Datacenter Decommission and Cloud Migration for a Multi-Office Law Firm: McCraw Law Group Case Study
✓ Key Takeaways
- McCraw Law Group, a multi-office Texas personal injury firm headquartered in Plano, fully decommissioned their colocation datacenter and migrated all services to cloud-native infrastructure in six months — with zero business disruption across five-plus office locations.
- The migration encompassed every layer of the firm's IT stack: identity (Active Directory to Microsoft Entra ID), collaboration (on-premises Exchange and file shares to Microsoft 365), device management (Group Policy to Microsoft Intune), and security posture (perimeter-based VPN to zero-trust Conditional Access).
- Local Windows profile remapping — re-associating each employee's existing desktop environment with the new Entra ID identity via SID remapping — was the critical differentiator that eliminated end-user disruption on switchover day.
- A phased, dependency-sequenced migration methodology ensured that every upstream service was validated before downstream dependencies were cut over, maintaining continuous availability for active litigation and client communications.
- The engagement transitioned into an ongoing co-managed IT partnership, providing McCraw Law Group with enterprise-grade cloud operations, endpoint security, and strategic IT planning without the overhead of a full internal IT department.
Executive Summary
Law firms across the United States face a common inflection point: the colocation datacenters and on-premises server infrastructure that once represented best-practice IT investments are becoming liabilities. Rising maintenance costs, aging hardware refresh cycles, VPN-dependent remote access, and the expanding attack surface of on-premises Active Directory environments create compounding operational and security risks — risks that are particularly acute for firms managing sensitive client data and active litigation timelines.
This white paper documents how ITECS planned and executed a complete datacenter decommission and cloud migration for McCraw Law Group, a multi-office personal injury firm in North Texas. Over six months, ITECS migrated the firm from on-premises Active Directory to Microsoft Entra ID, moved all file shares and email to Microsoft 365, translated Group Policy configurations to Microsoft Intune, remapped every employee's local Windows profile to preserve their desktop environments, and physically decommissioned the colocation facility — all without a single day of business disruption.
The engagement illustrates a repeatable, phased methodology for law firms and professional services organizations seeking to exit colocation or on-premises infrastructure. It also demonstrates the critical importance of local profile remapping during identity migrations — a step that many migration partners overlook, and one that determines whether end users experience a seamless transition or a disruptive loss of their working environment.
For a narrative account of this engagement, see the companion blog post: How We Helped McCraw Law Group Decommission Their Datacenter and Migrate to the Cloud.
Industry Context: Why Law Firms Are Leaving On-Premises Infrastructure
The legal industry's relationship with technology infrastructure is evolving rapidly. According to the American Bar Association's 2024 Legal Technology Survey Report, cloud computing adoption among law firms has grown steadily year over year, with the majority of firms now using at least one cloud-based service for core operations. The shift is driven by several converging pressures that are reshaping how firms evaluate their IT investments.
Rising Total Cost of Ownership
On-premises infrastructure carries costs that extend far beyond the initial hardware purchase. Colocation fees for rack space, power, cooling, and bandwidth represent recurring monthly expenditures that scale with the firm's growth. Hardware maintenance contracts escalate as servers age past their warranty periods. Refresh cycles — typically every four to five years — require substantial capital investment decisions. When staffing costs for administration, patching, and monitoring are included, the total cost of ownership for an on-premises environment often exceeds equivalent cloud services by a significant margin, particularly for firms with fewer than 200 employees.
The Security Imperative
On-premises Active Directory environments are among the most targeted infrastructure components in cybersecurity incidents. AD misconfigurations, unpatched domain controllers, and lateral movement through trust relationships represent well-documented attack vectors. For law firms, which handle privileged client communications, case strategy documents, financial records, and personally identifiable information, a breach carries both operational and ethical consequences. State bar associations increasingly expect firms to demonstrate reasonable cybersecurity measures — and cloud-native identity platforms like Microsoft Entra ID with Conditional Access policies represent a materially stronger security posture than traditional perimeter-based AD environments.
