Blog | 7 February 2020
Moving apps to Azure AD: Planning your migration strategy
Head of External Identity
Moving your applications to the Cloud offers some serious benefits. Here’s how you can ensure your migration goes as smoothly as possible.
Organisations all over the world are looking to migrate business applications into the Cloud (Azure AD for the purposes of this blog) to take advantage of the many benefits it provides.
As a result, IT teams are under constant pressure from the Board and department heads to move business applications into the Cloud as quickly as possible.
The productivity and security benefits an organisation can gain from having all its apps in a cloud platform such as Azure AD can be a game-changer.
But it’s not uncommon for large organisations to have upwards of 150 applications that need to be moved. So how can your organisation start migrating all these apps – including Microsoft Office 365, 3rd party, and home-grown – across a mixture of cloud and on-premises? And how can you go about removing old infrastructure (and cost), which gets in the way of your cloud identity vision?
Answer: You need a solid application migration strategy.
In this blog, we’ll provide some useful advice on how to plan the migration of your apps to Azure AD and uncover some common challenges to consider.
Planning your application migration to Azure AD
Moving your users – Connecting your Active Directory to Azure AD
To start migrating over to Azure, your organisation must first ensure the current user population is added to the Azure AD environment.
Microsoft provides you with a handy synchronisation service called Azure AD Connect (AADC) to help you do this.
Azure AD Connect takes user objects from an on-premises Active Directory environment and synchronises them to the cloud-based Azure AD. It does this by reading the user objects from the directory and creating a matching identity in the Azure AD.
At the same time, it ensures that in the event of an Active Directory failure that requires a directory restore – or an Azure AD Connect failure – consistency metadata can be used to ensure that the user objects are kept in synchronisation.
An important element to consider right at the start of your app migration project is the project team itself.
Remember, it’s a cross-organisation project, so even though IT will do the physical migration itself, you should involve operations and business users throughout the process.
It helps the IT team understand all the apps in their estate and it also improves buy-in and accountability.
When considering an app migration project, Microsoft advise that you break your plan up into 4 key stages, enabling you to prioritise migrations and achieve success with minimal business impact:
1. App migration planning – Discovery and scope
When considering a project to migrate your applications to Azure AD, the first and most important thing to understand is the detailed breakdown of your entire app ecosystem.
Once you have this visibility, the IT team is better equipped to make decisions on which apps to move first, and how complicated each app migration will be.
The first step is to draw up a list of the applications you have.
Microsoft’s “Cloud Discovery” is a useful tool for finding the applications currently in use, based on network traffic.
It will catalogue applications and give them a risk score – discovering not just IT-endorsed applications but also “shadow IT”.
Once you feel you’ve got visibility over all your apps you need to start a detailed analysis, asking key questions such as:
- What is the current app authentication protocol?
- Who is the app owner?
- Who developed (and supports) the app?
- Is your app dependent on other systems?
- How many users does each app have?
- What are the compliance requirements for this app?
As highlighted earlier, getting this clear view and understanding of the apps in your estate is critical, but it’s also the most difficult part of the project – relying on information and buy-in from stakeholders across the business to make it happen.
Kocho can help organisations at this stage by utilising our business transformation and project management experience.
We also have a few clever tools available to help discover and analyse the applications and their characteristics within your current estate. For example, if you’re currently using ADFS for application authentication, we have some handy fixed-price proposals to help you discover and move those apps (and their authentication process) into the Cloud.
2. App migration planning – Classification and prioritisation
Once you have a clear picture of the apps in your estate, and their technical requirements and dependencies, you can start the process of prioritising their migration order.
Opportunistic apps are the most likely candidates you’ll want to migrate first.
Moving these apps early will most likely help the business realise instant ROI benefits in terms of productivity gains, costs savings or security improvements.
If you’re looking for an early win to get the broader business on board, these opportunistic apps are the low-hanging fruit. Apps in this bracket have the following characteristics:
- They are very expensive to run in their current state.
- Moving these apps to the Cloud would realise some significant benefits without much work.
Next, address all those apps that (after your thorough discovery stage) appear to be the lowest risk. For example, these apps are likely not to be business-critical, with a tendency to have fewer (more focused) groups of users, rather than users across the entire enterprise.
Other characteristics may include:
- Simple service-level agreements (SLAs).
- The users effected are on-board and ready for the change.
- There is complete knowledge and thorough documentation on these apps and their design.
All the major cloud providers advise organisations to go through a thorough scoping exercise to help you rank applications from lowest to highest risk. Low-risk applications should be migrated first, and higher-risk applications should come later.
Next, categorise app migration based on ‘ease to migrate’. A different lens than looking at it from a risk point of view.
When scoping the work, you should consider elements such as the complexity of migration approach (i.e. simple rehosting vs. complete rebuild), or “how stringent are the regulatory compliance factors for this app?”
