Most guides to SharePoint migration tools rank the products and crown a winner. For a regulated enterprise, that ranking answers the wrong question. The tool you choose matters far less than whether your permissions, sensitivity labels, and audit evidence survive the move, and whether the destination is designed correctly before the first document moves. i3solutions has run SharePoint migrations for regulated estates at a defense manufacturer, a global investment firm, and a national healthcare system, and the pattern holds every time: the migration tool accounts for roughly 30 percent of the outcome, and the destination design and validation discipline are the other 70 percent.
This guide is written for the VP of IT or the IT Director who already knows a migration is coming, often forced by the July 2026 end of support for SharePoint Server 2016 and 2019, and is being pitched a paid migration platform. It treats SharePoint migration tool selection as a compliance and fidelity decision, gives you a framework to match the tool to your obligations, and stays honest about where the free Microsoft tools are enough and where they are not.
Quick answer: how to choose a SharePoint migration tool
For a regulated enterprise, the right SharePoint migration tool depends on your source environment and your compliance obligations, not on a throughput benchmark. The free Microsoft tools, SPMT and Migration Manager, handle most straightforward SharePoint Server to SharePoint Online and file-share moves. Paid platforms such as ShareGate and AvePoint earn their cost on permission-heavy restructuring, tenant-to-tenant moves, label mapping, and compliance reporting.
Key Takeaways
- The right SharePoint migration tool depends on your source environment and your compliance obligations, not on a feature benchmark or a vendor’s throughput table.
- The free Microsoft tools, SPMT and Migration Manager, cover most straightforward SharePoint Server to SharePoint Online and file-share migrations, including permissions, versions, and metadata.
- Paid platforms, mainly ShareGate (now part of Workleap) and AvePoint, earn their cost on permission-heavy restructuring, tenant-to-tenant moves, sensitivity-label mapping, and compliance reporting.
- The migration tool is roughly 30 percent of success; the destination design and the permission, label, and audit fidelity are the other 70 percent.
- Permission migration is the highest-risk part of any move, and a validation method that runs in three phases is what turns a migration into defensible audit evidence.
What Choosing a SharePoint Migration Tool Actually Decides for a Regulated Enterprise
Choosing a SharePoint migration tool looks like a product comparison, but for a regulated enterprise it decides whether your permissions, sensitivity labels, and audit evidence survive the move intact. The tool moves the bytes. What you have to defend afterward is that every access control, every retention setting, and every classification arrived correctly, and that you can prove it. That is the same governance-first discipline behind a serious migration practice, and it is why the tool comparison is the smaller half of the decision.
The field gets this wrong because it runs tool selection as a benchmark contest. Most published comparisons score the tools on throughput and fidelity percentages, conclude that a particular paid platform wins, and steer you toward a license. For an enterprise with no regulatory exposure that may be a reasonable shortcut. For a regulated organization it hides the only questions that matter: which obligations govern this content, what fidelity does each obligation demand, and is the destination designed to hold it. Answer those first, and the tool choice usually answers itself.
The SharePoint Migration Tools That Matter in 2026
Get the landscape right before you score anything, because the SharePoint migration tools market is noisier than it needs to be. There are really two free Microsoft tools and three paid platforms that show up in a serious regulated-enterprise shortlist, and each one has a job it does well.
Microsoft’s free tools: SPMT and Migration Manager
The SharePoint Migration Tool (SPMT) is free and migrates SharePoint Server 2010 through 2019 to SharePoint Online, along with file shares, preserving permissions, versions, metadata, taxonomy, and supporting incremental passes. As Microsoft’s SharePoint Migration Tool documentation sets out, SPMT 4.0 and later also runs a built-in assessment that scans the source and produces a content inventory and a migration-risk report. SPMT 4.1 added the ability to convert SharePoint Designer 2010 and 2013 workflows to Power Automate, which Microsoft’s SPMT workflow migration guidance describes in detail. What SPMT does not do is tenant-to-tenant or cross-platform migration. Migration Manager, also free and built into the SharePoint admin center, handles file-share and cloud-source migrations at scale with agent-based scaling across multiple machines, and it is usually the better choice when the volume of file content is large.
The paid platforms: ShareGate, AvePoint, and Quest
ShareGate, now part of Workleap, runs around 15,000 dollars per year and is the common mid-market choice for permission-heavy restructuring, in-place reorganization, tenant-to-tenant moves, and governance reporting. It can also map Microsoft Purview sensitivity labels during a migration, which matters for Copilot readiness and data-loss prevention. AvePoint, priced by custom enterprise quote rather than a public list price and typically the most expensive of the three, is the enterprise governance platform with the strongest permission engine and the most detailed compliance reporting, and it carries the widest source coverage for cross-platform moves. Quest Content Matrix, formerly Metalogix, is the tool for large, legacy-heavy consolidations. The prices here are directional and current as of mid-2026; confirm the licensing model with each vendor before you budget.
