cloudconsulting.agustin

Azure Migrate Top 25

Checklist reordered to follow a recommended migration sequence: planning, appliance prep, discovery, assessment, replication, testing and cutover.

📈

1. Define Migration Goals (Servers Databases VDI WebApps DataBox)

Clarify business intent: which workloads, recovery objectives, target SKUs, and constraints before assessment.

Top 5 design recommendations

  1. Document migration scope per workload type: servers, databases, VDI, web apps, and offline bulk via DataBox.
  2. Specify RPO/RTO, compliance, licensing (Azure Hybrid Benefit) and performance SLAs for each workload class.
  3. Decide target landing zones, subscription boundaries, and resource group taxonomy before migrations.
  4. Define acceptance criteria for test migrations and success metrics for cutover.
  5. Plan for identity, networking and security posture (NSGs, private endpoints, Azure Firewall) for migrated workloads.
Azure Migrate overview Migration strategy guide

Top 5 operational best practices

  1. Hold migration workshops to align stakeholders on goals, timelines and rollback criteria.
  2. Maintain a migration runbook per workload type with pre-checks, test steps and post-cutover validation.
  3. Use tagging conventions to map business owners, migration waves and criticality for reporting.
  4. Track licensing and cost estimates; baseline current usage and forecast Azure SKU costs.
  5. Schedule migrations in waves that permit rapid validation and rollback if needed.

💻

2. Azure Migrate Hub and Tools

Use Azure Migrate hub to centralize assessment and migration tooling for servers, databases, web apps and VDI.

Top 5 design recommendations

  1. Use Azure Migrate as the central project; enable specific tools (server assessment, server migration, database assessment) as solutions.
  2. Map tool choices to migration goals: Server Migration for lift-and-shift, Database Migration Service for DBs, App Service Migration for web apps.
  3. Plan appliance sizing and placement to ensure discovery coverage and secure connectivity to Azure.
  4. Organize projects by migration wave, region and workload type for visibility and permissions control.
  5. Integrate Azure Migrate outputs with your CMDB and inventory systems to avoid duplicate records.
Azure Migrate services

Top 5 operational best practices

  1. Standardize on a single Azure Migrate project per datacenter or per tenant to centralize artifacts and reports.
  2. Grant least-privilege RBAC to migration teams and reviewers for project-level tasks.
  3. Automate periodic re-discovery to keep inventory and dependency maps up to date.
  4. Store assessment and migration reports in a central repository for audits and rollbacks.
  5. Use tags and migration wave fields in project metadata to drive dashboards and status reports.

👥

3. Groups, Roles and RBAC for Migration Teams

Apply least-privilege RBAC and group assignments for discovery, assessment and migration operations.

Top 5 design recommendations

  1. Define migration roles (reader, contributor, owner, job executor) and map them to Azure built-in roles where possible.
  2. Use Azure AD groups to manage access to Migrate projects and Recovery Services vaults.
  3. Segment permissions by project and environment to reduce blast radius of accidental changes.
  4. Document escalation privileges for emergency operations and restrict them tightly with Just-In-Time where available.
  5. Audit RBAC assignments regularly and remove stale access after migration waves complete.
RBAC overview

Top 5 operational best practices

  1. Automate role assignment and removal via scripts or IaC during onboarding/offboarding of migration staff.
  2. Require MFA for accounts performing migration operations and monitor privileged operations in audit logs.
  3. Keep an access inventory tied to migration waves for governance reporting.
  4. Use activity log alerts for sensitive operations like project key generation, appliance registration and vault changes.
  5. Perform periodic access reviews and reconcile group membership with HR/contractor status.

🔑

4. Generate Azure Migrate Project Key

Project key links on-premise appliance(s) to the Azure Migrate project for secure discovery and uploads.

