How to Migrate Google Workspace to Microsoft 365 (w/Examples) + FAQs

Migrating from Google Workspace to Microsoft 365 means moving your company’s email, calendars, contacts, files, chats, and archives out of Google’s cloud and into Microsoft’s cloud, then cutting over your domain so all new traffic flows to Microsoft. The fastest path is a staged cutover using the Microsoft 365 migration dashboard for mail and calendars, paired with a tool like Mover or BitTitan MigrationWiz for Drive-to-OneDrive file moves.

The problem most teams face is that Google and Microsoft store data in different formats, use different identity systems, and apply different retention and compliance rules. Federal laws like HIPAA, the SEC’s books-and-records rule 17a-4, FINRA Rule 4511, the Gramm-Leach-Bliley Act, and FERPA demand that records stay intact during a move. A sloppy migration can break chain-of-custody, lose legal holds, or expose protected data.

A 2025 Gartner forecast projects worldwide public cloud end-user spending will top $900 billion, with productivity suites among the fastest-growing categories — so you are not alone in this switch.

• 🗂️ How to map Google Workspace data types to their Microsoft 365 equivalents without losing metadata.
• 🛠️ Which migration tools fit small, mid-market, and enterprise tenants, and when to pick each.
• ⚖️ How to keep HIPAA, SEC 17a-4, FINRA, GLBA, FERPA, and CCPA compliance intact during cutover.
• 🧪 Three real scenario tables showing action and outcome for common migration paths.
• ❓ Ten FAQs that answer the cost, timing, and rollback questions IT leaders ask most.

Understanding the Two Platforms Before You Move

Google Workspace and Microsoft 365 are both cloud productivity suites, but they are built on very different foundations. Google Workspace centers on Gmail, Google Drive, Google Docs, Google Meet, and Google Chat, all tied together through a Google identity. Microsoft 365 centers on Exchange Online, OneDrive, SharePoint, Teams, and the Microsoft 365 apps, tied together through Microsoft Entra ID, the identity service formerly called Azure Active Directory.

The most important difference is how each service stores data. Google uses a proprietary document format for Docs, Sheets, and Slides, while Microsoft uses the open Office Open XML format, which is an ISO standard. When you move a Google Doc into OneDrive, the file converts to .docx, and some comments, revision history, or suggestion threads can drop unless the migration tool explicitly preserves them.

Another difference is how each platform handles shared content. Google uses Shared Drives as team containers with their own permissions, while Microsoft uses SharePoint sites and Teams-connected document libraries. The mapping is not one-to-one, which means planning the destination architecture matters as much as the move itself.

Calendars, contacts, and mail follow different protocols too. Google uses IMAP, CalDAV, and CardDAV, while Microsoft uses Exchange Web Services and Microsoft Graph. A good tool bridges these protocols so appointments keep their organizers, attendees, and recurrence rules.

Identity and Licensing Differences

In Google Workspace, every user has a Google identity tied to a primary domain, and licenses attach to that identity. In Microsoft 365, users live inside a Microsoft Entra tenant, and licenses come from plans like Business Basic, Business Standard, Business Premium, E3, and E5. The plan you pick sets mailbox size, OneDrive quota, Teams features, and security add-ons.

Business Premium adds Intune device management and Defender for Business, while E5 unlocks Microsoft Purview advanced compliance, eDiscovery Premium, and Defender for Office 365 Plan 2. Firms under HIPAA, SEC, or FINRA rules often need E3 or E5 to match Google Vault’s retention features with Purview retention labels.

A common mistake is assuming every Google seat maps to one Microsoft seat. Frontline workers, shared mailboxes, resource calendars, and service accounts each have their own license model in Microsoft 365, and picking the wrong mix can raise your monthly bill by 20 percent or more.

Data Types That Must Move

A complete migration covers mail, calendars, contacts, Drive files, Shared Drives, Google Sites, Google Chat history, Google Keep notes, Google Vault archives, and any Google Groups used as distribution lists. Each item has a Microsoft target: mail goes to Exchange Online, Drive goes to OneDrive, Shared Drives go to SharePoint, Chat goes to Microsoft Teams, and Vault goes to Purview.

