Horizon Consulting B.V. IT Infrastructure Modernization Success Story: How BROCENT Helped a Global Management Consulting Leader Complete Microsoft 365 Full-Stack Migration in Just 3 Weeks

As a Senior Account Manager on BROCENT’s Global IT Services team, I help more than 80 professional services firms across Europe, Asia, and North America design and execute digital transformation initiatives every year. In early March 2026, when the IT leader at Horizon Consulting B.V. reached out from their Eindhoven headquarters in the Netherlands, I immediately recognized a classic case of “multi-vendor complexity, high cost, and low integration.”

Horizon Consulting is a global leader in management consulting and digital transformation services. With its headquarters at Eindhoven, and multiple offices across Asia, the firm employs 160 core staff members spread across strategy consulting, digital project delivery, client relationship management, and knowledge management. Their existing environment relied heavily on Sophos CS110-48FP switches, XGS 2100 next-generation firewalls, Sophos Central MDR Complete managed services (covering client endpoints + Windows Servers), advanced email hosting for 76 mailboxes, and extended support for legacy Windows 7 systems. All email, SharePoint document libraries, OneDrive files, and Teams data remained in an old Microsoft 365 tenant, preventing them from benefiting from EU data residency compliance.

The client’s three core challenges were:

1. Uncontrolled Costs : Sophos multi-layered managed services (email, switches, firewalls, MDR) created significant annual spend that heavily overlapped with capabilities already included in Microsoft 365 Business Premium.
2. Fragmented Security and Management : Endpoint protection depended on an external SOC-managed MDR, while the native power of Intune and Defender for Business remained untapped; the 13 servers lacked unified EDR protection.
3. Data Migration and Business Continuity Risk : A Tenant-to-Tenant migration involving 67 users’ complete mailboxes (including archives, rules, and shared mailboxes), SharePoint site permissions and version history, OneDrive Known Folder Redirect, and Teams channel files and chat history could disrupt critical consulting projects and digital transformation deliveries.

I assembled a cross-time-zone “3-Week Blitz Team” consisting of solution architects, Microsoft CSP-certified engineers, and on-site implementation consultants. In just 21 days we completed the entire journey—from solution design and license procurement, through remote configuration and BitTitan automated migration, to on-site data migration for 67 user PCs plus Hypercare support. Below is a complete project recap to help other IT leaders understand how to rapidly achieve Microsoft 365 unified-platform transformation in the professional services sector.

Week 1: In-Depth Discovery + Collaborative Solution Design (Day 1–7)

On the very first day, I facilitated a 90-minute joint Discovery Workshop. Horizon Consulting’s IT team shared Sophos Central dashboard screenshots, old tenant admin access, the full device inventory (59 Windows 11 Pro clients + 13 Windows Server 2019/2022), and SharePoint site topology.

The first key question we helped the client answer : How do we accurately quantify the “hidden costs” of Sophos managed services?   I presented a live Excel comparison model showing:

• Sophos Advanced Email Hosting (76 mailboxes): recurring payment for anti-spam and DLP capabilities that are natively built into Microsoft 365 Business Premium via Microsoft Defender for Office 365 (anti-phishing, Safe Links, Safe Attachments, DLP policies).
• Sophos MDR Complete: €8–20 per asset/month for 72 assets, fully replaceable by M365’s built-in Intune + Defender for Business + Defender for Business Servers add-on.
• Switches & Firewalls: already owned hardware that only required hardware warranty retention; BROCENT could provide Layer-3 network support.

The core design principle was summarized as “Three Cancellations, One Unification, One Migration”:

• Cancel all Sophos managed services (email, MDR, switch/firewall MSP).
• Unify onto 67 Microsoft 365 Business Premium licenses (EU data center) plus add-on licenses (Exchange Online Plan 1，Power BI Pro, Project Plan 3, Visio Plan 2).
• Add Defender for Business Servers add-on for the 13 servers (≈€3/server/month) to deliver dedicated server EDR, vulnerability management, and automated response, all unified in the Microsoft Defender portal.
• Use BitTitan MigrationWiz Tenant Migration Bundle for a complete Tenant-to-Tenant full + delta migration.

Technical detail shared with the client : Intune primarily manages client devices (Autopilot enrollment, compliance policies, app protection policies, Known Folder Redirect). Servers are covered by the Defender for Business Servers add-on for lightweight management: real-time threat detection, Attack Surface Reduction (ASR) rules, device control, and integration with Windows Server’s built-in Defender Antivirus. We also enforced MFA and location-based Conditional Access policies for server admin accounts via Entra ID.

By the end of Week 1 the solution received executive approval. I submitted the purchase order through BROCENT’s Microsoft CSP channel (including the 15% transaction management fee that covers CSP billing, consolidated invoicing, license allocation, and ongoing renewal support). All licenses were EU data center versions to ensure full GDPR compliance.

