The Problem

A 75-person professional services firm came to us in a familiar situation: nobody really knew what was running on their network.

Over the years, departments had spun up their own tools, shared passwords in spreadsheets, and accumulated software subscriptions nobody could account for. IT was reactive — they fixed things when they broke. There was no documentation, no asset inventory, and no unified identity management.

Then they had a near-miss with a phishing attack. That was the wake-up call.

The issues we inherited:

• No centralized device management or MDM
• Shared admin credentials across multiple systems
• 17 active software subscriptions with no assigned owner
• Zero MFA enforcement
• No offboarding process — departed employees still had active accounts

What We Did

We started with a full environment audit — every device, every account, every application. From there, we built and executed a 30-day remediation plan.

• Deployed Microsoft Intune for unified device management across all 75 users
• Enforced MFA across all accounts — no exceptions
• Migrated identity management to Entra ID with role-based access controls
• Eliminated shadow IT through policy enforcement and department stakeholder alignment
• Built a full asset inventory and documentation library — first time it ever existed
• Established a formal offboarding checklist and automation trigger

No downtime. No drama. Users barely noticed — which is exactly how it should go.

The Results

• 75 users fully onboarded to modern, managed environment
• Zero downtime during migration window
• Shadow IT eliminated within 30 days of engagement
• 17 unused SaaS subscriptions cancelled — immediate cost savings
• First-ever documented IT environment — leadership finally has visibility
• Security posture moved from reactive to proactive

They now have an IT foundation that can actually scale. That's not a small thing.