PLATFORM

Exchange Online Migration Tool

MigrationFox handles tenant-to-tenant Exchange Online mailbox migrations — source-to-destination Microsoft 365 organizations, mergers and acquisitions, and consolidation projects. The full folder hierarchy, mail flags, categories, importance, sender attribution, and original timestamps come along with the messages. Works with both Exchange Online (Graph API) and on-premises Exchange Server (EWS / SOAP) as source or destination.

Folder Hierarchy Preservation

Exchange folders are migrated with their parent-child relationships intact. The MigrationFox mail-processor enumerates the source mailbox once, builds a destination-side folder index, and creates each new folder under the matching parent. Pre-existing destination folders are re-used rather than duplicated — an Inbox migrated twice doesn't produce "Inbox copy" hierarchies. Folder display names handle non-ASCII characters (UTF-8 throughout).

Flag, Category, and Importance Carry

Outlook's metadata travels with each message:

• flagStatus — flag-for-followup state preserved on destination
• categories — user-defined category names migrate; color assignments don't survive (Outlook bind colors per-mailbox)
• importance — low / normal / high preserved
• isRead — read / unread state preserved
• receivedDateTime — original timestamp preserved so mailbox sort order on destination matches source

Auth Modes

Three authentication shapes are supported, picked by your security policy:

• OAuth2 (delegated) — one signed-in user migrates their own mailbox. Lowest setup overhead.
• App-only (client credentials grant) — Azure AD app registration with Mail.ReadWrite Application permission, admin consent granted. Required for bulk migrations because MigrationFox impersonates each user via /users/{upn}/messages.
• Exchange EWS / Basic / NTLM — for on-prem Exchange Server sources where Graph isn't available. Uses ExchangeImpersonation headers when the service account is granted impersonation rights tenant-wide.

Sender Attribution (app-only mode)

When migrating with app-only auth, the destination Exchange tenant doesn't let the app set the message's from field to a non-authenticated user (Graph returns ErrorAccessDenied). MigrationFox handles this by:

• Letting the destination mailbox owner become the implicit sender on the imported message (this is the correct behavior for cross-mailbox migration anyway)
• Preserving the original sender's email as an X-Original-From internet message header so the message renders with the original "from" visible and audit fidelity is maintained

Attachment Carry

Attachments flow through Graph's fileAttachment.contentBytes with per-attachment 3 MB inline cap and per-message 25 MB total. Files above the cap are skipped with a forensic X-Migration-Note header so the recipient's mailbox documents exactly what was dropped. Today this is gated behind the ENABLE_O365_MAIL_ATTACHMENTS production flag — rolling out via 48-hour soak before being default-on. Larger files will be supported via upload-session in a follow-up.

Header Injection Defense

Subject, From, To, and Cc values from the source message are stripped of CR/LF/NUL characters before being written to the destination. A crafted source-side subject like x\r\nBcc: attacker@evil.com cannot inject a Bcc header on the imported message — the escape happens before Graph's SMTP layer sees the values. The fix was verified against the OWASP / Burp header-injection corpus.

Pricing

Mail migration is included in the standard $0.50 / GB pay-as-you-go rate (CAD). Each migrated message is billed by its full size including attachments. The free tier (2 GB) covers small mailbox migrations end-to-end.