Microsoft 365 Migration from Google Workspace (2026)

// 01

WHY FLORIDA SMBS MIGRATE FROM GOOGLE WORKSPACE TO M365 IN 2026.

For about a decade, Google Workspace (formerly G Suite) was the obvious choice for small business productivity. Cheap, fast to deploy, decent email and document collaboration, no Windows-server overhead. Many Florida SMBs we work with stood up Workspace in the 2015-2020 era and stayed because nothing was broken. By 2026, three pressures have shifted the calculus and we're running Workspace-to-M365 migrations almost weekly.

1. The security stack matured.

Microsoft 365 Business Premium ($27/user/month) bundles the security stack — Defender for Business EDR, Defender for Office 365, Intune device management, Entra ID Premium with Conditional Access, Azure Information Protection labels — into one tenant under one bill. Equivalent posture on Google Workspace requires layering third-party tools and produces a more fragmented audit story. For regulated SMBs (medical, legal, accounting) the M365 security story is materially cleaner.

2. Compliance and BAA alignment.

HIPAA-aligned medical practices need a BAA-eligible productivity tenant. Workspace offers a BAA but Microsoft 365 with its activated BAA is the more familiar terrain for HHS OCR investigators and for the medical billing / EHR / practice management ecosystem most Florida medical practices live in. Most healthcare-adjacent vendor integrations assume M365.

3. Microsoft Teams won the meetings war.

Google Meet is fine. Teams became the de facto B2B meetings platform — every external partner, vendor, customer is on Teams. Workspace shops were burning hours per week in “join via guest link” friction. The shift to Teams Phone (replacing legacy VoIP) compounds the value.

Two pressures that aren't driving migration in 2026: cost (the net cost difference between Workspace Business Standard $12 and M365 Business Standard $15 is small enough not to matter for most SMBs) and product quality (both productivity suites are mature). The migration decision is mostly about ecosystem fit, security stack consolidation, and compliance.

// 02

LICENSE MAPPING: WORKSPACE TIER TO M365 SKU.

Workspace and M365 each have multiple commercial tiers. The license-mapping decision affects per-user cost, the security stack you inherit, and what you can do at cutover. Here's the realistic mapping for Florida SMBs in 2026:

Workspace Business Starter → M365 Business Basic ($7.50/user/month). Web/mobile productivity apps, Exchange Online, 1TB OneDrive. Adequate for very light-use shops.
Workspace Business Standard → M365 Business Standard ($15/user/month). Adds desktop Office apps. Most common landing point for general SMBs.
Workspace Business Plus → M365 Business Premium ($27/user/month). Adds Defender for Business, Intune, Entra Premium, Defender for Office 365 Plan 1. This is the right answer for any regulated practice or any business that wants the security stack bundled.
Workspace Enterprise / Frontline → M365 Enterprise E3/E5 or F1/F3. Beyond typical SMB scope; pricing varies by negotiation.

For Florida nonprofits, the math is dramatically different — Microsoft 365 Business Basic and Business Standard are free for qualifying nonprofits, and Business Premium is $6 per user per month. We've migrated many Florida churches and 501(c)(3)s from Workspace nonprofit pricing to M365 nonprofit and the recurring cost savings are real.

The mistake to avoid: under-licensing. Migrating a 12-person practice to Business Basic to save money in year one and then realizing in month three that the absence of Defender for Business and Conditional Access has created an unbinable cyber-insurance posture. We default new healthcare and regulated clients to Business Premium for exactly this reason — the security stack is non-negotiable in 2026.

// 03

THE PRE-MIGRATION DISCOVERY PHASE.

Most failed migrations were under-discovered. The first week of any Workspace-to-M365 engagement is structured discovery. We inventory:

User inventory: full list of human users with role and tenure; service accounts and shared mailboxes; offboarding-candidate accounts that don't need to migrate.
Mailbox sizing: per-user mailbox size, attachment patterns, folder depth. Mailbox migration time scales with size and item count.
Drive inventory: personal Drive usage per user, Shared Drives in use, total data volume. This is the dominant cost driver in most migrations.
Shared Drive permission audit: who has access to what; which permissions are explicit versus inherited; expired permissions to clean up before migration.
Third-party app integrations: tools connected to Workspace (DocuSign, Mailchimp, the EHR, Zapier flows). Most need to be re-authenticated against M365 post-cutover; some need configuration changes.
External sharing inventory: who has access to your documents from outside the domain. Decision point: which external relationships survive the migration, which get cleaned up.
Domain and DNS posture: current MX, SPF, DKIM, DMARC records; registrar access; TTLs.
Mobile and BYOD posture: what devices are in use; which are corporate-owned vs personal; what MDM (if any) is in place today.