Multi-Office and Remote Work Demands
The traditional datacenter-centric model routes all traffic through a central facility via VPN tunnels. As firms open additional offices and attorneys increasingly work remotely — from courthouses, client sites, home offices, and during travel — the VPN-dependent access model creates latency, reliability issues, and single points of failure. Cloud-native platforms eliminate the backhaul requirement entirely, allowing authenticated users to access resources directly from any location with an internet connection.
Client Profile: McCraw Law Group
McCraw Law Group — a Texas personal injury firm headquartered in Plano, TX
McCraw Law Group is a Texas-based personal injury law firm with its headquarters in Plano and offices across North Texas in McKinney, Frisco, Denton, and Wylie, along with a regional presence in Amarillo. The firm represents clients in cases involving medical expenses, lost wages, and pain and suffering — holding wrongdoers accountable and helping clients rebuild their lives after serious injuries.
McCraw's attorneys have earned recognition including Texas Superlawyers designations, Top 100 Trial Lawyers selection, and Best Lawyers in America recognition. As a growing firm with multiple locations and a substantial caseload, McCraw Law Group's technology infrastructure needed to match the pace and professionalism of their legal practice.
| Attribute | Detail |
|---|---|
| Industry | Legal Services — Personal Injury |
| Headquarters | Plano, Texas |
| Office Locations | Plano, McKinney, Frisco, Denton, Wylie, Amarillo |
| Pre-Migration Infrastructure | Colocation-hosted Windows Server AD, on-premises Exchange, file servers, print services |
| Post-Migration Infrastructure | Microsoft Entra ID, Microsoft 365, Intune, Conditional Access, cloud-native operations |
| Engagement Model | Project-based migration transitioning to co-managed IT partnership |
The Challenge: Infrastructure Constraints Limiting a Growing Firm
McCraw Law Group's IT environment was built on the model that made sense a decade ago: on-premises servers housed in a colocation facility, running Windows Server Active Directory, hosting file shares, managing print services, and supporting the applications attorneys and staff relied on daily. Every office connected back to the colo via site-to-site VPN tunnels. Every employee logged into a domain-joined workstation authenticated against on-prem domain controllers.
The system worked — until it stopped scaling. As McCraw opened new offices and expanded their team, the limitations of the colo-centric model became increasingly difficult to ignore:
- Escalating infrastructure costs: Rack space, power, cooling, bandwidth, and hardware maintenance contracts were climbing year over year — with no ceiling in sight as the firm grew. Each new office added incremental VPN licensing, circuit costs, and complexity to the existing environment.
- Single-point-of-failure risk: A colo outage or circuit failure would impact every office simultaneously, potentially disrupting active casework, court filing deadlines, and client communications. For a litigation firm, the inability to access case files during a critical filing window represents both an operational failure and an ethical risk.
- VPN-dependent access: Attorneys working remotely or traveling between offices depended on VPN connections back to the colo for file access, creating latency and reliability frustrations. The user experience degraded as the firm's geographic footprint expanded.
- Aging hardware lifecycle: Servers approaching end-of-life meant an expensive refresh cycle — and the firm had to decide whether to reinvest in on-premises infrastructure or make the jump to the cloud. The capital expenditure required for a hardware refresh was comparable to the cost of a full cloud migration, but would only maintain the status quo rather than advancing the firm's capabilities.
- Security exposure: On-premises Active Directory environments require constant patching, monitoring, and hardening. Without a dedicated internal IT security team, maintaining the security posture required for a firm handling sensitive client data was increasingly risky. The attack surface of an on-prem AD environment — domain controllers, service accounts, trust relationships, Kerberos authentication — demands continuous vigilance.
- Multi-office complexity: Managing Group Policy, DNS, DHCP, and domain services across five-plus locations from a centralized on-prem AD environment created operational fragility. Configuration drift between offices was a constant concern, and troubleshooting issues required tracing dependencies across the full VPN and AD topology.
McCraw Law Group needed a partner who could plan and execute the entire migration — not just move mailboxes to the cloud, but fundamentally re-architect how the firm's technology works. That meant migrating identity, migrating data, migrating applications, and then physically decommissioning the datacenter, all without disrupting a single business day of legal operations.
