How to Migrate Your Entire IT Operation to the Cloud

Today we are going to be talking about how to generally move your entire IT operation to the cloud. I will later post blogs about how to implement each specific function that I describe here, but this blog will cover what things can/should be moved and what technologies can be used to do so in a more general manner. And while some IT departments may have more specific or specialized needs, I will be going over categories that will likely apply to ALL IT departments. So, what will I be covering you ask dear reader? I will talk about how to migrate to the cloud the following functions: identity management, file servers, your desktops/laptops, your office applications, and your communications services. Let’s get started.

I tried to order these categories in a chronological way – meaning that it would be generally beneficial to do them in this order. The first on that list is migrating your identity management solution to the cloud. Obviously, there are other IdPs than just Active Directory, but seeing as Microsoft’s identity provider solution is the most popular and that Cyber Husky is a Microsoft shop – we’ll be discussing AD. So, tired of having domain controllers to manage, patch, replace, etc. etc.? There is a better alternative! Actually, there are a couple ways to do this one, but all of them involve using Azure Active Directory in some form. My preference is to completely blow away the on-prem AD and go to a cloud-only Azure Active Directory (from here on out referred to as ‘AAD’), but if you have some legacy applications or other reasons why you still need to hold onto on-prem AD for a bit longer, you can also go the hybrid AD=>AAD approach to give you a bit of the best of both worlds. Once you migrate to AAD, though, you will now get to use your organization’s username@organization.com accounts (Microsoft 365) for logging into your devices. Not only does this consolidate your accounts, but also gives you better security with options like MFA, PIM, and conditional access policies – all available with AAD. Furthermore, you can setup single sign-on with those same M365 accounts so that your organization uses the same account for virtually all your applications – what a time save and efficiency boost that will be! All of these AAD benefits also come with no need to host any kind of server/virtual machine domain controller. As I stated before, there are options for using those types of things if you have special use cases, but I’d recommend against it unless absolutely necessary. Going the AAD join route instead of the local network domain join route also sets you up for work from anywhere and for using things like Intune and Autopilot for device management – but those are topics for another blog. Moving on…

After you have your identity management moved (or maybe simultaneously to migrating your IdP), you will want to migrate your file servers. What technologies are available to us for doing this? For most organizations, you will want to use a combination of Azure Files, SharePoint/Teams, and OneDrive. We will be talking more about the latter two in other contexts later on, but I will talk about them as they relate to files here. Basically, you can host your files in SharePoint online sites – which are essentially the backend of Teams sites. This will be where you want to put all regularly accessed files. All files that are users’ files – but related to your organization (their ‘personal business’ files) will be stored in their ‘personal business’ OneDrive. Lastly, Azure Files can be used to literally replace file servers. There are several configuration options to doing this such as a cloud-only Azure Files approach or a hybrid approach that uses Azure Files as the single point of truth and uses your on-premises servers to sync with Azure Files and give you local access and capabilities. The cloud-only approach is the one we prefer clients move to if possible – and there are many ways to set this up (again for another blog), but you can do it straight through the Internet, using an Azure VPN, using an Azure ExpressRoute, and other options. Most of these options will allow you to give your users the same ‘mapped network drive’ user experience that they got with on-prem file servers so that the migration will be easy for them to transition to.

Once your IdP and file servers have been migrated, you can consider moving your computers to the cloud using either Azure Virtual Desktop or Windows 365. These cloud computers give your users access to PCs through any web browsers (they can bring their own device or you can make use of cheap Windows devices or even Chromebooks). This allows you to scale up and down compute demand, have better control of your devices, and possibly save some money in the process. Azure Virtual Desktop is currently better suited for larger and more complex operations whereas Windows 365 can be better for a more simplified approach. Even in the billing, Windows 365 is a per user/per month licensing cost depending on the device specs you choose whereas AVD is billed based upon compute and RAM pools, other VM server costs if you need those, networking/data costs, etc – but, as mentioned, it gives you much better control over your implementation, allows you to do more complex things, and it usually ends up being cheaper for those more complex implementations as well.

The last two things that you’ll want to look at migrating are your office applications and your communications services. Obviously, most office applications can be transitioned to using Microsoft 365 (and most of you are probably already using it), but you can also start to make use of SharePoint online, Power Apps/Automate, and Power BI. These applications will handle your overall organization needs, automating business processes, and for your reporting needs, respectively[TE1] . If you have legacy business applications that must be installed on a server – and there is no SaaS/online option available from that vendor, you can easily spin up Azure virtual machines to house these applications – and realize all the benefits of Azure in the process, like easy access from anywhere, cost savings, upgraded/maintained hardware, and easy scalability.

For communications, the obvious one is email which will be handled by Outlook from Microsoft 365. The web app for this has come a LONG way and is actually my preferred way of accessing the app. Also gaining popularity the past couple of years is Microsoft Teams (which comes with most 365 licenses). Between Outlook and Teams, you have a great centralized place to run your business from and have easy communication and productivity with everyone in your organization. Teams’ core functionality includes instant messaging (including to colleagues from other organizations that also use Teams), ‘Teams’ which are groups of people and a home base for those people, synchronization with Outlook’s calendar, voice and video calling, and file storage (using either OneDrive – for your business personal needs OR SharePoint for the backend/file storage attached to Teams sites). These are all great, but within the Teams you can also add tabs to do many additional things such as manage projects and tasks with the ‘Tasks by Planner and To Do’ app. More and more applications that are either Teams-native or have strong integrations with Teams are being added every day, so that is a huge boon to your organization’s productivity and communications. Last up for communications is the non-Internet, old school, call a phone number calling. This can be added into Teams with ‘Business Voice’ licensing. This service lets you port your organization’s phone numbers from other providers right into your cloud hub with Microsoft and then use Teams as the interface for making and receiving calls. It includes auto attendants, call queues, voicemail, call routing, and much, much more. It is a fairly new service from Microsoft, but we use it and are very happy with it from features to pricing. One thing it is currently missing that will likely (hopefully!) be added soon is the ability to send/receive text messages to/from the phone numbers associated with Business Voice.

And that’s it! Congratulations, you now know how to get going on bringing your organization into the future by migrating your core IT workloads into the cloud. Doing this will greatly increase your organization's agility and productivity. It will also make your employees and customers think you are much more organized and efficient – taking advantage of new and improved systems rather than holding out on legacy stuff until it dies. In future blog posts, I’ll take each one of these categories and try to give a more detailed break down of setting up some of this stuff and configuring it.

If you want to sit down and discuss your organizations specific situation and needs to hear what a cloud migration might look like – contact us today to set up a meeting where we will help you understand all the implications of upgrading your organization.