Top 5 design recommendations

  1. Generate project keys per project and limit key lifetime; avoid reusing keys across unrelated projects.
  2. Use service principals with scoped permissions where possible for automated appliance registration.
  3. Plan key distribution method securely (e.g., vault or secure file transfer) to avoid leakage.
  4. Document which appliance instance is associated with which project key for support and rotation.
  5. Set up alerts for project key expiry and rotate keys as part of change control.
Generate project key (Azure Migrate)

Top 5 operational best practices

  1. Rotate project keys on schedule and whenever appliance lifecycle events occur (decommission, rebuild).
  2. Restrict who can create or view project keys via RBAC and audit Activity Log for key operations.
  3. Test key use after generation in a non-production appliance to validate connectivity.
  4. Track keys in an inventory with expiry dates to prevent unexpected discovery failures.
  5. Revoke keys promptly if an appliance is compromised or removed from the project.

📥

5. Download Azure Migrate Appliance

Appliance provides discovery and dependency mapping for servers and VMs; download appropriate appliance (OVF/Hyper-V).

Top 5 design recommendations

  1. Choose correct appliance variant for VMware, Hyper-V or physical discovery and match resource sizing guidance.
  2. Place appliance in a network segment with access to vCenter/Hyper-V hosts and to Azure (outbound HTTPS allowed).
  3. Plan storage for collected telemetry and temporary caches per Microsoft sizing guidance.
  4. Consider high-availability for multiple appliances across large environments for discovery scale.
  5. Define naming and tagging for appliances to reflect region, datacenter and migration wave.
Download and deploy appliance

Top 5 operational best practices

  1. Validate appliance network connectivity to target management systems, storage and Azure endpoints before discovery.
  2. Monitor appliance health and disk usage; schedule maintenance windows for appliance updates.
  3. Secure appliance credentials and service account usage; rotate passwords used for discovery connectors.
  4. Version-control appliance images and document deployed appliance build and configuration.
  5. Periodically update appliance to latest recommended build for security and feature updates.

📱

6. Appliance Networking and Proxy Settings

Ensure appliances have correct proxy settings, certificate trust chains, and outbound access to Azure endpoints.

Top 5 design recommendations

  1. Document required outbound endpoints and ports and coordinate whitelisting with network/security teams.
  2. Decide whether appliances use corporate proxy or direct egress and plan TLS inspection considerations.
  3. Deploy appliance in a subnet with access to on-prem management systems and dedicated egress to Azure to simplify troubleshooting.
  4. Plan DNS resolution for private endpoints and hybrid DNS scenarios used during migration.
  5. Include appliance logs in central logging for visibility and troubleshooting.
Appliance network requirements

Top 5 operational best practices

  1. Verify proxy authentication method (NTLM, Basic) supported by appliance and test end-to-end connectivity.
  2. Ensure root CA used by corporate TLS interception is present in appliance trust store if TLS inspection is enabled.
  3. Monitor appliance connectivity and add synthetic tests to detect failing outbound paths early.
  4. Keep appliance time and DNS settings consistent to avoid discovery artifacts and mismatches.
  5. Document and secure proxy credentials and track changes to proxy configurations.

7. Appliance Configuration (Cloud Public/Private)

Configure appliance networking, proxy, credentials and choose between public-cloud or private connectivity models.

Top 5 design recommendations

  1. Decide connectivity model: direct internet outbound to Azure endpoints (public) or via corporate proxy/VPN (private).
  2. Whitelist Azure endpoints and service URLs required by the appliance in corporate egress controls.
  3. Configure appliance time synchronization, DNS and NTP for reliable discovery and mapping.
  4. Use separate credentials for vCenter/Hyper-V/Hyper-V host registration with least privilege required for discovery.
  5. Plan for appliance network security: NSGs, firewall rules and restricted management access.
Appliance requirements Azure endpoints & URLs

Top 5 operational best practices

  1. Test appliance through your proxy and validate certificate interception paths for TLS-inspecting proxies.
  2. Harden appliance OS and limit remote management; log access to appliance consoles.
  3. Keep appliance backups of configuration and have a documented redeploy procedure.
  4. Monitor appliance performance and scale out additional appliances for large environments.
  5. Document proxy settings and rotation schedule for environments with strict egress controls.

💻

8. Hyper-V Host Registration

Register Hyper-V hosts for discovery and replication; ensure prerequisites and firewall rules are met.

