Author’s Note: I write my own blogs. That’s unusual. Blogs are often authored by a service and then reposted, especially in IT, or written by AI from a few key words. Instead, I choose the topics that might be of most interest to our clients and write to them – to you – directly. While it does take a little more time to write my own content, it does mean that we are well versed in the subjects I send to you. So, please always feel free to reach out to me if you have any questions or comments about anything I write, including any topics you’d like to learn more about. Thank you. – Robert Hood.
The Promise of the Cloud
The promise of Cloud Services was almost utopian to small businesses. Small businesses could deploy enterprise software solutions with no upfront costs, no infrastructure development, at relatively low monthly costs. While the reality of the implementations may not quite live up to that promise – especially when it comes to costs – it has, more or less delivered. If you are a new startup, from day one, you can build your operations around modern, integrated platforms that support growth without the traditional IT overhead.
Getting from Old to New
But if you are an established business, how do you transition over to this new model? It’s not like you can just turn off your current systems, fire up the new, and just go live from there. All your digital assets, authentication and database systems, and line of business applications have to be migrated, while at the same time keeping your business up and running, providing services and generating revenue.
If you are a very small business (e.g. 4 or fewer employees) with a small digital footprint, sometimes you can use a waterfall event to switch – do a manual extraction of current data, stop using the old system, start using the new, and upload what data you need. Such small businesses might be able to do this with only a day or so of downtime and take a few weeks to smooth out the rough edges of the move. But that doesn’t apply to most businesses.
Migration Phases
For most companies, the systems and services migration for a digital transformation should be done in such a way that each phase builds upon the last and minimizes operational impact. There are several combinations of FROM sources and TO destinations that will dictate the details of the migration. But the general steps are:
- Pre-Migration Tasks
- Intune Deployment
- Move Files to the Cloud
- Implement New Print Services
- Move Network Services
- Convert to EntraID Joined Workstations
- Post-Migration Tasks
If you are going from Microsoft Active Directory (AD) to Google, Google to Entra ID (formerly Azure AD), or to a third-party directory/authentication service, the workflows are similar but the details differ.
Let’s briefly discuss each of these phases when going from Microsoft AD to Microsoft Entra ID in a little more detail
Pre-Migration Tasks
This is an extremely important phase for both migration planning and scheduling, as well as checking off several migration prerequisites. The biggest initial prerequisite is checking that all custom applications have already been moved to the cloud or are cloud ready. For many organizations, this can be a substantial effort and a hard showstopper on the transformation until completed.
Other prerequisites include:
- Assuring the workstations meet the requirements of cloud migration.
- Verifying that your internet speed is fast enough to accommodate the expected load.
- Cloud backups are in place.
- You have the right Microsoft 365 licensing.
- Entra ID is synced with Active Directory.
During this phase, you also need to define your corporate storage requirements – capacity, performance, and permissions. This will be very important before you select your cloud storage platform.
Intune Deployment
If you are using Microsoft Active Directory, Group Policy Objects (GPOs) are an important component of implementing specific policies, controls and compliance requirements to workstations. This role is taken over by Microsoft Intune with Entra ID. But there isn’t a one-to-one translation between the two, so this phase involves developing new Intune policies that will mimic what your GPOs do in your current environment. Once that is defined, you then push out Intune and its policies to your workstations.
Move Files to the Cloud
For something so basic to a business’ operations, this is a surprisingly complex and challenging part of the migration. If you are planning on cleaning up the contents or permissions of your files, you generally want to do this before the migration, unless the structure of the migration will help you achieve your goal. Before you decide on your destination cloud file platform the storage size, performance and permissions play a key role. But how tolerant your staff is of change will also play into it.
If you mostly have small, simple office documents (e.g. Microsoft Word or Excel) and less than 1 TB of documents, a straightforward migration to SharePoint might work best. In that case, this is especially economical as SharePoint is included with almost all the Microsoft 365 licenses. However, it is important to remember that SharePoint really wants to be organized according to the teams that will be using which files, so you may want to reorganize the file grouping to align with the teams using them. Also try to keep the files in any file group to a reasonable size. Having too many files in a file group can hamper performance and proper syncing of files to the workstations. SharePoint is also not as easily amenable to simple drive letters, preferring to use links instead. If you have users that don’t want to use links, or you have files that use existing drive letter links to other documents, the transition to SharePoint will have challenges.
If you have more than 1 TB of files, a large group of files that can’t logically be split up, or your files are large (e.g. AutoCAD files), or you have any of the other issues above that would rule out SharePoint, then you might want to look at a cloud file service. You also have the option of self-hosting your “cloud files” through a proxied mechanism (although that keeps your files on-premises instead of in the cloud). But there are additional costs with these, and your internet bandwidth can play a central role in how these solutions are configured and deployed.
