Migrating on-prem DC to Azure and more

Question

I have a client who has a 2016 Windows Server in their office. Nothing fancy. Standard server providing Active Directory. It's not doing DHCP but does DNS. No GPOs. A few mapped drives and 2 shared printers.

They are looking to completely remove the server and move to the cloud.

They currently have:

• Microsoft 365 Business Standard
• Microsoft Defender for Office 365 (Plan 1)
• No Azure AD connect syncing going on
• Your basic Azure AD that comes with Microsoft 365 (no addons or upgrades done)
• All computers are Win 10 Pro
• Everyone is using OneDrive
• SharePoint usage is low (they are still warming up on how to use it)
• Remote workers with laptops and never come to the office - they log in via their email address and pass/pin
• Small office - about 14-18 workers
• No need to sync anything or promote DCs in the cloud. I have no problem building them a brand new domain in the cloud and adding the users one by one.

They want a 100% cloud environment (minus the ISP modem, router, and switch they need for their LAN

I'm guessing - and please correct me where I'm wrong - this is new to me - they will need:

• Azure VM (with enough storage for their 2TB of data)
• Virtual Network
• VPN Gateway
• Azure DNS

Am I missing anything? I'm just gathering all the pieces I need before I start scoping this out for pricing. The client doesn't want some hybrid world. They just want to totally remove the server and have no domain in the office at all.

Thank you in advance for your reply.

Answer 1

There are a lot of ways that you can proceed here - but I would question the need for a Windows Server Active Directory Domain Controller at all. I'd consider Azure AD Joining the Windows 10 devices, moving the file shares into SharePoint, Azure Files or a NAS or something, and just completely drop the domain controller. To replace basic group policy to manage settings on the Windows 10 devices you would want to look at Intune, but if they aren't expecting exponential growth in the number of users at their company I would have to imagine licensing including Intune would be far cheaper than standing up a VM for a domain controller, not to mention a far better experience for them as they wouldn't need line of sight to the domain controller (ie: a VPN if they aren't in office) to get policy updates, access file shares, etc..

Answer 2

@Anonymous - I totally agree. I have talked with other employees about moving files from the server to SharePoint. It's a lot, but SP can handle it (or something else). I don't know if the users can handle it. They are so used to just going to the S or T drive and finding what they need.

At this point, they really don't even need a domain. By month-end, the company will be 100% laptop-based as all desktops will be scrapped (we're about 85% laptop already).

The only thing that could present an issue is one LOB app. A client/server app they use for their work. The software vendor doesn't offer any cloud solution. So, I'm not sure how to get around that.

I'm going to build out the feature set as I mentioned originally. But I'm also going to build out something on paper eliminating the VM for Azure DC and all. Right now, probably 99% of their work is on their computer, and remote workers only VPN to get access to files on the server. If those files are in SP or a hosted NAS or Azure Files - makes it a lot easier (in the office or outside the office) and no need for VPN.