Mergers and Acquisitions- Identity and Migration to Microsoft 365 GCC High for CMMC/ITAR: 6-Wk Assessment and Planning

Organizations going through a merger or acquisition have done so to increase overall business capability with the combined organization. To achieve the desired outcome of the M&A, there are technical challenges to achieve the desired goals. This includes handling the complexity of moving into Microsoft 365 Government Community Cloud High (GCC High) to meet the requirements for International Traffic in Arms Regulations (ITAR), Cybersecurity Maturity Model Certification (CMMC) version 2.

Many times, an entire organization consolidates in one Microsoft 365 GCC High tenant, but there are times when an organization my have both a commercial tenant and and a government tenant in GCC High. Knowing which path to take is based on understand the business drivers and requirements of the customer, impacts on cost management, and impacts on managing multiple tenants.

This engagement with Agile IT includes collection of technical details focused on what exists in the customers' environments, collaborate with business stakeholders, and the customers infrastructure and application teams to provide a roadmap towards a unified Microsoft 365/Azure Active Directory tenant.

• Technical discovery of existing environments to validate any assumptions, identify possible impediments, and scope future project execution actions/options
• Interactive meetings and working sessions to understand the current and future state of the environments. This includes discussions on licensing, compliance and legal requirements, and integration with third-party services
• Define a technical roadmap based on customer business objectives, existing environments and future environment in Microsoft 365
• Application review and guidance will be provided within the scope of their existing identity service for authentication and authorization. Application guidance may also provide recommendations for using Azure Services if the customers intentions are to move them to Azure services

Develop a customized Roadmap and timeline based on strategic meetings, review and findings between Agile IT and the customer
• Results of this engagement would be to present this roadmap and documentation to the customer and review next steps to execute an architect and migration path
• Documentation
  • Roadmap presentation (Microsoft PowerPoint)
  • Technical guidance and recommendation (Microsoft Word)
  • Planning and timeline (Microsoft Project)
  • Architecture diagrams (Microsoft Visio)

• While the assessment of the existing environment and roadmap is part of the engagement, the overall output will not be a technical guide on how to accomplish these steps nor technical training to the customers system engineering team
• Assessment of applications for the planning of the migration will not go into depth of each application on their application architecture, code, or development process. While Agile IT can provide this level of depth for specific applications, that is not currently in the scope of this service.
• There are many areas within the environment discovery and assessment where Agile IT is capturing the high level architecture and deployment in order to build a strategic and technical roadmap. An example of the local Active Directory Group Policy assessment is not to look at each policy and assess its effectiveness and guidance for improvement in depth

• IT Environment (per organizational IT within the scope of the M&A or consolidation)
  • Traditional Microsoft Windows Infrastructure (where applicable)
    • Local Active Directory
      • Forests, Trusts, and Services
      • Group Policy (only quantity and high level usage)
      • Health of replication and architecture
      • Organizational Unit depth and complexity
      • Schema level and health
    • Certificate Services
    • File Server
    • Exchange Server
    • SharePoint Server
  • Microsoft 365
    • Azure Active Directory
    • Endpoint Manager
    • Exchange Online
    • SharePoint Online
    • Power Platform (Power Apps, Power BI, Power Automate)
  • Azure Infrastructure
    • Blueprints, policies, and management groups
    • Virtual Networking
    • Virtual Servers
    • Storage
  • Line of Business Applications (on-premises or SaaS based)
    • Accounting/Finance
    • HRIS
  • Third-party services (on-premises or SaaS based)
    • Multi Factor Authentication (e.g. Duo)
    • Email SPAM Filtering and Protection