Project Scope at a Glance
to Colo Decommission
Migrated
Disruption
Success Rate
McCraw Law Group datacenter decommission and cloud migration project metrics
Migration Methodology: A Phased, Dependency-Sequenced Approach
The ITECS migration methodology is built on a foundational principle: every migration step must be sequenced according to its dependencies, not its perceived urgency or ease of execution. Migrating identity before data is in the cloud creates orphaned resources. Decommissioning servers before all dependent services have been validated creates outages. The correct sequence for a datacenter decommission follows a dependency chain that moves from foundation to superstructure to teardown.
For McCraw Law Group, this dependency chain produced a five-phase migration executed across six calendar months.
McCraw Law Group's migration path: every service moved from the colocation datacenter to cloud-native infrastructure over six months
Phase 1: Discovery and Infrastructure Audit
Every successful migration begins with a complete understanding of what exists today. Before ITECS touched a single server or provisioned a single cloud resource, the first weeks were dedicated to conducting a thorough discovery and dependency mapping of McCraw Law Group's entire colo-hosted environment.
The audit covered every service running in the datacenter:
- Active Directory domain controllers: Mapping the AD forest structure, Group Policy Objects (GPOs), organizational units, security groups, and service accounts that governed access across all offices
- File servers and shared drives: Cataloging terabytes of case files, legal documents, administrative records, and shared resources — including permission structures (NTFS ACLs and share permissions) that needed to survive the migration intact
- Email infrastructure: Documenting mailbox sizes, distribution lists, shared mailboxes, and any integrations between email and case management workflows
- Print services: Identifying centrally managed print servers and the printer deployments mapped through Group Policy across every office
- Application dependencies: Cataloging line-of-business applications, case management systems, document management tools, and any software that depended on local server resources or AD-integrated authentication
- Network topology: Mapping site-to-site VPN tunnels, DNS zones, DHCP scopes, and routing configurations that linked each office back to the colo
- Backup and disaster recovery: Documenting existing backup schedules and recovery procedures to ensure continuity during the transition
This discovery phase produced the migration blueprint — a phased plan that sequenced every workload migration in the correct dependency order, identified prerequisites that had to be resolved before each cutover, and established rollback procedures at every stage. For a law firm handling active litigation, there was no room for a migration that left case files inaccessible or email down for even an hour.
Why Discovery Cannot Be Shortcut:
The most common cause of migration failure is undocumented dependencies. A case management application that authenticates against AD via LDAP. A legacy scanner that deposits files to a specific UNC path on the file server. A scheduled task on a domain controller that generates compliance reports. These dependencies are rarely documented in IT asset inventories and can only be surfaced through systematic discovery. ITECS's audit process is designed to identify these hidden dependencies before they become migration blockers.
Phase 2: Building the Cloud Foundation with Microsoft 365
With the discovery complete and the migration plan approved, ITECS built the cloud infrastructure that would replace every service currently running in the colo. The foundation was Microsoft 365 — a platform McCraw Law Group's attorneys and staff could access from any location, on any device, without routing through a VPN back to a datacenter.
Microsoft 365 Tenant Configuration
ITECS configured the Microsoft 365 tenant with the security and compliance settings appropriate for a law firm handling sensitive client data. This included configuring Exchange Online for email, SharePoint Online and OneDrive for Business for file storage and collaboration, and Microsoft Teams for internal communications. Every configuration decision was informed by the discovery audit — mailbox sizes, distribution list structures, shared resource permissions, and collaboration patterns all carried forward into the new environment.
Entra Connect and Hybrid Synchronization
Rather than executing a hard cutover — which would have created an immediate, firm-wide disruption — ITECS deployed Microsoft Entra Connect to establish a hybrid synchronization between McCraw's existing on-premises Active Directory and the new Entra ID tenant. This hybrid phase was critical: it allowed user identities, group memberships, and password hashes to sync to the cloud while the on-prem AD remained operational. Attorneys could begin using Microsoft 365 services immediately while their primary authentication still pointed to the familiar on-prem domain.
The hybrid synchronization approach is a well-documented Microsoft best practice for organizations transitioning from on-premises AD to Entra ID. It enables a gradual migration where cloud services can be validated in parallel with existing infrastructure, reducing the risk of a failed cutover and providing a clean rollback path at every stage.
