ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
07 February 2020

Moving apps to Azure AD: Planning your migration strategy

  • Identity and access management
  • Azure AD
  • Office 365
Marcus Idle

Moving your applications to the Cloud offers some serious benefits. Here’s how you can ensure your migration goes as smoothly as possible.

Organisations all over the world are looking to migrate business applications into the Cloud (Azure AD for the purposes of this blog) to take advantage of the many benefits it provides.

As a result, IT teams are under constant pressure from the Board and department heads to move business applications into the Cloud as quickly as possible.

The productivity and security benefits an organisation can gain from having all its apps in a cloud platform such as Azure AD can be a game-changer.

But it’s not uncommon for large organisations to have upwards of 150 applications that need to be moved. So how can your organisation start migrating all these apps – including Microsoft Office 365, 3rd party, and home-grown – across a mixture of cloud and on-premises? And how can you go about removing old infrastructure (and cost), which gets in the way of your cloud identity vision?

Answer: You need a solid application migration strategy.

In this blog, we’ll provide some useful advice on how to plan the migration of your apps to Azure AD and uncover some common challenges to consider.

 

Planning your application migration to Azure AD

Moving your users – Connecting your Active Directory to Azure AD

To start migrating over to Azure, your organisation must first ensure the current user population is added to the Azure AD environment.

Microsoft provides you with a handy synchronisation service called Azure AD Connect (AADC) to help you do this.

Azure AD Connect takes user objects from an on-premises Active Directory environment and synchronises them to the cloud-based Azure AD. It does this by reading the user objects from the directory and creating a matching identity in the Azure AD.

At the same time, it ensures that in the event of an Active Directory failure that requires a directory restore – or an Azure AD Connect failure – consistency metadata can be used to ensure that the user objects are kept in synchronisation.

Migration preparation

An important element to consider right at the start of your app migration project is the project team itself.

Remember, it’s a cross-organisation project, so even though IT will do the physical migration itself, you should involve operations and business users throughout the process.

It helps the IT team understand all the apps in their estate and it also improves buy-in and accountability.

When considering an app migration project, Microsoft advise that you break your plan up into 4 key stages, enabling you to prioritise migrations and achieve success with minimal business impact. The four stages can be seen below:

App migration planning – Discovery and scope

When considering a project to migrate your applications to Azure AD, the first and most important thing to understand is the detailed breakdown of your entire app ecosystem.

Once you have this visibility, the IT team is better equipped to make decisions on which apps to move first, and how complicated each app migration will be.

The first step is to draw up a list of the applications you have.

Microsoft’s “Cloud Discovery” is a useful tool for finding the applications currently in use, based on network traffic.

It will catalogue applications and give them a risk score – discovering not just IT-endorsed applications but also “shadow IT”.

Once you feel you’ve got visibility over all your apps you need to start a detailed analysis, asking key questions such as:

  • What is the current app authentication protocol?
  • Who is the app owner?
  • Who developed (and supports) the app?
  • Is your app dependent on other systems?
  • How many users does each app have?
  • What are the compliance requirements for this app?

Download our helpful Application Estate Discovery and Scoping Template for a full set of app discovery questions you should be asking.

As highlighted earlier, getting this clear view and understanding of the apps in your estate is critical, but it’s also the most difficult part of the project – relying on information and buy-in from stakeholders across the business to make it happen.

ThirdSpace can help organisations at this stage by utilising our business transformation and project management experience.

We also have a few clever tools available to help discover and analyse the applications and their characteristics within your current estate. For example, if you’re currently using ADFS for application authentication, we have some handy fixed-price proposals to help you discover and move those apps (and their authentication process) into the Cloud.

App migration planning – Classification and prioritisation

Once you have a clear picture of the apps in your estate, and their technical requirements and dependencies, you can start the process of prioritising their migration order.

The model below* outlines a simple yet effective approach to take based on ROI opportunity, risk, ease of migration and the level of customisation required.

The first tier of opportunistic apps are the most likely candidates you’ll want to migrate first.

Moving these apps early will most likely help the business realise instant ROI benefits in terms of productivity gains, costs savings or security improvements.

If you’re looking for an early win to get the broader business on board, these opportunistic apps are the low-hanging fruit. Apps in this bracket have the following characteristics:

  • They are very expensive to run in their current state.
  • Moving these apps to the Cloud would realise some significant benefits without much work.

The second tier of the model above addresses all those apps that (after your thorough discovery stage) appear to be the lowest risk. For example, these apps are likely not to be business-critical, with a tendency to have fewer (more focused) groups of users, rather than users across the entire enterprise.

Other characteristics may include:

  • Simple service-level agreements (SLAs).
  • The users effected are on-board and ready for the change.
  • There is complete knowledge and thorough documentation on these apps and their design.

All the major cloud providers advise organisations to go through a thorough scoping exercise to help you rank applications from lowest to highest risk. Low-risk applications should be migrated first, and higher-risk applications should come later.

Download our helpful Application Estate Discovery and Scoping Template to help you prioritise your app migration order.

The third tier categorises app migration based on ‘ease to migrate’. A different lens than looking at it from a risk point of view.

When scoping the work, you should consider elements such as the complexity of migration approach (i.e. simple rehosting vs. complete rebuild), or “how stringent are the regulatory compliance factors for this app?”

The fourth and final tier addresses all those applications with a high complexity – these should always be considered for migration last!

These are those highly bespoke or custom-built apps that are potentially very ingrained in your organisation and are reliant on legacy infrastructure. These apps will each present unique migration challenges and are likely to take the longest.

