Why organizations migrate from Microsoft 365 in 2025

Originally published at: Why organizations migrate from Microsoft 365 in 2025 - Nextcloud

In 2025, public and private organizations across Europe are increasingly choosing to migrate away from Microsoft 365. The need for control over sensitive data, stronger compliance with European regulations, and the desire to escape costly vendor lock-in spur on this move.

Read on to explore the reasons why organizations migrate from Microsoft 365 products in 2025 and what solutions they choose as a part of their data sovereignty journey.

Notable examples of Microsoft 365 migrations

The federal Danish federal government is moving away from Microsoft software and cloud services, concerned about who controls the national data and who sets the rules.

The state administration of Schleswig-Holstein, Germany, is aspiring to achieve digital independence similarly through its own migration strategy and free the state from the reliance on technology in foreign control.

“In less than three months’ time, almost no civil servant, police officer or judge in Schleswig-Holstein will be using any of Microsoft’s ubiquitous programs at work.”

France24

In all cases, the ultimate reason for seeking an alternative is to achieve digital sovereignty — ensuring a more stable and independent future for individuals (users, citizens, public servants), national data, and the European continent as a whole — free from vendor lock-in and with full control over their own data.

The means? The new stack of collaboration tools based on locally hosted, transparent open source software.

Why move from Microsoft 365 now? Three key reasons to take action

At Nextcloud, since the beginning of 2025 we are seeing more than triple demand for our products. It is coming both from European organizations and governments, and global markets like Canada, the US and Latin American countries. Trying to find out what’s driving this surging demand, we have discovered three major reasons why those organizations decided to migrate from Microsoft 365.

1. Geopolitical risks and digital dependency with potential for blackmail

A shutdown of US-based services like Microsoft 365 anywhere in the world would have serious consequences. That would include both operational disruptions and monetary costs. Such a shutdown is possible in case of sanctions or a presidential order. And with new US administration and the ongoing internal instability, we cannot rule out new shifts in global political landscape.

2. Unpredictable costs outside control

Vendor lock-in is a part of the product strategy of the Big Tech. Microsoft has recently spiked its prices by 40%, while product portfolio undergoes constant rearrangement to optimize for a more profitable strategy. Their tools, like Windows operating system and Microsoft 365 suite, are essential to global infrastructure. And this dominance allows controlling the prices without the risk of losing customers.

3. Data protection and global compliance

The return of a Republican administration in the US has caused tensions with the EU, spilling over into both economic and business relations. Regulations like The Cloud Act already permit the US authorities to access data controlled by the US companies. That is, even outside of the US. Escaping the possibility of such access is the core reasons for public organizations, like the administration of Schleswig-Holstein, to make a move away from American tech. And new fears of espionage are rising, given how much control over global data the Silicon Valley companies already have.

Webinar: Nextcloud Hub 10 — the secure and private alternative to Microsoft 365

In this on-demand webinar, learn why businesses are moving away from Microsoft 365, compare Microsoft apps with Nextcloud Hub, dive deeper into the powerful features and watch the Q&A session.

Watch now

Why an open source alternative offers more control and resilience

Swapping the technology stack is not something a country’s government would do on a whim. When you are leaving something your entire operation depends on, there must be an alternative you trust enough. So what do those organizations leave Microsoft 365 for?

Should a US cloud vendor shut down a cloud service or end support for a product as a part of portfolio restructuring, whether due to shrinking demand or internal changes, customers are certain to face serious disruptions. Worst case, they may not even get their data out.

Open source breaks the cycle of dependence for businesses and public organizations. Should a solution vendor go bankrupt, another developer or even an entirely new entity, including the user organization itself, can take over the development of the product. This unique benefit of the open source model, the true independence, is only one of many reasons open source adoption is a future-proof strategy.

Choosing the right open source solution

Open source is, of course, a universe of its own. For example, there are over 100 licenses are officially approved by OSI. They all grant varying degrees of freedom when it comes to modifying, redistributing, rebranding, and commercializing the software — as well as how it can be combined with other codebases. Second, every open source project is unique. Its stability, development pace, and long-term viability depend heavily on the health of the community and the size of its contributor base. One app might be developed by a steady core team of 10, while another is maintained by hundreds over many years. Many years ago, we published a guide on choosing the right open source solution that is still very relevant.

In any case, a move away from proprietary tech and towards open source is always a positive change.

The open source and local technology has already inspired many successful projects in Europe. For instance, the open-source strategy of Schleswig-Holstein, the EuroStack initiative to promote EU-based IT solutions, and sovereign cloud infrastructures built by service providers like IONOS.

A look into Schleswig-Holstein’s open source journey

In Germany, the idea of European IT resiliency and digital sovereignty is becoming more and more central to public discourse. Among German states today, Schleswig-Holstein is the pioneer in adopting open standards, open source, and open interfaces.

As Schleswig-Holstein’s open source strategy reads, “The main goal in Schleswig-Holstein is to create a counter-offer to this proprietary software to ensure digital sovereignty. This way, citizens can retain sovereignty and control over their own and entrusted data, and they can independently design and use the IT they use for their own purposes.”