Some items have no perfect match. Google Keep notes, for example, often land in OneNote or as .txt files in OneDrive. Google Sites can move to SharePoint communication sites, but complex embedded widgets may need to be rebuilt by hand.

The consequence of skipping a data type is painful. Missing a Shared Drive can leave an entire department without its files, and missing a Vault export can break a legal hold, which violates Federal Rule of Civil Procedure 37(e) on failure to preserve electronically stored information.

Planning the Migration Project

Planning is the phase where most projects succeed or fail. A strong plan lists every user, every mailbox, every Shared Drive, and every integration before a single byte moves. The Microsoft 365 setup guide offers a wizard that walks through domain verification, DNS changes, and license assignment.

Start with a discovery audit in the Google Admin console. Export a user list, a groups list, and a Shared Drive inventory. Use Google Takeout or the Data Export tool to measure total data volume, because that number drives your timeline and your tool choice.

Set a cutover date that avoids month-end close, tax deadlines, payroll runs, and any court filing windows for legal clients. A weekend cutover works for teams under 100 seats, but mid-market and enterprise tenants usually need a staged migration over two to six weeks.

Build a communication plan. Tell users what will change, when they will lose access to Gmail, how to sign in to Outlook, and where to find their files after the move. Silence breeds panic, and panic breeds help desk tickets.

Choosing Your Microsoft 365 Plan

Pick the plan that matches your security and compliance needs, not just your headcount. For general small businesses under 300 seats, Business Standard gives desktop apps, Teams, and 1 TB of OneDrive. For regulated firms, Business Premium adds device management and advanced threat protection.

Enterprise tenants above 300 seats should look at Office 365 E3 for unlimited archiving and basic retention, or Microsoft 365 E5 for advanced compliance, insider risk management, and audio conferencing. The price jump is real, but so is the compliance coverage.

A common misconception is that E5 is only for Fortune 500 firms. In practice, law firms, broker-dealers, and healthcare providers of any size often need E5 features like Purview eDiscovery Premium and Customer Lockbox to meet client and regulator expectations.

Building the Migration Runbook

A runbook is a written, step-by-step playbook that lists every action, every owner, and every rollback option. It should include pre-migration tasks, cutover tasks, and post-migration validation. The Microsoft FastTrack program offers free runbook templates for tenants with 150 or more seats.

Assign clear roles. A project sponsor owns the budget, a technical lead owns the tooling, a communications lead owns user messaging, and a compliance lead owns retention, eDiscovery, and legal hold handoff. Without named owners, tasks fall through the cracks.

Schedule a pilot migration of 5 to 20 users before the full cutover. The pilot exposes surprises like calendar permission quirks, shared mailbox mapping issues, and MFA enrollment gaps. Fixing these in pilot is cheap; fixing them at scale is not.

Choosing a Migration Method

Microsoft and third-party vendors offer several migration paths, and the right pick depends on seat count, data volume, and compliance needs. The three main native options are Google Workspace migration via the Exchange admin center, IMAP migration, and PowerShell-based migration.

The native Google Workspace migration in the Exchange admin center moves mail, calendar, and contacts in one pass. It is free, tenant-native, and covered by Microsoft support. It does not move Drive files, Chat, or Vault data, so you still need a second tool for those items.

IMAP migration is the oldest path and moves only mail. It is a fallback for tenants where the native Google Workspace migration endpoint fails, but it does not preserve folder hierarchies cleanly and skips calendar and contacts entirely.

Third-party tools like BitTitan MigrationWiz, SkyKick, CloudM Migrate, and Quest On Demand Migration move every data type, handle delta syncs, and scale to tens of thousands of seats. They cost per seat or per gigabyte, but they save weeks of manual work.

Native Microsoft Tools

The Exchange admin center’s Google Workspace migration endpoint uses a Google Cloud service account with domain-wide delegation. You create the service account in the Google Cloud console, grant it specific OAuth scopes, and feed the JSON key to Microsoft 365. The Microsoft step-by-step guide walks through each screen.

For Drive-to-OneDrive moves, Microsoft offers Mover, a free tool it acquired in 2019. Mover handles up to 100,000 users in a single connector and preserves basic file permissions, but it does not move Google Docs comments or version history in full fidelity.

