Tenant Forwarding - Trusted ARC Sealer

While it is technically possible to configure another tenant (or service) as a Trusted ARC sealer in Microsoft 365. It is not the recommended approach.

During a tenant to tenant migration, the email gets forwarded from source to destination tenant it means during this transit all its headers, mailflow are modified. This commonly results in SPF, DMARC or DKIM failure. Thus its best to avoid such temporary forwarding paths or have another intermediate tenant with as a trusted ARC sealer.   

The preferred approach is  temporarily relax email authentication DMARC but ensure email flow is closely monitored ensuring email forwarding is enabled only for the migrated batch of users most importantly for a very short window. Upon cut-over ensure you disable mail forwarding and activate email authenticate as normal.

In-short:  Rely on SRS -> temporary DMARC relaxation -> short forwarding window

NOTE: Mail forwarding should be temporary and for short window cannot be a design in itself. 

If you find the answer useful, please do not forget to like and mark it as a solution