Email and File Migration
Mailbox migrations were executed in batches, office by office, during evening and weekend windows to minimize disruption. ITECS migrated not just email but calendars, contacts, and shared mailbox configurations — ensuring that when an attorney opened Outlook the next morning, everything was where they expected it to be, running from Exchange Online instead of the colo.
File shares followed a similar pattern. ITECS migrated shared drives to SharePoint Online document libraries, preserving the folder structures and permission hierarchies that staff depended on. Individual user files moved to OneDrive for Business, giving every employee access to their documents from any device without a VPN connection. Permission mapping was validated against the discovery audit to ensure that access controls were preserved exactly — a critical requirement for a law firm where case file access is governed by ethical walls and need-to-know restrictions.
Phase 3: Active Directory to Microsoft Entra ID — The Identity Migration
With Microsoft 365 services running and the hybrid sync established, ITECS executed the most technically complex phase of the project: transitioning McCraw Law Group's identity infrastructure from on-premises Active Directory to cloud-native Microsoft Entra ID.
This was not a simple DNS change or a toggle in a control panel. Migrating identity means changing the fundamental authentication and authorization layer that every employee, every application, and every device in the firm depends on. Get it wrong, and attorneys cannot log in, cannot access case files, cannot file documents with the court. The stakes for a law firm are not just operational — they are ethical obligations to clients with active cases.
Group Policy to Microsoft Intune Translation
On-premises Active Directory enforces device policies through Group Policy Objects. In a cloud-native Entra ID environment, that role is handled by Microsoft Intune. ITECS mapped every GPO in McCraw's environment — security settings, drive mappings, printer deployments, software installations, desktop configurations — and translated them into Intune configuration profiles and compliance policies.
This translation is where many migrations go sideways. Not every GPO has a direct Intune equivalent, and some require creative solutions involving PowerShell scripts deployed through Intune, configuration service provider (CSP) policies, or platform-native security baselines. ITECS tested every policy translation against representative hardware from each office before deploying firm-wide.
GPO-to-Intune Translation: Common Pitfalls
Organizations frequently underestimate the complexity of translating Group Policy to Intune. Drive mapping GPOs, for example, have no direct Intune equivalent and typically require PowerShell remediation scripts or SharePoint-integrated approaches. Printer deployment GPOs must be replaced with Universal Print or Intune-deployed printer configurations. Security baseline GPOs require careful mapping to Intune's security baseline profiles, which use different policy naming conventions and enforcement mechanisms. A line-by-line audit of every active GPO is essential before migration.
Conditional Access and Zero-Trust Security
Moving to Entra ID also meant implementing a modern security model. ITECS deployed Conditional Access policies that enforce multi-factor authentication, restrict access from unmanaged devices, and apply risk-based sign-in evaluation across the firm. This replaced the castle-and-moat security model of the on-prem AD — where anyone inside the VPN was trusted — with a zero-trust posture that evaluates every access attempt individually.
For a law firm handling sensitive client information, this was not just a technical improvement — it was a meaningful advancement in cybersecurity posture that protects both the firm and its clients. Conditional Access policies can enforce different levels of assurance based on the sensitivity of the resource being accessed, the device's compliance state, the user's risk score, and the location of the sign-in attempt — a level of granularity that on-premises GPO-based security simply cannot match.
ITECS engineers managed the Active Directory to Entra ID transition — translating Group Policy to Intune and deploying Conditional Access policies across the firm
Phase 4: Local Profile Remapping — The Critical Differentiator
This phase was the make-or-break moment of the entire project — and the technical detail that separates a competent migration from an exceptional one. It is also the phase that most frequently determines end-user perception of a migration's success or failure.
The Problem: Identity Changes Destroy Desktop Environments
When a Windows workstation transitions from domain-joined (on-prem AD) to Entra ID-joined, the default behavior is straightforward and devastating: the operating system treats the new cloud identity as a new user and creates a fresh local profile. The attorney sits down at their desk, logs in with their same email and password, and is greeted by a blank desktop. No bookmarks. No application settings. No pinned folders. No customized workflow. Everything they had built over months or years of daily use — gone, replaced by a default Windows profile.
