GoDaddy to Cloudflare DNS Migration
Cloudflare
DNS
SSL/TLS
Cutover
DMARC/SPF/DKIM
Objective: Migrate authoritative DNS from GoDaddy to Cloudflare to centralize DNS management, improve security posture, and simplify ongoing maintenance.
Preparation
- Captured screenshots/exports of all existing DNS records for rollback reference.
- Documented A, CNAME, MX, TXT (SPF/DKIM/DMARC), and vendor verification records.
- Identified records requiring DNS-only (mail, SaaS validation, third-party SSL/origin requirements such as Webflow).
- Reduced TTL values ahead of cutover to minimize propagation delays.
Migration Execution
- Imported records using Cloudflare DNS scan/copy and manually validated accuracy.
- Confirmed all records copied correctly except NS records (replaced by Cloudflare nameservers).
- Applied proxying selectively for public web services while keeping sensitive services DNS-only.
- Updated nameservers at registrar and confirmed authoritative DNS cutover.
Issues & Mitigation
- SSL conflicts when origin hosting manages certificates (resolved via DNS-only + correct SSL mode where needed).
- Incorrect proxy settings causing validation failures (fixed by switching impacted records to DNS-only).
- Propagation timing differences across regions during cutover (reduced by TTL planning and staged validation).
Post-Migration Validation
- Validated all websites/subdomains and confirmed mail flow remained stable.
- Enabled Cloudflare Universal SSL (where appropriate) and confirmed HTTPS behavior.
- Verified DMARC/SPF/DKIM alignment and rechecked TXT-based verifications.
Technologies: Cloudflare, GoDaddy, DNS, SSL/TLS, DMARC/SPF/DKIM, Proxy vs DNS-only
Microsoft 365 ↔ Google Workspace Calendar Interop (Free/Busy)
Microsoft 365
Identity
OAuth/API
Integration
Interop
Objective: Enable cross-platform Free/Busy availability between Microsoft 365 and Google Workspace tenants to improve scheduling and cross-organization collaboration.
Preparation
- Verified domain ownership and external sharing policies in both tenants.
- Validated Exchange Online org relationship settings and availability configuration.
- Prepared required Google Workspace service account/delegated access settings (where applicable).
Implementation
- Configured interoperability settings between Microsoft 365 and Google Workspace.
- Implemented required authentication requirements and API permissions/scopes.
- Mapped domains correctly to ensure Free/Busy queries routed to the correct tenant.
Issues & Mitigation
- Free/Busy failures caused by policy restrictions or incorrect sharing scope.
- Permission scope mismatches for API access.
- Propagation delays after configuration changes (validated with staged testing).
Post-Implementation Testing
- Used test accounts in both environments to validate Free/Busy lookups.
- Confirmed external visibility restrictions behaved as intended.
- Validated client experience across web/mobile clients where applicable.
Technologies: Microsoft 365, Exchange Online, Google Workspace, Calendar Interop, OAuth/API Permissions
Okta to Microsoft Entra ID SSO Migration
SSO
SAML 2.0
Entra ID
RBAC
Off-hours
Objective: Migrate SSO and identity provisioning from Okta to Microsoft Entra ID to centralize authentication, streamline access management, and align identity with Microsoft 365 infrastructure.
Planning & Preparation
- Captured and documented complete Okta configuration (apps, groups, provisioning rules, license mappings).
- Created pilot plan and tested with dedicated test accounts to validate authentication and provisioning behavior.
- Scheduled implementation during off-hours to minimize production impact.
- Created internal admin/end-user tutorials and documented rollback approach.
Implementation
- Recreated enterprise applications in Entra ID using gallery apps and custom SAML configurations.
- Configured SAML trust, exchanged IdP metadata, and validated signing certificates.
- Created security groups and assigned apps + license bundles using group-based access.
- Configured provisioning and attribute mappings where supported.
Challenges & Mitigation
- Troubleshot SAML errors related to metadata mismatch, endpoints, and certificate configuration.
- Resolved provisioning failures caused by permission scopes and attribute mapping issues.
- Identified limitations with password transfer functionality and planned communications accordingly.
- Remediated access issues (e.g., 404s/permissions) through app configuration and role review.
Post-Migration Validation
- Verified login access across all migrated apps with Entra ID as primary IdP.
- Confirmed user accounts were correctly federated and pointing to the new IdP.
- Validated group-based access and license assignments; reviewed sign-in/provisioning logs for stabilization.
Technologies: Okta, Microsoft Entra ID (Azure AD), SAML 2.0, RBAC, Microsoft 365, Provisioning
Intermedia to Microsoft 365 Email Migration
Microsoft 365
DNS
Staged Cutover
DR Backup
MigrationWiz
Objective: Migrate organizational email from Intermedia to Microsoft 365 to consolidate collaboration tools, improve security controls, and centralize administration.
Planning & Preparation
- Documented mailboxes, groups, licenses, rules, forwarding, signatures, and delegated access.
- Backed up mailboxes using a disaster recovery solution prior to migration.
- Scheduled migration during off-hours and planned staged cutover to reduce risk.
- Selected BitTitan MigrationWiz and validated source/destination readiness.
Migration Execution
- Configured MigrationWiz projects and enabled “Do Not Duplicate Emails” to prevent mailbox inflation.
