Full Managed IT Transition for SMB

Engagement Overview

Cybernerds was engaged to take over full IT management for a 65-person professional services firm that had been underserved by their previous break-fix IT provider. The engagement began with IRIS to assess the current state of their Microsoft 365 environment and IT infrastructure, followed by a structured onboarding into Cybernerds' managed services program with standardized configuration, proactive monitoring, and defined service level agreements.

Initial State

The organization's previous IT provider operated in a break-fix model with minimal proactive management. Key conditions discovered during IRIS included:

• ✓No device management — endpoints configured individually with no standardization
• ✓Microsoft 365 licensed at Business Premium but running at Basic-level configuration
• ✓Shared mailboxes with stored passwords rather than proper delegation
• ✓No file governance — critical business files scattered across local drives, personal OneDrive, and an unmaintained SharePoint site
• ✓No security policies — no MFA, no Conditional Access, no compliance policies
• ✓No documentation — previous provider maintained no records of configuration or credentials
• ✓Average ticket response time from previous provider exceeded 48 hours

Key Challenges

• ✓Baseline: No documentation from the previous provider — configuration state required full discovery
• ✓Credential Recovery: Multiple shared accounts, service accounts, and admin credentials undocumented
• ✓Data Governance: Business-critical files distributed across inconsistent storage locations
• ✓User Trust: Staff frustrated from years of poor IT support — skeptical of another provider
• ✓Security Exposure: No MFA on any account, including global administrators
• ✓Licensing: Business Premium licenses paid for but premium features completely unused

Solution Design — Managed Services Onboarding

• ✓Credential Audit: Full discovery and documentation of all accounts, service principals, and administrative access
• ✓Intune Deployment: Endpoint enrollment, compliance policies, and standardized device configuration
• ✓M365 Optimization: Enable and configure all Business Premium features — Intune, Defender, DLP, Conditional Access
• ✓File Governance: Migrate scattered files to structured SharePoint sites with proper permissions by department
• ✓Exchange Cleanup: Replace shared password mailboxes with proper delegation and shared mailbox configuration
• ✓Security Baseline: MFA enforcement, Conditional Access, Defender for Business deployment
• ✓Helpdesk: Dedicated support channel with 4-hour SLA for standard requests, 1-hour for critical issues
• ✓Proactive Monitoring: Monthly health checks, patch compliance, and security posture reviews

Implementation — Onboarding Execution

Onboarding was completed over three weeks with minimal user disruption. Staff received a brief orientation on the new support process and self-service tools.

• ✓Completed credential audit and secured all administrative accounts with MFA within 48 hours
• ✓Enrolled all endpoints in Intune with baseline compliance policies and device configuration
• ✓Deployed Defender for Business across all devices with centralized management
• ✓Configured Conditional Access requiring MFA and compliant devices for all tenant access
• ✓Migrated files from local drives and personal OneDrive to departmental SharePoint sites
• ✓Rebuilt Exchange Online configuration — proper shared mailboxes, distribution groups, and mail flow rules
• ✓Deployed OneDrive Known Folder Move to protect user desktops, documents, and pictures
• ✓Configured Windows Update for Business with staged deployment rings
• ✓Built implementation record documentation covering the complete tenant configuration
• ✓Launched helpdesk with Teams-based ticketing and defined SLA commitments

Ongoing Operations

• ✓Helpdesk support with 4-hour standard / 1-hour critical SLA
• ✓Monthly patch compliance and security posture review
• ✓Quarterly business review with firm leadership
• ✓New employee onboarding and offboarding automation
• ✓License management and optimization
• ✓Proactive monitoring and remediation of compliance drift
• ✓Annual security assessment and recommendations

Outcome

• ✓Full managed IT services operational with defined SLAs — replacing unreliable break-fix model
• ✓All endpoints enrolled in Intune with standardized configuration and compliance enforcement
• ✓Microsoft 365 Business Premium features fully utilized — no longer paying for unused capabilities
• ✓MFA and Conditional Access enforced for all users — eliminating the largest security exposure
• ✓File governance established with departmental SharePoint sites and proper permissions
• ✓Helpdesk response times reduced from 48+ hours to under 4 hours (standard) and under 1 hour (critical)
• ✓Complete implementation record documentation — the firm is no longer dependent on tribal knowledge
• ✓Staff satisfaction measurably improved — reported in first quarterly review