Moving your applications to the Cloud offers some serious benefits. Here’s how you can ensure your migration goes as smoothly as possible.
Organisations all over the world are looking to migrate business applications into the Cloud (Azure AD for the purposes of this blog) to take advantage of the many benefits it provides.
As a result, IT teams are under constant pressure from the Board and department heads to move business applications into the Cloud as quickly as possible.
The productivity and security benefits an organisation can gain from having all its apps in a cloud platform such as Azure AD can be a game-changer.
But it’s not uncommon for large organisations to have upwards of 150 applications that need to be moved. So how can your organisation start migrating all these apps – including Microsoft Office 365, 3rd party, and home-grown – across a mixture of cloud and on-premises? And how can you go about removing old infrastructure (and cost), which gets in the way of your cloud identity vision?
Answer: You need a solid application migration strategy.
In this blog, we’ll provide some useful advice on how to plan the migration of your apps to Azure AD and uncover some common challenges to consider.
To start migrating over to Azure, your organisation must first ensure the current user population is added to the Azure AD environment.
Microsoft provides you with a handy synchronisation service called Azure AD Connect (AADC) to help you do this.
Azure AD Connect takes user objects from an on-premises Active Directory environment and synchronises them to the cloud-based Azure AD. It does this by reading the user objects from the directory and creating a matching identity in the Azure AD.
At the same time, it ensures that in the event of an Active Directory failure that requires a directory restore – or an Azure AD Connect failure – consistency metadata can be used to ensure that the user objects are kept in synchronisation.
An important element to consider right at the start of your app migration project is the project team itself.
Remember, it’s a cross-organisation project, so even though IT will do the physical migration itself, you should involve operations and business users throughout the process.
It helps the IT team understand all the apps in their estate and it also improves buy-in and accountability.
When considering an app migration project, Microsoft advise that you break your plan up into 4 key stages, enabling you to prioritise migrations and achieve success with minimal business impact. The four stages can be seen below:
When considering a project to migrate your applications to Azure AD, the first and most important thing to understand is the detailed breakdown of your entire app ecosystem.
Once you have this visibility, the IT team is better equipped to make decisions on which apps to move first, and how complicated each app migration will be.
The first step is to draw up a list of the applications you have.
Microsoft’s “Cloud Discovery” is a useful tool for finding the applications currently in use, based on network traffic.
It will catalogue applications and give them a risk score – discovering not just IT-endorsed applications but also “shadow IT”.
Once you feel you’ve got visibility over all your apps you need to start a detailed analysis, asking key questions such as:
Download our helpful Application Estate Discovery and Scoping Template for a full set of app discovery questions you should be asking.
As highlighted earlier, getting this clear view and understanding of the apps in your estate is critical, but it’s also the most difficult part of the project – relying on information and buy-in from stakeholders across the business to make it happen.
ThirdSpace can help organisations at this stage by utilising our business transformation and project management experience.
We also have a few clever tools available to help discover and analyse the applications and their characteristics within your current estate. For example, if you’re currently using ADFS for application authentication, we have some handy fixed-price proposals to help you discover and move those apps (and their authentication process) into the Cloud.
Once you have a clear picture of the apps in your estate, and their technical requirements and dependencies, you can start the process of prioritising their migration order.
The model below* outlines a simple yet effective approach to take based on ROI opportunity, risk, ease of migration and the level of customisation required.
The first tier of opportunistic apps are the most likely candidates you’ll want to migrate first.
Moving these apps early will most likely help the business realise instant ROI benefits in terms of productivity gains, costs savings or security improvements.
If you’re looking for an early win to get the broader business on board, these opportunistic apps are the low-hanging fruit. Apps in this bracket have the following characteristics:
The second tier of the model above addresses all those apps that (after your thorough discovery stage) appear to be the lowest risk. For example, these apps are likely not to be business-critical, with a tendency to have fewer (more focused) groups of users, rather than users across the entire enterprise.
Other characteristics may include:
All the major cloud providers advise organisations to go through a thorough scoping exercise to help you rank applications from lowest to highest risk. Low-risk applications should be migrated first, and higher-risk applications should come later.
Download our helpful Application Estate Discovery and Scoping Template to help you prioritise your app migration order.
The third tier categorises app migration based on ‘ease to migrate’. A different lens than looking at it from a risk point of view.
When scoping the work, you should consider elements such as the complexity of migration approach (i.e. simple rehosting vs. complete rebuild), or “how stringent are the regulatory compliance factors for this app?”