Implement New Print Services
Since the PrintNightmare vulnerability back in 2022, Microsoft Server print server services have become more limited. But those services and their AD tie-ins will go away completely if you get rid of your Microsoft Server and switch to Entra ID.
Microsoft’s cloud replacement for this is Microsoft Universal Printing. This may require additional licensing costs and seems to only work with printers that are Microsoft Universal Printing compliant (not to be confused with HP Universal Print Driver, which is completely different). At this time, Microsoft Universal Printing is also a little clunky and difficult to work with. If you have printers that not compliant, or you can’t get Microsoft Universal Printing to work properly, you might want to look at a third-party print server solution.
Move Network Services
Before you retire your Microsoft Active Directory Services, you will need to move your network services off your on-premises servers to other infrastructure. This includes your DHCP services, DNS services, and Wireless Authentication.
DHCP and DNS will generally be moved to your Firewall, although in some cases you might move them to a utility server (such as Linux) or an appliance. If you have a need to access several internal devices, you will likely want to keep an integration between your DHCP and DNS; if you don’t, it probably won’t matter.
Cloud based Wireless Authentication is a little more challenging. So much so that you might want to just go back to WPA2/3 passwords. But for many organizations this is a major step backward in both internal controls and security. There are several different evolving solutions. For example, if you want to keep essentially the same configuration you had with Active Directory, you can deploy a cloud radius server (or even an on-premises one) coupled with a cloud authentication server. However, this really is just keeping a lightweight AD structure around and may require everyone to reset their passwords. You can implement certificate-based Wi-Fi access, but that requires a certificate server backend. Another option is to tie in your Wi-Fi access to your Entra ID authentication, but this requires the right combination of firewall and captive portal configurations. Some vendors are creating their own implementation, hoping it will become a widely accepted norm. Overall, the right solution for a business depends on their security requirements, size, cost tolerance and if they are an early adopter or want only mature solutions.
Convert to EntraID Joined Workstations
The last major step is to reconfigure your Entra ID hybrid joined workstations to be native joined. Microsoft’s recommendation for this is to reformat the workstation and then perform a native join it to your Entra ID domain. However, there are tools out there that will greatly simplify this migration, largely keeping your settings and avoiding the hassle of a wipe and rebuild. But in any case, it does mean touching every computer. Depending on the approach and tool selected, this may be able to be done remotely, but some support and assistance is probably going to be needed for each workstation migration.
Post Migration Tasks
After the migration there is a little clean up to be done. In this case the old servers, both virtual and physical, that were used for AD, files, print servers, etc., need to be retired and securely disposed. Typically, the servers will be shut down for a period of some time (e.g. 30 days), to assure nothing on them is needed before permanently destroying them. Likewise, other equipment that was obsoleted by this migration such as printers and backup appliances will also need to be retired and securely disposed.
Migration Costs and Time
As is evident from the above, there’s a fair amount involved in a digital transformation. The above can take anywhere from a month to several months depending on how aggressive the business wants to be in getting through the process. There will be some staff impact with each of the migration phases, so the limit will often be how quickly the organization can accept change.
There are some licensing and software costs associated with the migration, but most of those are for changes in subscriptions, and those are opex costs and not front-loaded capex costs. The bulk of the costs for this transformation project will be labor. The cost will vary, in some cases greatly, from business to business, and with the source and destination platform of the migration. It will also depend on the labor rates in your local market. But in a metro area with a higher cost of living, a good starting budget for a company with 20 computer users would be about $1,000 per user, although there is some economy of scale, i.e. cost per user may go up in a smaller company and go down in a larger business.
Post Migration Costs
New startups who went directly to an all-cloud architecture don’t have anything to compare to. However, businesses that have a current on-premises infrastructure and undertake a digital transformation, will see their monthly costs go up, and their bulky capex costs (such as a new servers) go down. Likewise, labor costs to maintain an on-premises infrastructure will be shifted to paying higher licensing costs for the cloud providers. In the end it’s largely a wash (which isn’t a coincidence). Companies shouldn’t undertake a digital transformation to reduce costs, but instead to reduce complexity and risk, as cloud solutions are generally more reliable than on-premises solutions due to the inherent redundancy built into them.
Need Help with Your Digital Transformation?
SpotLink has extensive experience guiding businesses through digital transformations, across a wide range of source and destination platforms. To learn more or get started, contact us at:
📧 [email protected]
📞 +1-855-SpotLin
Robert Hood
CEO & Founder
SpotLink®
Copyright 2025 SpotLink®