Migrate from Exchange Server to Exchange Online
When you move from a local Exchange Server to Exchange Online in Microsoft 365, you must update the mail account configuration in Sophos Mobile.
The policy you assign to a device includes an Exchange account configuration to set up a mail account. When you change your mail server to Exchange Online, you must adjust the settings in that configuration.
You have two options:
- Update the policy with a new Exchange account configuration.
- Replace the policy with one that contains the new Exchange account configuration.
Depending on how you’ve structured your policies, either of these options might be easier to implement. Here, we assume that you replace the policy.
To migrate devices from Exchange Server to Exchange Online, do as follows:
Create a policy, for example by duplicating the policy currently assigned to your devices.
Repeat this step for the following device policies, if applicable:
- Android Enterprise device policies
- Android Enterprise work profile policies
- Android device policies
- iOS device policies
- iOS user policies
- macOS user policies
- Windows policies
Edit the Exchange account configuration.
Configure the following settings:
In Exchange server, enter
outlook.office365.comapplies to the worldwide Microsoft 365 cloud. If you’re using a different Microsoft 365 cloud, such as Office 365 Germany, see the Microsoft document Office 365 URLs and IP address ranges.
In User, enter the
%_EMAILADDRESS_%placeholder. Sophos Mobile replaces it with the user’s email address.
%_EMAILADDRESS_%placeholder is only available when managing your Sophos Mobile users in Microsoft Active Directory or another external user directory.
If your Microsoft 365 tenant has modern authentication (OAuth) turned on for Exchange Online, select the following:
- For Android Enterprise policies, select Authentication > Modern authentication.
- For iOS and macOS policies, select Turn on OAuth 2.0.
Microsoft 365 tenants created after August 1, 2017, have modern authentication turned on by default.
We recommend that you turn on SSL/TLS to secure the connection to Exchange Online.
Configure the remaining settings as needed. For details, see the policy-specific pages on Exchange account configuration in this help.
To replace the policy on the devices, do as follows:
- Create a task bundle.
- Add an Assign policy task for the new policy.
- For Android device policies and iOS device policies, add an Uninstall policy task for the old policy.
- For iOS user policies, add an Unassign iOS user policy task for the old policy.
- Transfer the task bundle to the relevant devices.
If you’re using Self Service Portal configurations, replace the enrollment task bundle in those configurations with a task bundle that assigns the new policy.
If you’re using the EAS proxy that comes with Sophos Mobile for email access control, we recommend that you set it up in PowerShell mode for Exchange Online.