PowerShell scripts work for advanced admins who need to batch-create mailboxes, assign licenses, and set retention policies in one pass. The Exchange Online PowerShell V3 module is the supported path.

Third-Party Migration Platforms

BitTitan MigrationWiz is the most widely used third-party tool in the MSP channel. It moves mail, calendar, contacts, Drive, Shared Drives, Teams, and Chat. Its Concierge service adds hands-on project management for firms without in-house migration staff.

SkyKick focuses on small and mid-market migrations with a fixed-fee model. Its platform includes pre-migration DNS planning, automated rollback, and post-migration support. CloudM Migrate is strong for education and nonprofit tenants, and Quest On Demand is built for enterprise mergers and acquisitions with multi-tenant consolidation.

A common mistake is picking a tool on price alone. The cheapest tool often lacks delta sync, which means emails that arrive during the migration window may not move, and users must manually forward them later.

Hybrid and Coexistence Options

For large tenants that cannot cut over in one weekend, coexistence tools keep both platforms running side by side. Binary Tree Mail Connector and CloudM Coexistence sync calendars, free/busy status, and directory data so users on Google can still schedule meetings with users on Microsoft during the transition.

Coexistence adds cost and complexity, but it protects productivity. A law firm with a six-week migration cannot afford broken calendar lookups between partners, associates, and paralegals.

The consequence of skipping coexistence in a long migration is lost meetings, double-booked conference rooms, and frustrated clients who cannot find a mutually available time.

Step-by-Step Migration Process

Every migration follows the same high-level steps, even if the tools differ. The steps are prepare the Microsoft 365 tenant, connect to Google Workspace, run a pilot, run the full migration, cut over DNS, and validate.

Step 1: Prepare the Microsoft 365 Tenant

Buy licenses, add your domain, and verify it in the Microsoft 365 admin center. Configure Microsoft Entra ID, set MFA policies with Conditional Access, and create user accounts that match your Google Workspace user list.

Turn on mailbox auditing, set retention policies in Purview, and configure data loss prevention rules before any data arrives. Setting these after the move means the first day of mail is not protected.

Buy the right number of licenses before cutover. Assigning a license after a mailbox already exists can delay delivery of migrated mail and confuse users on their first sign-in.

Step 2: Connect Google Workspace to Microsoft 365

Create a Google Cloud service account and enable the Gmail API, Calendar API, Contacts API, and Drive API. Grant the service account domain-wide delegation with the OAuth scopes Microsoft lists in its migration guide.

Download the JSON key and upload it to the Exchange admin center or your third-party tool. Test the connection by pulling a single mailbox’s recent mail before scaling up.

A common mistake is giving the service account too few scopes. If the scope list is short, calendars or contacts will fail silently, and you will only learn the gap after users complain.

Step 3: Run a Pilot Batch

Pick 5 to 20 users from different departments. Include at least one executive assistant because EAs manage complex calendars and delegated mailboxes, which stress-test any tool.

Run the pilot end to end, including DNS cutover for those pilot users on a test subdomain, client setup in Outlook, and mobile device enrollment. Document every issue and fix before the main batch.

The consequence of skipping a pilot is finding a blocker at 3 a.m. during cutover, with 500 users waiting for email to flow.

Step 4: Run the Full Migration

Schedule the full batch in waves. Wave 1 covers 25 percent of users, Wave 2 covers the next 50 percent, and Wave 3 covers the final 25 percent plus shared mailboxes, resource calendars, and service accounts.

Run delta syncs the night before cutover to capture any mail that arrived since the last pass. Without delta sync, users will miss a day of email.

Migrate Drive, Shared Drives, and Chat in parallel tracks if your tool supports it. Running every track serially doubles or triples the calendar time.

Step 5: Cut Over DNS and Validate

Change MX, SPF, DKIM, DMARC, and Autodiscover records to point at Microsoft 365. DNS propagation can take up to 48 hours, so plan cutover at a low-traffic time.

Validate that new mail flows to Microsoft, that calendars show the right free/busy data, and that OneDrive files sync on every pilot device. Run Microsoft Remote Connectivity Analyzer to confirm Autodiscover is healthy.

