Foundations Of Cloud Success: Southdown Housing Association

Southdown Housing Association (SHA) has become a cloud first organisation and has begun harnessing the power of Microsoft 365 and Azure with the assistance of the A4S Cloud Solutions Team.

SHA sought a partner who would work with them at every stage with a high level of transparency and knowledge sharing. The A4S team always work hard to ensure clients are fully consulted throughout the design and delivery process, this ensures higher levels of customer satisfaction and quicker delivery. All A4S projects are carried out using our online project management tool where our clients have real time access to scheduling, risks, budgets, decisions, blockers and more.

Cloud technology for housing associations

Foundations Of Cloud Success

A4S has a demonstrable track record of success which is available to all here at our case studies page.

SHA needed to update their IT systems to follow a cloud first approach using the Microsoft 365 and Azure suite of services, this would involve moving away from their existing on-premise solutions in a staged approach over an 18 month timeline.

Rather than implement a ‘big bang’ approach; A4S and SHA teams devised a project timeline and staged plan to ensure that cloud services could be carefully adopted whilst existing assets on-premise such as Citrix would be retained and utilised until the appropriate moment.

A4S work with their clients to adopt cloud services at the right time such as the comprehensive range of security products that can bring significant benefit to on-premise systems without the need to migrate to cloud, some examples are below:

  • Microsoft Sentinel – A comprehensive Security Event and Incident Management (SIEM) solution that can ingest and analyse security data from almost any system to provide clients with incredibly powerful protection.
  • Azure Backup – A cloud based backup solution capable of backing up on-premise and cloud systems, can store backup data locally before archiving into cloud storage.
  • Azure Monitor – Ingest and analyse performance, availability, capacity data and much more across cloud and on-premise systems to create a comprehensive view of your applications and IT infrastructure.
  • Azure Updates Service – Automate your Server Windows updates process using Azure automation.
  • Azure Site Recovery – Protect your on-premise or/and cloud based server workloads by replicating to an alternative cloud or-premise location, automate failover across a wide range of systems.
Cloud technology for ha
Cloud technology for housing associations
Southdown Housing Association
Southdown Housing Association

Initial Requirement - Based on Microsoft Cloud Adoption Framework (CAF)

The initial requirement was to provide guidance on technical design and project approach. As the Team at A4S always work with clients to ensure the necessary foundations of governance and design are in place prior to utilising any cloud services hence the following were provided:

  • A roadmap including critical stages of transformation from their pre-cloud state to the conclusion of their target cloud first state.
  • A predicted schedule, resource and operational cost model incurred when moving to the cloud.
  • A high level target cloud architecture.

The A4S approach to adopting cloud services is based on the Microsoft Cloud Adoption Framework (CAF):

Microsoft Cloud Adoption Framework

Following the Microsoft approach enables A4S to ensure greater levels of assurance and was used for Southdown Housings’ project to great success.

As the SHA teams (Head of IT and Procurement Lead) had already been working hard on Strategic Alignment; the project teams at A4S and SHA were allowed to focus mainly on 1) Plan, Prepare, Success 2) Cloud Foundations Ready, and 3) Cloud Adoption.

Foundations Of Cloud Success
Following the steps of the MS CAF derived A4S cloud adoption approach the project; the start up support phase of the project aligned well to the ‘Plan Prepare, Succeed’ step as is described next.

Project Start Up Support

SHA were fully engaged from the start with a dedicated project team willing to engage and work closely with the A4S delivery team either via Microsoft Team, email or via our online project management environment.

A4S worked closely with the client to ensure the project started in the correct direction, this included providing professional services for the following:

  • Defining the target architecture for the clients cloud environment, this would ensure all stakeholders could review and agree on the target state.
  • Detailing a high level design for SharePoint Online.
  • Project assurance support to review and advise on aspects of the project such as timeline, budget, approach and running costs.

In addition the A4S team recommended a modified approach to include undertaking of an Azure Landing Zones activity which would ensure the necessary foundations of governance would be in place prior to moving services into Azure.

Build Foundations Of Cloud Success

Azure Landing Zones

A4S will always ensure our clients cloud environments are ready to safely receive business services and data by following the Azure Landing Zones approach, doing so ensures at least the following areas of design are applied:

  • Security
  • Management of elevated permissions
  • Authentication
  • Cost control
  • Configuration management
  • Monitoring and alerting
  • Backup and recovery
  • Disaster recovery

Using Azure Landing Zones gives our clients assurance their new cloud environment is safe and ready for their business systems and data and is something the A4S insists on.