Finally, addresses all those applications with a high complexity – these should always be considered for migration last!
These are those highly bespoke or custom-built apps that are potentially very ingrained in your organisation and are reliant on legacy infrastructure. These apps will each present unique migration challenges and are likely to take the longest.
3. Migrating and testing your apps
The next stage of the process covers how you will physically migrate these applications into the Cloud.
Again, the method you select may affect the order in which you want to migrate. Here’s a quick list of 5 various methods:
4. Managing and monitoring your app migration process
The final phase, and one that many organisations fall down on, is monitoring your app migration project and managing the new technology adoption.
It’s essential that you monitor app usage and adoption once the service is migrated to the Cloud to detect potential errors with the application architecture or performance.
To do this, you should be keeping a close eye on usage stats and error alerts. You should also make time to sync back with a cross-section of users to understand if there are any usability / UX issues.
It can be time-consuming to monitor and keep track of your app migration project once it’s in full swing, so it’s best to agree on some KPIs and stick to them. Good ones to consider include:
- Availability (% uptime, average load times, throughput)
- Error rates (no. of timeouts, failed requests, latency)
- Customer satisfaction scores (CSAT) (consider setting up a feedback loop)
- User adoption (no. of average users)
In order to ease the project through all stakeholders, your IT team should also build in opportunities to highlight the success of the migration.
Reporting against the KPIs above and adding some context around the intangible benefits, such as satisfaction, engagement and productivity, will help keep the project on track, with continued support across the business.
Consider your approach to technology adoption and change management carefully as part of any app migration project. Well thought out internal communications, engaging user training and useful support tools can expedite the adoption of your new apps after their move to the Cloud.
Common migration challenges and pitfalls
By thoroughly working through the discovery and scoping processes outlined above, you will have mitigated the risk from a lot of the more common challenges organisations run into when migrating apps to the Cloud.
Before you start your migration project, Kocho recommend that you run through a few ‘what if’ scenarios and ask yourself some additional questions, such as:
- Have you thoroughly investigated the security protection of the new cloud solution?
- Do the apps you’re planning to move have highly sensitive security requirements, and can the planned cloud provider fulfil these?
- Are your security team happy (and on-board with the level of protection on offer)?
It’s worth making yourself familiar with the statistics on why Azure AD is the most trusted cloud provider.
Important: As part of this, be aware that moving your application to the Cloud does not eliminate your security risks. It removes risks typically seen on legacy / on-premises systems, but it does open you up to other new attack vectors.
Also, make sure you’ve considered how much data you will need to migrate and manage in the Cloud inline with your project.
Hopefully, someone in your team will have taken the time to work out the ‘total cost of ownership’ (TCO) based on the new data storage requirements, users and network traffic. If you’re seeing costs increase for certain app migrations, consider if that is the best path for you.
One last thing before you start – be sure to check that all your existing bespoke, 3rd party or in-house applications are free from licencing or contract issues that could prevent you from moving to the Cloud.
Keep in mind that these are broad guidelines and your decision about moving applications to the Cloud should be based on your own situation.
However, if you apply all these questions to your application and IT landscape, you will be well-positioned to know what should and should not be migrated.
Making the switch to Azure AD for all your web applications is a priority activity for IT departments, with many already using Azure AD for Office 365 and Windows corporate sign in.
This strategic activity helps you to:
- Reduce costs by removing legacy hardware and software
- Simplify the sign-in process for your users and free up the IT help desk
- Build a reliable and future-proof infrastructure
- Facilitate onboarding and collaboration with external users via Microsoft Azure AD B2B or B2C
For more information, take a look at this resource from Microsoft. It’s packed with helpful information to help your app migration project.
As always, if you need any assistance or advice on planning your app migration strategy, come and talk to us. We have a range of fixed-price proposals dedicated to migrating applications to Azure AD that could be a great fit for you.
- MIM enables simplified identity and access management across business apps and your Active Directory.
- It can be used to bring together your identities for easy synchronisation to the Cloud via Azure AD Connect.
- MIM offers great flexibility and can be customised to meet your identity requirements.
- MIM will continue to be support for a while yet, so if you think it can help you now, deploy it.
Ready to ‘Become greater’?
When you sign up to our mailing list, you’ll get the best content, expert resources, and exclusive event invites sent directly to your inbox.
Marcus Idle is Kocho’s Head of External Identity. Marcus is passionate about bringing cloud and external identity to life to solve business problems for our clients.
Latest blog articles
Azure AD B2B vs B2C: What are the key differences between Microsoft’s external access products?
The definitive guide to Azure AD: Everything you need to know
Securing your path to passwordless authentication: A quick guide to modern sign-on methods
The definitive guide to Microsoft Sentinel: Everything you need to know to get started with Microsoft’s cloud SIEM
We’re here to help you on your journey towards becoming greater. Get in touch to find out how.