What We'll Do
Technology changes only succeed when the people using them are comfortable and confident. This phase ensures every team member knows how to use the new tools, understands the self-service model, and has a clear support path for questions after go-live.
We will conduct hands-on training, provide quick-reference materials, deploy the employee offboarding procedure, update all documentation, and transition Boardwalk Real Estate to ongoing managed IT support.
Staff Training Sessions (1–2 Hours)
We will conduct hands-on training sessions covering the tools employees will use daily:
Email & Calendar
Outlook Web and Desktop: sending and receiving email, managing calendars, scheduling meetings. Mobile Outlook setup and the MAM PIN — what it is and why it is there.
Files & Sharing
OneDrive and SharePoint: finding files, sharing with colleagues, recovering deleted files, version history, and setting up OneDrive backup manually.
Security & Self-Service
MFA setup, Microsoft Authenticator app, self-service password reset at passwordreset.microsoftonline.com, MFA recovery, and what to do if locked out.
MAM & App Protection
What the MAM PIN means on your phone, why you cannot copy work data to personal apps, and how selective wipe protects your personal data if you leave the company.
Quick Reference Materials
We will provide printed and digital quick-reference cards for the most common tasks:
- How to find your files (SharePoint and OneDrive)
- How to reset your password (passwordreset.microsoftonline.com)
- How to set up email on your phone (Outlook app + MAM PIN)
- How to manage your MFA methods (mysignins.microsoft.com)
- How to add an office printer by IP address
- How to set up OneDrive backup (Desktop, Documents, Pictures)
- Who to call for IT support
Microsoft Teams — Rollout Decision
The v2.0 proposal uses the M365 Business Premium SKU without Teams (~$20/user vs $22 with Teams). If Boardwalk decides to adopt Teams for internal messaging and meetings, it can be added as a standalone license later. This keeps the initial rollout focused on email, files, and security — adding Teams when the team is ready avoids change overload.
Employee Offboarding Procedure
When an employee leaves the company, the following steps are executed within the specified timeframes. This replaces the traditional "reimage the PC" approach — since we do not manage devices, we remove access at the identity and app layer instead.
- Within 15 minutes: Disable account in Entra ID
- Within 15 minutes: Revoke all active sessions (forces immediate sign-out everywhere)
- Within 1 hour: MAM selective wipe — removes ONLY work data from personal devices (Outlook, OneDrive, Teams app data). Personal photos, apps, and files are not touched.
- Within 24 hours: Convert mailbox to shared (preserves email history, frees the license)
- Within 24 hours: Transfer OneDrive files to manager
- Within 7 days: Remove from all security groups and distribution lists
- After 90-day retention: Delete account and archive audit logs
- Documentation: Export audit logs and document in change record
In the v1.0 model with Intune-managed devices, a departing employee's PC would be fully wiped. In v2.0, we use MAM selective wipe instead — this removes only the company data inside M365 apps (Outlook, OneDrive, Teams) from the employee's personal phone and PC. Their personal files, photos, and apps remain completely untouched. This is actually a better experience for the employee and achieves the same security outcome.
Documentation Updates
- Update internal documentation with new architecture
- Update asset management records (remove servers, add M365 tenant details)
- Create runbook for common support tasks
- Document all DNS records, admin accounts, and configuration settings
- Document MAM policies, DLP rules, sensitivity labels, and Conditional Access policies
- Verify all LOB applications (Dotloop, DocuSign, ShowingTime, MLS tools, transaction management, CRM) are functional post-migration — confirm any that used AD authentication or Exchange SMTP relay have been updated to M365 credentials
Ongoing Managed Support
Once training is complete, Boardwalk Real Estate transitions to standard managed IT support:
Help Desk
Phone, email, and ticketing support during business hours. A real person who knows your environment — not a generic call center.
Proactive Monitoring
24/7 monitoring of Microsoft 365 services and security alerts. We catch problems before they become outages.
Identity & Access Management
Ongoing Conditional Access policy tuning, MFA support, new user onboarding, and employee offboarding. Your security posture improves over time, not just at go-live.
Security Management
DLP policy tuning, sensitivity label updates, Defender alert review, and quarterly access reviews. Threat monitoring and incident response included.
Monthly Business Reviews
Scheduled review of IT health, ticket trends, and recommendations. Transparent reporting so you always know where things stand.
Self-Service Portal URLs
These are the key URLs every Boardwalk employee should bookmark:
| Portal | URL | Purpose |
|---|---|---|
| Office Portal | portal.office.com | Access all M365 apps, download Office |
| Webmail | outlook.office365.com | Email, calendar, contacts |
| Password Reset | passwordreset.microsoftonline.com | Self-service password reset (requires MFA) |
| My Sign-ins | mysignins.microsoft.com | Manage MFA methods, review sign-in history |
First Monthly Review
We will schedule the first Monthly Business Review (QBR) with Mike Joly approximately 30 days after migration completion. This review covers: migration success metrics, any outstanding issues, user adoption feedback, and recommendations for the next quarter.
Verification Checklist (Post-Migration)
Final confirmation that everything is working as expected across the entire migration:
- All users can sign in and send/receive email at outlook.office365.com
- All users can access SharePoint document libraries
- OneDrive backup configured for all users (Desktop, Documents, Pictures)
- MFA enforced on all accounts (no exceptions)
- Conditional Access policies active: blocking legacy auth, risky sign-ins, and non-US locations
- MAM policies applied on mobile devices (Outlook PIN prompt confirmed)
- DLP policies active (test with sample sensitive content)
- Sensitivity labels available in Word, Excel, Outlook
- Defender P1 active: Safe Links and Safe Attachments verified
- Printers working at both office locations
- QuickBooks accessible and functional
- All XP and Win7 machines disconnected from the network
- Old servers powered off for 30 days with no reported issues
- External DNS records updated (no references to old server IPs)
- Barracuda email filtering cancelled (after 30-day validation)
- Client data archived to external drive before server decommission
- Offboarding procedure documented and tested