The discovery output becomes the migration plan: order of user moves, batch sizing, target SharePoint site architecture, security baseline to deploy, communication timeline, training plan. A clean discovery saves multiples of its time during cutover and the days that follow.

// 04

MAILBOX MIGRATION: BITTITAN MIGRATIONWIZ vs NATIVE vs MANUAL.

There are three viable tooling paths for the mailbox half of the migration.

BitTitan MigrationWiz — the SMB standard

BitTitan MigrationWiz is the dominant migration tool in the Microsoft partner channel. It handles Workspace-to-M365 cleanly: connects to both source and destination, runs concurrent migrations per user, supports delta passes for the cutover weekend, and produces logs that are useful for verification. Licensed per user, typically $12-15 per mailbox migrated for SMB volumes. It also handles Drive-to-OneDrive/SharePoint via a separate license. The right answer for almost any SMB Workspace migration.

Microsoft native migration

Microsoft has improved native Workspace migration capabilities in the Exchange admin center and via PowerShell. The functionality is real but the corner cases — large mailboxes, complex labels, special character handling, calendar attendee preservation — are uneven. We use native migration occasionally for very small (1-3 user) tenants where the BitTitan licensing cost outweighs the tooling advantage. Not recommended for anything larger.

Manual / IMAP

The cheapest path: IMAP-export from Workspace, IMAP-import to M365. Free, but loses calendar items, contacts, labels, and read/unread state; doesn't handle anything beyond mail; produces no useful audit log. Acceptable only for one-person shops moving an essential mailbox quickly with low fidelity expectations.

For 95% of Florida SMB migrations, BitTitan MigrationWiz is the right tool. The licensing cost is small relative to the migration project total and the reliability is worth it.

// 05

DRIVE → ONEDRIVE / SHAREPOINT MIGRATION (THE HARDER HALF).

If mailbox migration is mostly a tooling exercise, Drive migration is mostly an architecture exercise. The Google Drive permission model and the OneDrive/SharePoint permission model are different shapes; the translation requires real decisions about how the content should live going forward.

Personal Drive content (My Drive) maps cleanly to each user's OneDrive. The 1:1 mapping is intuitive: user's personal files become user's personal OneDrive. Migration tooling (BitTitan, Mover.io if you can get it, ShareGate) handles this side reasonably automatically.

Shared Drives are where the architecture work happens. The choices: (1) one SharePoint site per Shared Drive — typical for small/medium shops; (2) consolidate multiple Shared Drives into a smaller number of better-organized SharePoint sites — typical for shops that built up Workspace organically over years and are using migration as a cleanup opportunity; (3) Teams-based sites where the SharePoint backing store is created automatically when the Team is created — typical for client-facing project work.

Permissions translation is the dragon. Google's sharing model (link-based, role-based, with viewer/commenter/editor and ownership) doesn't cleanly map onto SharePoint groups, permission levels, and unique permission breakage. The honest practice: tooling carries permissions as cleanly as it can, then a human reviews and corrects exceptions before cutover. Pretending the tooling is perfect produces audit findings later.

Data volume matters for timeline. A Florida medical practice with 4TB of imaging in Shared Drives migrates over several days of background staging. A 12-person CPA firm with 80GB of working files migrates in hours. The discovery phase produces the volume estimate; the volume estimate produces the staging timeline.

// 06

CALENDAR, CONTACTS, AND SHARED RESOURCES.

Calendar migration is mostly mechanical: BitTitan MigrationWiz handles the user's calendar items and most recurring meetings cleanly. The corner cases that need attention: recurring meetings with end dates far in the future (translation isn't always pixel-perfect), meeting attendee lists with external email addresses (preserved but the external attendees may not see updates if calendar invites don't survive cleanly), and resource calendars (conference rooms, equipment) which migrate separately and need to be reconnected to the new tenant's booking flow.

Contacts move with the mailbox in most cases. Personal contacts in My Contacts come over. Shared contact groups need to be recreated as M365 distribution lists or shared mailboxes. Directory contacts are populated automatically from the new M365 tenant's user list.

Shared resources need explicit treatment. Conference rooms become M365 room mailboxes with the same booking workflow. Equipment that was tracked as a Workspace calendar resource becomes an equipment mailbox in M365. Shared Workspace mailboxes (like info@yourdomain.com) become shared mailboxes in M365 — free to license and accessible by the same delegated users.

