In most Microsoft 365 integrations during an acquisition, there is a common assumption: once the deal closes, all users and their data will be migrated into the buyer’s tenant without major obstacles.
However, this assumption often overlooks a critical constraint-some users cannot be migrated at all.
This is not due to technical limitations or tooling gaps. Instead, it stems from legal obligations attached to their data. In many cases, the most critical users such as leadership, finance, HR, and legal teams are the ones restricted from migration.
If this is not identified during due diligence, before the Share Purchase Agreement (SPA) is signed, it becomes a post-deal issue affecting cost, timelines, and risk.
Understanding the Constraint
Within Microsoft 365, mailboxes that are placed under litigation hold, eDiscovery hold, retention hold, or other compliance-driven restrictions are protected by design. These controls ensure that data remains intact for legal, regulatory, and audit purposes.
As a result, when an attempt is made to migrate such mailboxes across tenants, the process is blocked. This is not a system limitation but an intentional safeguard to preserve the chain of custody and prevent any loss or alteration of legally relevant data.
These are not ordinary tooling gaps. They are tenant-bound compliance constraints with no native migration path, meaning the issue cannot be solved simply by changing migration tools or retrying the migration.
This creates a structural challenge in M&A scenarios: the users who are most important to migrate are often the ones who cannot be moved due to compliance requirements.
For a broader view of how compliance constraints impact migrations, see our detailed guide on Compliance Risks in M&A.
Why This Must Be Addressed Before Signing
This issue is frequently discovered during migration planning, but by then, the deal has already been signed. At that stage, options are limited, and the buyer must absorb the consequences.
In reality, this is not a migration issue-it is a due diligence issue. It must be identified and evaluated before signing because it directly affects deal assumptions.
First, migration plans become invalid. Instead of a unified transition, organizations must adopt phased approaches, delaying certain users and introducing operational complexity.
Second, Transition Service Agreement (TSA) timelines are impacted. When users cannot be migrated, the source tenant must remain active to support access and compliance. This often leads to longer TSA durations than originally planned.
Third, the cost model becomes inaccurate. Extended licensing, dual environments, and additional support requirements increase integration costs. If these factors are not identified during due diligence, they are not reflected in the deal value, leaving the buyer to absorb the expense.
Where held users must remain in the source tenant, the buyer may need to account for extended licensing, support, monitoring, legal access, and TSA costs. These costs should be reflected in pricing, escrow, or specific indemnity discussions before signing.
Finally, attempting to bypass these restrictions such as temporarily removing holds introduces significant legal risk, including potential violations, loss of evidence, and regulatory penalties. These are not risks that can be managed through technical workarounds.
Why It Is Commonly Missed
Pre-deal IT due diligence is often constrained by limited access, tight timelines, and reliance on seller-provided information. In many cases, there is no direct visibility into compliance configurations within the tenant.
As a result, litigation holds and related compliance factors are not explicitly requested or evaluated. Instead, migration feasibility is assumed, and compliance is treated as a secondary consideration.
This is also where gaps in Microsoft Purview visibility become critical. For a deeper understanding of these limitations, refer to Microsoft Purview Gaps in Migration.
What Should Be Requested During Due Diligence
To avoid this scenario, buyers must take a structured approach during the data room phase and request detailed compliance information.
A complete litigation hold inventory is essential. This should include all users under hold, the type of hold applied, associated case references, dates of enforcement, expected duration, and the legal owners responsible for each case. This information provides direct visibility into which users cannot be migrated and for how long.
In addition, active eDiscovery cases must be reviewed. These cases are typically linked to litigation holds and do not transfer across tenants. Understanding their scope, custodians, and timelines is critical for planning data preservation and legal continuity.
Retention policies and labels should also be assessed. These configurations govern how data is stored and retained to meet regulatory requirements. Since they do not automatically transfer between tenants, they must be recreated, and any gaps can lead to compliance risks after the transaction.
Buyers should also map each retention policy or label to its underlying legal, regulatory, or business obligation. Any policy that cannot be recreated in the buyer’s tenant before cutover should be treated as a deal risk, not only an integration task.
Sensitivity labels, particularly those with user-defined permissions, require careful evaluation. In many cases, these cannot be migrated seamlessly, leading to potential data protection gaps if not addressed early. You can explore this in more detail in Sensitivity Labels Migration Constraints and Sensitivity Label Risks in M&A.
This review should identify labels that rely on user-defined permissions, encryption, or tenant-specific access controls. These may require label redesign, manual relabeling, or specialist migration tooling, and should be costed before signing.
Data privacy obligations must also be considered. Data Subject Requests (DSRs), especially under regulations such as GDPR or similar frameworks, continue beyond the transaction. A backlog of unresolved requests can create immediate regulatory exposure for the buyer.
Buyers should request the DSR log for at least the last 24 months, including open requests, response timelines, missed deadlines, and any regulator correspondence.
Finally, for organizations in regulated industries, information barriers and communication controls must be reviewed. These are often deeply tied to the source environment and require deliberate reconstruction in the target tenant.
For financial services, legal, and other regulated businesses, gaps in information barriers can create SEC, FINRA, confidentiality, or privilege risks. Buyers should request the existing barrier policy inventory and organizational segment definitions before signing.
Translating Findings into Deal Protection
Identifying these risks during due diligence is only the first step. They must be reflected in the deal structure before signing.
The SPA should include clear disclosures confirming that all litigation holds, eDiscovery cases, and compliance obligations have been fully identified. This ensures transparency and reduces the risk of hidden constraints emerging post-close.
Financial implications should also be addressed. Where significant delays or additional costs are expected, these should be reflected through pricing adjustments or escrow provisions.
The SPA should also make clear that undisclosed holds, active eDiscovery matters, retention obligations, privacy backlogs, or information barrier requirements may trigger specific cost recovery, indemnity, or TSA extension rights.
The migration strategy itself should be defined at a high level within the deal framework. This may involve migrating non-held users first while retaining held users in the source tenant until legal obligations are resolved.
TSA terms must also align with this reality, providing sufficient duration and flexibility to support extended coexistence where required.
A Broader Signal of Compliance Complexity
Litigation holds rarely exist in isolation. Their presence often indicates a broader compliance landscape that includes active legal matters, complex retention policies, privacy obligations, and advanced data protection configurations.
For a complete understanding of how these factors come together in Microsoft 365 integrations, refer to the Microsoft 365 Migration in M&A.
The Cost of Missing It
When this issue is identified after signing, the consequences escalate quickly. Migration timelines are delayed, costs increase, and operational complexity grows. TSA extensions become necessary, and legal risks may emerge if compliance obligations are not properly maintained.
In more severe cases, the impact may even lead to renegotiation of deal terms.
All of this can be traced back to a lack of visibility during the due diligence phase.
Conclusion
Litigation holds are not a technical obstacle to be resolved during migration. They are a legal constraint that must be understood and addressed before the deal is finalized.
A successful integration begins with accurate assumptions. That requires identifying compliance obligations early, evaluating their impact, and incorporating them into both the deal structure and the integration plan.
In any Microsoft 365 M&A scenario, the buyer is not only acquiring users and data but also inheriting the legal responsibilities attached to them.
Failing to surface those responsibilities before signing introduces risks that cannot be easily mitigated later.
Migrate
Manage
Migrate Microsoft 365
