Success Stories

Real Results for IT Leaders

Each story shows measurable improvements in Microsoft 365, Azure, and hybrid environments. No client names, just real outcomes.

CLIENT

Technology company

PROJECT

Hybrid Active Directory to cloud-native migration

TECH STACK

Entra IDEntra Domain ServicesIntuneMicrosoft 365Defender for EndpointAzure AutomationPower AutomateAdmin By RequestTeamViewerJira CloudConfluenceWindows Server NPS

Situation

Technology company, mid-sized enterprise. The client planned to transition from a hybrid Active Directory and Entra ID environment to a fully cloud-native model. The goal was to eliminate on-premises identity dependencies, streamline device management, and modernize the IT environment without disrupting daily operations.

Design & Implementation

• Assessed the hybrid environment and verified application compatibility with Entra ID and Entra Domain Services • Tested third-party tools to replace PKI and NPS where required • Set up Entra Domain Services with directory extensions and migrated applications to Entra ID or LDAP authentication • Created a certificate hash script to maintain NPS functionality, including dummy objects for cloud-only devices and users • Developed a PowerShell script to migrate Windows devices from hybrid join to cloud-only while preserving profiles • Optimized Intune policies and ensured TeamViewer availability at the login screen for support • Automated migration tasks and employee communications using Azure Automation and Power Automate • Created the project roadmap and managed tasks in Jira Cloud, with documentation stored in Confluence • Migrated devices step-by-step, decommissioned hybrid sync, and completed the switch to cloud-native • Provided post-migration support and fine-tuned client policies

Outcome

The company achieved a smooth migration to a cloud-native environment, with all devices and applications running on Entra ID or Entra Domain Services. On-premises dependencies were removed, security was improved, and IT operations are now simpler, faster, and fully prepared for future growth.

CLIENT

IT outsourcing provider

PROJECT

Microsoft 365 tenant migration

TECH STACK

Entra IDIntuneConditional AccessMicrosoft 365Defender for EndpointAdmin By RequestBitTitan MigrationWizMicrosoft LoopPower AutomateAzure AutomationSharePointOneDriveTeams

Situation

IT outsourcing provider, small-to-medium business. The client needed to migrate a subsidiary from a shared Microsoft 365 environment into a dedicated, securely configured tenant. This included building the new environment from the ground up, applying best-practice security settings, migrating all resources, and equipping the internal IT team with the knowledge and tools to manage the platform independently.

Design & Implementation

• Provided strategic consulting for migrating the subsidiary into its own Microsoft 365 tenant • Set up a new tenant with hardened security and best-practice configurations • Analyzed the source tenant, planned the migration, and created a detailed migration schedule • Designed and optimized license allocation to reduce costs • Deployed Admin By Request on all client devices to manage elevated privileges securely • Migrated mailboxes using BitTitan MigrationWiz • Managed the project using collaborative planning tools to ensure smooth execution • Documented all processes and configurations in Microsoft Loop for future reference • Conducted workshops for the internal IT team to build knowledge and operational confidence • Exported Teams chat histories from the source tenant as HTML and stored them in users' OneDrive in the new tenant • Migrated all required resources, files, and applications into the new tenant • Deployed a SharePoint environment as the central file storage platform • Implemented an automated HR onboarding workflow in Microsoft 365 to streamline new-hire setup • Provided ongoing post-migration support and advice on Microsoft 365 operations

Outcome

The subsidiary successfully transitioned to a dedicated, secure Microsoft 365 tenant with optimized licensing, modern collaboration tools, and automated onboarding processes. All mailboxes, resources, and chat data were migrated without significant downtime. The internal IT team received full training and documentation, enabling them to manage the environment confidently while benefiting from improved security, operational control, and reduced costs.

