We completed a complex Microsoft 365 Commercial + GCC High to Microsoft GCC High Migration for a 220 user DoD contractor who recently completed an acquisition of a 130 user company that was already operating in Microsoft GCC High. Additionally, both on-premises domains were migrated to a new domain and forest. This case study covers how we successfully migrated all the company’s assets onto a more secure solution as the company prepares for CMMC compliance.
Challenge
While the 220 user company was on Microsoft 365 Commercial, they needed their current tenant to be migrated to Microsoft GCC High as well as their newly acquired 130 user business which was running on Microsoft GCC High already, to be migrated under one single tenant running in Microsoft GCC High — the version of Office 365 that is setup to be part of a CMMC Level 3 compliant environment.
NIST 800-171 controls needed to be implemented so that the company could prepare for compliance with current DoD contract requirements and be ready to obtain Level 3 CMMC certification in a future official audit of their systems. The company also needed to develop their Systems Security Plan (SSP) and Plan-of-Action & Milestones (POA&M) to comply with current NIST 800-171 requirements.
The customer also needed the migration completed quickly due to their current Office 365 licenses being up for renewal, meaning they would have to pay approximately $150,000 in Office 365 licenses they would not be utilizing.
Solutions
Since one side of the business was already on GCC High, the first choice was to migrate everything to that tenant, however, the customer expressed valid concerns about starting a fresh environment and building from the ground up with a “security first” mindset. The same was also agreed upon for the on-premises Active Directory domain. We agreed with the customer and opted to provision a new Microsoft GCC High tenant and migrated both existing tenants into the newly created one. While not the only option for businesses needing a cyber-compliant IT infrastructure to run their operations, we frequently recommend GCC or GCC High because it offers additional security and covers a lot of the compliance requirements over the traditional MS Commercial cloud suite of office tools which are now ubiquitous in today’s modern office.
To migrate all employee users and digital assets onto a GCC High infrastructure, SysArc employed the following processes and tools to complete the transition:
- Sharegate
- Avepoint FLY server
- Microsoft Azure AD Sync
- Forensit User Profile Wizard
Alongside the migration, our team implemented NIST 800-171 security controls and prepared the company’s Systems Security Plan (SSP) and Plan-of-Action & Milestones (POA&M). As a Cyber-AB Registered Practitioner Organization (RPO) with years of expertise in managing IT systems for defense contractors, we were able to take a heavy burden off the company’s current IT team who lacked the resources to complete the task themselves — saving time and money.
We also safely expedited the process which eliminated the need for the company to purchase Office 365 licenses on top of the new GCC High licenses they would need — saving the company $150,000 in licensing fees.
Results
- Implementation of NIST 800-171 security controls
- Creation of required documentation: SSP and POA&M
- Zero operational downtime during the entire process
- Expedited timeline saving $150,000 in licensing fees
Thinking of Moving to GCC High for Compliance Requirements?
If your organization is thinking about migrating your office environment to GCC or GCC High, consider our Microsoft GCC migration services which can save you time, money, and operational downtime. We’ve helped over 1,000 DoD contractors navigate the complexities of DFARS, NIST 800-171 and CMMC. Contact us to learn how we can help.