Cloud Migration Proposal — v2.0 (WFH-First)

Boardwalk Real Estate Corp.

Eliminate aging on-premises servers. Move to a modern, secure, cloud-only Microsoft 365 environment — without requiring new PCs or device management. Security lives at the identity and cloud layer.

Client: Boardwalk Real Estate Corp.
Prepared: March 2026
Version: 2.0 (WFH-First)
Classification: Confidential

The Challenge

Boardwalk Real Estate's current IT infrastructure relies on servers and software that have reached end-of-life. This creates real business risk:

Security Exposure

Windows Server 2008 R2 and Exchange 2013 stopped receiving security patches years ago. The email server is publicly accessible on the internet with no multi-factor authentication.

Hardware Failure Risk

The Dell PowerEdge T110 II hosting critical services is over 10 years old. A single disk or power supply failure could take down email, files, and Active Directory simultaneously.

Outdated Workstations

Windows XP and Windows 7 machines remain on the production network. These operating systems are unsupported and cannot run modern security software.

No Disaster Recovery

Backups target a single NAS device that has never been tested for recovery. There is no off-site backup and no documented recovery procedure.

The Solution — v2.0 (WFH-First, No Device Management)

We will migrate Boardwalk Real Estate to a fully cloud-hosted Microsoft 365 Business Premium environment. When complete, there will be no on-premises servers to maintain, patch, or replace.

Unlike a traditional device-managed approach, the v2.0 model does not require new PCs, does not enroll devices in Intune, and does not use Autopilot. Employees keep their existing computers (or personal devices). Security is enforced at the identity and cloud layer — MFA, Conditional Access, MAM app protection, DLP, and sensitivity labels — instead of at the device level.

What Changed from v1.0

Dropped: Entra ID Join, Intune device enrollment, Windows Autopilot, Universal Print, mandatory PC purchases, device-based Conditional Access.
Added: MAM app protection (protects M365 apps on personal devices), identity-only Conditional Access, DLP policies, sensitivity labels, employee offboarding via MAM selective wipe.
Result: Same cloud migration, same security standards, ~$10,000–$15,500 less in upfront hardware costs, and no disruption to how employees use their devices.

Architecture: Before & After

Current (On-Premises)

Windows Server 2008 R2 — Domain Controller
Exchange 2013 — Email (public-facing, unpatched)
Windows Server 2016 — File Server & Print Server
Active Directory — boardwalk.local (2 DCs)
Barracuda — Email Filtering (3rd party)
Windows XP & 7 Workstations
QuickBooks — Mapped H: Drive
Site-to-Site VPN — SonicWall ↔ Sophos

Target (Cloud-Only, No Device Management)

Entra ID — Cloud Identity + Conditional Access
Exchange Online — 50GB Cloud Mailboxes
SharePoint Online — Company File Storage
OneDrive — 1TB Personal Storage per User
Defender for Office 365 P1 — Email Security (mandatory)
MAM + DLP + Sensitivity Labels — Data Protection
QuickBooks Online or Hosted Desktop
Internet-Only — No VPN Required

Cost Comparison

$1,000–1,850
Current monthly IT cost (servers, licenses, maintenance, power)
~$520
New monthly cost (M365 + Defender P1 + QuickBooks Online)
$480–1,330
Monthly savings after migration
Category Current (On-Prem) After (Cloud) Monthly Savings
Server hardware (amortized) $300–500 $0 $300–500
Server OS & Exchange licensing $200–400 $0 (included in M365) $200–400
Backup hardware & software $100–200 $0 (included) $100–200
Power & cooling for servers $100–150 $0 $100–150
Patch management labor $200–400 $0 (automatic) $200–400
Barracuda email filtering $50–100 $0 (Defender replaces) $50–100
Print server management $50–100 $0 (direct IP printing) $50–100
Total $1,000–1,850/mo ~$520/mo $480–1,330/mo