CLIENT

Service company

PROJECT

Modern workplace & secure access - Comprehensive IT modernization

TECH STACK

Entra IDIntuneConditional AccessApple Business ManagerEntra Application ProxyVeeam Backup & ReplicationVMware vSphereRemote Desktop ServicesFSLogixWindows Server NPSMicrosoft SQL ServerPacketFence802.1XAzure AutomationTeamViewer

Situation

Service company, mid-sized enterprise in Central Europe. Required comprehensive IT modernization and security improvements.

Design & Implementation

• Automated the deployment of Let's Encrypt certificates to Windows services • Delivered a modern Microsoft Remote Desktop Services farm with FSLogix and custom web portal templates • Set up a high-availability Microsoft SQL Server cluster • Implemented Veeam Backup & Replication as the enterprise backup solution • Automated routine tasks and compliance checks using Azure Automation • Deployed managed TeamViewer clients with centralized policy control and simplified connectivity • Replaced the legacy MDM with Intune for all corporate devices • Introduced Windows Autopilot for cloud-only device provisioning • Hardened all devices and Microsoft 365 Apps in line with CIS guidelines • Enabled app protection policies for personal devices • Deployed Conditional Access with MFA and risk-based policies • Published key internal applications through Entra ID Application Proxy • Designed and implemented a SharePoint hub with a structured information architecture • Decommissioned multiple legacy applications within the corporate network • Reduced Microsoft 365 licensing costs significantly through targeted optimization • Implemented PacketFence as the network policy server (NPS) and PKI certificate authority

Outcome

A modernized, secure workplace with streamlined device management, reduced licensing costs, and improved operational efficiency.

CLIENT

Professional services firm

PROJECT

Modern workplace modernization & secure access implementation

TECH STACK

Entra IDIntuneConditional AccessDefender for EndpointAzure Landing ZonesAzure PoliciesSharePointConfluence CloudAzure Virtual DesktopPrivate AccessActive Directory

Situation

Professional services firm, small-to-medium business, serving clients across multiple industries. Needed to modernize internal Microsoft 365 and Azure environments.

Design & Implementation

• Performed a full analysis and hardening of the Microsoft 365 tenant • Cleaned up existing Intune configuration and deployed new policies for all device types based on industry standards • Migrated hybrid resources from one Active Directory environment to another • Transitioned hybrid resources to cloud-only where possible • Introduced app protection policies for secure use of corporate data on mobile and personal devices • Deployed Azure Virtual Desktops with Azure Hibernate to optimize costs and availability • Implemented an Azure Landing Zone with governance policies and migrated existing resources into the new structure • Provided support for customer-specific projects and technical challenges • Designed a conceptual approach for connecting the company intranet with SharePoint • Configured Entra ID single sign-on for multiple business applications

Outcome

A secure, cloud-first workplace with standardized device management, industry-aligned security policies, and integrated identity services.

CLIENT

Distribution company

PROJECT

Cloud foundation & security: Entra ID, Sentinel, Intune, Hybrid Exchange

TECH STACK

Entra IDMicrosoft 365IntuneDefender for EndpointExchange HybridMicrosoft Sentinel

Situation

European distribution company, mid-sized enterprise across multiple locations. Moving from on-premises infrastructure to cloud.

Design & Implementation

• Prepared the Entra ID tenant and Microsoft 365 services; set up Entra ID Connect and hybrid join • Implemented Intune device enrollment and app deployment via winget; rolled out Defender for all device types • Set up Apple device management with ABM and tested cross-platform enrollment • Built Exchange Hybrid; migrated mail flow and mailboxes • Deployed Microsoft Sentinel with Microsoft 365 data connectors; configured alerting and governance • Produced documentation and handover

Outcome

A secure, governed cloud core with standardized device onboarding and mail migration complete—monitored centrally via Sentinel.

CLIENT

Technology company

PROJECT

Global Intune rollout and Entra ID Join migration

TECH STACK

IntuneAutopilotWindowsDefenderNPS/RADIUSEntra ID Join

Situation

Global technology company, mid-sized enterprise across multiple sites. Fast-growing firm needed complete endpoint management overhaul.