Top 5 design recommendations

  1. Use a service account with read-only privileges for discovery and a separate least-privilege account for replication tasks if required.
  2. Plan host registration during maintenance windows to reduce disruption to management systems.
  3. Group hosts by cluster or datacenter to make replication/assessment scoping simpler.
  4. Document Hyper-V host network paths to storage to ensure consistent performance expectations post-migration.
  5. Validate integration with SCVMM if present and consider SCVMM-based discovery options.
Discover Hyper-V hosts

Top 5 operational best practices

  1. Confirm host connectivity and firewall exceptions for required ports before registration.
  2. Record host credentials in a secure vault and limit who can view or update them.
  3. Monitor host registration logs and remediate failures promptly.
  4. Keep host agents and management plugins up to date per Microsoft guidance.
  5. Perform capacity checks to ensure hosts can support additional load during discovery and test migration.

🔍

9. Discover Machines (VMware Hyper-V Physical)

Run discovery to populate inventory: servers, VMs, OS, disks, CPU, memory and installed software for assessment.

Top 5 design recommendations

  1. Scope discovery waves and connectors to avoid overloading vCenter/Hyper-V management nodes.
  2. Include physical servers by using agent-based discovery when required for metadata collection.
  3. Collect inventory metadata needed for right-sizing: CPU, RAM, disk IOPS and peak utilization.
  4. Plan credential vaulting and least-privilege accounts for discovery connectors.
  5. Tag discovered assets with business unit, application and migration wave fields for reporting.
Discover VMware VMs Discover Hyper-V

Top 5 operational best practices

  1. Run discovery during non-peak times initially; schedule incremental scans to capture changes.
  2. Validate discovered inventory against source CMDB to detect missing or duplicate entries.
  3. Monitor discovery logs and appliance connectivity to quickly resolve discovery gaps.
  4. Archive discovery snapshots to enable comparison across assessment runs.
  5. Coordinate with application owners to annotate discovered machines with app context and dependencies.

📄

10. Manage Discovered Servers

Review discovered servers for completeness, classification (prod/dev/test), and mark migration candidates.

Top 5 design recommendations

  1. Create classification fields (app, owner, criticality, migration wave) and apply via UI or CSV import.
  2. Use grouping to create application-centric views and to group servers that move together.
  3. Design retention and naming standards for discovered items to keep consistent reporting.
  4. Define exclusion lists for servers that are out of scope or non-migratable (e.g., unsupported OS).
  5. Plan automated tagging rules using resource graph or API to sync discovery metadata with Azure resources.
Manage discovery in Azure Migrate

Top 5 operational best practices

  1. Validate CPU/RAM/disk sizing fields and correct anomalies before assessment to avoid bad rightsizing recommendations.
  2. Keep owners engaged: request confirmation on discovered lists before creating assessments or replication jobs.
  3. Use reports to find orphaned VMs or machines with incomplete metadata and remediate data quality issues.
  4. Reconcile discovered server inventory with on-prem monitoring tools for accuracy.
  5. Document non-migrate reasons and store evidence for compliance and audit trails.

📎

11. Dependencies Diagram (Grouping & Mapping)

Use dependency visualization to identify application groups, network boundaries and order of migration.

Top 5 design recommendations

  1. Enable dependency agent collection (where supported) to produce accurate call graphs and process maps.
  2. Group servers into application bundles that must be migrated together based on dependency graph edges.
  3. Use dependency diagrams to decide lift-and-shift vs refactor strategies per application group.
  4. Plan network connectivity and firewall changes required for migrated dependencies (DNS, private endpoints).
  5. Define migration ordering and transaction windows based on dependency critical path.
Discover dependencies

Top 5 operational best practices

  1. Validate dependency maps with app owners and adjust groupings for business logic not captured by network flows.
  2. Use diagrams to plan cutover sequences and to identify potential mid-migration connectivity issues.
  3. Run integration tests for dependent services in a pilot environment before mass migration.
  4. Document exceptions where dependencies are intentionally broken or addressed differently during migration.
  5. Store dependency snapshots with each assessment to track changes over migration waves.

📊

12. Server Assessment (Sizing and Readiness)

Assess readiness, compatibility, right-sizing and cost estimates for server workloads before migration.