Azure Landing Zones

Defining a target architecture brings clarity to the project, through discussion and collaboration the A4S and SHA project teams were able to agree on the required end state which would then allow decisions to be made on timeline, budget and technology.

With target architecture agreed it was then possible to define the intermediate stages between the as-is and to-be, several iterations were made and minor updates continued to happen throughout the project, A4S delivered a set of blueprints in order to visualise the various architecture stages of the project, these helped to bring technical clarity to the project in an easy to understand manner, they also enabled the teams to debate and modify later plans when needed.

Having as-is and to-be architectures documented meant more detailed planning could take place such a project schedule showing stages, timelines and resource plans enabling the SHA team to progress their cloud first programme.

Post Start Up Support

With the necessary planning frameworks in place the A4S and SHA teams could progress towards design and delivery where a pilot would take place prior to production migrations.

Landing Zones: Design and Delivery

A4S started with a Landing Zones design and delivery stage to ensure the necessary foundations for further delivery was in place, for SHA this included:

  • Budget controls including cost management and alerting.
  • Azure Policy to apply configuration governance.
  • Azure Key Vault for secure key management.
  • Azure security centre to managed workload security posture.
  • Azure Sentinel to ingest, analyse and respond to key security events.

Budget controls are enforced to support a client to monitor and manage their Azure usage, this can be actioned at the most appropriate level such as resource group, subscription or by tagging giving the client the granular control necessary to control their Azure costs.

Cloud adoption & Cloud platform

Azure Policy Implementation

The appropriate Azure Policy was implemented to support configuration governance within the clients Azure environment, configuration policies settings included:

  • Ensure all VMs are subject to backup.
  • Storage accounts must use a virtual network service endpoint.
  • Web applications must use HTTPS.

Key Vault

Key Vault was enabled and configured to store the clients secret, it is a cloud service for storing and accessing secrets in a secure manner. Anything you want to restrict access to, such as API keys, passwords, certificates, or cryptographic keys, is called a secret. Vaults and managed hardware security module (HSM) pools are two types of containers supported by the Key Vault service. Software as well as HSM-backed keys, secrets, and certificates can be stored in vaults.

Azure Security Centre

Azure Security Centre was enabled and configured, the threat protection provided by Security Centre allows the detection and prevention of threats at the Infrastructure as a Service (IaaS) layer, non-Azure servers, and Azure Platforms as a Service (PaaS) offerings.

Azure Sentinel

Azure Sentinel will be used as the SIEM platform, giving the ability to see and stop threats before they cause harm. Azure Sentinel gives a top-down perspective of the entire cloud estate. Sentinel leverages Microsoft’s security experience, augmented with artificial intelligence, enhancing threat detection and response times.

Azure Sentinel is built on the high performance Azure Monitor Log Analytics platform. Log Analytics uses Kusto query language (KQL), which allows data from multiple tables to be gathered, aggregate and complex operations performed with minimal code. Virtually any question can be answered quickly and analysis performed as long as the supporting data has been collected.

Azure Sentinel

EndPoint Manager

EndPoint Manager is used to support out of the box builds and also configurations related to encryption, port blocking, desktop and VPN.

EndPoint Manager is used as the method for deploying applications whilst VPN was also uniquely packaged and deploy for end users access file services prior to a SharePoint migration.

The EndPoint Manager deployment was accelerated to support an early delivery of laptop equipment and to support later changes without the need to recover laptops back into the office.

End User Compute Migration Pilot

The Clients end user compute (EUC) environment is transitioning from Citrix to laptops managed via EndPoint Manager (InTune).

Laptops are utilising Windows 10 joined to the clients EndPoint Manager solution and Azure AD, on-premise authentication is also provided.

The clients remote desktop solution remains whilst the support for legacy application delivery is needed.

Team and SharePoint Online Migration Pilot

Teams and SharePoint Online are closely integrated to give end users a great experience, is described by Microsoft as being the hub for all Office 365 services and supports the end user to leverage wider services such as SharePoint, PowerApps and strives to help end uses realise the full benefits of Office 365 cloud services.

Following Microsoft recommendations Teams is configured through a mixture of Teams policies and custom configuration to handle external connectivity and sharing that meets the clients privacy requirements.

Apps within Teams are a great support for business productivity however only if governance is applied and users are training, hence access is restricted to specific store applications that will be deployed later with the necessary support such as training and how-to guides.

Team and SharePoint Online Migration Pilot

The client understood a major exercise of data cleansing and re-organisation in preparation to move documents into SharePoint Online, these files are moved using Microsoft’s SharePoint Migration Tool (SPMT) where the necessary attributes are carried over (date created, edited etc).

