👉 Ready-to-Use Migration Checklist

To help you confidently manage your own Office 365 migration, We’ve prepared a detailed, ready-to-use migration checklist. It covers each critical task step-by-step, ensuring nothing gets missed.

As an M365 Admin, security and compliance were my top concerns when we decided to move from

Office 365 E3 to E1. Given E1 has fewer advanced compliance and security features (like DLP, advanced eDiscovery, Conditional Access), I needed a clear plan to ensure our organization stayed protected and compliant throughout the transition.

Below, I share exactly what I did, step-by-step, to handle these crucial areas effectively—so you can confidently replicate these steps without any guesswork.


Why Security & Compliance Matter:


  • Protecting Company Data: Preventing unauthorized access or data leaks.

  • Regulatory Compliance: Staying compliant with data regulations such as GDPR, HIPAA, etc.

  • Avoiding Security Breaches: Ensuring no security gaps are left during and after the migration.


Detailed Step-by-Step Guide:


Step 1: Reviewed and Adjusted Data Loss Prevention (DLP) Policies

DLP policies protect sensitive information from accidental or intentional leaks. Because some advanced DLP policies are unavailable or simplified in Office 365 E1, careful review was essential.


Detailed Steps:


  1. Logged into the Microsoft Purview Compliance Portal.


  2. Navigated to Data Loss Prevention (DLP)Policies.


  3. Reviewed each existing DLP policy to determine criticality:

    • Example policies reviewed:

      • Blocking external sending of credit card data.

      • Restricting external sharing of Social Security Numbers (SSN).

  4. Tested these policies by intentionally triggering them:

    • Created a dummy document with fake credit card numbers.

    • Attempted to share externally to confirm alerts triggered correctly.


Sample Policy:

“Block any external sharing of files containing Social Security Numbers or bank account details.”


Challenges:


  • Found some custom advanced conditions from E3 not available in E1; had to simplify and clearly communicate changes to relevant departments.


Step 2: Reviewed Litigation Holds and Email Retention Settings


Litigation holds preserve emails for compliance or legal cases. E1 simplifies these features, so it was

critical to clearly identify who needed adjustments.


Detailed Steps:


Opened PowerShell as admin and connected to Exchange Online:

powershell
 CopyEdit
 Install-Module ExchangeOnlineManagement

Connect-ExchangeOnline

Ran this command to identify mailboxes with Litigation Hold enabled:

powershell
 CopyEdit
 Get-Mailbox | Where-Object {$_.LitigationHoldEnabled -eq $true} | Select DisplayName,

LitigationHoldEnabled


Clearly documented these users in a CSV file for reference:

powershell
 CopyEdit
 Get-Mailbox | Where-Object {$_.LitigationHoldEnabled -eq $true} | Select

DisplayName,LitigationHoldEnabled | Export-Csv "LitigationHolds.csv" -NoTypeInformation


Reviewed each user's litigation hold status and clearly documented:


1. Users who still required holds (planned alternative compliance strategies).

2. Users whose holds could be safely removed or adjusted.


Challenges:


  • Certain advanced litigation hold features from E3 were not available in E1; I had to communicate alternatives or third-party tools clearly.


Step 3: Verifying Conditional Access and Multi-Factor Authentication (MFA)


Conditional Access policies control who can access resources and how they must authenticate. Ensuring no disruption to essential security was critical.


Detailed Steps:


1. Logged into the Azure AD Admin Portal → Security → Conditional Access.

Ran the following PowerShell command to export current Conditional Access policies clearly:

powershell
 CopyEdit
 Connect-MgGraph -Scopes "Policy.Read.All"

Get-AzureADMSConditionalAccessPolicy | Select DisplayName, State | Export-Csv

"ConditionalAccessPolicies.csv" -NoTypeInformation


  1. Reviewed exported Conditional Access policies to confirm critical policies:

    • MFA requirements (especially for external or risky sign-ins).

    • Conditional access rules based on location or devices.


  2. Tested MFA policy behavior:

    • Signed in from external (non-trusted) IP addresses.

    • Verified if MFA prompts appeared as expected.


Sample Conditional Access Policy:

“Require Multi-Factor Authentication when signing in from outside the company network.”


Challenges:

  • Found some previously detailed MFA controls were simplified or unavailable in E1. Adjusted by clearly communicating simpler MFA rules and providing extra guidelines to users on secure access practices.