Keep Google Workspace active for 30 to 60 days after cutover. If a forgotten item surfaces, you can still pull it from Google. Cancel the Google subscription only after final validation.

Three Real-World Migration Scenarios

Below are the three most common scenarios in U.S. migrations today. Each table shows the action and the outcome so you can predict your own project.

Scenario 1: 50-Seat Dental Practice Under HIPAA

Scenario 2: 250-Seat Law Firm Under SEC 17a-4 Client Obligations

Scenario 3: 1,500-Seat University Under FERPA

Named Examples You Can Learn From

Maria, a dental practice owner in Dallas. Maria runs a 12-operatory practice with 50 staff. She moves from Google Workspace to Microsoft 365 Business Premium to get Intune device management for staff iPads and to sign a HIPAA Business Associate Agreement with Microsoft. Her migration finishes in one weekend, and her practice passes its next HIPAA risk assessment with no email findings.

David, an IT director at a 250-lawyer firm in New York. David’s firm represents broker-dealers who fall under SEC 17a-4. He picks Microsoft 365 E5 for Purview eDiscovery Premium and uses BitTitan MigrationWiz with Binary Tree coexistence. His firm’s active legal holds transfer without break, and outside counsel confirms chain-of-custody in writing.

Jasmine, an operations manager at a 1,500-student private university in Ohio. Jasmine runs a FERPA-covered institution with faculty, staff, and students. She uses Microsoft 365 A3 for faculty and A1 for students, CloudM Migrate for bulk file moves, and Purview sensitivity labels for student records. Her registrar signs off on a successful cutover after a 90-day overlap period.

Mistakes to Avoid

A clean migration is one where no user notices the change except the new sign-in page. The mistakes below are the most common reasons that does not happen.

• Skipping the pilot batch. Users hit calendar delegation bugs or MFA issues at scale that a 10-user pilot would have caught in an afternoon.
• Forgetting Shared Drives. Entire departments lose access to operational files because the migration plan only listed personal Drives.
• Missing delta sync. Mail that arrives during the migration window never reaches Microsoft 365, and users spend weeks forwarding old threads by hand.
• Cutting over DNS too early. Mail bounces or double-delivers because Exchange Online is not yet ready to receive production traffic.
• Under-licensing resource mailboxes. Conference rooms and equipment mailboxes fail to accept meeting invites because they lack the right license type.
• Ignoring Google Vault exports. Legal holds break, and the firm faces FRCP 37(e) sanctions for failure to preserve electronically stored information.
• Letting users keep old Gmail on mobile. Staff reply from Gmail after cutover, and those replies never land in the Microsoft 365 audit log.
• Skipping SPF, DKIM, and DMARC updates. Outbound mail lands in spam folders, and phishing campaigns spoof the domain during the transition.
• Not signing the Microsoft BAA for healthcare tenants. The covered entity violates HIPAA the moment PHI enters Exchange Online.
• Retiring Google Workspace too fast. A forgotten Shared Drive or Vault export becomes unreachable when the Google subscription cancels.

Compliance Considerations by Industry

Federal law sets the floor, and state law often adds more. The sections below walk through the rules most U.S. migrations must handle.

HIPAA for Healthcare

Covered entities and business associates must protect PHI in transit and at rest. Microsoft signs a BAA for qualifying Microsoft 365 plans, and Business Premium or higher is the safe floor. The consequence of moving PHI before the BAA is active is an immediate HIPAA violation with fines up to $71,162 per record under the 2025 penalty cap.

A common misconception is that any Microsoft 365 plan is HIPAA-ready. In practice, the BAA must be countersigned, and the tenant must use only BAA-covered services. Consumer OneDrive, for example, is not covered.

SEC 17a-4 and FINRA for Financial Services

Broker-dealers must store books and records in WORM-compliant storage for at least six years under 17 CFR 240.17a-4 and FINRA Rule 4511. Microsoft Purview offers a 17a-4 compliant retention configuration with immutable records labels.

The consequence of non-compliant retention is SEC enforcement action, which in 2024 produced over $390 million in fines across 26 firms for off-channel communications and recordkeeping failures.