For a law firm with dozens of employees across multiple offices, that outcome was unacceptable. An attorney who loses their desktop environment loses their muscle memory — their saved case file shortcuts, their browser tabs with active court dockets, their email rules that organize case correspondence, their application layouts optimized for their specific workflow. The productivity loss is measured in days, not hours, and the support ticket volume can overwhelm an IT help desk for weeks.
Technical Background: Windows Profile SID Association
A Windows local profile is tied to a Security Identifier (SID). When a user authenticates against on-prem AD, their profile is associated with the AD account's SID. When they authenticate against Entra ID, the cloud account has a different SID. Without explicit remapping, Windows creates a new profile directory (e.g., "C:\Users\jsmith_001") and the employee loses access to their original profile. ITECS remapped the profile SID associations — modifying registry entries under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList to link the existing local profile to the new Entra ID SID — so the operating system recognized the cloud identity as the same user and loaded their existing profile seamlessly.
The ITECS Remapping Methodology
ITECS executed the profile remapping in a controlled, methodical sequence designed to minimize risk and maximize verification coverage:
- Pilot group validation: A small group of users across different offices were migrated first, allowing ITECS to validate the remapping process against different hardware configurations, software installations, and profile sizes before firm-wide rollout. The pilot group included representatives from each office location and a cross-section of roles (attorneys, paralegals, administrative staff) to ensure coverage of different application dependencies.
- Pre-migration profile backup: Every user's local profile was backed up before the remapping process began — ensuring a clean rollback path if any individual migration encountered issues. Backups included the full user profile directory, associated registry hives, and application data stores.
- SID remapping execution: Using specialized migration tooling, ITECS remapped the Windows registry entries, NTFS file permissions, and profile directory associations from the old AD SID to the new Entra ID SID for each user. This process modifies the profile list registry, updates file ownership on the profile directory tree, and re-associates application credential stores.
- Application credential migration: Beyond the Windows profile itself, ITECS verified that application-specific credentials, browser profiles, cached credentials, and locally stored authentication tokens transitioned correctly. This included Outlook profiles, browser-saved passwords, VPN client configurations, and application-specific data stores.
- Post-migration verification: Each workstation was verified after remapping — confirming that the user's desktop, application shortcuts, browser bookmarks, Outlook profile, printer mappings, and custom configurations all loaded correctly under the new Entra ID identity
The result: on switchover day, McCraw Law Group employees logged into their workstations using their Entra ID credentials and found their familiar desktop waiting for them. No lost files. No missing shortcuts. No reconfiguration. No help desk tickets flooding in from frustrated attorneys. Just a normal Monday morning — which is exactly what a successful migration should feel like.
The goal of profile remapping: on switchover day, every attorney logged in and found their familiar desktop exactly as they left it
Phase 5: Datacenter Decommission and Colocation Exit
With identity migrated, profiles remapped, files in the cloud, and all services running on Microsoft 365 and Entra ID, ITECS moved to the final phase: shutting down the colocation datacenter. This was not a single switch-flip — it was a systematic teardown that followed a strict dependency-aware sequence:
- Final service migration: Any remaining services still running on colo-hosted servers — DNS forwarders, legacy application dependencies, print service remnants — were migrated to cloud equivalents or decommissioned with confirmed alternatives in place
- On-premises AD domain controller shutdown: With all workstations now Entra ID-joined and hybrid sync no longer needed, ITECS demoted and decommissioned the on-prem domain controllers following Microsoft's documented decommission procedures
- Entra Connect removal: The hybrid synchronization server was decommissioned carefully — improperly decommissioned Entra Connect servers can overwrite cloud data with stale on-prem information during unintended sync cycles, a risk that requires careful sequencing to avoid
- VPN tunnel teardown: Site-to-site VPN tunnels linking each office to the colo were removed, simplifying the network architecture and eliminating the bandwidth costs associated with backhauling traffic through the datacenter
- Data sanitization: All server hard drives were securely wiped following NIST 800-88 guidelines, ensuring that sensitive client data from legal cases was irrecoverably destroyed before hardware disposal
- Colo contract termination: With all equipment decommissioned and removed, McCraw Law Group formally exited their colocation agreement — eliminating the monthly recurring costs for rack space, power, cooling, and bandwidth
The colocation facility was dark. The servers were wiped. And McCraw Law Group's technology infrastructure was running entirely in the cloud for the first time in the firm's history.