Week 2: Remote Configuration + Migration Preparation (Day 8–14)

Once licenses were activated, we ran two parallel workstreams:

1. New Tenant Foundation Build (led remotely by our Senior Cloud Architect – 2 man-days):
   • Entra ID tenant configuration: custom domain verification, Hybrid Identity preparation (for future AD Connect if needed), and Conditional Access policies based on device compliance, location, and risk signals.
   • Intune policy framework: “Standard Endpoint” configuration profiles (mandatory BitLocker, Windows Hello for Business, Edge security baseline) and compliance policies (OS version, minimum patch level, real-time antivirus).
   • Defender for Business policies: cloud-delivered protection, automated P1/P2 investigation, ransomware protection, and 13 recommended ASR rules (Block Office macros, Block Win32 API calls, etc.).
2. BitTitan MigrationWiz Tenant Migration Bundle Deployment (67-user license, total €3,262 ex-VAT):
   • Full-scenario support: Exchange Online mailbox migration (including Archive, Delegates, Inbox Rules), OneDrive Known Folder Redirect pre-migration, SharePoint Online document libraries (permissions, version history, metadata, list views), and Teams (channel files, tabs, chat history via Teams Migration module).
   • We configured “Pre-stage” mode: initial full copy followed by daily delta synchronization until Cutover day for zero-downtime MX record switch.
   • DeploymentPro automatically pushed new tenant Outlook profiles to all 67 clients.

The second key question we helped the client answer : How do we minimize data migration risk for 67 PCs spread across the Eindhoven headquarters and Asian branch offices?   We designed a hybrid approach:

• Remote users (some consultants) self-enrolled via the Intune Company Portal; OneDrive Known Folder Redirect automatically synced Desktop/Documents/Pictures to the new OneDrive.
• On-site users at branch offices were handled by our engineers with portable toolkits.

By the end of Week 2, BitTitan had completed 95% of the pre-migration, with daily delta increments under 5 GB. Intune device groups were fully prepared.

Week 3: On-Site Implementation + Hypercare Support (Day 15–21)

This was the most intense and critical week. I personally led two senior field consultants (one local Dutch speaker and one multilingual engineer) to Eindhoven while coordinating local support in Asia.

Day 15–18 (14 working days of on-site PC data migration) :

• Batches of 12–15 PCs per day.
• Detailed technical workflow:
  1. Local data backup (using Intune-deployed Win32 OneDrive sync client).
  2. Entra ID Hybrid Join via Intune Autopilot pre-registration.
  3. BitTitan Cutover: MX record switch and Outlook profile update.
  4. Known Folder Redirect policy enforcement – automatic migration of Desktop/Documents to new OneDrive.
  5. Defender for Business onboarding: devices auto-report to Microsoft Defender Security Center and run initial scans.
  6. Validation of business-critical applications (core CRM/ERP/project tools, Power BI reports, Project Plan 3 desktop client, Visio Plan 2).
• Server side: Applied Defender for Business Servers add-on policies to all 13 Windows Servers and verified that ASR rules did not impact core business databases or critical systems.

Day 19–20 (2 days of Hypercare support) :

• On-site presence for immediate issue resolution (Outlook cache rebuild, Teams sign-in, SharePoint permission inheritance).
• Dedicated Microsoft Teams support channel with 7×24 response capability.

Day 21 : Project officially closed. We provided an additional 50 hours of on-demand support credit (€4,000 ex-VAT) for future policy tuning or new-hire onboarding.

The comprehensive Project Management Fee (€3,000 ex-VAT) covered end-to-end risk management, weekly reporting, change control, and documentation delivery (runbooks, exported Intune policies, Defender alert baselines).

Project Results & Quantified ROI

Within three weeks, Horizon Consulting achieved:

• Cost Optimization : Annual recurring license cost (including 15% BROCENT transaction management fee) ≈ €21,325 ex-VAT; one-time project cost €19,862. Annual savings of over 35% compared to the previous multi-layered Sophos managed services.
• Security Upgrade : Single Microsoft Defender Security Center dashboard with real-time visibility across endpoints and servers; Intune compliance rate increased from 0% to 100%; Conditional Access blocked 95%+ of anomalous login attempts.
• Operational Efficiency : One Microsoft 365 admin center replaced five different vendor portals; IT team saved approximately 12 hours per week on manual operations.
• Business Continuity : Zero data loss and zero production interruption during migration. Asian branch users experienced <80 ms latency when accessing SharePoint from the EU data center.
• Compliance Enhancement : EU data residency + Defender for Business advanced threat intelligence fully met GDPR and professional services data protection requirements.

The IT leader at Horizon Consulting commented: “BROCENT didn’t just sell licenses—they truly helped us think through every potential risk. From the cost model to fine-tuning Intune ASR rules and executing batch profile migration for 67 PCs, they turned a seemingly complex Tenant migration into a replicable, standardized process.”

Final Thoughts: An Accelerator for Professional Services Digital Transformation

As a Global IT Services Account Manager, what I’m most proud of is not the technology itself, but helping clients move from “reactive operations” to “proactive defense” in record time. The Horizon Consulting case proves that even cross-border professional services firms can achieve full-stack Microsoft 365 modernization in just three weeks—provided they have an experienced partner running alongside them.

BROCENT Core Capabilities :

• Microsoft Gold Partner + CSP Direct Authorized
• Official BitTitan Certified Migration Expert
• Local implementation teams across Europe and Asia-Pacific
• Standardized “3-Week Lightning Migration” methodology (already delivered to 12 similar professional services clients)

If your organization faces similar challenges—fragmented Sophos/multi-vendor environments, legacy tenant data silos, or high endpoint security costs—please reach out. We can schedule a 30-minute complimentary assessment and deliver a customized cost-comparison table and migration roadmap.