Top 5 design recommendations

  1. Baseline performance metrics (CPU, memory, disk IOPS, network) and use those to recommend Azure VM SKUs.
  2. Include compatibility checks for OS, drivers and special hardware (GPU, SR-IOV) in assessment scope.
  3. Consider reserved instances or Savings Plans in cost models for predictable workloads.
  4. Define uplift for peak loads and business growth when sizing target VMs and storage.
  5. Plan for backup and recovery options for migrated servers (Azure Backup, ASR if used for replication).
Server assessment tutorial

Top 5 operational best practices

  1. Review assessment recommendations with application and capacity teams prior to migration scheduling.
  2. Adjust rightsizing recommendations for seasonal or monthly peaks not captured during short collection windows.
  3. Validate cost model assumptions (storage tiers, bandwidth, licensing) with finance stakeholders.
  4. Track assessment changes over time as additional telemetry is collected.
  5. Create acceptance criteria for performance and functional tests post-migration to validate sizing choices.

📚

13. Database Assessment (replace DMA with current tooling)

Assess database compatibility, feature parity and migration path using supported Microsoft tools and services rather than the retired DMA.

Top 5 design recommendations

  1. Use Azure Database Migration Service (DMS) for online and offline migrations and as the primary orchestrator for data movement to Azure.
  2. For compatibility analysis and schema recommendations use the migration/assessment capabilities available in SSMS and Azure Data Studio, and the consolidated Azure database migration guidance from Microsoft.
  3. Plan the target platform (Azure SQL Managed Instance, Azure SQL Database, SQL Server on Azure VM) based on feature, compatibility and lifecycle needs.
  4. Design data movement strategy (online replication, transactional cutover, or DataBox seeding) aligned to RPO/RTO constraints and network capacity.
  5. Include remediation and validation steps for deprecated features and breaking changes discovered via modern assessment tools and remediation pipelines.
Azure Database Migration Service (DMS) SSMS (Migration components)

Top 5 operational best practices

  1. Run assessments using SSMS migration features and Azure Data Studio extensions and validate remediation steps with DBAs before migration.
  2. Use DMS test migrations in a staging environment to validate schema/data movement, performance and cutover procedures.
  3. Instrument data migration tasks with metrics (throughput, latency, error rates) and alert on anomalies during migration windows.
  4. Keep a remediation backlog for compatibility fixes and retest assessments after changes to confirm readiness.
  5. Document post-migration validation checks (integrity, performance, jobs, logins) and automate verification where possible.
Azure Data Studio Migrate SQL Server to Azure guidance

Microsoft has retired the standalone Data Migration Assistant (DMA); customers should adopt the recommended alternatives (DMS, SSMS migration components, Azure Data Studio and consolidated Azure migration guidance) for assessment and migration planning.

💾

14. Modern Database Assessment Workflow (DMA retirement: alternatives and process)

Replace legacy DMA steps with a modern assessment workflow that uses supported Microsoft tooling and cloud migration guidance.

Top 5 design recommendations

  1. Adopt a combined assessment approach: use SSMS Migration and Azure Data Studio for compatibility checks and DMS for migration orchestration and testing.
  2. Standardize assessment templates (schema checks, feature parity, performance baseline, security posture) and apply them across databases.
  3. Map remediation actions to sprint-sized work items and schedule re-assessments after fixes to close migration blockers.
  4. Include data transfer sizing (network egress, DMS throughput or DataBox capacity) when estimating cutover windows and costs.
  5. Choose migration pattern (online/near-zero-downtime vs offline) based on business constraints and tool capabilities (DMS online migrations where supported).
Azure Database Migration Service SQL Server migration guidance

Top 5 operational best practices

  1. Run repeated dry-run migrations with DMS to measure data movement times and validate cutover scripts and procedures.
  2. Automate validation checks post-migration (row counts, checksums, application smoke tests) to accelerate sign-off.
  3. Monitor DMS tasks closely and set alerts for throttling, connectivity loss or task failures.
  4. Keep migration artifacts (assessment reports, remediation logs, test results) stored centrally for audit and troubleshooting.
  5. Follow Microsoft's consolidated guidance for database modernization and tool consolidation to stay aligned with supported paths.
Migration and modernization guidance

Note: Microsoft announced the retirement of DMA and recommends using the consolidated, modern migration tooling and guidance (e.g., DMS, SSMS migration components and Azure Data Studio) for assessments and migrations.