GLBA for Banks and Lenders

The Gramm-Leach-Bliley Act and the FTC Safeguards Rule require written information security programs and encryption for customer financial data. Microsoft 365 supports these rules through Defender for Office 365, Purview DLP, and Microsoft Entra Conditional Access.

FERPA for Schools

FERPA protects student education records. Microsoft 365 education plans sign a Data Protection Addendum that addresses FERPA. Schools should apply sensitivity labels to any record that names a student.

CCPA and State Privacy Laws

The California Consumer Privacy Act and its amendment, the CPRA, give California residents rights to access, delete, and correct personal data. Similar laws now exist in Colorado, Connecticut, Virginia, Utah, Texas, and more than a dozen other states. Microsoft 365 supports subject rights requests through Priva.

FedRAMP for Government Contractors

Federal contractors often need FedRAMP authorized services. Microsoft 365 GCC, GCC High, and DoD clouds carry FedRAMP High authorizations, and a commercial tenant does not. Contractors handling CUI must move to GCC High, not commercial.

Do’s and Don’ts

A short list of what to do and what to avoid, with the reasoning behind each.

• Do run a discovery audit first, because you cannot plan what you have not measured, and hidden Shared Drives always surface late.
• Do pilot with 5 to 20 users, because pilots catch delegation and MFA bugs at a cost 100 times lower than post-cutover fixes.
• Do keep Google Workspace for 30 to 60 days after cutover, because forgotten data always surfaces in week three or four.
• Do sign the Microsoft BAA before any PHI moves, because the BAA is the legal bridge that makes Microsoft 365 HIPAA compliant.
• Do update SPF, DKIM, and DMARC records, because outbound mail reputation collapses if these records lag the cutover.
• Don’t pick a migration tool on price alone, because cheap tools often skip delta sync and lose mail that arrives during cutover.
• Don’t cut over on a weekday, because a daytime DNS change will interrupt live business traffic and trigger a flood of help desk calls.
• Don’t skip Google Vault exports, because legal holds tied to Vault break the moment the Google subscription cancels.
• Don’t reuse old passwords in Microsoft 365, because credential reuse from any prior breach gives attackers a running start.
• Don’t forget to retrain users on Outlook and Teams, because a technically perfect migration still fails if users cannot find the compose button.

Pros and Cons of the Move

Every migration has tradeoffs. The list below covers the most cited reasons to move and the most cited reasons to hesitate.

Pros

• Deep desktop app integration, because the full Microsoft 365 apps for enterprise suite still outperforms web-only editors for heavy spreadsheet and document work.
• Stronger compliance tooling, because Purview offers retention, eDiscovery, insider risk, and communication compliance in one platform.
• Tighter Windows and Intune integration, because device management and conditional access work natively across the Microsoft stack.
• Broader enterprise ecosystem, because most ERP, CRM, and line-of-business apps ship with Microsoft 365 connectors first.
• Better hybrid meeting support in Teams Rooms, because certified Teams Rooms hardware is widely available across vendors.

Cons

• Higher per-user cost at comparable tiers, because E3 and E5 are priced above most Google Workspace plans with similar feature sets.
• Steeper learning curve for Google-native users, because Outlook, OneDrive, and Teams work very differently from Gmail, Drive, and Chat.
• Complex licensing mix, because frontline, EDU, GCC, and commercial SKUs each have their own rules and can confuse procurement teams.
• Migration cost and effort, because moving even 100 seats can run $3,000 to $10,000 in tool and labor costs once done right.
• More surface area to secure, because Exchange, SharePoint, Teams, OneDrive, and Intune each add configurations that must be hardened.

Processes, Forms, and Admin Tasks

Migration is not just data movement. It is also paperwork, DNS changes, and configuration forms.

DNS Record Updates

You must update several DNS records at cutover. MX points to Microsoft’s inbound mail servers. SPF adds Microsoft’s sending IPs to your TXT record. DKIM uses CNAMEs that Microsoft generates. DMARC sets an enforcement policy. Autodiscover uses a CNAME so Outlook can find the right mailbox server automatically.

The consequence of missing any one record is broken mail flow, spoofing risk, or Outlook setup errors. A common mistake is updating MX but forgetting DKIM, which lets spammers forge the domain until the change is caught.