Step 4: Created Clear & Simple Security Guidelines for Users

Providing clear security guidelines ensured our users knew exactly what changed and what remained the same.


Detailed Steps:


  1. Prepared a concise (2–3 page) security guidelines document highlighting:

    • What compliance and security measures are available post-migration.

    • How users should securely manage data in Office Web Apps.

    • Clear instructions for reporting security incidents.


  2. Included practical examples such as:

    • “Always report suspicious emails immediately to IT support at [IT email].”

    • "Use OneDrive for storing company documents securely—avoid personal cloud storage."


  3. Distributed this guide via email and made it easily accessible on the intranet.


  4. Conducted short webinars to explain these guidelines and answer user questions.


Challenges and Solutions:


  • Challenge: Users concerned about fewer compliance features.

  • Solution: Clearly communicated alternative compliance strategies and reassured them with transparent security explanations.


  • Challenge: Initial confusion around authentication prompts.

  • Solution: Provided visual screenshots in the guidelines, demonstrating the expected login experience post-migration, significantly reducing confusion.


Final Thoughts and Personal Insights:

Though downgrading from E3 to E1 posed initial challenges, thorough preparation and clear, step-by-step actions ensured security and compliance remained robust. My proactive approach to reviewing policies, clearly documenting any changes, and openly communicating to users allowed us to navigate these potential risks without incident.

👉 Ready-to-Use Migration Checklist

To help you confidently manage your own Office 365 migration, We’ve prepared a detailed, ready-to-use migration checklist. It covers each critical task step-by-step, ensuring nothing gets missed.

As an M365 Admin, security and compliance were my top concerns when we decided to move from

Office 365 E3 to E1. Given E1 has fewer advanced compliance and security features (like DLP, advanced eDiscovery, Conditional Access), I needed a clear plan to ensure our organization stayed protected and compliant throughout the transition.

Below, I share exactly what I did, step-by-step, to handle these crucial areas effectively—so you can confidently replicate these steps without any guesswork.


Why Security & Compliance Matter:


  • Protecting Company Data: Preventing unauthorized access or data leaks.

  • Regulatory Compliance: Staying compliant with data regulations such as GDPR, HIPAA, etc.

  • Avoiding Security Breaches: Ensuring no security gaps are left during and after the migration.


Detailed Step-by-Step Guide:


Step 1: Reviewed and Adjusted Data Loss Prevention (DLP) Policies

DLP policies protect sensitive information from accidental or intentional leaks. Because some advanced DLP policies are unavailable or simplified in Office 365 E1, careful review was essential.


Detailed Steps:


  1. Logged into the Microsoft Purview Compliance Portal.


  2. Navigated to Data Loss Prevention (DLP)Policies.


  3. Reviewed each existing DLP policy to determine criticality:

    • Example policies reviewed:

      • Blocking external sending of credit card data.

      • Restricting external sharing of Social Security Numbers (SSN).

  4. Tested these policies by intentionally triggering them:

    • Created a dummy document with fake credit card numbers.

    • Attempted to share externally to confirm alerts triggered correctly.


Sample Policy:

“Block any external sharing of files containing Social Security Numbers or bank account details.”


Challenges:


  • Found some custom advanced conditions from E3 not available in E1; had to simplify and clearly communicate changes to relevant departments.


Step 2: Reviewed Litigation Holds and Email Retention Settings


Litigation holds preserve emails for compliance or legal cases. E1 simplifies these features, so it was

critical to clearly identify who needed adjustments.


Detailed Steps:


Opened PowerShell as admin and connected to Exchange Online:

powershell
 CopyEdit
 Install-Module ExchangeOnlineManagement

Connect-ExchangeOnline

Ran this command to identify mailboxes with Litigation Hold enabled:

powershell
 CopyEdit
 Get-Mailbox | Where-Object {$_.LitigationHoldEnabled -eq $true} | Select DisplayName,

LitigationHoldEnabled


Clearly documented these users in a CSV file for reference:

powershell
 CopyEdit
 Get-Mailbox | Where-Object {$_.LitigationHoldEnabled -eq $true} | Select

DisplayName,LitigationHoldEnabled | Export-Csv "LitigationHolds.csv" -NoTypeInformation


Reviewed each user's litigation hold status and clearly documented:


1. Users who still required holds (planned alternative compliance strategies).

2. Users whose holds could be safely removed or adjusted.


Challenges:


  • Certain advanced litigation hold features from E3 were not available in E1; I had to communicate alternatives or third-party tools clearly.


Step 3: Verifying Conditional Access and Multi-Factor Authentication (MFA)


Conditional Access policies control who can access resources and how they must authenticate. Ensuring no disruption to essential security was critical.


Detailed Steps:


1. Logged into the Azure AD Admin Portal → Security → Conditional Access.

Ran the following PowerShell command to export current Conditional Access policies clearly:

powershell
 CopyEdit
 Connect-MgGraph -Scopes "Policy.Read.All"

Get-AzureADMSConditionalAccessPolicy | Select DisplayName, State | Export-Csv

"ConditionalAccessPolicies.csv" -NoTypeInformation


  1. Reviewed exported Conditional Access policies to confirm critical policies:

    • MFA requirements (especially for external or risky sign-ins).

    • Conditional access rules based on location or devices.


  2. Tested MFA policy behavior:

    • Signed in from external (non-trusted) IP addresses.

    • Verified if MFA prompts appeared as expected.


Sample Conditional Access Policy:

“Require Multi-Factor Authentication when signing in from outside the company network.”


Challenges:

  • Found some previously detailed MFA controls were simplified or unavailable in E1. Adjusted by clearly communicating simpler MFA rules and providing extra guidelines to users on secure access practices.


Step 4: Created Clear & Simple Security Guidelines for Users

Providing clear security guidelines ensured our users knew exactly what changed and what remained the same.


Detailed Steps:


  1. Prepared a concise (2–3 page) security guidelines document highlighting:

    • What compliance and security measures are available post-migration.

    • How users should securely manage data in Office Web Apps.

    • Clear instructions for reporting security incidents.


  2. Included practical examples such as:

    • “Always report suspicious emails immediately to IT support at [IT email].”

    • "Use OneDrive for storing company documents securely—avoid personal cloud storage."


  3. Distributed this guide via email and made it easily accessible on the intranet.


  4. Conducted short webinars to explain these guidelines and answer user questions.


Challenges and Solutions:


  • Challenge: Users concerned about fewer compliance features.

  • Solution: Clearly communicated alternative compliance strategies and reassured them with transparent security explanations.


  • Challenge: Initial confusion around authentication prompts.

  • Solution: Provided visual screenshots in the guidelines, demonstrating the expected login experience post-migration, significantly reducing confusion.


Final Thoughts and Personal Insights:

Though downgrading from E3 to E1 posed initial challenges, thorough preparation and clear, step-by-step actions ensured security and compliance remained robust. My proactive approach to reviewing policies, clearly documenting any changes, and openly communicating to users allowed us to navigate these potential risks without incident.

👉 Ready-to-Use Migration Checklist

To help you confidently manage your own Office 365 migration, We’ve prepared a detailed, ready-to-use migration checklist. It covers each critical task step-by-step, ensuring nothing gets missed.

As an M365 Admin, security and compliance were my top concerns when we decided to move from

Office 365 E3 to E1. Given E1 has fewer advanced compliance and security features (like DLP, advanced eDiscovery, Conditional Access), I needed a clear plan to ensure our organization stayed protected and compliant throughout the transition.

Below, I share exactly what I did, step-by-step, to handle these crucial areas effectively—so you can confidently replicate these steps without any guesswork.


Why Security & Compliance Matter:


  • Protecting Company Data: Preventing unauthorized access or data leaks.

  • Regulatory Compliance: Staying compliant with data regulations such as GDPR, HIPAA, etc.

  • Avoiding Security Breaches: Ensuring no security gaps are left during and after the migration.


Detailed Step-by-Step Guide:


Step 1: Reviewed and Adjusted Data Loss Prevention (DLP) Policies

DLP policies protect sensitive information from accidental or intentional leaks. Because some advanced DLP policies are unavailable or simplified in Office 365 E1, careful review was essential.


Detailed Steps:


  1. Logged into the Microsoft Purview Compliance Portal.


  2. Navigated to Data Loss Prevention (DLP)Policies.


  3. Reviewed each existing DLP policy to determine criticality:

    • Example policies reviewed:

      • Blocking external sending of credit card data.

      • Restricting external sharing of Social Security Numbers (SSN).

  4. Tested these policies by intentionally triggering them:

    • Created a dummy document with fake credit card numbers.

    • Attempted to share externally to confirm alerts triggered correctly.