Project Timeline: Six Months from Kickoff to Lights Out
Month 1: Discovery and Planning
Full infrastructure audit across all offices and the colo. AD forest mapping, file share inventory, application dependency cataloging. Migration blueprint finalized and approved by McCraw leadership.
Month 2: Cloud Foundation
Microsoft 365 tenant provisioned and configured. Entra Connect deployed for hybrid sync. Exchange Online and SharePoint Online configured. Email migration begins in evening batches.
Month 3: Identity Migration
GPO-to-Intune translation completed and tested. Conditional Access policies deployed. Pilot group transitioned from domain-joined to Entra ID-joined with profile remapping validated.
Month 4: Firm-Wide Profile Remapping
All remaining workstations migrated to Entra ID with local profile remapping. Office-by-office rollout with same-day verification. File share migration to SharePoint and OneDrive completed.
Month 5: Remaining Services and Hardening
Print services migrated to cloud printing. DNS and DHCP reconfigured for cloud-native operation. Remaining application dependencies resolved. Security hardening and compliance validation.
Month 6: Decommission and Exit
On-prem domain controllers demoted and shut down. Entra Connect decommissioned. VPN tunnels to colo removed. Servers wiped per NIST 800-88. Hardware removed. Colo contract terminated.
Results: Before and After Comparison
The following table summarizes the transformation of McCraw Law Group's IT infrastructure from the pre-migration colocation model to the post-migration cloud-native environment:
| Dimension | Before: Colo-Hosted Infrastructure | After: Cloud-Native with ITECS Co-Managed IT |
|---|---|---|
| Identity | On-premises AD with GPO management burden | Microsoft Entra ID with Intune and Conditional Access |
| File Access | VPN-dependent file access from every office | SharePoint Online and OneDrive — access from anywhere |
| Cost Model | Recurring colo costs: rack, power, bandwidth, maintenance | Predictable M365 licensing with no hardware lifecycle costs |
| Resilience | Single-point-of-failure datacenter architecture | Microsoft's globally distributed, redundant cloud infrastructure |
| Security | Castle-and-moat: VPN = trusted | Zero-trust: MFA, Conditional Access, risk-based evaluation |
| Operations | Manual patching and hardware refresh cycles | ITECS-managed monitoring, patching, and cloud ops |
| Device Management | Group Policy with domain-joined workstations | Microsoft Intune with cloud-native device management |
| Remote Access | VPN required for all remote work | Direct cloud access from any location with internet |
Decision Framework: Evaluating a Datacenter Decommission
The McCraw Law Group engagement provides a reference framework for other law firms and professional services organizations evaluating whether to decommission their on-premises or colocation infrastructure. The following decision criteria can help leadership assess readiness:
Indicators That Decommission Is Appropriate
- Hardware refresh cycle approaching: If the firm faces a capital expenditure decision on server hardware, the cost comparison between a refresh-in-place and a cloud migration should be evaluated holistically, including total cost of ownership over a five-year horizon.
- Multi-office or remote workforce: Firms with more than two office locations or significant remote work requirements will realize disproportionate benefits from eliminating VPN-dependent access models.
- Security concerns with on-premises AD: If the firm lacks dedicated internal IT security resources to continuously monitor and harden an on-premises AD environment, cloud-native identity with Conditional Access offers a materially stronger security posture.
- Compliance and cyber insurance requirements: Many cyber insurance policies and compliance frameworks now explicitly require or reward MFA, endpoint management, and zero-trust architectures — all of which are native capabilities of the Entra ID and Intune platform.
- Operational simplicity: If the firm's IT staff (internal or external) spends disproportionate time on infrastructure maintenance rather than strategic initiatives, cloud migration shifts that burden to Microsoft's platform operations team.
