Northline Technologies
Healthcare IT Team · Nov 18, 2025
Why clinics switch
Google Workspace is a fine product, but for Ontario clinics it has two persistent gaps. First, Canadian data residency is not as cleanly guaranteed as it is on a Microsoft 365 Canadian tenant. Second, the controls auditors look for — Purview-style DLP, Intune-style device management, Office Message Encryption — are simply more mature on the Microsoft stack.
When a clinic gets serious about PHIPA compliance, the conversation usually turns to M365 within the first month.
Pre-migration: inventory and decisions
List every mailbox, shared drive, and Google Group. Categorise: clinical (clinicians, EMR-linked), operational (front desk, billing), administrative (HR, finance), shared (info@, billing@), and dormant. Dormant accounts get archived and deleted — not migrated.
Decide on licensing: Business Standard handles most clinic users; Business Premium is right for clinicians and admins because it adds Intune and Defender. Don't over-license front desk staff who only need email.
Document the new tenant's PHIPA-aligned settings up front — residency, MFA, conditional access, OME — using our Microsoft 365 settings guide as a checklist.
Mail cutover: parallel delivery, no downtime
Set up Microsoft 365 with a temporary mail-routing subdomain. Migrate historical mail in the background using a tool like BitTitan, Quadrotech, or Microsoft's built-in IMAP migration. This can run for days without anyone noticing.
On cutover day, change MX records during a lunch break. Configure dual delivery for 48 hours so any in-flight messages land in both places. Then decommission Google's mail on the weekend.
Done right, staff notice the new icon — and nothing else.
Drives, calendars, and groups: migrate separately
Treat Google Drive and Google Calendar as separate projects from mail. Migrate calendars in a single weekend window using a dedicated tool; otherwise free/busy times go strange for everyone for a week.
For drives, decide what becomes OneDrive (personal) vs SharePoint (team) before you move a single file. Mirroring Google's loose 'shared with' permissions one-for-one is a security mistake worth avoiding.
We script this work as part of every clinic migration under our managed IT service.
Post-migration: hardening and training
Within the first week: enforce MFA, enable conditional access, turn on Office Message Encryption, deploy Intune to clinician devices, extend audit log retention. Document each in your privacy file.
Within the first month: 30-minute Teams training, 15-minute encrypted email training, and a written acceptable-use policy refresh. Most user complaints in week one are 'I can't find my files' — front-load that with a one-page map.
Thinking about making the move? Start with a free, no-obligation conversation through our contact page — we'll scope your migration in 30 minutes.
Key takeaways
- Run mail in parallel during cutover — nobody should notice the change.
- Migrate calendars and shared drives separately from mail.
- Decide OneDrive vs SharePoint before moving a single file.
- Apply PHIPA-aligned hardening in the first week, not 'eventually'.
- Front-load user training; week-one questions are predictable.