- Performed staged migrations and recreated rules/forwarding/permissions in Microsoft 365.
- Updated DNS records (MX, SPF, Autodiscover) to route mail flow to Microsoft 365.
Post-Migration Validation
- Validated inbound/outbound email and mailbox data integrity.
- Confirmed shared mailbox access, group membership, and forwarding behavior.
- Monitored message trace/delivery reports and provided user support during transition.
Technologies: Intermedia, Microsoft 365, Exchange Online, BitTitan MigrationWiz, DNS (MX/SPF/Autodiscover)
VMware to Microsoft Azure Infrastructure Migration
VMware
Azure
VNet/NSG
RBAC
Cost Estimation
Objective: Migrate on-prem VMware workloads to Microsoft Azure to modernize infrastructure, improve scalability, and strengthen disaster recovery readiness.
Planning & Preparation
- Audited VMware VM inventory, dependencies, OS versions, and workload requirements.
- Outlined Azure services: Virtual Machines, database services, Azure Backup, VNet, NSGs, monitoring, secure admin access.
- Used Azure Pricing Calculator to estimate costs and right-size workloads.
- Reviewed licensing requirements including Windows Server licensing and CAL considerations.
Migration Strategy & Execution
- Evaluated migration methods (PowerShell-based recreation vs snapshot/backup restore workflows).
- Provisioned Azure VMs aligned with workload requirements and segmented networking design.
- Implemented NSGs to restrict RDP access and enforce least-privilege network controls.
- Migrated SQL workloads and validated application/database connectivity.
- Configured Azure Backup policies for workload protection.
Post-Migration Validation
- Validated RDP connectivity and secure remote administration.
- Confirmed SQL database accessibility and application functionality.
- Verified RBAC assignments were correctly scoped and tested backups/recovery workflows.
Technologies: VMware ESXi/vSphere, Microsoft Azure, Azure VMs, VNet, NSG, Azure Backup, RBAC, PowerShell
On-Prem File Shares to SharePoint Online Migration
SharePoint Online
Cloud Migration
Permissions
Cutover
Data Governance
Objective: Modernize file storage by migrating on-prem file shares to SharePoint Online to improve collaboration, remote access, and governance.
Preparation
- Validated SharePoint information architecture (sites, document libraries, and folder strategy).
- Cleaned up legacy data (duplicates, stale folders) and confirmed retention requirements.
- Installed the SharePoint Migration Tool (SPMT) on a workstation/server with access to the file shares.
- Identified permission model approach (SharePoint groups vs direct permissions) and mapped access requirements.
- Reviewed SharePoint limits and constraints (path length, invalid characters, blocked file types).
Migration Execution
- Authenticated to Microsoft 365 using a migration/admin account.
- Selected source file shares/drives and targeted SharePoint destination libraries.
- Copied and pasted the SharePoint destination URL for each library and validated scope.
- Mapped users/groups and validated how permissions would be applied in the destination.
- Executed pilot migrations first, then scaled to staged migrations before final cutover.
Issues & Mitigation
- Permissions do not always “pass through” 1:1 (resolved by standardizing SharePoint groups and inheritance strategy).
- Filename/path constraints and unsupported file types (resolved via pre-scan and remediation of invalid items).
- Large library performance considerations (mitigated with staged migrations and library structure planning).
Post-Migration Validation
- Validated user access and confirmed key folders/files were accessible by the correct roles.
- Confirmed sync experience and collaboration (versioning, co-authoring) where applicable.
- Documented new access model and provided user guidance for SharePoint/OneDrive usage.
Technologies: SharePoint Online, SPMT, Microsoft 365, Permissions/Groups, Information Architecture
Hybrid Identity + Endpoint Management (Azure AD Connect + Windows/macOS MDM)
Entra ID
Azure AD Connect
Compliance
Health Monitoring
Device Management
Objective: Establish a reliable hybrid identity foundation and standardize device management for Windows and macOS endpoints using Entra ID integration and MDM policies.
Preparation
- Reviewed and organized Active Directory OU structure, groups, and naming conventions.
- Removed/disabled stale accounts and validated duplicate/conflicting identities.
- Planned sync scope (OU filtering) and identity attributes required for the environment.
- Confirmed device enrollment strategy for Windows/macOS (corporate vs BYOD, enrollment restrictions, compliance baselines).
Integration
- Installed Azure AD Connect on a designated server and authenticated with appropriate administrative roles.
- Configured sign-in method and selected OUs to synchronize (scope control and least privilege).
- Validated synchronization health and ensured expected users/groups appeared in Entra ID.
- Aligned endpoint enrollment policies and baseline configuration profiles for Windows and macOS.
Common Issues & Mitigation
- Sync issues caused by attribute conflicts or duplicate accounts (resolved via cleanup and attribute alignment).
- Over-syncing due to broad OU selection (resolved by tighter OU filtering and staged rollout).
- Enrollment failures due to device restrictions or compliance requirements (resolved by aligning policies with OS requirements).
Post-Integration Validation
- Verified Azure AD Connect Health status and sync schedules.
- Confirmed sign-in behavior for synced identities and tested conditional access/compliance where applicable.
- Validated device enrollment results and reporting for Windows/macOS endpoints.
Technologies: Active Directory, Microsoft Entra ID (Azure AD), Azure AD Connect, Intune MDM, Windows, macOS