When this firm first came to us, they were running all 35 users on GoDaddy Workspace Email, the basic hosted email product that works fine for a handful of people but starts to show its limits as a business grows. They had no shared calendar infrastructure that worked reliably, no way to access email on mobile without manually configuring IMAP for each person, no meaningful spam filtering beyond GoDaddy's default, and no visibility over what was happening across their accounts. There had been two suspected account compromises in the previous year that they couldn't investigate properly because there were no audit logs to speak of.

The device situation was equally unmanaged. Staff were using a mix of personal and company Windows laptops with no policy applied, no endpoint protection beyond Windows Defender in its default out-of-box state, and no way for anyone to remotely wipe a device if it was lost or stolen. Three members of the sales team were working from personal MacBooks that had never been looked at by anyone in an IT capacity. With headcount growing quickly and a number of staff handling sensitive client data, the exposure was significant.

WHAT WE DID

We planned the migration in two parallel tracks, email cutover and device enrolment,running simultaneously to avoid the project dragging on for months. For the email migration, we provisioned a Microsoft 365 Business Premium tenant and used the Admin Centre's migration tooling to pull mailbox data from GoDaddy via IMAP. We ran a pre-migration sync for 48 hours before the cutover window to minimise the delta, then updated MX records during a low-traffic window on a Friday evening. By Monday morning all 35 users were live on Exchange Online with Outlook desktop and mobile configured..

For devices, we enrolled all Windows laptops into Intune using the Entra ID join flow, users signed in with their new M365 credentials and the device was pulled into management automatically. We applied a baseline configuration profile covering BitLocker encryption, screen lock policy, Windows Update rings targeting current channel with a 7-day deferral, and Defender for Business with EDR enabled. The three MacBooks were enrolled via the Company Portal app with a macOS compliance policy requiring FileVault encryption and a minimum OS version. Within two weeks of the migration completing, all 35 devices were enrolled, encrypted, and reporting into the Intune dashboard. Any device not checked in for more than 7 days was flagged for follow-up automatically.

SERVICES INVOLVED

• Microsoft 365 Migration
• Exchange Online
• Microsoft Intune
• Defender for Business
• Email Security
• Device Management