March 7, 2026

Summary

A global enterprise undergoing corporate divestiture needed to separate a multinational business unit from the seller’s infrastructure and establish a new centrally managed environment spanning the UK and Asia. The programme covered more than 1,500 users, their devices, and over one million permissions, all of which had to move into the new estate without interrupting business operations.

Once the core transition had completed, a second challenge became unavoidable. A large proportion of the migrated Windows estate was no longer on a supportable baseline, so the environment needed a structured compliance recovery programme before security, support, and operational stability could be normalised.

Challenge

The primary challenge was executing this complex migration with minimal disruption to business operations. However, a significant secondary challenge emerged immediately post-migration: the fleet of over 1,500 migrated Windows 10 endpoints exhibited widespread OS version non-compliance.

Many devices were running outdated and unsupported builds, creating a significant security vulnerability, increasing support overhead, and preventing the rollout of modern management and security features. This required an immediate and structured remediation effort to bring the entire device estate up to a secure and supportable baseline.

Objectives

• Successfully migrate all 1,500+ devices and user accounts from the seller’s network into a new Active Directory environment.
• Remediate all migrated endpoints to a compliant, fully supported version of Windows 10 to meet Microsoft’s support standards and internal security policies.
• Execute the compliance upgrade with minimal productivity impact on a globally distributed user base.
• Establish robust project governance, including providing clear, data-driven progress reporting to senior management and the board.
• Ensure a smooth handover to internal operational teams post-project.

Approach and Delivery

As Lead Engineer and Project Manager, a two-phase strategy was implemented. The first phase focused on the core migration. A combination of remote and on-site processes was used to efficiently transition the 1,500+ devices to the new network, with interactive Power BI dashboards developed to provide real-time progress reports to leadership.

Once the migration was complete, the second phase addressed the widespread compliance issues. A dedicated project stream was established to manage the remediation. This involved overseeing and mentoring deskside engineering teams, equipping them with the tools and workflows needed to systematically upgrade the non-compliant endpoints across the business.

Technical Implementation

System Center Configuration Manager (SCCM) was used as the orchestration platform for the compliance recovery workstream. Standardised Windows 10 images and update packages were deployed in a controlled manner so the non-compliant estate could be remediated consistently across the entire 1,500-device fleet.

This endpoint compliance project sat within a broader transition programme that also covered Microsoft 365 rollout activity, tenant-to-tenant workload migrations, and adjacent security uplift workstreams. The public case study has been kept focused on the compliance recovery lane rather than asserting a specific vendor-to-vendor antivirus migration path.

Outcome

The project successfully brought the entire fleet of over 1,500 migrated devices into full compliance with Microsoft support standards. This eliminated the critical security risks posed by unsupported operating systems and established a stable, secure, and centrally manageable endpoint environment.

The structured approach to remediation ensured that the newly integrated business unit could operate effectively on a modern, supportable platform from day one. Business continuity was maintained throughout both the initial migration and the subsequent compliance upgrade.

Risks, Controls and Governance

The primary risk was the potential for significant operational disruption during either the migration or the OS upgrade process. This was controlled by developing efficient migration workflows and providing clear guidance and mentorship to the distributed deskside engineering teams responsible for the hands-on upgrades.

Project governance was maintained through strong technical leadership and transparent reporting. The use of Power BI dashboards gave senior stakeholders clear visibility into progress and helped manage expectations. Upon completion, professional documentation was authored and handed over to internal IT teams to ensure a smooth operational transition.

Key Lessons

• Proactive Compliance Planning: In complex divestiture or M&A scenarios, the state of endpoint compliance can be highly variable. Auditing and planning for remediation should be a proactive part of the migration strategy, not a reactive fix.
• Centralised Management is Critical: Effecting consistent changes across a large, distributed device estate is not feasible without a robust centralised management tool. SCCM was essential for enforcing the required OS standard at scale.
• Empower Engineering Teams: Providing clear direction, documentation, and mentorship to distributed engineering teams is crucial for ensuring consistent and successful execution in large-scale desktop projects.
• Data-Driven Reporting: Transparent, data-driven reporting builds confidence with leadership and provides an objective measure of progress against critical project goals.

Related Services

• Microsoft Intune Deployment & Optimisation
  Design, deploy and optimise Microsoft Intune for consistent enrolment, policy enforcement, application management and compliance across modern device platforms.
• Windows Update Management (Autopatch/WUfB/Intune)
  Design and run Windows update management using Autopatch, Windows Update for Business, and Intune with rings, reporting, and rollback control.
• Defender Vulnerability Management
  Continuous vulnerability discovery and risk-based prioritisation with Defender Vulnerability Management, supported by remediation workflows and reporting that drive accountability.
• Microsoft Intune MDM Migration
  Migrate from legacy mobile device management to Microsoft Intune with staged enrolment, policy validation, and minimal disruption safely.
• Compliance Manager Assessments
  Configure Microsoft Purview Compliance Manager assessments with clear ownership, prioritised improvement actions, managed evidence, and reporting that supports audits.