Moving a UK charity to M365 nonprofit licensing

The situation

An 18-user registered charity in the North West — a mix of eight full-time employees and ten active volunteers — was running on a patchwork that had grown organically over nearly a decade. Staff used personal Gmail accounts for work email. Documents were stored on a Windows Server 2012 R2 box in the charity's back office, accessed over the local network or via a VPN that several staff found unreliable. The server was out of extended support and hadn't had a meaningful maintenance visit in over two years.

The charity's chair had become aware that this setup was both insecure and unsustainable. They'd received a small digital transformation grant and wanted to use it to move to a proper cloud setup. Microsoft 365 Business Basic is available free to eligible UK charities through Microsoft's nonprofit programme — for 18 users, this represented a significant saving compared to commercial licensing, and it would also give the charity access to Teams, SharePoint, and Exchange.

The challenge was the complexity: migrating away from personal email accounts, decommissioning a server, managing licences for a mixed workforce of employees and volunteers, and doing it all without disrupting the charity's operational work.

What we rolled out

Before touching anything, a UK engineer conducted a discovery session with the charity's operations manager and chair. The goal was to understand the data landscape: what was on the server, what lived in personal Gmail, what was sensitive (donor data, grant correspondence, safeguarding records), and what the volunteers actually used day-to-day versus what they didn't.

The Microsoft nonprofit application was submitted and approved within five working days — eligibility as a registered charity with a qualifying registration number is straightforward. Licences were provisioned for all 18 users: eight full Microsoft 365 Business Basic licences for employees, and ten Frontline Worker licences for volunteers (also available in the nonprofit programme at lower cost).

A new Azure Active Directory tenant was set up with the charity's own domain. All accounts were created with enforced MFA from the start — a deliberate decision to build good habits rather than retrofit security later. Staff email was migrated from personal Gmail to Exchange Online using a staged migration approach: read-only access to the old Gmail account remained in place for 30 days so nothing was lost.

SharePoint was set up with a simple, logical structure agreed with the operations manager: one team site for core charity operations, one for each active project, and a separate library for confidential HR and safeguarding records with restricted access. The server's file content was inventoried, cleaned (a significant quantity of duplicates and outdated files were removed with the operations manager's sign-off), and migrated to SharePoint over a weekend.

What the AI handled

Once the tenant was live and agents deployed to the eight employee machines, the AI took over day-to-day support. For a charity of this profile, the most common ticket types resolved entirely by AI include:

• OneDrive and SharePoint confusion — staff moving from personal Gmail and a local file server to SharePoint invariably need hand-holding in the first few weeks. "Where did my file go?" and "How do I share this with the volunteer?" were the most common queries. The AI walked users through the SharePoint interface with step-by-step guidance, and in most cases resolved the confusion without escalation.
• Volunteer account onboarding — as new volunteers joined, their accounts needed activating and their devices getting the agent. The AI handled the account activation steps and walked the volunteer through MFA setup on their own device. A process that would have required a support ticket with the old MSP was self-service.
• Teams configuration questions — the charity started using Teams for internal coordination. Questions about channels, meeting recordings, and notification settings were handled by the AI, which could see the user's specific Teams configuration and give tailored answers rather than generic how-to guides.
• Device health on personal devices — volunteers use their own laptops and phones. The AI's mobile management integration allowed it to check device health and compliance status, flag any devices accessing charity data that didn't meet minimum security standards, and guide the volunteer through remediation.

Where humans stepped in

The migration itself required sustained human engineering time. The AI does not attempt to manage tenant provisioning, data migration, or SharePoint architecture — these are decisions with long-term consequences and they need human judgement.

Post-migration, the escalations that required engineers were:

• Donor management software integration — the charity's donor CRM needed to authenticate via OAuth against their new Exchange tenant. This required changes to app registrations in Azure AD — the AI flagged the requirement and documented what needed doing, and an engineer made the configuration change.
• Safeguarding records access control — the charity's safeguarding lead wanted to confirm that only specific named individuals could access a particular SharePoint library. An engineer validated the permissions configuration and provided written confirmation for the charity's trustee records.
• Server decommission sign-off — once the data migration was complete and the team had been running on SharePoint for 30 days, an engineer confirmed that nothing had been missed before the old server was powered down. This involved a physical check of the server's remaining content and a sign-off call with the operations manager.

Outcome

For a charity at this size and profile, we'd expect outcomes along these lines:

• Near-zero ongoing licensing cost — the Microsoft nonprofit programme means the M365 licences are free or heavily subsidised. The charity pays only our £10/user/month support subscription, replacing the ad hoc IT costs they'd been absorbing.
• Proper identity and access control from day one — enforced MFA, no personal email for work purposes, and a clear record of who has access to what. This matters for GDPR compliance and for trustee governance.
• Server eliminated — no more hardware to maintain, no more VPN reliability issues, no more out-of-support operating system risk. Staff access their files from anywhere, including volunteers working remotely.
• Volunteer management simplified — onboarding a new volunteer takes minutes rather than requiring a manual account setup and an IT visit. Offboarding (disabling the account when a volunteer leaves) is equally straightforward.

The less measurable outcome: the charity's chair stopped worrying about IT during trustee meetings. The charity's data is backed up, access-controlled, and auditable. That's what governance requires — and it no longer costs what it used to.