What the free tools genuinely cover
Here is the part the paid-platform comparisons tend to bury: for a straightforward SharePoint Server 2016 or 2019 estate moving to SharePoint Online, with standard document libraries and reasonable permissions, the free Microsoft tools are usually enough. SPMT paired with PnP PowerShell covers the large majority of these moves at no licensing cost, and the money you would have spent on a platform is better invested in the destination design and the validation work. The paid platforms earn their place when complexity, scale, or compliance reporting exceed what the free tools were built to do, not as a default.
Not sure whether your estate is a free-tool move or a platform move? Run a source assessment and map your content to the right tool before you buy a license.
Why the SharePoint Migration Tool Is Only 30 Percent of a Successful Migration
Spend your planning energy on the 70 percent the tool does not touch. In our experience, and in the published experience of most credible migration practices, the tool accounts for roughly 30 percent of whether a migration succeeds. The other 70 percent is the destination design, the permission model, and the validation discipline, the work that determines whether the migrated estate is usable, governed, and audit-defensible. A migration that lands content into a poorly designed destination is not a success that used the wrong tool. It is a rebuild waiting to happen, which is the case our SharePoint Modernization ROI analysis makes for designing the target before you move.
Most migrations that fail do not fail because the tool dropped files. They fail because the target site architecture, the permission groups, the metadata model, and the governance settings were not designed before the data moved, so the content lands in an ungoverned destination and the organization recreates its old problems in a new place. The tool is a moving service. The destination design is the building you are moving into, and no moving service can fix a building that was never drawn.
Matching a SharePoint Migration Tool to Your Compliance Obligations
Run the selection through one framework so the tool follows the obligation, not the sales pitch. Sort your migration into one of five scenarios, each defined by its source and the obligation that governs it, and the tool disposition follows.
Standard SharePoint Server to SharePoint Online: SPMT
A standard SharePoint Server 2016 or 2019 estate with document libraries and manageable permissions, moving to SharePoint Online with no cross-tenant requirement, is an SPMT job. It preserves permissions, versions, and metadata, runs incremental passes to shrink the cutover window, and costs nothing in licensing. Add a paid tool only if a later scenario applies.
File shares and cloud sources at scale: Migration Manager
Large volumes of file-share content, or content sitting in Google Workspace, Box, or Dropbox, are a Migration Manager job. Its agent-based model scales across machines and centralizes task management and reporting, which SPMT’s local model does not match at volume. This is still a free Microsoft tool.
Permission-heavy restructuring and tenant-to-tenant: ShareGate
When the move requires reorganizing sites and libraries in flight, preserving complex permission structures with broken inheritance, or migrating between tenants after a merger or divestiture, ShareGate is the common answer. Its permission mapping and pre-migration delta reports are where it earns its license, and its sensitivity-label mapping is the feature that makes a migrated estate Copilot-ready and DLP-aware on arrival.
Highly regulated, cross-platform, and compliance reporting: AvePoint
For highly regulated estates, healthcare under HIPAA, financial services under SOC 2, and defense under CMMC, where permission fidelity and audit evidence are not optional, AvePoint is the platform with the strongest permission engine and the most detailed compliance reporting. It also carries the widest source coverage for cross-platform consolidations. Where the content is bound by data-residency rules, such as the GCC High and Sensitive Data Protection obligations that govern controlled unclassified information, the tool choice is constrained by the destination cloud first, and AvePoint’s reporting is what produces the evidence an assessor will ask for.
Large legacy consolidation: Quest Content Matrix
Very large, legacy-heavy consolidations, many farms and versions collapsing into one modern destination, are where Quest Content Matrix fits, with its granular mapping and filtering across complex source structures. It is a specialist’s tool for a specialist’s problem, not a default for a standard move.
Where SharePoint Migration Tools Stop: Workflows, Permissions, and Labels
Know the three places where every migration tool reaches its limit, because these are where regulated migrations go wrong. None of them is solved by buying a faster tool.
Workflows are a conversion, not a copy
SPMT 4.1 can convert SharePoint Designer 2010 and 2013 workflows to Power Automate, but read that as an assisted conversion, not a lift-and-shift. Unsupported actions are turned into placeholder Compose steps, out-of-the-box approval workflows need a designated flow owner, and anything complex or custom still needs a genuine rebuild. For most regulated estates the honest plan is to rebuild the workflows that matter in Power Automate, which is the subject of our guide on how to Migrate SharePoint 2013 Workflows to Power Automate, and to retire the ones no one uses rather than carry dead automation into the new tenant.
Permission migration is the highest-risk step
Permissions are where migrations break in ways that surface months later as an access finding with no audit trail to show what changed or when. Broken inheritance, unique permissions set at the item level, and cross-site group references are the hard cases, and they are exactly the cases a free tool handles least gracefully. This is the single best reason a regulated estate reaches for ShareGate or AvePoint: not speed, but the permission engine and the pre-migration delta report that show you what will change before it changes.