The most common oversight: external calendar shares. If your practice manager shared the practice calendar with the answering service, the bookkeeper, or the spouse-of-the-owner via an external Google account, those shares need to be re-established against M365 calendar permissions post-cutover. The discovery phase should surface every external calendar share.

// 07

DNS CUTOVER STRATEGY AND THE PARALLEL-RUN PERIOD.

The DNS cutover is the moment the migration goes live for end users. It's the single highest-risk event in the project and also the one most amenable to careful planning. The structure we use:

T-14 days: Lower DNS TTL on MX records to 300 seconds. This ensures fast propagation when the actual cutover happens.
T-7 to T-3 days: Pre-stage all M365-side DNS records (autodiscover, SPF includes for Microsoft, DKIM, DMARC if not already in place). These can be added without disrupting current Workspace mail flow.
T-1 day: Final pre-cutover mailbox delta sync via BitTitan; verify OneDrive/SharePoint content; communicate cutover window to staff.
Cutover hour (typically Friday evening): Update MX records from Workspace to M365 endpoints; final mailbox delta sync to catch any mail that arrived during the cutover transition; activate M365 mail flow.
T+1 to T+3 days: Monitor mail flow; respond to user issues; verify external mail delivery; confirm DKIM/DMARC are reporting correctly.
T+30 to T+60 days: Decommission Workspace tenant after verification confirms M365 is fully operational and Workspace data has been preserved as needed.

The parallel-run period (when Workspace and M365 are both alive and configured) typically runs 7-14 days. During that window, mail still flows through Workspace, mailbox content is being staged into M365 in the background, and the staff is being trained. The cutover hour is the brief moment of actual switchover. Done right, end users notice nothing more than “Outlook works now instead of Gmail.”

// 08

END-USER TRAINING AND THE COMMUNICATION PLAN.

The communication plan starts at T-30 days and runs through T+14. The structure we use:

T-30: Announcement to staff — what's changing, why, when. Set expectations: “your email address stays the same; you'll log into Outlook instead of Gmail; nothing is being lost.”
T-14: Training session for staff (60-90 minutes for a typical 10-person SMB). Cover Outlook basics, Teams for the Google Meet user, OneDrive for the Drive user, the mobile app shift.
T-7: Distribute “day one in M365” quick-reference. One page covering: where to sign in, password reset path, MFA setup, the “where do I find my old emails” question.
T-1: Final reminder; confirm staff has Outlook/Teams/OneDrive installed and signed in (testable in advance — they can sign in before cutover, the mailbox just isn't live yet).
T+1 to T+5: On-site or virtual office-hours coverage for one-off questions. Most issues resolved in the first 48 hours.

For regulated practices (medical, legal, accounting) we add a separate compliance briefing covering the M365 security stack — MFA enforcement, conditional access prompts, the “why am I being asked to re-authenticate every 30 days” question, and the BAA implications for healthcare specifically. End-user adoption of MFA is the highest-leverage 15 minutes of training in the entire engagement.

// 09

SECURITY BASELINE AT CUTOVER: MFA, CONDITIONAL ACCESS, DEFENDER.

The migration cutover is the best opportunity in the lifecycle of the business to deploy the security baseline. Users are already adjusting to new logins and new apps; layering MFA into the same change window is materially easier than retrofitting it later. We deploy:

MFA enforced on 100% of users at cutover. Microsoft Authenticator is the default; SMS backup for users with regulatory or device constraints. Microsoft research consistently confirms MFA blocks 99.9% of automated credential attacks.
Conditional Access policies (Business Premium). Block legacy authentication, require compliant devices for sensitive data, require MFA for admin operations, geo-fence where appropriate.
Defender for Business deployed. EDR on every workstation, BitLocker enforcement on every laptop, automated patching via Intune.
Defender for Office 365 Plan 1 active. Safe Attachments sandboxing, Safe Links URL rewriting, anti-phishing AI, impersonation protection.
Intune device management. Corporate-owned devices enrolled at cutover; BYOD covered with app-protection policies.
DMARC enforcement on the domain. Start in p=none reporting mode; ramp to p=quarantine then p=reject over 60-90 days based on report data.
Audit logging at the appropriate retention. Default M365 audit log retention plus extended retention for regulated practices.
Third-party M365 backup. Microsoft is not responsible for restoring deleted user data beyond their retention windows. Veeam, Datto, Spanning, or equivalent third-party backup covers the gap.

The security baseline is what differentiates a migration from a tenant move. A tenant move just changes vendors. A real migration leaves the practice with a stronger security posture than it had on Workspace, with the documentation to prove it.