Departmental documents will more into the SharePoint Online repository created for each Team whilst corporate wide file are hosted in a new SharePoint central file repository.

A new concept being leveraged is one of Team’s Owners being empowered to control access to teams and documents, the necessary Teams owners training was deployed over two sessions to support the required skills and experience.

Data Retention policies will be applied at a later date as part of a wider data retention and deletion project.

Exchange Online Migration Pilot

Exchange hybrid integration was reviewed and revised to ensure safe mail transport whilst the necessary mail protection available within Exchange Online was configured as per Microsoft best practice guidelines.

Please note: As at May 2022 the client is still in the the process of migrating their mailboxes.

Pilot Success

The clients pilot deployments have been extremely well received with end users enjoying the improved mobility enabled by a roaming laptop configuration controlled by EndPoint Manager.

Microsoft Teams and SharePoint Online has been a success with many end users and departments appreciating the greatly improved communications that Teams enables.

With the SHA IT teams very capably migrating end users with their data and applications to the new environment the A4S team provided support where needed, some lessons have been learned and any issues resolved quickly.

What's Next?

Following a successful pilot; the client is now moving into a production migration phase where the team will deliver the solution to the remainder of its end user estate.

Remaining server workloads that are not transformed into App Services may be migrated into Azure whilst they await transformation later on.

Foundations Of Cloud Success

The SHA and A4S teams worked extremely well together at all times, the SHA team is quickly developing its skills and cloud experience whilst using A4S support when needed.

Cloud foundations of success

Client Thoughts

The Southdown Housing Head of IT Services Steve Green was very impressed with the approach of the A4S team, especially the openness and transparency….
“From day one we were impressed with how transparent and sharing the A4S team members were, a core requirement of SHA was to ensure our IT team was able to deliver the solution hand in hand with our partner and that their knowledge and skills would grow.”

“A4S have supported our teams to deliver the M365 and Azure services with the security we need whilst maintaining the correct balance of productivity.”

Chris Tice Senior IT Infrastructure Engineer & main client technical point of contact was more than happy with the A4S assistance….
“A4S listened to our needs and responded brilliantly, they were able to support our growth as a team whilst working with us to deliver our cloud services with the security needed.”

“Whenever we had any issues A4S supported us very quickly via email, Teams or their online project management environment.”

“The project startup support stage of our project quickly showed that A4S were able to understand, document and discuss our cloud strategy and migration plans very clearly, this enabled us to plot a well managed course from our as-is position towards our cloud first target architecture.”

SHA Project Manager Sam Sharples was always on hand to work with the A4S project management team….

“A4S are a supportive and well organised team who are able to support our business on its complex cloud migration project with diligence and care.”

“At the start of the project we were given access to the A4S online project management environment where every element of the project is clearly shown including schedule, risks, financial and more.”

“A4S are extremely transparent and willing to support our teams to grow and develop their skills inline with our new cloud based environment.”

SHA Procurement Lead Sue Slater works tirelessly to support the clients cloud journey….

“Working with A4S is easy, they’re open, transparent and supportive, they’ve been a great help to our organisation.”

“A4S are organised and thoughtful in their planning of the project which makes management of project delivery a simpler process.”

“A4S always have a balanced view on that cloud products are of benefit, they will advise when a product is not yet mature and will help SHA re-use IT infrastructure wisely to save cost.”


Working closely and effectively with the SHA project delivery team has been easy due to their open nature, willingness to develop quickly, and the team has engaged whenever needed.

The SHA cloud migration project was always intended to be delivered by the client and with support of a trusted partner, this approach has been followed throughout and meant the client has become more familiar with Azure cloud services as quickly as possible.

Whilst the journey is still in its early stages, we believe SHA are now well place to accelerate their production deployments into Azure and Microsoft 365 whilst maintaining the necessary governance and security, throughout this journey A4S will be on hand to assist when needed.

The team at A4S are extremely grateful for the opportunity to work with the SHA project teams and hope to maintain and build the relationship for the foreseeable future.

Thanks for taking the time to read!

The A4S Team

If you would like to learn more about this project or would like to find out more about A4S Cloud Solutions and our approaches to cloud application migrations then you can get in touch via email or Teams on [email protected], ring me on 07415 897953 or click here: Work With The Experts!

Build Foundations Of Cloud Success: Southdown Housing Association​

Want to try Microsoft Sentinel Free for 30-Days?
Click the link below

Monitor and detect security threats across your Office 365 and Active Directory Environments. Start Detecting Security Threats With Microsoft Sentinel.