🔮

15. Migration Tools (Server Migration Groups Appliances)

Select and configure tools: Server Migration, Database Migration Service, App Service Migration, and DataBox for bulk data.

Top 5 design recommendations

  1. Match tools to goals: Azure Migrate Server Migration for VMs, Azure Database Migration Service for DBs, App Service migration for webapps.
  2. Use migration groups to orchestrate related servers and dependencies.
  3. For large datasets, design offline ingestion using DataBox or express routes for high-throughput transfer.
  4. Plan appliance and DMS sizing for throughput and resiliency; include storage account and network bandwidth planning.
  5. Consider hybrid modes and phased replication to reduce cutover window risk.
Azure Migrate tools Azure DataBox

Top 5 operational best practices

  1. Use test runs with Server Migration to validate replication, network mapping and target connectivity.
  2. Schedule migration jobs during low business activity and monitor job progress and throttling.
  3. Maintain a job inventory with start/stop times, owners and expected cutover windows.
  4. Use alerts for job failures, replication lags and for DMS migration task errors.
  5. Document rollback procedures for failed migrations including re-pointing DNS and restoring from backups.

💻

16. Replicating Machines (ASR / Server Migration)

Configure replication, retention, recovery point objectives and test flows for replicated VMs.

Top 5 design recommendations

  1. Choose replication technology appropriate for scenario: Azure Site Recovery for disaster recovery or Server Migration for migration.
  2. Define RPO and retention policies; plan target storage redundancy and performance accordingly.
  3. Plan network mapping for replicated NICs, private IPs and load balancer backend pools.
  4. Include extension/script runbooks for post-replication config or domain join tasks.
  5. Consider encryption at rest and secure key management for replicated disks.
Azure Site Recovery overview

Top 5 operational best practices

  1. Monitor replication health metrics and set alerts for replication lag and failed syncs.
  2. Test disaster recovery or migration failovers regularly and document results.
  3. Validate application consistency of replicas by performing app-level tests after failover to test instances.
  4. Track replications in a job inventory and record last successful sync time prior to cutover.
  5. Secure replication accounts, vaults and storage with RBAC and periodic credential rotation.

🛠

17. Azure Site Recovery Provider Setup & Installation

ASR can be used for disaster recovery and for some migration scenarios; ensure provider components and vault are configured.

Top 5 design recommendations

  1. Choose Recovery Services vault regions to match target resilience and compliance requirements.
  2. Plan ASR storage replication and recovery plan structure for groups of VMs that fail over together.
  3. Decide between agentless or agent-based replication depending on environment and OS support.
  4. Architect network mappings for recovered VMs including subnets, IPs and load balancer integration.
  5. Include runbooks for post-failover configuration and for deprovisioning after migration if used only for migration.
ASR overview ASR Hyper-V setup

Top 5 operational best practices

  1. Register Hyper-V hosts or vCenter servers with vaults using least-privilege accounts and monitor registration events.
  2. Keep vault certificates and keys secured and rotate them as required.
  3. Test failover and failback plans periodically and document RTO/RPO achieved during tests.
  4. Monitor vault jobs, VM replication health and storage consumption in the vault.
  5. Automate alerts for replication lag and job failures to guarantee timely remediation.

🚀

18. Server Migration Workflows

Plan actions: replicate, test migrate, cutover and decommission with clear validation and rollback steps.

Top 5 design recommendations

  1. Define replication topology: storage accounts, target VNets/subnets, NIC mapping and NSG rules for migrated VMs.
  2. Plan OS disk type and performance tier on Azure to meet application needs (Premium, Ultra where needed).
  3. Map source identities and service accounts to Azure AD or hybrid AD solutions before cutover.
  4. Design DNS change strategy and health probe validation for services after migration.
  5. Define tagging and naming for migrated VMs for governance and cost tracking.
Server migration tutorial

Top 5 operational best practices

  1. Perform test migrations for each application bundle and validate app functionality and performance.
  2. Monitor replication health, disk sync status and delta transfer sizes to estimate cutover windows.
  3. Keep the source VM intact until post-cutover validation and final sign-off to enable rollback.
  4. Coordinate IP, DNS and load balancer updates and ensure backend probes pass before traffic cutover.
  5. Record and automate post-cutover tasks: backups, monitoring agents, and cloud-init/extension configurations.