// 10

COMMON GOTCHAS AND THE 5 THINGS THAT GO WRONG.

Lingering external Drive shares that get orphaned. External users with view/edit access to specific files lose that access at decommissioning. Fix: inventory external shares in discovery, decide which need to be re-established as SharePoint external sharing, communicate to the external party before cutover.
Calendar invites with external attendees stop updating. Recurring meetings with external attendees can get stranded — the external attendee still has the original invite but doesn't see edits made from the M365 side. Fix: cancel and reissue critical recurring meetings on the M365 side post-cutover; brief the meeting organizer to do so.
Third-party integrations break. Apps connected to Workspace via OAuth (DocuSign, Mailchimp, Zapier, the EHR's email integration) need to be re-authenticated against M365. Fix: inventory in discovery; reconnect each app in the first 72 hours post-cutover.
Shared Drive permissions don't translate cleanly. Google's sharing model and SharePoint's permission model are different shapes; automated translation handles 80% well but 20% needs human review. Fix: permission audit in discovery, manual review of critical Shared Drives, post-cutover spot-check by the data owner.
End-user mobile devices show stale data. Users who don't remove the old Workspace account from their mobile devices see two inboxes, two contact lists, and confusion. Fix: communication plan instructs users to remove the Workspace account from mobile devices at cutover; office-hours coverage helps with this specifically.

The pattern: every common gotcha is preventable in discovery. A short, well-planned migration with a verbose discovery phase has materially fewer surprises than a fast migration that skipped discovery to save a week.

// 11

THE SIMPLY IT MIGRATION ENGAGEMENT — DISCOVERY, PLAN, EXECUTE, TRAIN, STABILIZE.

The Simply IT Workspace-to-M365 migration engagement follows a five-phase structure scoped to the size and complexity of the client. The typical 10-person Florida SMB migration:

Phase 1 (Days 1-5) — Discovery. User inventory, mailbox and Drive sizing, integration audit, permission review, communication-plan draft.
Phase 2 (Days 5-10) — Plan. License selection (typically Business Standard or Premium based on regulated-industry posture), SharePoint architecture decisions, security-baseline scope, training plan, cutover schedule.
Phase 3 (Days 10-21) — Execute. M365 tenant provisioning, BitTitan project setup, parallel mailbox sync, Drive content staging, third-party integration prep.
Phase 4 (Cutover weekend + Days 21-28) — Train and Cutover. Staff training session, DNS cutover, final delta sync, day-of-cutover support, security baseline deployment.
Phase 5 (Days 28-60) — Stabilize. Office-hours support, integration verification, Workspace decommissioning, post-migration documentation package.

For Simply IT managed-IT clients, the migration cost is the project itself plus the move to one of the managed-IT tiers (Simply Essential $75/user, Simply Secure $125/user, Simply Compliant $150/user per month, all with no long-term contracts) at cutover. For project-only engagements where the client manages their own ongoing IT, the migration is a defined-scope fixed-fee project with optional post-migration support.

Steve Condit (USMC veteran, 30+ years IT) personally oversees migrations at regulated-industry clients. We're headquartered in Ocala, FL, and have run Workspace-to-M365 migrations for Florida small businesses across medical, legal, accounting, construction, churches, nonprofits, and general SMB segments. If you're considering the move, get a free 30-minute migration scoping call — we'll review your current Workspace setup and give you an honest written scope. No obligation.

// 12

FREQUENTLY ASKED QUESTIONS.

How long does a Google Workspace to Microsoft 365 migration take?+

For a typical 5-25 person Florida small business, plan 2-4 weeks end-to-end. The breakdown: 1 week of discovery and planning, 1-2 weeks of parallel-run with mail flow and Drive content migrating in the background, then a weekend cutover with DNS changes and final delta sync. Larger or more complex shops (50+ users, deeply customized Workspace setups, large shared-drive estates, regulated data) take 4-8 weeks. The point of the timeline is to minimize disruption — most users notice almost nothing if the migration is run correctly.

How much does a Google Workspace to M365 migration cost?+

Two cost layers. (1) Licensing: M365 Business Basic $7.50/user/month, Standard $15, Premium $27 — or nonprofit pricing (Basic and Standard free, Premium $6). You stop paying Workspace at cutover so the net licensing impact is often neutral or only modestly different. (2) Migration services: for a 10-person SMB with a clean Workspace setup, Simply IT typically scopes the migration in the $2,000-$5,000 range depending on data volume and complexity. Highly regulated shops or large shared-drive estates can run higher. No long-term contracts.

