(Don’t hold your breath. this page is meant for 2 audiances:
- other unfortunate IT admins who will
- my client, who needs to know why microsoft is a bad choice as a simple email-contact-calendar provider
(or – why we decided to leave google g suite, and move to office 365). Well, it was kind of an arbitrary decision. Someone decided on it, and that’s what we do.
If I had my doubts, and thought for a moment, “hey, it’s going to be fast and fun”, then the 1st google result concerning the topic was a so-called 17 minutes readout about what’s it going to be like, from the sneaky people in ms, who think 26+ pages of arbitrary technical details can be easily digested. It’s not.
I didn’t call my lawyer (it will come later, you’ll see).
instead, I went to admin.microsoft.com
it took me several hours to figure, since, unlike admin.google.com, where everything is neatly bound in a single-domain single-interface easy-to-find large-font material-designed interface,
microsoft thought it would be funny to spread administrative functionality across at least 4 or 5 domains:
- azure stuff
- not to be confused with azure active directory stuff
- and something else I don’t remember.
Yeah, that’s right. if you don’t find, like, “security defaults” in the admin, so good luck finding out what it is – and where. (oh, it’s in azure active directory setting for your tenet / admin / account / exchange / azure / enterprise / who cares what – ms don’t care, and neither should you.)
Yes, MS is VERY BAD with naming things. Don’t believe me? try to read the aforementioned eye candy.
MS problem # 54 – Logging in to MS
Log In. how difficult could that be, you say.
Wrong. There’s no way to avoid using your phone. If, for any reason, your phone is dead / eaten alive by Dogbert / stolen / smashed / frozen / hacked / nokia 72 – forget about logging in to microsoft.
Login is so intensely dependent on your phone, that they wrote an app just for logging you in. I trust no microsoft to put put apps on my phone, so I don’t – and i pay for that decision – with blood:
so after created a user, i try to log it in. name, password, and “we must turture you, but we grace you with 14 days of peaceful login” “Skip for now (14 days until this is required)”. Don’t bother. It doesn’t skip.
I believed them, so I pressed that link, and after few clicks and hums – > i got rerouted exactly where I started – to the login screen.
I even tried “other authentication methods”. Nothing. Always to the same prison cell.
(“or maybe you want to use the app? it’s a great app. just donwload it here… oh wait. not so easily, you first need to do this. or that.”)
I had to disable app auth in order to login (even though I had other options enabled).
Then they send you sms. usually arrives immediately. Sometimes not. What then? user waits.
Then sms arrives – great joy – but.
Let us present to you, a bug. it’s kind of nice and well described: something about GET instead of POST; with a nice meaningless error number. No login for you, You’re screwed. Go home. Return in few minutes, delete cookies and try again.
Then there’s this “click in this box if you want to remember your choice”. I ticked that box it like 53 times by now (all of them this evening). Clearly, Microsoft, you don’t keep your word.
But apart from that, login works (for now. I have elsewhere multiple ms accounts I cannot log into to this very day.).
“Automatic migration” my ass
one thing the article fail to mention — there’s an “Automate the configuration of your G-Suite for migration“. it looks promising, and is hidden behind 20 clicks & hums, and, like, it’s not that everything is taken care of, as one naively expect.
They just promise to setup the google API for you.
Soon by clicking “Next”, I got this unique message:
It appears that you have cancelled the automation. Your progress was not saved. Please start over or complete the setup manually before proceeding.
Which is another flat lie.
make long story (4 hours chat & phone calls with a bleak support guy with not-that-horrible Indian accent & trying another browser) I realized it’s due to how chrome silently blocks popups.
Firefox, unlike chromium, lets you know and fixes that.
But even so – I logged into the google app authorization screen, just to get “Your app is BLOCKED. and we’re not going to tell you which app it is”. From any browser.
And then the unimaginable happend
So I contacted A google tech guy helped me doing it the manual way!!!!
He practically helped me taking paying users out from his company, google, and serving them to MS on a plate.
He took me step by step, aided by with screen-sharing until the very end, where we succeeded not only to create service accounts for half an hour, again and again.
He could even solve the scopes. A mysterious API or something – the client ID’s scopes were not explained, nor detailed.
Next, the question you’ve all been waiting for: