Microsoft 365 Apps SHOULD NOT overwrite Office 2019/2021 one-time retail installs
I want to raise a serious concern about Microsoft 365 Apps being imposed over existing Office 2019/2021 installations that were activated with legitimate one-time installation retail keys. In our case, these are not Microsoft 365 subscriptions and they are not licenses we can simply deactivate and reactivate freely. They are one-time installation retail keys. Once the product has been installed and activated, removing Office and reinstalling it later can make the original key unusable or trigger “already used” activation problems. That is precisely why the current behavior is so damaging. We have PCs with legitimate Office 2019/2021 installations. These machines did not request a migration to Microsoft 365 Apps. However, after internet connection, Office update activity, or Microsoft account interaction, Office appears to silently update, convert, or replace the existing retail installation with the Microsoft 365 Apps version. This is not a minor inconvenience. It creates a serious licensing and operational problem: -A valid one-time Office 2019/2021 installation is replaced by Microsoft 365 Apps without clear, explicit consent. -The original retail installation is no longer cleanly usable. -Fixing the issue requires uninstalling Office, removing Click-to-Run/licensing/account leftovers, and reinstalling the previous Office 2019/2021 version. -But because these keys are one-time installation keys, that reinstall process can render the original key unusable or create activation failures. -In practice, a forced Microsoft 365 conversion can destroy the value of a legitimate one-time Office license. From a user’s perspective, this looks less like a normal software update and more like an exploitative commercial strategy: using Microsoft’s control over Office updates, account sign-ins, Click-to-Run, and activation systems to push already-paid retail users toward Microsoft 365 subscriptions. Even if Microsoft does not intend that result, the practical effect is that users who already paid for Office 2019/2021 can lose practical access to their licensed product and are then nudged toward paying again through a subscription. This should not happen. A perpetual or one-time installation Office license and Microsoft 365 Apps are different products with different licensing models. Microsoft should not silently replace or convert one into the other because a Microsoft 365 account exists on the PC, because the user signs into Office, because OneDrive is present, or because Office updates are enabled. At minimum, Microsoft should provide: -A clear opt-in confirmation before replacing, converting, upgrading, or rebranding Office 2019/2021 retail installations as Microsoft 365 Apps. -A supported way to block Microsoft 365 Apps from taking over one-time installation Office versions. -A clean removal tool that fully removes Microsoft 365 Apps, Click-to-Run leftovers, licensing remnants, and account-based activation conflicts. -A reliable way to restore the original Office 2019/2021 retail installation without invalidating or losing the original one-time key. -Clear separation between Windows account sign-in, OneDrive sign-in, Microsoft 365 entitlement, and local Office retail activation. Users who purchased legitimate one-time installation Office licenses should not be forced into Microsoft 365 Apps by unclear update behavior. If Microsoft wants users to move to Microsoft 365, that should be a deliberate, informed choice — not a silent process that leaves the user cleaning up the installation and losing access to a paid retail license. I am not asking how to install Microsoft 365. I am asking Microsoft to stop Microsoft 365 Apps from taking over valid one-time Office 2019/2021 installations without explicit consent.
Sentinel SOAR migration to Unified portal: what broke? anyone evaluated the AI playbook generator?
I want to open a conversation specifically focused on the automation and SOAR side of the migration, because this is the area where problems most commonly surface after onboarding rather than during it. A quick orientation: the Unified portal introduces a specific constraint that catches teams by surprise. Alert-triggered automation for alerts created by Microsoft Defender XDR is not available in the Defender portal. The main use case for alert-triggered automation in this context is responding to alerts from analytics rules where incident creation is disabled. If you had alert-triggered playbooks firing on Defender XDR signals, those need to be re-evaluated against the incident trigger model. This is documented by Microsoft, but it is easy to miss in the volume of migration guidance. The automation failure mode I have seen most consistently: automation rules built around incident title conditions. The Defender XDR correlation engine assigns its own incident names, so any condition keyed to "if incident title contains X" stops matching without throwing an error. The rule is still active, the automation is still enabled, and everything looks fine until someone notices a class of enrichment or response has gone quiet. Microsoft's recommendation is to use Analytic rule name as the condition instead. There is also a firm near-term deadline separate from the March 2027 portal retirement: queries and automation need to be updated by July 1, 2026 for standardised account entity naming. The Name field will consistently hold only the UPN prefix from that date. Any automation comparing AccountName against a full UPN will break. A few specific questions for practitioners: When you onboarded or reviewed your automation post-onboarding, what broke silently versus what produced a visible error? Silent failures are the dangerous ones and sharing specific patterns would be genuinely useful for the community. Has anyone evaluated the new AI playbook generator in the Defender portal? It requires Security Copilot with SCUs available and generates Python-based automation coauthored with Cline in an embedded VS Code environment. Interested in real-world comparisons against existing Logic Apps workflows for the same use case. For those who have migrated alert-triggered playbooks to automation rule invocation: did you find edge cases in the migration, particularly around playbooks used by multiple analytics rules simultaneously? Writing this up as Part 4 of the migration series. Sharing the article link once it is live for anyone who wants the full detail.Migrating G suite to Office 365
Dears, Good day, I working on a company which hosted their email on G suite, and I want to migrate all mailboxes, calendar, tasks, files, all things to Office 365. kindly let me know the steps for Migration, we have 69 users needed to be completely migrated. Kindly adviseO365 Email Migration to Another Tenant while Deferring Migration of Sharepoint files
Hi, This is the context: ChildCompany has O365 and it has an Azure AD in hybrid mode synchronizing to a on-prem AD server. They have an internal domain ChildCompany.com, and an external domain ChildCompany.com where they also receive and send email using O365. ParentCompany is going absorb the ChildCompany some time in next year, and I was asked about the integration options. According to this https://download.microsoft.com/download/b/a/1/ba19dfe7-96e2-4983-8783-4dcff9cebe7b/microsoft-365-tenant-to-tenant-migration.pdf I could do a phased migration, where the end state is that they decomm their onprem AD and that they only use our ParentCompany systems. The business requirement is to start their integration with Email, and then in later phases do the Sharepoint integration as that requires way more analysis on their data sources, as they also have wikis and many other on prem legacy stuff. They are less than 50 users, so I can use Quest migration tools for the email part, but I wonder what needs to happen in what order. This is what I have in mind: Migrate their current O365 into our ParentCompany Office 365 subscription, so that they can continue logging in into their domain joined windows machines using childCompany.co, so they start using ParentCompany.com email addresses, but the problem then is how can they continue using their sharepoint and onedrive resources associated with the Azure and local domain at ChildCompany.com? This is more or less what I have in mind, for the intermediate step, the cutover: Child Company ParentCompany --------------------- ---------------- On-Prem | MS Cloud: | MS Cloud: ---------------|----------------------|-------------- Local AD (ADFS)| Azure Subscription | Azure Sub | Azure AD | Azure AD |--------------------- |--------------------- | O365 Sub -> | O365 Sub | Exchange mailboxes-> | Exchange mailboxes | Sharepoint? -> | ??? | -------------------- |--------------------- I wonder how could it be possible to defer the sharepoint and onedrive migration, so that the child company users can still work on their sharepoint files using their normal auth methods, while disabling childcompany.com as MX so they start using ParentCompany.com mailboxes.Is that even possible? Would make more sense to try to migrate everything at once? That is way more work, but I'm weighting my options.
