Client Email Migration Checklist (Microsoft 365 → Google Workspace)

This checklist prevents surprises and ensures an accurate timeline and quote. Please complete each step and confirm at the “Stop & Verify” gates.  This is not a guarantee that it will work. PLEASE verify this with your IT professional to ensure your setup matches this. This was a result of a weekend I spent helping a client with this transition after he was hacked in his 365 environment. He wanted a better solution and was ready to seek my help in incorporating the transition to Google Workspace and implementing Cloudflare for his DNS management.

A) Contacts, Ownership, and Access

• Identify a primary decision maker available during cutover (live testing, approvals, passwords).
  
• Provide admin access for:
  
  • Microsoft 365 / GoDaddy
    
  • Domain registrar (where your nameservers live)
    
  • DNS host (Cloudflare or other) – create account
    
  • Google Workspace Admin – create this with a unique email and a backup email that is not tied to the business domain.
    
• List all domains and subdomains used for email (primary and any aliases).
  

Stop & Verify: All admin logins work; you know exactly where your domain’s nameservers point today.

B) DNS Location and Cloudflare Setup

• Confirm your DNS host:
  
  • If DNS is not in Cloudflare, plan to move it (recommended for speed, backup, and control).
• If moving DNS to Cloudflare:
  
  • Create a Cloudflare account (Business/Pro/Free per need).
    
  • Add your domain in Cloudflare; allow it to scan/import the current DNS.
    
  • Compare imported records to your current DNS host, record by record (A, AAAA, CNAME, MX, TXT, SRV).
    
  • At the registrar, change nameservers to the two Cloudflare nameservers assigned to you.
    
  • Wait for nameserver propagation (typically minutes to hours).
• In Cloudflare DNS:
  
  • Ensure every record you had previously is present and accurate.
    
  • For mail-related records (MX, autodiscover, mail, smtp, imap), set Proxy status = DNS only (gray cloud). Do not proxy email endpoints.
    
• Export a DNS backup from Cloudflare (DNS → Advanced → Export Zone File) and save it.
  

Stop & Verify: Nameservers point to Cloudflare (if moved). All records match the prior host. You have a current Cloudflare zone export saved.

C) Inventory of Mailboxes and Data

• List all user mailboxes (name + address).
  
• List all shared/team mailboxes (e.g., sales@, support@, info@).
  
• List all aliases (addresses that deliver to an existing mailbox).
  
• Note any external forwarding rules (personal Gmail, vendors, etc.).
  

Stop & Verify: The list is complete—no hidden accounts, no “extra” domains.

D) Microsoft 365 Reality Check

• Confirm whether Microsoft 365 is via GoDaddy or directly from Microsoft.
  
• Confirm who still needs Office apps (Word/Excel/Outlook) vs. email only.
  
• Decide whether to keep “Apps-only” licensing after cutover (no Exchange mailbox).
  

Stop & Verify: You know which Microsoft licenses will be kept/downgraded/removed after cutover.

E) Google Workspace Preparation

• Verify your primary domain in Google Admin.
  
• Add any secondary or alias domains that should send/receive mail.
  
• Create all user accounts and shared mailboxes; assign licenses.
  
• Enforce 2-Step Verification (2FA) org-wide; confirm recovery methods are set.
  

Stop & Verify: All Google users exist; 2FA policy is in place; test logins succeed on all devices.

F) Mailbox Cleanup and Backup (PST)

• In Outlook Classic (not “new Outlook” – you will have to toggle):
  
  • Clean up each mailbox (Sent and Deleted first). Large folders cause export failures.
  • If the mailbox exceeds 10 GB, split the export by year/folder.
  • Export each mailbox: File → Open & Export → Import/Export → Export to a file → Outlook Data File (.pst) → Include subfolders. 
  • Save PSTs to a known location (e.g., Documents\Outlook Files\YYYY).
  • Verify by opening the PST (File → Open Outlook Data File) and spot-checking contents.
• For users on Outlook web or “new Outlook,” install/launch Outlook Classic temporarily for export.
  

Stop & Verify: A valid PST exists for every mailbox you need to preserve. Spot-checks pass.

G) Device and App Inventory

• Desktop clients: Outlook Classic vs. new Outlook vs. web-only users identified.
  
• Mobile devices: iOS/Android (Outlook app vs. Gmail app).
• Any third-party systems sending mail (CRMs, QuickBooks, scanners, web forms) documented with their sender addresses and SMTP needs.
  

Stop & Verify: You know exactly which devices/apps must be reconfigured.