Sample Policy:

“Block any external sharing of files containing Social Security Numbers or bank account details.”


Challenges:


  • Found some custom advanced conditions from E3 not available in E1; had to simplify and clearly communicate changes to relevant departments.


Step 2: Reviewed Litigation Holds and Email Retention Settings


Litigation holds preserve emails for compliance or legal cases. E1 simplifies these features, so it was

critical to clearly identify who needed adjustments.


Detailed Steps:


Opened PowerShell as admin and connected to Exchange Online:

powershell
 CopyEdit
 Install-Module ExchangeOnlineManagement

Connect-ExchangeOnline

Ran this command to identify mailboxes with Litigation Hold enabled:

powershell
 CopyEdit
 Get-Mailbox | Where-Object {$_.LitigationHoldEnabled -eq $true} | Select DisplayName,

LitigationHoldEnabled


Clearly documented these users in a CSV file for reference:

powershell
 CopyEdit
 Get-Mailbox | Where-Object {$_.LitigationHoldEnabled -eq $true} | Select

DisplayName,LitigationHoldEnabled | Export-Csv "LitigationHolds.csv" -NoTypeInformation


Reviewed each user's litigation hold status and clearly documented:


1. Users who still required holds (planned alternative compliance strategies).

2. Users whose holds could be safely removed or adjusted.


Challenges:


  • Certain advanced litigation hold features from E3 were not available in E1; I had to communicate alternatives or third-party tools clearly.


Step 3: Verifying Conditional Access and Multi-Factor Authentication (MFA)


Conditional Access policies control who can access resources and how they must authenticate. Ensuring no disruption to essential security was critical.


Detailed Steps:


1. Logged into the Azure AD Admin Portal → Security → Conditional Access.

Ran the following PowerShell command to export current Conditional Access policies clearly:

powershell
 CopyEdit
 Connect-MgGraph -Scopes "Policy.Read.All"

Get-AzureADMSConditionalAccessPolicy | Select DisplayName, State | Export-Csv

"ConditionalAccessPolicies.csv" -NoTypeInformation


  1. Reviewed exported Conditional Access policies to confirm critical policies:

    • MFA requirements (especially for external or risky sign-ins).

    • Conditional access rules based on location or devices.


  2. Tested MFA policy behavior:

    • Signed in from external (non-trusted) IP addresses.

    • Verified if MFA prompts appeared as expected.


Sample Conditional Access Policy:

“Require Multi-Factor Authentication when signing in from outside the company network.”


Challenges:

  • Found some previously detailed MFA controls were simplified or unavailable in E1. Adjusted by clearly communicating simpler MFA rules and providing extra guidelines to users on secure access practices.


Step 4: Created Clear & Simple Security Guidelines for Users

Providing clear security guidelines ensured our users knew exactly what changed and what remained the same.


Detailed Steps:


  1. Prepared a concise (2–3 page) security guidelines document highlighting:

    • What compliance and security measures are available post-migration.

    • How users should securely manage data in Office Web Apps.

    • Clear instructions for reporting security incidents.


  2. Included practical examples such as:

    • “Always report suspicious emails immediately to IT support at [IT email].”

    • "Use OneDrive for storing company documents securely—avoid personal cloud storage."


  3. Distributed this guide via email and made it easily accessible on the intranet.


  4. Conducted short webinars to explain these guidelines and answer user questions.


Challenges and Solutions:


  • Challenge: Users concerned about fewer compliance features.

  • Solution: Clearly communicated alternative compliance strategies and reassured them with transparent security explanations.


  • Challenge: Initial confusion around authentication prompts.

  • Solution: Provided visual screenshots in the guidelines, demonstrating the expected login experience post-migration, significantly reducing confusion.


Final Thoughts and Personal Insights:

Though downgrading from E3 to E1 posed initial challenges, thorough preparation and clear, step-by-step actions ensured security and compliance remained robust. My proactive approach to reviewing policies, clearly documenting any changes, and openly communicating to users allowed us to navigate these potential risks without incident.

How I Handled Security & Compliance While Migrating from O365 E3 to E1


Provide your Work Email

Download your Free Migration Checklist

Provide your Work Email

Download your Free Migration Checklist

Provide your Work Email

Download your Free Migration Checklist

Provide your Work Email Download your Free Migration Checklist

Provide your Work Email Download your Free Migration Checklist