Learn more about Shchleswig-Holstein’s open source journey in the episode of Nextcloud Podcast with Sven Thomsen, Schleswig-Holstein CIO.

Take back control over your data with Nextcloud Hub

Nextcloud Hub is the world’s leading privacy-focused collaboration platform. It is a choice of many organizations that have broken free from the Big Tech. Among many others, the state administration of Schleswig-Holstein and the city of Lyon we mentioned earlier.

The extensive, modular ecosystem of apps includes secure document sharing and collaboration, chat and video meetings, email and calendars, project and team management and an ability to easily integrate other services and hundreds of applications. Nextcloud Hub is a private cloud solution you can run on private server or with a provider you trust. And it’s 100% open source:

• Own your software and fully control your data
• Be free to audit the code and offer transparency to your users
• Benefit from unmatched interoperability for optimal UX

Begin your digital sovereignty journey today! Try Nexcloud hub instantly in the cloud, and connect with our experts to map out your data resilience strategy.

Government and corporate users are mostly concerned about stable, reliable and well-tested software. The quest for new features is a drawback to them. And they are also conservative about platform upgrades, instead choosing the LTS versions.

Sadly, I fear that Nextcloud only pays lip service to these ideas, instead being tempted by “new shiny” features at the expense of stable reliability.

https://nextcloud.com/enterprise/

• Additional testing and quality assurance
• Early critical bug fixes and hot fixes
• Team on standby to ensure smooth upgrades
• Support delivered directly by our engineers
• Dedicated support with individual account manager
• Enterprise-grade SLA up to 24/7
• Up to 5-10 years of long term support for stable Nextcloud releases

So, it seems that Nextcloud does offer enterprise customers what they’re looking for.

However, if you have first hand experience of deploying Nextcloud on a large scale and can point to specific limitations or issues with their enterprise offerings and support that show these promises are just lip service, please share your insights. Otherwise, your post reads as little more than an expression of fear, uncertainty and doubt, or an attempt to spread it.

Yes, I have actual experience of Nextcloud ceasing to work on current LTS versions of Debian.
For that reason, I would advise corporate clients to be very wary.

Well, current versions of Nextcloud require at least somewhat current versions of PHP. However, enterprise customers can take advantage of LTS support for Nextcloud, which allows them to continue using an older version of Nextcloud and therefore an older version of PHP that may be included in Debian LTS or another LTS distribution.

Whether it actually makes sense to stay on the same Nextcloud version for five or even ten years is, of course, another discussion that we don’t necessarily need to have here.

However, for most (if not all) LTS distributions, there are also package repos available to install newer PHP versions than those provided in the official repos. This allows admins to stay on an older version of their LTS distribution while still being able to use the latest version of Nextcloud. In Debian, for example, these are the deb.sury.org repos.

The same kind of thing applies to databases, by the way, as both MariaDB and PostgreSQL provide official repositories for all common LTS distributions. For example, MariaDB still provides packages for Debian 10: Download MariaDB Server - MariaDB.org

Yes, there are kludges and workarounds, or you can pay extra for LTS support.

The fact remains that the default situation with Nextcloud is that you have to stick with outdated versions of Nextcloud if you want to stay on the cautious, stable, safe path of Debian LTS.

This is not what a sensible IT department running mission-critical systems wants to get involved with.

…and End of life PHP versions.

In my humble opinion, that’s not cautious at all. In fact, I’d say the opposite is true. Instead of updating to a version supported by the PHP project, you’re relying on volunteers to backport security fixes to an older, unsupported version of PHP.

Debian 12 comes with PHP 8.2, which is still supported by both Nextcloud and the PHP project. It has been available for two years, and is as stable as a Linux distribution can be. Therefore, for me, still using Debian 11 on your main production Nextcloud server is just laziness, sorry.

Have you ever dealt with SharePoint or Exchange? Because that’s what most enterprises that are hosting their file sharing and groupware solution on prem are dealing with

Just want to chime in here. What @hairydog has been saying is sage advice. I’ve been thinking to myself for years what he wrote in this thread. I never post about it because I’m not a commercial application, but I am trying to convince my employer to use Nextcloud. I reserve my enthusiasm about it because the idea that upgrading and updating might mean the apps we will rely on might not work.

Not sure, what @hairydog is talking about as just about every administrator, running Debian stable in an enterprice setting, knows about https://sury.org/ to keep PHP current and run stuff like Nextcloud on top of the stable Debian base.

This is not an issue if you tend to your server and follows advice how to install Nextcloud. Use sury if you are running debian or ubuntu is the general advice. I am deploying Nextcloud for governments and Enterprise and this is generally a non issue. (Unless you use a to old php that is in Debian LTS which is not recommendable anyway)

I would also like to point out that deb.sury.org is not maintained by some random person on the internet. Ondrej Sury is a Debian maintainer since 2000 and has been packaging PHP for Debian since PHP 5.

This!

Many people stick with old software versions for the wrong reasons.