The fourth and final tier addresses all those applications with a high complexity – these should always be considered for migration last!
These are those highly bespoke or custom-built apps that are potentially very ingrained in your organisation and are reliant on legacy infrastructure. These apps will each present unique migration challenges and are likely to take the longest.
Discover how Azure AD can secure your internal and external identities – and provide seamless access to all your applications and data. You'll learn how to:
The next stage of the process covers how you will physically migrate these applications into the Cloud.
Again, the method you select may affect the order in which you want to migrate. Here’s a quick list of 5 various methods:
This tends to be the approach taken in a large legacy migration scenario where the organisation is looking to scale its migration quickly. Migration is fast and relatively inexpensive, but, because the app is not redesigned, an organisation may not realise the full cloud-native benefits.
Essentially this means redeveloping or rewriting code for an application so it can be ported to the Cloud or a different cloud platform. Azure AD supports SAML, OAuth and OpenID Connect, i.e. all of the mainstream protocols used in modern authentication (also known as ‘modern auth’ and ‘claims authentication’).
This means that a huge number of applications are supported with little or no modification. So, configuring a modern auth app to run in Azure AD should be relatively straightforward. As we said earlier, there are thousands of apps already in the Azure AD application gallery so you should check if your app is already supported before you start.
Move to a different product.
Getting rid of the app altogether.
Keeping the app in its current home.
The final phase, and one that many organisations fall down on, is monitoring your app migration project and managing the new technology adoption.
It’s essential that you monitor app usage and adoption once the service is migrated to the Cloud to detect potential errors with the application architecture or performance.
To do this, you should be keeping a close eye on usage stats and error alerts. You should also make time to sync back with a cross-section of users to understand if there are any usability / UX issues.
It can be time-consuming to monitor and keep track of your app migration project once it’s in full swing, so it’s best to agree on some KPIs and stick to them. Good ones to consider include:
In order to ease the project through all stakeholders, your IT team should also build in opportunities to highlight the success of the migration.
Reporting against the KPIs above and adding some context around the intangible benefits, such as satisfaction, engagement and productivity, will help keep the project on track, with continued support across the business.
Consider your approach to technology adoption and change management carefully as part of any app migration project. Well thought out internal communications, engaging user training and useful support tools can expedite the adoption of your new apps after their move to the Cloud.
By thoroughly working through the discovery and scoping processes outlined above, you will have mitigated the risk from a lot of the more common challenges organisations run into when migrating apps to the Cloud.
Before you start your migration project, ThirdSpace would recommend you run through a few ‘what if’ scenarios and ask yourself some additional questions, such as:
It’s worth making yourself familiar with the statistics on why Azure AD is the most trusted cloud provider.
Important: As part of this, be aware that moving your application to the Cloud does not eliminate your security risks. It removes risks typically seen on legacy / on-premises systems, but it does open you up to other new attack vectors.
Also, make sure you’ve considered how much data you will need to migrate and manage in the Cloud inline with your project.
Hopefully, someone in your team will have taken the time to work out the ‘total cost of ownership’ (TCO) based on the new data storage requirements, users and network traffic. If you’re seeing costs increase for certain app migrations, consider if that is the best path for you.
One last thing before you start – be sure to check that all your existing bespoke, 3rd party or in-house applications are free from licencing or contract issues that could prevent you from moving to the Cloud.
Keep in mind that these are broad guidelines and your decision about moving applications to the Cloud should be based on your own situation.
However, if you apply all these questions to your application and IT landscape, you will be well-positioned to know what should and should not be migrated.
Making the switch to Azure AD for all your web applications is a priority activity for IT departments, with many already using Azure AD for Office 365 and Windows corporate sign in.
This strategic activity helps you to:
For more information, take a look at this resource from Microsoft. It’s packed with helpful information to help your app migration project.
As always, if you need any assistance or advice on planning your app migration strategy, come and talk to us. We have a range of fixed-price proposals dedicated to migrating applications to Azure AD that could be a great fit for you.
Next, watch our on-demand webinar to find out what other benefits you can gain from making the move to Azure AD.
*Model based on “Choosing your cloud app migration order” article
Keep your finger on the pulse of identity and Microsoft technology. Submit your business email to get the latest content and event invites straight to your inbox.
Marcus Idle is our Head of Customer Identity and Access Management and IP Development at ThirdSpace. He is responsible for projects involving external identities. Expert in Microsoft’s Azure AD B2B...
READ AUTHOR'S FULL BIO
Discover how you can secure your internal and external identities – it’s all you need!Watch now
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.