Google Workspace migration to Microsoft 365 with multiple domains
I'm managing a project to migrate mail from Google Workspace to Microsoft 365 via (Google Workspace Migration). My scenario is composed as follows: Primary domain in GWS: domain1.com Secondary domain in GWS: domain2.com Routing domain (alias domain) in GWS: m365.domain1.com and gws.domain1.com Microsoft side: accepted domain: domain1.com,domain2.com, m365.domain1.com and gws.domain1.com Users domain1.com have aliases routing domain m365.domain1.com and external forwarding gws.domain2.com. Users domain2.com have aliases routing domain m365.domain1.com and external forwarding gws.domain1.com. For users domain1.com the hybrid coexistence scenario, mailflow and batch work perfectly. For domain2.com users, the batch works, but at the time of completion, it returns an error that Google asks for verification of the forwarding address, as it is different from domain2.com. “GmailForwardingAddressRequiresVerificationException” Which configuration am I doing wrong? And above all, is the scenario in question supported? Thank you
Secure Score - Vulnerability Exceptions Not Registering
I have followed the guide to configure the proper permissions to manage within Defender. Device groups have been created based off tags we applied to the devices, and the device groups register the expected number of devices. We apply an exception to the vulnerability recommendation based off the device group, looking at the individual device pages we can confirm the recommendation is excluded and it all appears to work as intended up to this point. The problem starts on the vulnerability dashboard. The recommendation shows it is in partial exception status however none of the statistics or data reflect this including our secure score. I can confirm making a global exception works as expected and we can see the score adjust properly. Has anyone experienced this before or have any pointers? We have been working at this for weeks trying different things without luck, we are ensuring to leave adequate sync times.MS Defender Azure Arc Logic App
What is the best procedure for configuring a Logic App for Microsoft Defender in an Azure Arc environment? We had a very unexpected experience during onboarding—after configuring the Logic App, we missed setting a cap, and within a week, it consumed over $18K USD. I believe there must be a way to fine-tune the configuration to optimize costs. From my perspective, no organization would adopt an environment with such high costs for Microsoft Defender Plan 2 without better cost control measures in place. Could you suggest best practices or optimizations to prevent such excessive consumption?
Replacement for Windows Authenticated Scanning
For cost saving, we were looking at replacing our existing vulnerability scanner with Defender and using device scanning. Due to the nature of some of our systems, we can't enroll all of them in Defender and had hoped to use Windows Authenticated Scanning for the unmanaged devices. It looks like that is being deprecated, and the FAQ page indicates that there is currently no direct replacement. While the number of systems we have that can't be enrolled in relatively minimal, is there any kind of scanning I'm missing as part of the product that would allow remote scans of Windows devices as opposed to enrolling? It doesn't look like it. Seems like taking away a component that gives some kind of feature parity without another option is a bad idea, but maybe I'm just missing something.Onboarding Devices: "No authenticated user found"
Hi, I am looking to onboard a device in Purview for the purpose of testing some Endpoint DLP policies. I have ran the onboarding script locally and the device successfully appears on the 'Devices' screen. 'Real time protection/RTP' and 'Behavior monitoring/BM' both show as 'enabled' with a green tick, however under 'Valid User' it has a red cross and states: "Invalid: No authenticated user found. Without proper authentication, data classification is impeded. To ensure precise validation, we recommend re-onboarding to Active Directory". The device is in active directory. I have signed into the device with an account that is also in Active Directory. Is there anything additional that I need to do? Any help would be really appreciated - thank you!!!Migrating from Google Workspace to Microsoft 365 with to have two separate Mailboxes per User + SSO
Context and Requirements: My company (abc.com) is being acquired by another org (xyz.com). We’re currently on Google Workspace (G Suite) for abc.com email and want to migrate everything (email, calendar, contacts) into Microsoft 365 — specifically into the xyz.com tenant. After migration, each user must have two fully separate mailboxes: Mailbox A: email address removed for privacy reasons (data migrated from G Suite) Mailbox B: email address removed for privacy reasons (new mailbox in the xyz.com tenant) We need true single sign-on (SSO) so users can log in once and access both mailboxes (not just alias addresses) within the same tenant. We want to minimize complexity. FYI we will set up abc.com as an Accepted Domain in xyz.com Microsoft Exchange tenant. What I’ve Investigated So Far: Migration Tools: The Exchange Admin Center has a built-in G Suite migration wizard, but it mainly migrates mail to one mailbox. Third-party tools like BitTitan MigrationWiz can also handle G Suite → M365 migrations. Two-Mailbox Setup Approaches: One licensed mailbox + one shared mailbox: For example, the user’s main mailbox would be email address removed for privacy reasons (fully licensed with migrated data), while email address removed for privacy reasons is a shared mailbox to keep it separate. The email address removed for privacy reasons account gets Full Access and Send As permissions on the xyz.com mailbox. Pros: Single sign-on, one set of creds, minimal extra licensing. The data stays separate (two distinct mail stores). Cons: Shared mailboxes are limited to 50GB if unlicensed, and some compliance features may require a license. Two fully licensed user mailboxes (two Azure AD user accounts, e.g. email address removed for privacy reasons and email address removed for privacy reasons): Each mailbox is completely independent, but typically requires two sign-ins unless there’s advanced identity federation to unify credentials. Also doubles the licensing. Pros: Full feature set in both mailboxes, no shared mailbox constraints. Cons: Additional license costs, and not a straightforward “one-click” SSO for both. Questions Which approach is best for maintaining two discrete mailboxes per user without forcing them to manage multiple logins? Are there any best practices for migrating from Google Workspace into Exchange 365(specific tenaant) maintaining the same email address? Have you run into compliance or eDiscovery issues with a shared mailbox approach? Any caveats or special steps needed to ensure calendars and contacts migrate correctly from Google Workspace into the new environment?
