This post is part of a series highlighting Practical 365 authors who will also be presenting on this topic at The Experts Conference 2022 in Atlanta, September 20-21. Practical 365 is a proud sponsor of TEC and its mission to provide practical and actionable Microsoft 365 insights and training for the IT manager and administrator.
The Merger and Acquisition Domain Sharing Challenge
If you are supporting the IT integration of a merger, acquisition, or divestiture, you will probably be asked at some point to configure shared email domains across multiple tenants, either to provide pre-migration rebranding or post-migration brand maintenance. Your coexistence needs will usually fall into one of the following two scenarios:
Day 1 Domain Sharing Scenario:
- Contoso acquires Fabrikam and wants to present a unified brand to the outside world, ideally on the day they go public with the M&A announcement
- Contoso asks you to set up domain sharing so that Fabrikam users can send emails from Contoso.com email addresses prior to migrating those users to the Contoso environment
Day 2 Domain Sharing Scenario:
- Contoso acquires Fabrikam and wants to ensure that Fabrikam continues to present its unique brand to the outside world, even after migrating Fabrikam’s resources to the Contoso tenant
- Contoso asks you to set up domain sharing so that Fabrikam.com email aliases can be assigned to migrated mailboxes in the Contoso tenant
If you are familiar with the Shared SMTP Namespace functionality available with on-Premises Exchange Servers, you might assume that there is similar functionality in Exchange Online. While Microsoft has acknowledged this need and has plans to provide a native solution for cross-tenant email domain sharing, at the time of writing (November 2022), Microsoft only allows a domain to be added to one tenant at a time.
With this restriction in place, you cannot assign email aliases cross-tenant and you will need to consider alternate methods to address these domain-sharing requests for your Office 365 migration.
Email Address Rewrite Solutions
A common solution to this challenge is to configure a third-party email address rewrite service that enables partial domain sharing functionality. There are multiple services that can perform email rewrite on outbound messages, including tools that you may already have deployed in your environment such as Mimecast or Proofpoint, or by using Exchange Edge Transport servers. These solutions will require you to provide source-to-target mapping files for the email address translation.
Alternately, if you have purchased a tenant-to-tenant migration tool, it might include domain sharing functionality that utilizes the migration mappings within the tool. These email address rewrite services intercept messages in transit and modify their headers so that the messages appear to have been sent from an email address that is owned by a different tenant.
When you configure an email address rewrite service for your users, it will process calendar invites as well as email messages, and can perform rewrite for the sender along with any message recipients or meeting recipients that are also configured for domain sharing. A good email address rewrite solution will provide options for you to control the rewrite scope, mitigate impacts caused by spoofing messages, and ensure messages are securely transmitted between the tenants and the email address rewrite solution.
Internal versus External Recipients
Most email address rewrite solutions only modify messages that are sent to external recipients and do not rewrite messages sent within the same tenant. This is to ensure that when an internal recipient receives an email or meeting invite, they can see accurate availability information when checking Outlook calendars and Teams status for the sender as well as for other recipients.
However, this introduces discrepancies when different users view the list of attendees on a calendar appointment or view the recipients of an email message. Internal users will see the recipients as the original address, such as Contoso.com, while external users will see the recipients as the rewritten address, such as Fabrikam.com. These differences are also visible in a message thread that is forwarded from an internal recipient to an external party. When deploying an email address rewrite solution, you should communicate this to your end-users and support staff to set proper expectations about the user experience.
Tenant to Tenant Migration Considerations
Although email address rewrite could be utilized for long-term domain sharing, you will typically only configure it when domain coexistence is required as part of a larger tenant to tenant migration effort, and you will need to coordinate the domain sharing tasks with the mail migration activities.
For the Day 1 scenario in which non-migrated users need to look like the target immediately, you will only need domain sharing configured until mail migrations are complete, at which point your users will be actively using their new mailbox with the correct domain. For the Day 2 scenario where migrated users still need to look like their original domain, you will use domain sharing from the time the mail migrations are complete until the time that you perform an SMTP domain migration to transfer the domain to the target tenant.
The steps below demonstrate an example high-level plan for a Day 1 domain sharing scenario, including coordinating tasks for email address rewrite, mail migrations, and SMTP domain migrations.
Day 1 Domain Sharing Scenario with T2T Migration:
Objective: Pre-migration, firstname.lastname@example.org in Tenant A needs to appear like a contoso.com email address, which is a domain owned by Tenant B
- Pre-Mail Migration – Domain Sharing Setup:
- Configure Email address rewrite solution
- Configure mapping between email@example.com and firstname.lastname@example.org in the email address rewrite tool
- Enable email address rewrite for email@example.com
- Pre-Mail Migration – User Experience:
- User actively uses source mailbox firstname.lastname@example.org
- Outbound messages sent from email@example.com are rewritten
- Sender appears as firstname.lastname@example.org for external recipients
- Messages sent to other Fabrikam users are not rewritten, and the sender appears as email@example.com for internal recipients
- Inbound messages addressed to firstname.lastname@example.org are routed to email@example.com in the source tenant
- If the solution also performs inbound email address rewrite, the recipient appears as firstname.lastname@example.org when received in source mailbox
- If inbound email address rewrite is not configured, the recipient appears as email@example.com when received in the source mailbox
- Mail Migration – Domain Sharing Removal:
- Migrate mail from firstname.lastname@example.org to email@example.com
- Domain Sharing is no longer applicable for this user
- Post-Mail Migration – User Experience:
- User actively uses target mailbox firstname.lastname@example.org
- Outbound messages sent from email@example.com are not rewritten
- Sender appears as firstname.lastname@example.org for all recipients
- Inbound messages addressed to email@example.com are received by the target tenant and delivered directly
- Recipient appears as firstname.lastname@example.org when received in target mailbox
- SMTP Domain Move:
- Migrate fabrikam.com from the source tenant to the target tenant if it is still needed
- Add email@example.com as a secondary alias to mailbox firstname.lastname@example.org, leaving primary alias and UPN as-is
Native Domain Sharing Solutions
If you are still seeking alternatives to third-party email address rewrite solutions, monitor the status of the Cross-Tenant Domain Sharing feature from Microsoft, which is currently planned for public release in November 2022 (Microsoft roadmap item 67161).
Join me at TEC 2022 in Atlanta for more!
Tenant-to-tenant migrations are not for the faint of heart. If you have a migration on the horizon, or if you are in an acquisition-hungry environment, then join the tenant migration experts at The Experts Conference 2022 to get a head start. Join Practical 365 author Becky Cross as she delivers the “5 Trends with M&A Cross-Tenant Coexistence.” Check out her session abstract:
Cross-Tenant coexistence services have been static for a fairly long period, consisting primarily of limited GAL sync and free/busy services and maybe Domain sharing using address rewrite technologies. However, some emerging technologies will soon change much of what tenant administrators normally do to prepare their Microsoft 365 environments for collaboration during an M&A project. This session will help you prepare for them.