New Monthly Recurring Costs

Service Per User Users Monthly
Microsoft 365 Business Premium (no Teams) ~$20 20 ~$400
Defender for Office 365 P1 (mandatory) $2 20 $40
QuickBooks Online Plus (if QBO) ~$80 flat 1–5 ~$80
Total Monthly ~$520

One-Time Costs

Item Your Cost Client Price (10% markup) Notes
Replacement PCs (XP/Win7 only, ~5 units) ~$3,750 ~$4,125 Must-replace only — existing Windows 10/11 PCs stay
FIDO2 security keys for admins (2x) ~$100 ~$110 Phishing-resistant MFA for admin accounts
Migration labor $100/hr or flat rate (TBD after Phase 0) Estimate after discovery scoping
Estimated Hardware Total ~$3,850 ~$4,235
Year 1 Comparison: v2.0 vs. v1.0

v1.0 Year 1 (excl. labor): ~$6,240 recurring + $13,200–$19,800 hardware = $19,440–$26,040
v2.0 Year 1 (excl. labor): ~$6,240 recurring + ~$4,235 hardware = ~$10,475
Savings: approximately $10,000–$15,500 in Year 1. Monthly recurring costs are similar; the savings come almost entirely from not requiring 15–20 new PCs.

Project Timeline

The migration is planned across 8 phases over approximately 8 weeks. Some phases overlap to minimize the total project duration.

Week 1
Discovery
Week 2
Identity & Tenant
Week 3
Email Cutover
Weeks 3–4
File Migration
Weeks 2–5
QuickBooks
Weeks 4–5
Security Hardening
Week 5
Printers
Weeks 7–8
Decommission
Week 8+
Handoff

Migration Phases

Start Here

Why Right Now

Three years of accumulated risk, two EOL deadlines, and one firewall past its replacement window. This page explains the situation before the plan.

Read the case for acting
Phase 0

Discovery & Assessment

Remote session to inventory servers, file shares, mailboxes, printers, and workstations. Confirm scope, budget, and device ownership.

Pending
Phase 1

Identity & Tenant Setup

Create the M365 tenant, set up user accounts in Entra ID, configure MFA, Conditional Access policies, and password policies.

Pending
Phase 2

Email Migration

Cutover weekend: migrate all mailboxes from Exchange 2013 to Exchange Online. Update DNS. Retire Barracuda.

Pending
Phase 3

File Migration

Move ~400GB of company files from the on-premises file server to SharePoint Online and OneDrive for Business.

Pending
Phase 4

QuickBooks Decision

Evaluate QuickBooks Online vs. hosted Desktop based on feature requirements. Migrate or provision accordingly.

Pending
Phase 5

Security Hardening

Configure MAM app protection, DLP policies, sensitivity labels, and Defender for O365 P1. Deploy self-service user onboarding.

Pending
Phase 6

Printer Setup

Add office printers by IP address. No print server, no cloud printing service. WFH users use their own printers.

Pending
Phase 7

Decommission

Power off servers, simplify firewalls, remove old equipment, and clean up DNS records.

Pending
Phase 8

Handoff & Training

Train staff on M365 self-service model, document the new environment, deploy offboarding procedures, and transition to managed support.

Pending

Risk Register

Risk Impact Mitigation
QuickBooks Desktop features required that QBO lacks Blocks full cloud migration Evaluate in Phase 0; hosted Desktop as fallback
ISP bandwidth insufficient for cloud-only Poor user experience Test in Phase 0; upgrade ISP if needed
Users resist change Adoption issues, more support tickets Self-service guide + training sessions; parallel operation for 2 weeks
Data loss during file migration Business disruption Full backup before migration; validate integrity
Mail delivery issues during MX cutover Missed emails Saturday cutover; keep old Exchange running 48 hours
Exchange 2013 migration compatibility issues Cutover may fail Test with pilot mailboxes first; hybrid as fallback
Personal device lacks endpoint protection Malware on unmanaged PC MAM isolates work data; Defender P1 protects email; BitLocker recommended
User saves sensitive data locally Data outside cloud protection boundary DLP warnings; MAM blocks Save As on mobile; sensitivity labels encrypt files
Start Here: Why Right Now