How much downtime should we expect?+

Zero scheduled downtime for end users if the migration is run correctly. Mail flow continues through Workspace during the parallel-run period; after DNS cutover, mail flows to M365 with the queued backlog delivering within minutes. Drive content is staged into OneDrive/SharePoint in advance, so files are available at cutover. The most common ‘downtime’ users experience is the 30 minutes of re-signing-into-things on cutover morning — not actual service downtime.

Can we keep our existing email addresses?+

Yes — and you should. The DNS cutover moves @yourdomain.com email delivery from Workspace to M365 while keeping every address identical. Users don't need to update business cards, signatures, or external contacts. The only addresses that change are if you had any @gmail.com personal addresses being used for business — those should move to the @yourdomain.com address as part of the cleanup.

What happens to MX records and DNS during cutover?+

MX records (which tell the internet where to deliver your email) are the headline DNS change at cutover. You also typically update SPF, DKIM, DMARC, MX backup, and any service-specific records (DocuSign, Mailchimp, etc.). The window is short — DNS propagation is fast in 2026 — but the planning matters. We pre-stage all M365 DNS records 7-10 days before cutover so propagation completes well before the actual cutover hour.

How does shared Google Drive content map to OneDrive vs SharePoint?+

This is the most operationally important question in any migration. Personal Google Drive content maps to each user's OneDrive (their personal cloud storage). Shared Drives map to SharePoint document libraries — typically one SharePoint site per Shared Drive, with the same membership structure. The translation is rarely perfect; it's the migration phase where the most architectural decisions get made, and where pre-migration discovery pays the most dividends.

What about mobile devices and Gmail / Drive apps?+

Users switch from the Gmail and Drive mobile apps to the Outlook and OneDrive mobile apps. The transition is supported by Microsoft's mobile apps being mature and well-designed; most users adapt in days. For regulated practices with Intune deployed, mobile devices are enrolled in mobile-device-management which can require app-protection policies, conditional access, and encryption-at-rest on the device. Personal devices accessing business data should always be managed in 2026.

What happens to Shared Google Drives during migration?+

Each Shared Drive typically becomes a SharePoint site with a corresponding document library. Members of the Shared Drive become members of the SharePoint site with permissions translated as cleanly as the tooling allows. Folder structure carries over; permissions usually require manual review and cleanup (Google and Microsoft permission models don't map 1:1). This is the part of the migration where most architectural attention is needed and where pre-migration discovery pays off most.

How much end-user training is required?+

Less than most people expect. Outlook and Gmail are functionally similar for the 90% of daily email use; the most common adjustment is the keyboard shortcuts. Teams replaces Google Meet and is generally an improvement. OneDrive replaces Drive with comparable functionality. For a 10-person SMB, 60-90 minutes of group training plus 1-on-1 support availability the first week typically handles it. The training plan we deliver is sized to the team, not a fixed package.

What's the risk of data loss during migration?+

Very low if the migration is run with a tested tool (BitTitan MigrationWiz is the standard in 2026; Microsoft's native migration is improving but still has edge cases) and a defined verification step. We run pre-migration assessments to identify likely-problematic content (huge files, complex shared permissions, deeply nested folders) and resolve issues before cutover. Workspace data is retained for at least 30 days after cutover as a safety net before the Workspace tenant is decommissioned.

When do we cancel Google Workspace?+

Cancel only after a defined verification window. The standard protocol: cutover Friday evening, mail flows to M365 from Saturday morning, Drive content is verified in OneDrive/SharePoint over the first week, decommission Workspace 30-60 days after cutover. Some clients keep Workspace at minimum cost for 90 days as a belt-and-suspenders insurance policy. Either way, do not cancel the day of cutover — keep the rollback option available until verification is complete.

Does Simply IT do Google Workspace to M365 migrations?+

Yes. Simply IT has run dozens of Workspace-to-M365 migrations for Florida small businesses across medical, legal, accounting, construction, and small-business segments. The engagement covers discovery, license selection, migration tooling, DNS cutover, security baseline configuration, end-user training, and 30-day post-cutover support. Steve Condit (USMC veteran, 30+ years IT) personally oversees migration engagements at regulated-industry clients. No long-term contracts. Most migrations finish in 2-4 weeks.

MICROSOFT 365 MIGRATION FROM GOOGLE WORKSPACE — THE 2026 PLAYBOOK FOR FLORIDA SMALL BUSINESS.

ELEVEN SECTIONS. ABOUT 4,000 WORDS.