@hairydog In my opinion, the extended support periods offered by Linux distributions shouldn’t be treated as an excuse to avoid upgrading your systems for five or ten years. That’s simply not feasible in most cases these days.

I think extended support periods of five or even ten years only really make sense if you absolutely need to keep certain legacy applications alive. Even then, however, it’s probably best to start planning an upgrade or migration strategy rather sooner than later.

Also, you won’t be able to avoid upgrading your system indefinitely, as even LTS distributions will eventually reach the end of their lifecycle, and the longer you wait, the more difficult and complex the upgrade process is likely to become. So, while delaying upgrades may provide short-term relief, you’re probably going to regret it when the LTS finally reaches end of life.

The blinkered arrogance is staggering. LTS is about minimising disruption and risk. You change systems in a planned, careful and tested manner.
Talking about putting off updates for ten years is ridiculous. No LTS versions run that long.
Nextcloud leaps into to the next version each time it comes out. That’s fine, but ditching support for CURRENT LTS versions of Debian is a business risk that many real professionals will not want to face.
Yes, IT professionals know about Sury, but it IS a one man project and it is a kludge.
I’m not saying you shouldn’t reach out for new, shiny, cool ideas, but I AM saying that this is not what corporates feel happy with.
A sensible approach is to support the current LTS version of Debian as long as it remains current.

Corporates normally don’t use Debian either. Its redhat derivates or ubuntu. Preferably with paid support behind it. Those that i know that run Debian, they run debian with sury if they have any kind of php on it.

None of us here are talking about doing stuff without any on of it has any risks just because i use sury (even on ubuntu).

A good system admin knows when it actually is ok do not use LTS and not sticking with it. Everything has its use case and way of setup and installation. Nextcloud (and quite a few php applications) requires a more modern php.

If Nextcloud wants to appeal to corporates, they need to revise that attitude.

Yes, I know it’s not going to happen.

You must be a wise person to end the discussion like this.

Is Sury something like https://www.virtualmin.com/ ?
I’ve been relying on them for decades. Started out using their Webmin software when I was deploying OpenERP for a residential construction contracting corp.

My current Nextcloud lives in a virtual server of virtualmin on my server where Ubuntu is on the bottom.

No, Virtualmin is a web hosting control panel. Sury provides package repositories for PHP, Apache and NGINX for Debian and Ubuntu. This allows you to build a LAMP/LEMP stack with the latest versions of Apache or NGINX, as well as the PHP version of your choice, on those operating systems.

Upgrading a system every ~2 years for something like Nextcloud is certainly possible in a planned, careful and tested manner.

Well, you might be surprised, but as I said, extended support is mainly used for very specific business applications that are often niche and cannot easily be upgraded or migrated to a newer version of the distribution. It is rarely used for general-purpose applications such as groupware and file-sharing solutions. (In most enterprises, these still run on Windows anyway, if they still host them on-premises.)

A sensible approach for a Nextcloud server is to use the current stable version of Debian, which is Debian 12 at the moment. In that case, there’s no real need to use the Sury repositories, since Debian 12 ships PHP 8.2, which is still supported by the latest versions of Nextcloud.

By the time support for PHP 8.2 will be dropped, Debian 13 Trixie will be the new stable release, and it’s expected to ship with PHP 8.4. So if I were you, I’d start setting up a test server with Trixie right now, in order to be ready to upgrade your production server in a planned, careful and tested manner by the time Nextcloud is droping support for PHP 8.2.

If I were me, I’d use Nextcloud only for trivial applications, because I beliebe the approach of the design and development team to be obsessed with ‘new shiny’ and nothing mission-critical would go near it.
It’s a shame, because in the hands of grown-us it could be excellent.

Well, that’s your opinion, and that’s totally fine. But I still think you’re drawing some pretty unfounded conclusions here.

Anyway, getting back to the actual topic: I don’t think it would be sensible for Nextcloud to still support PHP 7.4, just so some server admins can continue using Debian 11. That would hold development back far too much, and users would quickly start complaining about performance issues and all kinds of things.

Also, regarding this, I think you may be misunderstanding what LTS means in the context of Debian, as it’s slightly different from how Ubuntu uses the term.

Ubuntu LTS releases come out every two years and offer five years of support, followed by another five years of extended support, and they’re called LTS from day one.

Debian stable releases also come out roughly every two years, and are also supported roughly 5 years. But in Debian’s case, LTS refers to the point at which maintenance of a release transitions from the main Security and Release team to the LTS team. For example, this happened with Debian 11 (Bullseye) on August 15, 2024, which was almost three years after its original release. By that point, Debian 12 (Bookworm) had already been out for nearly a year and was as stable as it will ever going to get: LTS - Debian Wiki

So no, you shouldn’t wait to start using a Debian release until it enters its LTS phase, because by then it’s already quite outdated. Instead, you should aim to upgrade to the new stable within the roughly one-year window between a new stable release and the previous release (oldstable) entering LTS. The LTS period might give you some extra breathing room if you’re not fully ready to upgrade by then, but it’s not meant to be used for general-purpose deployments in Debian. That’s what the stable releases are for.