Case studies

A few projects that became long relationships.

Names redacted, details generalized, outcomes real. These are engagements where the first project wasn't the last — where the work opened up a bigger conversation about where the business was headed, and the relationship kept going.

Sector Sole legal practice

Seats 1

Duration ~2 weeks

Stack M365 Business Standard, Entra ID, Exchange Online

Case study · 01

Started as a mailbox migration. Became the whole workplace.

A sole practitioner running her law firm out of a hosted Exchange mailbox — still on legacy protocols, of all things, in 2026. She'd been asking her vendor for years to move her to a modern stack, and the vendor kept telling her it wasn't on their roadmap. The mail itself worked, more or less. It just wasn't a foundation she could build a practice on.

We treated it as a green-field exercise. A new Microsoft 365 tenant, a new identity with MFA and self-service password reset wired in from day one, and a clean migration of her mailbox and shared mailboxes. We worked with the incumbent provider to take control of her domain — most of the project's two-week timeline was waiting for them to respond. While we were at it, we noticed her website was hosted with the same vendor she was leaving behind, so we moved that too. By the end she had a workplace foundation that scales — the same identity layer, the same security posture, the same tooling we'd put in front of a hundred-person firm — at the cost of a single Business Standard licence.

Outcome

Modern mail, secure identity, lower hosting costs. A digital workplace that scales if she ever decides to hire. The relationship continues — informal IT advisory, the kind a solo practitioner reaches for when a question is too big for a help desk.

Sector Professional services

Seats ~80

Duration 18 months, ongoing

Stack M365, Entra ID, Global Secure Access

Case study · 02

Started as an Exchange problem. Became an identity modernization.

The call was about their on-premises Exchange server. It wasn't behaving, and the incumbent MSP was running out of answers. The easy path was to patch it and move on. What we saw was a business that didn't realize how much of its IT posture was rooted in assumptions that hadn't been true for a decade.

We migrated email to Microsoft 365 as the first step — not as the destination. That unlocked the conversation that actually needed to happen: what does a modern identity and access model look like for this business? Domain controllers came out. Entra ID went in. VPN got replaced with Global Secure Access. The internal IT team ran every workshop alongside us.

Outcome

Email reliability solved as a side effect. Identity posture modernized. Internal IT team upskilled and confident in the new stack. Relationship is ongoing — every quarter has a new strategic conversation.

Sector Mid-market services

Seats ~400

Duration Multi-year

Stack Azure IaaS/PaaS, SharePoint, Entra ID

Case study · 03

Retired the server rooms. Replaced the capex rollercoaster.

A long-standing client running infrastructure across multiple datacenters, dreading every five-year hardware refresh cycle. We built out a secure Azure landing zone and migrated corporate websites and custom applications to a mix of IaaS and PaaS. File shares moved to SharePoint. The on-premises hardware footprint is now negligible.

Equally important: we worked directly with their finance department to model cloud opex against the capex refresh cycles we were replacing. The CFO now budgets IT with the same confidence they budget every other line item. Windows updates stopped being an event.

Outcome

Predictable IT spend. Minimal on-premises footprint. Internal IT team operating the new estate autonomously. Strategic advisory work continues across the rest of the stack.

Sector Post-secondary education

Seats ~1,500 staff · ~15k identities

Duration Multi-phase

Stack Entra ID, Global Secure Access, Keeper PAM, Entra Governance

Case study · 04

Retired the VPN. Made identity the perimeter.

A Canadian post-secondary institution carrying the classic late-2010s campus security posture: firewall-bounded, VPN-gated, and increasingly at odds with a workforce that was almost never on-premises. The moment a staff member or student stepped off campus — to work from home, a coffee shop, a conference — they left the security envelope behind. In 2026, that's not a posture, it's a liability.

The off-the-shelf answer was to bolt on a third-party ZTNA product — six figures of annual licensing the institution didn't have. We took the other path: make Entra ID the foundation, and use what the institution was already licensed for. Microsoft Global Secure Access replaced the VPN with application-level, identity-aware access. Conditional Access enforced risk-based policy on every sign-in. Keeper PAM layered in for privileged accounts — passwordless admin access from anywhere, no workarounds. Entra Governance closed the loop with lifecycle management, access reviews, and entitlement controls.

Outcome

VPN decommissioned. Passwordless privileged access everywhere. The same security posture that applied on-campus now follows every user off-campus — same controls, same visibility, no perimeter-dependent workarounds. The architecture is SaaS-ready: any future application that supports SSO drops in without another integration project. Delivered inside the budget envelope the institution actually had.

Something similar on your plate?

Let's talk about it.

Discovery calls are thirty minutes. No slides, no pitch. We'll ask questions, you'll talk about what's actually happening, and by the end we'll both know whether there's something worth doing together.

Email info@fouronesixit.ca

Phone (647) 371-0400

Office 18 King St. East, Suite 1400 · Toronto, ON

Name

Company

Phone (optional)

What's on your mind?

Message