Critical Success Factors
- Profile remapping is non-negotiable. Any migration partner proposing a "fresh profile" approach is asking your attorneys to rebuild their entire digital workspace. Profile continuity should be treated as a baseline requirement, not a premium add-on.
- Sequence matters more than speed. Rushing a datacenter decommission creates risk. The phased approach — cloud foundation first, then identity, then profiles, then decommission — ensures every dependency is resolved before the servers go dark.
- Security improves, not just convenience. Moving to Entra ID with Conditional Access and MFA does not just eliminate the VPN — it fundamentally upgrades the firm's security posture from perimeter-based to identity-based protection.
- Application dependency mapping is essential. Every line-of-business application, integration, and scheduled task must be identified and have a confirmed cloud-native equivalent or migration path before any on-premises service is decommissioned.
The Co-Managed IT Partnership Model
McCraw Law Group's datacenter decommission was a project — but the relationship with ITECS is ongoing. Today, ITECS serves as McCraw's co-managed IT partner, working alongside the firm's internal resources to maintain, monitor, and secure their now fully cloud-native infrastructure.
The co-managed model is particularly effective for law firms because it provides enterprise-grade IT support without requiring a full internal IT department. ITECS handles the complex, specialized work — cloud infrastructure management, endpoint security and monitoring, identity management, and strategic planning — while the firm's internal resources handle day-to-day operational needs.
The co-managed IT model extends the value of the decommission project in several ways:
- Continuous optimization: As Microsoft evolves the Entra ID, Intune, and M365 platforms, ITECS evaluates and deploys new capabilities that benefit the firm — keeping the environment current without requiring the firm to track platform changes independently.
- Proactive security monitoring: ITECS monitors the firm's cloud environment for security events, identity anomalies, and compliance drift, providing the kind of continuous vigilance that a law firm's case-focused staff cannot maintain internally.
- Scalability: As McCraw Law Group opens new offices or hires additional attorneys, the cloud-native infrastructure scales without hardware procurement, VPN configuration, or domain controller deployment. New users and locations can be onboarded through Entra ID and Intune in hours, not weeks.
- Strategic IT planning: The co-managed IT partnership includes technology roadmap discussions that align the firm's IT investments with its business growth trajectory.
The datacenter decommission was a project — the co-managed IT partnership is the ongoing relationship that keeps McCraw Law Group's cloud infrastructure optimized and secure
Conclusion and Recommendations
McCraw Law Group's datacenter decommission demonstrates that a full infrastructure migration — from on-premises Active Directory and colocation-hosted servers to cloud-native Microsoft Entra ID and Microsoft 365 — can be executed for a multi-office law firm in six months with zero business disruption, provided the migration follows a phased, dependency-sequenced methodology with appropriate attention to end-user experience.
The broader lesson from this engagement applies to law firms and professional services organizations across the country: the colocation datacenter model served its purpose, but the future of legal technology infrastructure is cloud-native. The firms that make the transition thoughtfully — with a partner that understands both the technical complexity and the operational stakes — come out stronger, more secure, and more agile than they were before.
For law firms evaluating their own infrastructure trajectory, ITECS recommends beginning with a comprehensive infrastructure discovery and dependency audit. This assessment establishes the baseline from which a migration plan, timeline, and cost model can be developed — and it identifies the hidden dependencies and application integrations that often determine whether a migration succeeds or fails.
Is Your Law Firm Still Running On-Premises Infrastructure?
ITECS helps law firms across North Texas migrate from aging datacenters to modern cloud infrastructure — with zero disruption to your practice. Start with a free assessment to understand your migration path, timeline, and cost savings.
Schedule Your Free IT Assessment →Sources and References
- Microsoft Learn — Road to the cloud: Migrate identity and access management from AD DS to Microsoft Entra
- Microsoft Learn — Best practices to migrate applications and authentication to Microsoft Entra ID
- Microsoft Learn — Active Directory Federation Services (AD FS) decommission guide
- Microsoft Learn — Decommissioning Azure AD Connect V1
- Entra News — Decommissioning On-Prem AD: Lessons Learned from a Successful Migration
- ITECS Blog — How We Helped McCraw Law Group Decommission Their Datacenter and Migrate to the Cloud