the process.
  4. Prepare the new Microsoft 365 Tenancy with the domain name and mailboxes ready for the switch over.
  5. Sending out the new Microsoft 365 Mailbox details to staff in preparation of the switchover

 

Migration Weekend

Migrations are best done over the weekend to minimise disruption and also lock the old mailboxes.

  1. First task is complete the domain name migration over to Microsoft 365 so all emails now go into the new mailboxes and they become the live system
  2. Once mail is flowing it is then time to migrate the emails from the old system to the new one. This can be done various ways, but server to server is the preferred method. If that is not possible other methods can be used to migrate the information
  3. Next is moving the data from the central location to Sharepoint. This can be from a File Server, Nas Drive, Google Drive, DropBox, etc. Depending on the amount of data and the location will determine how long it will take to migrate
  4. Once that is all going nicely its time to make sure contacts and calendars are moved. If migrating from Google Workspace then this is done automatically. All other systems would need to be done separately.

 

Post Migration

After a Migration there are still several tasks that need to be completed to make sure everything is working as it should do.

  1. Setting up the staff with their new mailboxes and the added security with MFA (Multi Factor Authentication)
  2. Adding Sharepoint to the users computers so they can access the company information
  3. Showing users how Sharepoint works and some of the quirks in file name conventions.
  4. Setup the backups for Microsoft 365 to protect the clients data.

 

Myths

So the internet is a wonderful place and is full of myths and misconceptions regarding most things. Microsoft 365 and migrations in general have myths around them.

  1. Contacts and Calendars are automatically migrated – No only Google Workspace to Microsoft 365 can do that as long as you use the official migration wizard
  2. Microsoft Backups up my data – NO Microsoft does NOT back up your data and they recommend that you use a 3rd party company to do this.

 

If after you get to the bottom of this and you are still interested in discussing the possibility of moving from your current provider to Microsoft 365 please contact us

Setting up GSuite GMail Custom Domains With AWS Route53

Setting up GSuite With AWS Route53

Do you want to send emails from your custom domain hosted on AWS? There’s a few pitfalls that aren’t well documented.

The free, official “Check MX” tool will help you debug these issues, and you should use it, but it doesn’t have Route53 specific instructions.

1. Log in to AWS and go to Route53

Log in to your AWS management console and find the “Route 53” (direct link) product, which is Amazon’s nonsense name for DNS management. Then click on hosted zones.

Route53

2. Create the MX records for Gsuite

If you don’t have a domain name here, then your DNS isn’t managed by AWS, and this article is not right for you!

First the easy part:

  • Click on your domain
  • Then click “Go to Record Sets”
  • Then click “Create Record Set”
  • Leave the name blank
  • Change the type to “MX – Mail Exchange”

Route53

Change the TTL field to 3600.

Then in the “value” field, paste in exactly (this is the same for everyone):

1 ASPMX.L.GOOGLE.COM  
5 ALT1.ASPMX.L.GOOGLE.COM  
5 ALT2.ASPMX.L.GOOGLE.COM  
10 ALT3.ASPMX.L.GOOGLE.COM  
10 ALT4.ASPMX.L.GOOGLE.COM  

Note: these values come from the official documentation, formatted here for Route53’s syntax. If you want, you can verify the hosts. They aren’t likely to change.

3. You’re Done! Unless…

This is the basic setep you need to send emails with DNS in Route53. However, Google suggests you verify your domain with some more security steps. The previously mentioned “Check MX” tool will complain if you stop here. You should verify your bananas!

4. Add a “SPF” text entry

Create a new TXT entry with no name:

SPF Record

For the value, paste in exactly (with quotes):

"v=spf1 include:_spf.google.com ~all"

Then click “Create”. I don’t know or care what this is, but it’s documented here if you’re curious.

If you already have a TXT record with no name and Route53 errors, then put the above line in the existing TXT record, with quotes, on a new line, and save it.

5. Create the “domain key” / DKIM record

Google’s tools and interface are often nightmarish and poorly documented, so I’m including some screenshots.

Log in to your Google Suite admin console using your Google Suite admin account: https://admin.google.com/.

Navigate the maze: Apps > G Suite > Gmail > Authenticate Email.

Google Authenticated Email

Now click “Generate new record”. Don’t click anything else yet.

Back in Route53, create a new, named TXT record. For the name, paste in the name from your generated record in GSuite. It’s probably “google._domainkey“. Change the type to “TXT – Text”:

Dkim Key

Now for the tricky part. Google tells you to paste in the whole TXT record value from GSuite admin, but if you do, you’ll get the error:

CharacterStringTooLong (Value is too long) encountered with '"v=DKIM1;...  

The solution to this is to chop up your value into multiple quoted strings (not new lines), with a maximum of 255 characters in each string, and a space between each chunk. It doesn’t have to be equal chopping.

For example, if your value looks something like:

"v=DKIM1; k=rsa; p=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyza bcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabc"

You can chop it up at arbitrary places:

"v=DKIM1; k=rsa; p=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz" "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzab" "cdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabc"

Note those are single spaces, not newlines, between each chunk!

Paste the chopped up value (including all quote marks on all lines) into the value and create your TXT record.

Then, when Google gets off its lazy behind and fetches your new DNS records, you can click the “START AUTHENTICATION” button on the GSuite admin page. It should be pretty fast, and you can tell it has started when you see:

Authenticated Email

Don’t worry if it complains about your DNS not updating, you can click “START AUTHENTICATION” as many times as you want!

7. Troubleshooting?

The Check MX tool usually gives good output and instructions. If you want to verify you set up your TXT and MX records correctly, you can try this from the command line.

Verify the domain SPF:

$ dig -t TXT yourdomain.com
;; QUESTION SECTION:
;yourdomian.com.            IN  TXT
;; ANSWER SECTION:
yourdomian.com.        300 IN  TXT "v=spf1 include:_spf.google.com ~all"

Verify the domain key (if you named it, replace _domainkey):

$ dig -t TXT google._domainkey.yourdomain.com
;; QUESTION SECTION:
;yourdomian.com.            IN  TXT
;; ANSWER SECTION:
google._domainkey.yourdomain.com.    300 IN  TXT "v=DKIM1\; k=rsa\; p=...

8. That’s It!

Need help with your Gsuite Contact us

Taken from https://blog.andrewray.me/setting-up-gsuite-gmail-custom-domains-with-aws-route53/