From speaking to organisations across lots of different sectors, we know most don’t have a technology problem. They have a clarity problem.
They’ve invested in Microsoft 365. They’ve got Azure. They’ve got security tooling. But none of it is truly joined up. Different teams own different parts, decisions have been made tactically over time, and the result is a fragmented environment that’s harder to manage, harder to secure, and slower to deliver value.
Modernisation isn’t about buying more tools. It’s about fixing the foundations and making the technology you already own work the way it’s supposed to.
That’s where we see most organisations either get it right or go wrong. We’ve sat down with our Technical Architect, Shaun Talbot, to answer some questions around this topic.
Q: What does “modernisation” actually mean in 2026 and where should organisations start?
ST: Modernisation has been massively overcomplicated. At its core, it’s simple: can your technology environment support how your business actually operates today, and where it’s going next?
Most organisations I speak to already have the right technology stack. They’re just not using it properly. So where do you start? Not with AI, not with automation, and not with another platform. You start with identity, device management, and your core collaboration and data platforms. If those three areas aren’t standardised and controlled, everything else is built on sand. This is where people often get it wrong, they jump straight to the “exciting” advancements without fixing the basics first, and that always comes back to cause problems later.
Q: How should organisations get ready for Microsoft 365 Copilot and AI agents?
ST: This is where I see the biggest disconnect right now. Everyone wants Copilot, but very few environments are actually ready for it.
Copilot isn’t magic, it’s a mirror. It exposes your environment exactly as it is. If your SharePoint is poorly structured, if your permissions are too broad, or if you don’t have governance in place, Copilot will surface those issues instantly. Too many organisations are treating it like a simple feature rollout, when it’s a data and governance project disguised as an AI tool.
If you’re serious about getting value from it, the work needs to happen upfront cleaning up your data estate, tightening access controls, and applying proper classification and policies. Without that, you won’t get the return you expect, and you’ll introduce risk into the business.
Q: Why is data governance now a critical part of modernisation?
ST: Because without it, you’ve got no real control over your environment. What used to be seen as a compliance exercise is now an operational requirement.
AI has changed the dynamic completely. If a user has access to something, AI can find it, surface it, and use it. That includes old files, poorly stored documents, or sensitive data sitting in the wrong place. All of it becomes visible.
That’s why tools like Microsoft Purview are so important. They’re not just about compliance, they’re about understanding your data, classifying it properly, and controlling how it’s used. Without that, you’re effectively operating blind. If you adopt modern technologies without governance in place, you’re increasing your risk whether you realise it or not.
Q: Why is identity now considered the “new perimeter”?
ST: Because the traditional perimeter doesn’t exist anymore. There’s no clear boundary between inside and outside the network in the way there used to be.
Users are working from anywhere, applications are cloud-based, and devices are no longer tied to a physical location. That means every access decision comes down to identity. You’re no longer trusting where someone is, you’re verifying who they are and what they should be able to access.
This is where Microsoft Entra and Zero Trust come into play. But I’ll be blunt, many organisations think they’re further along than they are. Simply enabling MFA isn’t a strategy. You need strong authentication, properly configured Conditional Access, tight control over privileged accounts, and continuous risk evaluation. If identity isn’t designed properly, everything else you invest in becomes exposed.
Q: How should organisations approach modern endpoint management today?
ST: If your devices aren’t controlled, your environment isn’t controlled, it’s as simple as that.
Endpoint management has moved beyond just managing devices. It’s now about enforcing security, compliance, and consistency across your entire estate. With Intune, you can standardise builds, control applications, and ensure devices are continuously meeting your security requirements.
The issue most organisations have isn’t capability, it’s consistency. If devices are built and managed differently across the business, you end up with complexity, increased support overhead, and increased risk. One of the biggest improvements we see is removing permanent admin rights and replacing them with controlled, just-in-time access. It’s a relatively small change, but it significantly reduces the attack surface and improves overall security posture.
Q: Where do Windows 365 and Azure Virtual Desktop fit into modernisation?
ST: They’re not the answer for everything, but when they’re used in the right way, they solve a lot of problems quickly.
The real value is in standardisation and control. Instead of managing a wide range of different physical devices, you can deliver a consistent, secure desktop experience from the cloud. That becomes especially useful in environments with remote workers, contractors, or higher security requirements.
The key is choosing the right approach. Windows 365 is typically simpler and easier to deploy, while Azure Virtual Desktop gives you more flexibility and control in more complex scenarios. Where organisations go wrong is over-engineering the solution. Start with the business requirement, solve the problem you’ve actually got, and keep the design as simple as possible.
Closing thoughts
ST: Most organisations already have the technology they need, they just haven’t implemented it properly.
The ones that get modernisation right don’t try to do everything at once. They focus on getting the foundations in place first: identity, endpoints, and data. Once those are under control, you can start layering in AI and more advanced capabilities with confidence.
If you get that order right, modernisation becomes much simpler and delivers real value much faster. If you don’t, you’ll spend years trying to fix problems that could have been avoided from the start.
If you’re looking at your own environment and recognising some of these challenges, it’s worth having a conversation. At D2NA, we work with organisations to assess where they are today, define a clear roadmap, and implement modern Microsoft-based solutions in a controlled, low-risk way.
If you want to understand what that could look like for your organisation, get in touch with the team or ask to speak to me directly, we’ll give you a clear, honest view of where you stand and how to move forward.