19. Test Migration and Validation

Use test migrations to validate application behavior, performance and rollback before production cutover.

Top 5 design recommendations

  1. Define test success criteria including functional tests, performance thresholds and security posture checks.
  2. Build a staging environment mirroring production network topology and identity integration for accurate validation.
  3. Plan test data redaction and sensitive data handling where full production data cannot be used.
  4. Schedule tests with application owners and communicate expected impact to stakeholders.
  5. Automate validation scripts and include smoke, integration and load checks in the test plan.
Test migrate servers

Top 5 operational best practices

  1. Capture performance baselines during tests and compare to pre-migration baselines to validate sizing.
  2. Log and triage all issues encountered during tests and assign owners for fixes before production migration.
  3. Keep test artifacts (snapshots, logs, failure reports) for post-mortem and audits.
  4. Iterate on network and security configurations based on test feedback before final cutover.
  5. Confirm monitoring and backup integration for migrated workloads prior to final switch-over.

📅

20. Cutover Planning and Job Management

Coordinate cutover windows, migration jobs, sequencing and post-cutover verification and cleanup tasks.

Top 5 design recommendations

  1. Sequence cutover jobs based on dependency graphs and critical path to minimize downtime for business-critical apps.
  2. Define job parameters: replication sync, final delta sync, DNS switch, IP reassignments and LB health probe changes.
  3. Establish ownership and communication protocol for each job (who executes, who validates, who rolls back).
  4. Design job concurrency limits to avoid overwhelming target Azure resources (storage, network).
  5. Create a rollback plan and test it during pilot waves to ensure reversibility if cutover fails.
Cutover guidance

Top 5 operational best practices

  1. Maintain a central runbook with job start/finish times, expected behavior and rollback steps for each migration job.
  2. Use monitoring to confirm application health immediately post-cutover and escalate on SLA deviations.
  3. Record job events and artifacts for troubleshooting and compliance audits.
  4. Coordinate DNS TTL changes early to minimize propagation delay at cutover time.
  5. Perform a final verification checklist (connectivity, app function, backups, monitoring) before source decommission.

📄

21. Jobs, Monitoring, Events and Logs

Centralize job logs, diagnostics and performance telemetry for migration health tracking and troubleshooting.

Top 5 design recommendations

  1. Send migration job logs, appliance logs and assessment outputs to Log Analytics for unified querying and dashboards.
  2. Create workbooks and dashboards for migration status, replication lag and job success rates.
  3. Define retention policies for logs and choose storage/retention levels for auditability.
  4. Include custom properties in logs (migration wave, owner, application) to enable filterable views.
  5. Plan for integration with ITSM for automated ticket creation on high-severity migration events.
Monitoring & diagnostics

Top 5 operational best practices

  1. Configure alerts for job failures and replication issues with playbooks to kick off standard remediation steps.
  2. Review job and event patterns post-wave to identify systemic issues and improve future migrations.
  3. Capture diagnostics from failed migrations and store artifacts for postmortem analysis.
  4. Use centralized dashboards to coordinate cross-team activity and status during cutover periods.
  5. Archive completed migration logs and mark projects as completed to support compliance reporting.

🔔

22. Notifications, Events and Alerts

Configure notifications for discovery, replication, migration job status and critical events to keep stakeholders informed.

Top 5 design recommendations

  1. Integrate Azure Monitor and Log Analytics for centralized event and job telemetry ingestion.
  2. Define alerting thresholds for replication lag, job failures and appliance health aligned to SLA needs.
  3. Use action groups to ensure alerts reach the right people via email, SMS or runbook automation.
  4. Tag migration jobs with owners and runbook links to enable rapid response on alerts.
  5. Plan escalation paths and automated remediation playbooks for common failures.
Azure Monitor

Top 5 operational best practices

  1. Configure migration job notifications to include runbook links and postmortem checklists.
  2. Monitor appliances, project keys and discovery schedules and alert on connectivity degradation.
  3. Keep an audit trail of who acknowledged and acted on migration alerts for compliance reviews.
  4. Use automated remediation for common transient errors (e.g., retry replication, restart agent) with human approval for risky ops.
  5. Review alerts frequency and tune thresholds to reduce noise during large migration waves.