Sensitivity labels do not migrate by default
Microsoft Purview sensitivity labels are not applied to content by the SharePoint Migration API, as Microsoft’s guidance on sensitivity labels and the migration API makes explicit. If your content needs to arrive labeled, for Copilot readiness, for data-loss prevention, or for a classification mandate, you either map the labels with a tool that supports it, such as ShareGate, or you plan a labeling pass after the move. Assuming labels carry over on their own is one of the more common and more expensive mistakes in a regulated migration.
Want a tool and destination plan that accounts for your workflows, permissions, and labels up front? We will map the gaps before you commit to a tool.
A Validation Method for a Defensible SharePoint Migration
Treat validation as the deliverable, not an afterthought, because for a regulated estate the migration is not done when the content arrives. It is done when you can prove the content arrived correctly. A defensible migration runs in three phases, and the source stays read-only until the third phase completes.
Phase 1: Pre-migration inventory
Before anything moves, generate a complete inventory of the source: item counts, site and library structure, permission map, metadata fields, and content checksums where they matter. This baseline is what every later phase reconciles against, and it is the artifact an auditor will ask you to produce.
Phase 2: Real-time migration logging
During the move, log every item’s success or failure, every permission mapping result, and every throttling event the tool encounters. Real-time logging is how you catch a partial failure while it is still cheap to fix, rather than surfacing an audit gap months later when an examiner asks for evidence you never captured.
Phase 3: Post-migration reconciliation
After the move, reconcile the destination against the Phase 1 baseline: every document, every permission, every metadata field. Only when reconciliation is clean does the source come off read-only. This three-phase record, baseline, log, and reconciliation, is the audit evidence that turns a migration from a hopeful copy into a defensible one.
When a Free SharePoint Migration Tool Is the Right Call
A guide that only ever recommends a paid platform is a sales pitch, not a decision aid. For a large share of regulated migrations, the right call is to use the free Microsoft tools and put the saved budget into design and validation.
Use SPMT, paired with PnP PowerShell where scripting helps, when your source is standard SharePoint Server document libraries with reasonable permissions, no cross-tenant requirement, and no exotic customization. Use Migration Manager when the bulk of the work is file shares or cloud sources. Reach for ShareGate or AvePoint only when a real scenario demands it: permission-heavy restructuring, tenant-to-tenant, sensitivity-label mapping, or compliance reporting an examiner will read. Buying an enterprise platform for a move the free tools would have handled is not diligence. It is spending the design budget on a license, and the design is the part that determines whether the migration was worth doing.
How to Evaluate a Partner for a SharePoint Migration
If you bring in outside help for a SharePoint migration, evaluate the partner on the dimensions that predict whether the migrated estate survives an audit, not on which tool they resell. First, regulated-sector record: has the firm run governed migrations in environments with real compliance obligations, and can it name the control families it worked against. Second, destination-design depth: does the partner lead with the target architecture and the permission model, or does it lead with a tool license. Third, validation discipline: will you receive the three-phase evidence record, or just a report that the job finished.
That second dimension is also where cost discipline lives, because the destination design and the workflow rebuild are usually the larger line items, not the tool, a point our SharePoint Workflow Migration Cost Guide lays out in directional bands. i3solutions runs this work under a practice it calls Enterprise Delivery Assurance, the operating discipline that keeps regulated programs on-time, in-scope, in-production, and it frames its model as borrowed expertise: the engagement leaves your team able to run the governed estate without us.
Two patterns from regulated migrations show what this looks like. A defense contractor preparing for a CMMC assessment engaged i3 to migrate a SharePoint 2016 farm holding controlled unclassified information into GCC High, where permission fidelity and the 110 controls across 14 families of NIST SP 800-171 had to be preserved and evidenced; we used AvePoint for the permission engine and compliance reporting, kept the source read-only until reconciliation, and produced a per-item migration log the assessor could follow. A financial-services firm under SOC 2 engaged i3 after a cloud-first push had started moving content with the free tools and lost track of which legal-hold permissions transferred; the remediation was a permission audit, a re-migration with mapped sensitivity labels, and a three-phase validation record an examiner could read. In both, as a Microsoft Solutions Partner since 1997 with 600+ implementations behind us, the deliverable the client kept was the evidence, not just a migrated site.
About i3solutions and Governed SharePoint Migration
i3solutions is a Microsoft Solutions Partner since 1997 with 600+ implementations delivered for regulated enterprises across aerospace, defense, financial services, and healthcare. Our Enterprise Delivery Assurance practice exists to keep complex Microsoft programs on-time, in-scope, in-production, with the governance and audit evidence regulated buyers are accountable for. We run SharePoint migrations the way an examiner would want them run: obligations first, destination designed before the move, the right tool matched to the scenario, and a validation record that proves the content arrived intact.
Ready to turn a tool question into a governed migration plan your auditors and your steering committee both accept? Leave with a destination design, a tool match, and a validation method you can defend.