Webinar: Azure AD - The only cloud identity provider you'll need

Discover how Azure AD can secure your internal and external identities - and provide seamless access to all your applications and data. You'll learn how to:

  • Provide secure access with MFA, conditional access and more
  • Create a unified identity approach across your entire enterprise
Watch on-demand now

Migrating and testing your apps

The next stage of the process covers how you will physically migrate these applications into the Cloud.

Again, the method you select may affect the order in which you want to migrate. Here’s a quick list of 5 various methods:

1. Rehosting or replatforming

This tends to be the approach taken in a large legacy migration scenario where the organisation is looking to scale its migration quickly. Migration is fast and relatively inexpensive, but, because the app is not redesigned, an organisation may not realise the full cloud-native benefits.

2. Refactoring

Essentially this means redeveloping or rewriting code for an application so it can be ported to the Cloud or a different cloud platform. Azure AD supports SAML, OAuth and OpenID Connect, i.e. all of the mainstream protocols used in modern authentication (also known as ‘modern auth’ and ‘claims authentication’).

This means that a huge number of applications are supported with little or no modification. So, configuring a modern auth app to run in Azure AD should be relatively straightforward. As we said earlier, there are thousands of apps already in the Azure AD application gallery so you should check if your app is already supported before you start.

3. Repurchasing

Move to a different product.

4. Retiring

Getting rid of the app altogether.

5. Retaining

Keeping the app in its current home.

Managing and monitoring your app migration process

The final phase, and one that many organisations fall down on, is monitoring your app migration project and managing the new technology adoption.

It’s essential that you monitor app usage and adoption once the service is migrated to the Cloud to detect potential errors with the application architecture or performance.

To do this, you should be keeping a close eye on usage stats and error alerts. You should also make time to sync back with a cross-section of users to understand if there are any usability / UX issues.

It can be time-consuming to monitor and keep track of your app migration project once it’s in full swing, so it’s best to agree on some KPIs and stick to them. Good ones to consider include:

  • Availability (% uptime, average load times, throughput)
  • Error rates (no. of timeouts, failed requests, latency)
  • Customer satisfaction scores (CSAT) (consider setting up a feedback loop)
  • User adoption (no. of average users)

In order to ease the project through all stakeholders, your IT team should also build in opportunities to highlight the success of the migration.

Reporting against the KPIs above and adding some context around the intangible benefits, such as satisfaction, engagement and productivity, will help keep the project on track, with continued support across the business.

Consider your approach to technology adoption and change management carefully as part of any app migration project. Well thought out internal communications, engaging user training and useful support tools can expedite the adoption of your new apps after their move to the Cloud.

Common migration challenges and pitfalls

By thoroughly working through the discovery and scoping processes outlined above, you will have mitigated the risk from a lot of the more common challenges organisations run into when migrating apps to the Cloud.

Before you start your migration project, ThirdSpace would recommend you run through a few ‘what if’ scenarios and ask yourself some additional questions, such as:

  • Have you thoroughly investigated the security protection of the new cloud solution?
  • Do the apps you’re planning to move have highly sensitive security requirements, and can the planned cloud provider fulfil these?
  • Are your security team happy (and on-board with the level of protection on offer)?

It’s worth making yourself familiar with the statistics on why Azure AD is the most trusted cloud provider.

Important: As part of this, be aware that moving your application to the Cloud does not eliminate your security risks. It removes risks typically seen on legacy / on-premises systems, but it does open you up to other new attack vectors.

Also, make sure you’ve considered how much data you will need to migrate and manage in the Cloud inline with your project.

Hopefully, someone in your team will have taken the time to work out the ‘total cost of ownership’ (TCO) based on the new data storage requirements, users and network traffic. If you’re seeing costs increase for certain app migrations, consider if that is the best path for you.

One last thing before you start – be sure to check that all your existing bespoke, 3rd party or in-house applications are free from licencing or contract issues that could prevent you from moving to the Cloud.

 

Conclusion

Keep in mind that these are broad guidelines and your decision about moving applications to the Cloud should be based on your own situation.

However, if you apply all these questions to your application and IT landscape, you will be well-positioned to know what should and should not be migrated.

Making the switch to Azure AD for all your web applications is a priority activity for IT departments, with many already using Azure AD for Office 365 and Windows corporate sign in.

This strategic activity helps you to:

  • Reduce costs by removing legacy hardware and software
  • Simplify the sign-in process for your users and free up the IT help desk
  • Build a reliable and future-proof infrastructure
  • Facilitate onboarding and collaboration with external users via Microsoft Azure AD B2B or B2C

For more information, take a look at this resource from Microsoft. It’s packed with helpful information to help your app migration project.

As always, if you need any assistance or advice on planning your app migration strategy, come and talk to us. We have a range of fixed-price proposals dedicated to migrating applications to Azure AD that could be a great fit for you.

Next, watch our on-demand webinar to find out what other benefits you can gain from making the move to Azure AD.

*Model based on “Choosing your cloud app migration order” article

You may also like...

Blog

Distributed identity: A beginner’s guide

Blog

Is your Azure AD Connect up to date? Here’s why it needs to be

Blog

Microsoft’s cloud identity strategy – 11 key moments from the Alex Simons 2019 keynote

Recent Blog Articles

View All
Author
Marcus Idle
Head of CIAM and IP Development
Learn More

Need advice? Our experts are waiting...

Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.

Request Vision Call
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.