Microsoft 365 Admin Center Forms

Inside the admin center, you will fill out forms for domain verification, user creation, license assignment, mailbox migration batches, and retention policies. Each form has fields that map to a specific compliance outcome. For example, the retention policy form asks whether records should be preserved, deleted, or both, and the answer decides whether Purview acts as a true archive.

Google Cloud Service Account Setup

In the Google Cloud console, you create a project, enable the needed APIs, create a service account, add domain-wide delegation, and download a JSON key. Each step has consequences: skipping API enablement returns a 403, skipping delegation returns an impersonation error, and a lost JSON key means starting the whole setup over.

Relevant Legal Precedents

Courts have weighed in on cloud migrations and preservation duties. In Zubulake v. UBS Warburg, the court set the modern duty to preserve electronically stored information once litigation is reasonably foreseeable. A migration that breaks a legal hold violates this duty.

In recent SEC enforcement actions against broker-dealers in 2023 and 2024, firms paid hundreds of millions of dollars for off-channel communications and recordkeeping failures. Migrations that move mail but not chat leave firms exposed to similar actions.

Under FRCP 37(e), a party that fails to preserve ESI when it should have can face sanctions up to and including adverse inference jury instructions. Migration planners must treat Vault exports and Purview holds as a single unbroken chain.

Key Entities You Should Know

• Microsoft Corporation runs Microsoft 365 and signs the BAA, DPA, and enterprise agreement.
• Google LLC runs Google Workspace and provides export tools like Takeout and Vault.
• Microsoft Entra ID is the identity service that replaces Google’s identity during cutover.
• Microsoft Purview is the compliance platform that replaces Google Vault.
• Exchange Online is the mail service that replaces Gmail.
• OneDrive and SharePoint replace Google Drive and Shared Drives.
• Microsoft Teams replaces Google Meet and Google Chat.
• BitTitan, SkyKick, CloudM, and Quest are the four leading third-party migration vendors.
• SEC, FINRA, HHS OCR, FTC, and state attorneys general are the U.S. regulators most likely to audit a migrated tenant.
• Federal Rules of Civil Procedure set the ESI preservation duty that migration plans must honor.

FAQs

Is it worth migrating from Google Workspace to Microsoft 365?

Yes. For firms that need deep desktop app integration, advanced compliance tooling, or tighter Windows device management, Microsoft 365 delivers features that Google Workspace does not match today.

Can I migrate Google Workspace to Microsoft 365 for free?

Yes. Microsoft’s native Google Workspace migration in the Exchange admin center and the free Mover tool cover mail, calendar, contacts, and Drive at zero tool cost, though labor time is real.

Will users lose email during the migration?

No. A properly run migration with delta sync captures every message, including those that arrive during the cutover window, so users see a complete inbox when they sign in to Outlook.

Does Microsoft 365 keep my Google Drive folder structure?

Yes. Tools like Mover, BitTitan, and CloudM preserve folder hierarchies, though Google Docs comments and version history may lose some fidelity after conversion to Office formats.

Can I run Google Workspace and Microsoft 365 at the same time?

Yes. Coexistence tools from Quest Binary Tree and CloudM sync calendars and directory data, so users on both platforms can still schedule meetings and find each other during a long migration.

Do I need Microsoft 365 E5 for HIPAA?

No. Business Premium meets HIPAA needs for most small practices once the BAA is signed, and E3 or E5 is only required when you need advanced Purview eDiscovery or insider risk tools.

How long does a typical migration take?

Yes, timelines vary, but a 50-seat tenant usually finishes in one weekend, a 250-seat firm takes three to four weeks, and a 1,500-seat university takes six to twelve weeks including pilot and overlap.

Will my Google Vault legal holds transfer to Microsoft Purview?

Yes. Export Vault holds and import them into Purview eDiscovery with matching retention labels, so the preservation chain stays unbroken and FRCP 37(e) risk stays low.

Can I roll back if something goes wrong?

Yes. If you keep Google Workspace active for 30 to 60 days after cutover and preserve the original DNS records, you can revert mail flow and restore user access within hours of a failure.

Does Microsoft offer free migration help?

Yes. The Microsoft FastTrack program provides free migration engineering help for tenants with 150 or more eligible seats, covering planning, onboarding, and data migration.