Executive Summary

A U.S.-based aerospace manufacturer supporting defense and space programs needed to transition sensitive engineering and program data into a more controlled environment as federal cybersecurity expectations continued to evolve. While Microsoft 365 provided strong collaboration capabilities, certain workloads involving Controlled Unclassified Information (CUI) required a higher degree of environmental separation, auditing, and administrative control than a standard cloud tenant allows.

ArchitectNow partnered with the organization to design and implement a dedicated on-premises SharePoint 2016 Enterprise platform specifically engineered for secure handling of sensitive content. Through a phased assessment, proof-of-concept migration, modernization of legacy forms, and updated governance, the organization implemented a long-term, supportable, and audit-ready collaboration environment tailored to defense program requirements.

Challenges Faced:

The organization encountered several challenges as requirements for handling sensitive aerospace and defense information became more stringent:

Increasing Security Expectations

Sensitive engineering documents and program materials required a level of control and isolation beyond what was available in their general-purpose Microsoft 365 tenant.

Need for Full Environmental Control

A fully self-managed environment was needed to enforce granular security controls, custom auditing configurations, and internal-only data boundaries.

Legacy SharePoint Components

Operational teams still relied on InfoPath forms and older workflows that were not well-suited for long-term sustainability.

Evolving Governance Needs

Departments managed content independently, resulting in inconsistent permissions, classification, and lifecycle practices.

Tight Program Timelines

Defense program milestones required secure collaboration capabilities to be deployed predictably and without disruption.

Business Impact

Without a more controlled collaboration environment, the organization faced:

·      Difficulty meeting elevated expectations from defense partners and auditors

·      Challenges demonstrating uniform, enforceable security controls

·      Inefficiencies from outdated workflows and inconsistent content structures

·      Increasing pressure on engineering teams that needed a stable, predictable secure workspace

A structured and sustainable approach was needed to ensure both security and operational continuity.

Objectives

The initiative was structured around five core goals:

1.    Establish a Secure On-Premises Collaboration Platform

Build an isolated SharePoint environment with granular security and auditing capabilities appropriate for sensitive aerospace information.

2.    Transition Key Content Into a Controlled Repository

Migrate targeted SharePoint Online sites and libraries into the on-premises platform with preserved structure, metadata, and version history.

3.    Validate With a Proof-of-Concept

Migrate a representative set of engineering and operational sites to confirm performance, usability, and security alignment.

4.    Modernize Legacy Solutions

Replace InfoPath forms and outdated workflows to ensure long-term supportability and better user experience.

5.    Deliver a Repeatable Governance & Migration Framework

Equip internal teams with clear processes, scripts, and governance controls for ongoing management and future migrations.

The Solution

Project Overview

ArchitectNow used a phased approach designed to achieve rapid readiness while establishing a sustainable long-term operational model.

1. Assessment & Planning

• Used ShareGate to inventory and classify all SharePoint Online content to identify sensitive materials and define the migration scope.

• Documented site structures, permissions, and workflows to determine modernization needs.

• Collaborated with the organization’s security team to architect a dedicated SharePoint 2016 farm including:
• Network segmentation and isolated access paths
• Authentication via Entra ID (Azure AD) using ADFS
• Logging, auditing, and secure backup strategies

• Identified InfoPath and legacy workflows requiring rebuilds.

• Produced a migration sequencing plan, communication plan, and technical design documentation.

2. Proof-of-Concept Migration

• Selected representative engineering and operations sites for an initial pilot.

• Migrated documents, metadata, version history, lists, and permissions into the new SharePoint 2016 farm using ShareGate.

• Rebuilt InfoPath-driven processes (e.g., corrective action tracking) using modern SharePoint lists and Power Apps or updated custom forms.

• Conducted user validation to ensure performance, compatibility, and ease of use.

• Provided redirect mechanisms and guidance to ensure a smooth transition during the pilot phase.

The POC demonstrated:

• Strong platform performance

• Seamless access for users

• Alignment with required security and governance controls

3. Scaling the Migration

• Developed a comprehensive migration runbook including scripts, job templates, validation steps, and departmental communication guidance.

• Supported the internal IT team as they executed the full migration (~6 TB across dozens of sites) in departmental waves.

• Encouraged each department to archive or remove redundant/outdated content before migration.

• Maintained parallel access or read-only cloud sites until validation was complete, ensuring a seamless user experience.

4. Governance Model Enhancements

ArchitectNow delivered a refined governance model that included:

• Defined content ownership and approval workflows for sensitive libraries

• Permissions and access standards aligned to internal security requirements

• Records retention policies matching organizational recordkeeping rules

• Logging and alerting rules for sensitive activities

• Updated governance documentation and administrator training

These practices established a sustainable long-term framework for internal oversight and security alignment.

.

Key Deliverables

• Secure On-Premises SharePoint 2016 Platform

A hardened environment with segmented networks, identity integration, and robust auditing.

• Migration Assessment & Strategy

Full inventory of content, dependency analysis, and phased roadmap.

• Pilot (POC) Migration

Fully migrated pilot sites demonstrating feasibility and user readiness.

• Modernized Forms & Workflows

Replacement of InfoPath and legacy workflows with supportable, modern solutions.

• Governance & Compliance Framework

Policies for permissions, lifecycle management, retention, and secure access practices.

• Migration Runbook & Knowledge Transfer

Scripts, templates, validation steps, and training to enable internal teams to manage ongoing migrations independently.

Outcomes and Benefits

• Dedicated, Controlled Environment for Sensitive Data

The organization now operates a secure, isolated SharePoint environment designed specifically for engineering and defense program collaboration.

• Higher Visibility and Data Control

Enhanced auditing, classification, and governance controls provide clear oversight of content usage and access.

• Modernized User Experience

Updated forms and workflows improve speed, reliability, and day-to-day usability.

• Improved Long-Term Sustainability

Removal of older technologies and standardized governance reduces operational risk and maintenance overhead.

• Repeatable Model for Future Growth

Internal teams now have a proven approach for securely onboarding additional sites or scaling to other business units.

• Stronger Alignment with Federal Cybersecurity Expectations

The new on-premises platform supports the organization’s commitments to secure handling of sensitive aerospace information.