- HOME
- All Products
- Migrating from M365 to Zoho Workplace: Security and compliance in hybrid coexistence
Migrating from M365 to Zoho Workplace: Security and compliance in hybrid coexistence
- Published : November 7, 2025
- Last Updated : November 26, 2025
- 0 Views
- 3 Min Read
When migrating from Microsoft 365 to Zoho Workplace, maintaining consistent security and compliance across both environments is essential. During coexistence, mail flow spans multiple systems to enforce layered protection, policy, and compliance controls. This article explains how these security layers interact during hybrid coexistence, how inbound and outbound messages are scanned and routed through each platform, and how device-level access is managed using Intune/Entra and Zoho MDM.
By understanding how SEG, Exchange Online, and Zoho coexist during phased migration, admins can preserve full threat visibility, compliance logging, and DLP enforcement without disrupting user access or mail delivery continuity.
Layered inbound email security with a SEG as the MX
During a phased migration to Zoho Workplace, every inbound email is scanned in layers—first by your SEG (Proofpoint, Mimecast), then by Microsoft Defender/EOP, and finally by Zoho eProtect—ensuring robust threat protection across both split-delivery and dual-delivery between Exchange Online and Zoho.
Flow | Delivery and security layers |
| MX → SEG | MX points to Proofpoint/Mimecast (or Defender/EOP if native). SEG is the first hop. Mail enters SEG → scanned by SEG spam/virus filters and content policies. |
| Recipient resolution | SEG checks synced directory, LDAP/Entra ID, or static routing maps. SEG decides route: M365, Zoho, or both. Policies enforced at SEG. |
| M365 recipients | “Deliver to Exchange Online”. SEG forwards to Microsoft 365. Mail passes Defender/EOP → delivered to Exchange Online mailbox. Security: SEG + Defender/EOP. |
| Zoho recipients | “Deliver to Zoho smarthost (TLS)”. SEG forwards to Zoho MX (mx.zoho.in). Mail passes SEG + Zoho eProtect → delivered to Zoho Workplace. |
| Dual delivery | Policy: “Deliver to both pools”. SEG forks messages. Copy 1 → Exchange Online (SEG + Defender/EOP). Copy 2 → Zoho Mail (SEG + Zoho eProtect). |
Outbound email in coexistence: egress control, DLP, and archiving
During coexistence, users can send from both Exchange Online and Zoho Mail. Each platform applies its native outbound controls (Microsoft Purview DLP in Exchange transport; Zoho eProtect outbound in Zoho transport). If required, route all outbound through a single external DLP/egress smart host (TLS) and journal copies to your archive service. This keeps policy enforcement, retention, and headers consistent while MX continues to govern inbound only.
Device access in coexistence: Intune/Entra + Zoho MDM (client-layer control)
MDM does not sit in the mail routing path. It gates the client sync and sends for the platform a user is on:
- Exchange Online users are evaluated by Intune/Entra Conditional Access (device compliance + app protection) before EWS/ActiveSync/Graph clients can sync or send.
- Zoho Workplace users are evaluated by Zoho MDM (container policy: PIN/OS/jailbreak/root, managed account) before IMAP/HTTPS/SMTP clients can sync or send.
Server-to-server flows (SEG→EOP→Zoho) bypass MDM by design.
This article is co-authored by Sandeep Kotla and Vignesh S.
Sandeep is an accomplished inbound marketer at Zoho Corporation, specializing in digital workplace strategies, digital transformation initiatives, and enhancing employee experiences. Previously, he handled analyst relations and corporate marketing for Manage Engine (a division of Zoho Corp) and its suite of IT management products. He currently spends most of his time re-imagining and writing about how work gets done in large organizations, reading numerous newsletters, and Marie Kondo-ing his inbox.
Vignesh works as a Marketing Analyst at Zoho Corporation, specializing in content initiatives and digital workplace strategies. He's a passionate creator with a penchant for marketing and growth. In his free time, you can see him shuffling between books, movies, music, sports, and traveling, not necessarily in the same order.