H) DNS Records for Google Workspace (Ready Before Cutover)

• MX (Google’s mail servers):
  
  • 1 aspmx.l.google.com
    
  • 5 alt1.aspmx.l.google.com
    
  • 5 alt2.aspmx.l.google.com
    
  • 10 alt3.aspmx.l.google.com
    
  • 10 alt4.aspmx.l.google.com
• SPF (TXT at root):
  
  • v=spf1 include:_spf.google.com ~all
    (Use -all after initial validation if your senders are strictly Google.)
• DKIM:
  
  • In Google Admin → Gmail → Authenticate email: generate 2048-bit key.
    
  • Publish TXT at google._domainkey with the provided value.
    
  • Start authentication in Google Admin after TXT propagates.
• DMARC (TXT at _dmarc):
  
  • Start with: v=DMARC1; p=none; rua=mailto:postmaster@yourdomain.com
    
  • After stable delivery, consider p=quarantine or p=reject.
• Lower TTLs on MX/TXT to speed any corrections during cutover.
  

Stop & Verify: SPF/DKIM/DMARC are present and correct in Cloudflare. Mail-related records are “DNS only” (not proxied).

I) Cutover Scheduling and Communication

• Select a cutover window (low traffic).
  
• Notify all users of the schedule and short expected disruption.
  
• Assign who will be live on the call (approvals, testing).
  
• Confirm rollback plan (saved Cloudflare export, prior MX values, still-active Microsoft mailbox if you must backtrack).
  

Stop & Verify: Users acknowledged the plan; a rollback path exists.

J) Cutover Tasks

• Switch MX to Google (if not already).
  
• Remove/disable any Microsoft MX records after you’re sure Google is live.
  
• Ensure SPF includes only Google (and any legitimate third-party senders).
  
• DKIM “Start authentication” in Google Admin once TXT is live.
  
• Confirm DMARC is present (start with p=none for monitoring).
  

Stop & Verify: A test mail to your Google mailbox arrives. In Gmail, open the message → More → Show original: SPF/DKIM/DMARC all show PASS.

K) Outlook Desktop Configuration (Classic)

• Use Outlook Classic (not “new Outlook”) to build a new profile per user.
  
• Add Google account via “Google” option (OAuth). If using manual IMAP:
  
  • Incoming: imap.gmail.com / 993 / SSL/TLS
    
  • Outgoing: smtp.gmail.com / 587 / STARTTLS
    
  • Use App Password if 2FA blocks basic password.
    
• Attach PST archive: File → Open & Export → Open Outlook Data File.
  
• Decide: keep PST visible as “Archive” or drag mail from PST into Gmail folders to upload history.
  
• If you must use “new Outlook,” do so only after PST content is fully uploaded (new Outlook does not support PST).
  

Stop & Verify: Desktop Outlook can send/receive; old mail is accessible (PST or uploaded); From address defaults are correct.

L) Mobile and Web

• On phones: remove Microsoft account; add Google Workspace account (Outlook app “Add Google” or use Gmail app).
  
• In Gmail web: Settings → Accounts and Import → Send mail as → set default From address (primary or alias like sales@).
  
• If replying from forwarded mailboxes, set “Always reply from default address” if desired.
  

Stop & Verify: Phone and web send/receive work; replies show the correct From address.

M) Deliverability Validation

• Send test mails to multiple recipients: Gmail, Outlook.com, and key corporate partners (e.g., title companies, BPOs).
  
• In Gmail → Show original → confirm SPF/DKIM/DMARC = PASS.
  
• If partners don’t receive mail, ask their IT to whitelist your domain or investigate filters now that you’re on Google.
  

Stop & Verify: External recipients confirm successful delivery.

N) Post-Cutover Cleanup

• Remove any temporary forwarding rules used during transition.
  
• Remove obsolete Microsoft-specific DNS (do this after stability is confirmed; leaving harmless CNAMEs a few days is fine).
  
• Adjust DMARC to stricter policy after a clean monitoring period.
  
• If keeping Microsoft Office apps, ensure licensing is Apps-only; remove unused Exchange mailboxes.
  
• Archive final Cloudflare zone export for records.
  

Stop & Verify: No lingering forwards; licensing is correct; DNS is minimal and accurate.

O) User Training and Support Window

• Provide a one-page guide for:
  
  • Logging in with 2FA
    
  • Default “Send as” behavior
    
  • Where old mail resides (PST vs. uploaded)
    
• Keep a short post-cutover support window open for issues (deliverability, device setup).
  

Stop & Verify: Users can send/receive without assistance; common questions are addressed.

P) Timeline Notes You Should Expect

• PST exports/imports can take hours per mailbox (large Sent/Deleted folders dramatically slow or break exports).
  
• DNS changes propagate fast, but allow a buffer for corrections.
  
• Uploading historical mail from PST to Gmail can take overnight(s); leave Outlook running.