Rescuing a Stalled M&A Migration: Zero Budget, 3 Tenants, 100% Cloud-Native

The Mission

The Mission: Split a group of 300 users into three distinct companies (Divestiture) under a strict M&A deadline.

The Catch: Zero budget, expired tooling licenses, and a botched "Zombie" project inherited from previous leadership.

The Solution: A pure Azure/Entra ID architecture using native automation (Graph API) to achieve 100% compliance and £35k+ in savings.

The Challenge: The "Iron Triangle"

I was brought aboard to rescue a migration project that had stalled. The goal was to split CyberHoldings Group* (a collective of three companies) into separate entities for acquisition.

The constraints were severe:

• No Budget: The license for the previous migration tool (Quest) had expired. I had to build a solution using only existing resources.
• Strict Segregation: "SecurService" client data had to be completely walled off from the other two entities ("ThreatGuard" and "DataRack") to satisfy due diligence.
• Unstructured Identity: The existing Entra ID (Azure AD) data was messy, with missing attributes making standard automation impossible.

This created an "Iron Triangle" of constraints: no budget, strict compliance requirements, and incomplete source data. Traditional migration tools were off the table, and manual processes would have been too slow and error-prone for the M&A deadline.

The Solution: Identity-First Architecture

Without the luxury of third-party tools, I engineered a custom solution using the native Microsoft Cloud stack.

Phase 1: Cleaning the Source of Truth

We couldn't move users until we knew who they were. I partnered with HR to retrieve the master records and used PowerShell + MS Graph to parse this data. I populated critical Entra ID properties (Company, Role, Department), turning a messy directory into a structured database.

This foundational work enabled all subsequent automation. Without clean source data, the migration would have been impossible.

Phase 2: The "Shadow" Infrastructure (Automation)

Using the cleaned data, I generated structured JSON lists of users and properties. I wrote deployment scripts to feed this JSON into the new tenants, creating identical user objects and management structures instantly.

This automation eliminated weeks of manual work and ensured consistency across all three new tenants.

Phase 3: The "Human Firewall" (Intune)

To ensure zero data leakage, I flipped the script. Instead of automating the file move (risking data spill), I pushed Intune policies to user devices. This linked their old OneDrive to their new identity but required users to manually migrate their own files.

This forced a "human audit" of every file, ensuring strict compliance. Users became the final checkpoint, reviewing each file before migration. While slower than automated bulk moves, this approach guaranteed that sensitive "SecurService" data never crossed boundaries.

The Results

100% Compliance

Successfully split all three entities with zero data leakage. The strict segregation requirements for "SecurService" were met, satisfying due diligence requirements for the acquisition.

£35k+ Total Savings

Saved £10k in software licensing (by not renewing Quest) and £25k in manual labor costs through automation. The custom solution using native Microsoft tools eliminated the need for expensive third-party migration software.

Clean Handover

The estate was so well-documented that I was able to hand over to an MSP and exit the contract early, saving the client my own recurring salary. The structured JSON data, deployment scripts, and comprehensive documentation made the transition seamless.

Key Takeaways

Success Factors:

• Identity-first approach: cleaning source data enabled all subsequent automation
• Native tooling: leveraging MS Graph API eliminated licensing costs
• Human firewall: manual file migration ensured compliance over speed
• Comprehensive documentation: enabled clean handover and early exit

Technical Innovation:

• Multi-tenant Teams link for cross-company communication during transition
• JSON-driven deployment scripts for consistent tenant creation
• Intune policies for controlled file migration
• PowerShell automation for bulk user provisioning

This case study demonstrates how creative problem-solving and deep knowledge of native cloud tools can deliver enterprise-grade results even under severe constraints. The zero-budget requirement forced innovation that ultimately delivered better outcomes than traditional migration tools.