📦

23. DataBox and Offline Data Transfer

Use DataBox for large-volume, offline migrations when network transfer is impractical or too slow.

Top 5 design recommendations

  1. Estimate data size and choose appropriate DataBox device (Disk, Heavy, Edge) and schedule logistics early.
  2. Plan network ingest pipeline in Azure (storage account, containers, naming) prior to DataBox arrival.
  3. Consider encryption, data validation and checksum verification policies for offline transfer.
  4. Coordinate customs, physical security and chain-of-custody for sensitive or regulated datasets.
  5. Design post-ingest processing and rehydration pipelines to move data to final stores (Blob, Files, Data Lake).
Azure DataBox overview

Top 5 operational best practices

  1. Use checksums and validation jobs to confirm data integrity after upload from DataBox to Azure.
  2. Track device logistics and monitor shipment and import statuses through the Azure portal.
  3. Sanitize or redact sensitive data on-premise if required by compliance before physical transit.
  4. Document and test rehydration and downstream processing scripts before cutover to production flows.
  5. Keep secure records of device lifecycle and return/shipping receipts for audits.

🌐

24. VDI and Web Apps Migration Paths

Choose migration paths: rehost VDI to Azure Virtual Desktop, web apps to App Service or containerization where suitable.

Top 5 design recommendations

  1. For VDI choose Azure Virtual Desktop sizing, image management and FS/FSLogix storage architecture up-front.
  2. For web apps evaluate App Service vs containerization vs IaaS based on compatibility and scaling needs.
  3. Plan session host placement in subnets with low-latency access to user identity and profile storage.
  4. Design autoscale policies and authentication integration (Azure AD) for migrated web and VDI workloads.
  5. Map application dependencies (DBs, APIs) to ensure end-to-end connectivity post-migration.
Azure Virtual Desktop App Service

Top 5 operational best practices

  1. Pilot VDI and web app migrations with representative users and traffic; gather UX and performance feedback.
  2. Ensure FSLogix profiles and user data are migrated and accessible with expected performance.
  3. Validate session host scaling and connection broker behavior under realistic loads.
  4. Automate certificate and secret rotation for app endpoints post-migration.
  5. Monitor front-end telemetry and synthetic user tests to catch regressions early after migration.

🛠

25. Troubleshooting Examples and Migration Runbooks

Practical triage steps, runbooks and command snippets to diagnose common migration issues and automate fixes.

Troubleshooting checklist (common migration failures)

  1. Appliance not registering: check project key, appliance clock, network proxy and outbound TLS endpoints.
  2. Discovery incomplete: validate vCenter/Hyper-V credentials, permissions and API throttling limits.
  3. Replication stalled: inspect replication job logs, storage account throttling and source disk IO bottlenecks.
  4. Test migration fails: verify NIC mapping, target subnet NSGs, disk types and extension scripts for unsupported ops.
  5. Database migration errors: review DMA reports, resolve compatibility issues and validate schema deployment order.

Runbook snippets and tips

Note: run actions with least-privilege accounts and perform in test projects first.
# Example PowerShell: list Azure Migrate projects
Connect-AzAccount
Get-AzResource -ResourceType Microsoft.Migrate/assessmentprojects | Select-Object Name,ResourceGroupName,Location

# Check recovery services vault jobs
Get-AzRecoveryServicesJob -VaultId "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.RecoveryServices/vaults/{vault}"

# Validate Azure Migrate appliance connectivity (pseudo-check)
# ensure appliance can reach https://management.azure.com and project endpoints

# Check DMS tasks and status
# Use Azure portal or DMS task APIs to get migration task status and logs
Tip: assemble per-workload runbooks that include pre-checks, rollback steps, contacts, and validation commands.
Azure Migrate troubleshooting ASR troubleshooting DMA troubleshooting
Azure Migrate docs hub

 This article was originally published on 2025-NOV-20 and last reviewed on 2025-NOV-20.