Design & Implementation

• Collected inventory; produced the Intune concept and profiles • Migrated GPO/on-premise policies into Intune • Deployed required apps; hardened Windows, Defender, Microsoft 365 Apps and 3rd-party apps • Implemented Intune Certificate Connector and device/user cert sync for NPS/RADIUS • Built Autopilot workflow; cut-over from Hybrid Join to Entra ID Join • Documented and handed over to the internal IT team

Outcome

Standardized endpoint management with cloud join; stronger device trust; simplified provisioning for new hires worldwide.

CLIENT

Media company

PROJECT

Azure governance with Terraform + Docs platform + Automation at scale

TECH STACK

Terraform CloudAzure PoliciesGitHub ActionsAzure AutomationPowerShellDocusaurus

Situation

Global media organization, large enterprise, multi-forest environment. Multiple teams needed consistent infrastructure standards.

Design & Implementation

• Established governance: naming, Azure Policies, roles, and assignments as code • Implemented Terraform Cloud workflows for landing zones and standard resources • Migrated international scripts to Azure Automation; hardened and instrumented with logging • Built a documentation platform (Markdown + Docusaurus) with CI/CD and Azure auth • Moved legacy scripts and job schedulers to a unified model • Produced operating guides and handover materials

Outcome

Policy-driven Azure at scale, automated deployments, centralized docs, and resilient runbooks that reduced toil for product teams.

CLIENT

Financial services enterprise

PROJECT

Azure enterprise-scale foundation

TECH STACK

Azure enterprise-scaleAzure PoliciesAzure DevOpsGit

Situation

Global financial services enterprise, large enterprise. Required enterprise-ready Azure foundation.

Design & Implementation

• Extended Azure Policies and RBAC with guardrails • Helped define organizational structure and hub-and-spoke network foundations • Integrated existing resources into the new model • Created automations for repeatable provisioning and compliance

Outcome

A governed Azure foundation the internal teams can scale with confidence, backed by automation and clear standards.

CLIENT

Operations company

PROJECT

From ADFS to Entra ID + Intune Autopilot standardisation

TECH STACK

Entra IDIntuneAutopilotWindows Update for BusinessDefender for EndpointMFA

Situation

Global operations company, mid-to-large enterprise. Full infrastructure rebuild was underway.

Design & Implementation

• Migrated authentication from ADFS to Entra ID Connect; decommissioned ADFS • Introduced MFA for admins; designed Entra ID/Microsoft 365 role model • Rolled out Intune + Autopilot; packaged baseline apps (incl. MSIX) • Standardized BIOS, encryption, and Windows Update for Business • Deployed Defender for Endpoint; removed legacy AV • Produced an IS analysis and documentation to support the new build-out

Outcome

Modern identity and device platform in place; secure admin posture; faster device provisioning; clear operating model for the global IT team.

CLIENT

Technology company

PROJECT

Modern workplace & secure access

TECH STACK

Entra IDIntuneConditional AccessDefender for EndpointEntra Application ProxySharePoint

Situation

Global technology company, mid-sized enterprise across multiple locations. Rapid growth created access and device management challenges.

Design & Implementation

• Introduced Intune MDM and app protection; standardized policies for all endpoints • Rolled out Conditional Access with MFA and risk-based policies • Published key internal apps via Entra Application Proxy; removed VPN dependency for routine tasks • Implemented Microsoft Defender ATP policies; connected signals to Cloud App Security • Built a SharePoint hub information architecture; trained 500 staff • Introduced company-wide password manager; migrated and structured credentials • Implemented Microsoft 365 backup for Exchange, SharePoint, and OneDrive • Documented the environment and handed over operations

Outcome

Secure, VPN-light access model; manageable endpoints worldwide; knowledge centralized; day-to-day admin effort reduced and processes documented.

Implementation Details on ConfigForge

Dive deeper into the technical approaches and best practices behind these success stories.

Visit ConfigForge

by Opsora

Ready for your own success story?

Each of these stories started with a consultation call. Let's discuss your Microsoft 365 and Azure challenges.

Book a consultation About me