How We Stabilized a Manufacturer's IT After Their Previous Provider Left It in Pieces
Case Study
An industrial graphics manufacturer in Central Illinois came to Facet after years with another IT provider. They assumed their systems were in good shape. Our assessment told a different story: an overall IT audit score below 50%, with security scoring below 25%. Failed servers, unfiltered internet traffic, cameras exposed to the public internet, and a half-finished Azure migration that was creating more problems than it solved.
Ten months later, every issue was resolved. The environment was fully cloud-hosted, properly secured, and running on Facet’s complete managed services and security platform.
This is what IT stabilization looks like when it’s done right.
What We Found: An Environment in Chaos
The client’s previous IT provider had started migrating their environment to Microsoft Azure but left the job incomplete. On-premises servers were still running services that should have been in the cloud. Security protections that any business needs — email filtering, endpoint encryption, dark web monitoring, employee training — were either missing entirely or half-configured.
Here’s what Facet’s on-site assessment uncovered:
Security Gaps
The security audit scored below 25 out of 100. These were the biggest problems:
- No multi-factor authentication on VPN access — remote connections protected by passwords alone
- Surveillance cameras exposed to the internet through open port forwarding, creating a backdoor into the business network
- Guest WiFi sharing the same network as production systems — any visitor’s device could reach internal resources
- All Azure internet traffic leaving unfiltered — no web filtering, no antivirus scanning, no intrusion prevention
- No dark web monitoring — and compromised employee credentials were already circulating online
- No email security beyond what the email client provides by default
- No endpoint encryption — a lost or stolen laptop would expose everything on the hard drive
- No security awareness training — employees had never received phishing education or simulation testing
Infrastructure Problems
- Two domain controllers had been offline and failing for over two years — well past the point where Active Directory could recover them normally
- VPN running through a single internet provider with no failover — one ISP outage meant no remote access
- Orphaned Azure resources still billing every month for virtual machines and disks nobody was using
- Azure VMs on pay-as-you-go pricing instead of reservations, causing both higher costs and hardware availability issues where a session host simply couldn’t start
Operational Issues
- 17 production printers configured with WSD ports — a protocol known to cause random offline status and stuck print queues. For a graphics manufacturer, printer problems are production problems.
- Every printer maintained individually on each virtual desktop host instead of managed centrally through Group Policy
- DNS, DHCP, directory sync, thin client management, and the network controller all still running on aging on-premises hardware despite the “Azure migration”
What We Did: A 20-Point Plan Executed in Phases
Facet’s engineering team built a prioritized remediation plan that addressed every issue found during the assessment. Each item was rated by impact level, scheduled with the client’s leadership team in advance, and executed in phases — with pilot testing before any change that could affect production.
Phase 1: Foundation Cleanup
We started by removing what was broken. The two failed domain controllers were cleaned out of Active Directory. Orphaned Azure resources that had been billing monthly for nothing were deleted. Stale firewall rules from services that no longer existed were removed.
Phase 2: Complete the Azure Migration
The previous provider had moved some workloads to Azure but left all the infrastructure services — DNS, DHCP, directory sync, thin client management, and the network controller — running on physical servers in the office. We deployed two new Windows Server 2022 domain controllers in Azure, migrated every service to the cloud, and decommissioned all on-premises server hardware. The migration wasn’t done until the old servers were actually off.
Each service migration was scheduled after hours and tested before cutover. Directory sync and thin client management were piloted with a test group first to confirm everything worked in the new environment before rolling out to the full team.
Phase 3: Close the Security Gaps
This phase addressed the below-25% security score:
- Deployed Duo MFA across Office 365, Azure Virtual Desktop, and VPN — starting with a pilot group before expanding company-wide
- Isolated guest WiFi onto its own dedicated network segment so visitor devices could no longer reach business systems
- Moved surveillance cameras onto a separate, isolated network and removed the public internet exposure entirely
- Routed all Azure internet traffic through a FortiGate firewall with web filtering, antivirus scanning, and intrusion prevention — traffic that had previously gone out to the internet with zero inspection
- Replaced the single-ISP Azure VPN with a FortiGate-based VPN running across two internet providers, so a single outage no longer meant losing remote access
Phase 4: Fix the Production Printers
All 17 printers were converted from WSD ports to static IP addressing, which eliminated the random offline and stuck queue issues. We then built centralized print management through Group Policy — printers mapped to users by security group, with correct defaults set for production printing. This replaced a setup where every printer had to be configured by hand on every virtual desktop host.
Phase 5: Deploy the Full Facet Security Suite
With infrastructure stable, we brought the client onto Facet’s full managed services agreement with complete security coverage — addressing every gap from the original audit:
- SentinelOne autonomous endpoint protection on every device, with AI-driven threat detection, ransomware rollback, and a ransomware warranty
- FortiGate next-gen firewall with security analytics, SD-WAN, gateway antivirus, web filtering, intrusion prevention, and application control
- Proofpoint Essentials email security with URL and attachment sandboxing, policy-enforced encryption, and data loss prevention
- Dark web monitoring scanning for compromised credentials 24/7 with immediate alerting
- Security awareness training and phishing simulations — establishing a baseline and ongoing education program where none existed before
- BitLocker endpoint encryption with AES-256 on all workstations and centralized key management
- Email cloud backup covering Exchange Online, SharePoint, and Microsoft Teams
- 24/7/365 monitoring with alerting, escalation, and real-time health visibility across every endpoint
The Results
| Before Facet | After Facet |
|---|---|
| Overall IT audit score below 50% | Fully managed environment with 24/7/365 monitoring and quarterly reviews |
| Security score below 25% | Complete Facet Security Suite across all endpoints and services |
| 2 failed domain controllers generating errors for 2+ years | Clean Active Directory with Azure-hosted Windows Server 2022 |
| VPN with no multi-factor authentication | Duo MFA on all VPN, Office 365, and virtual desktop access |
| Cameras exposed to the public internet | Cameras isolated on a dedicated network segment |
| Guest WiFi on the production network | Guest WiFi on its own isolated segment |
| Azure traffic leaving unfiltered | All traffic inspected through FortiGate with filtering, antivirus, and IPS |
| Single-ISP VPN with no failover | Dual-ISP FortiGate VPN with automatic failover |
| 17 printers randomly going offline | Static IP ports with centralized Group Policy management |
| No email security, no endpoint encryption, no dark web monitoring, no training | SentinelOne, Proofpoint, BitLocker, dark web monitoring, and phishing simulations all deployed |
| Orphaned Azure resources billing monthly | Resources cleaned up, active VMs on reserved pricing |
| Azure costs paying for underperforming builds | Improved Azure builds deployed at no additional monthly cost |
Timeline: 10 months from initial assessment to project completion.
Azure costs: Facet cleaned up wasted resources and moved VMs to reserved pricing, then deployed improved Azure builds — all at no increase in monthly spend.
Printer issues: Resolved completely. The WSD-to-static-IP conversion and centralized Group Policy management eliminated the daily production disruptions.
What This Project Tells You About Switching IT Providers
If you’re considering a change from your current IT company, this project shows what a thorough transition looks like — and why it matters.
Your new provider should assess before they quote. A quick remote scan doesn’t catch failed domain controllers, misconfigured firewall rules, or cameras exposed to the internet. Facet’s engineers came on-site, examined the full environment, and found problems nobody knew existed.
Expect the unexpected. This client thought their Azure migration was complete. It wasn’t. Services were still running on old hardware, security was barely configured, and cloud resources were billing for nothing. A good IT partner will tell you the full picture honestly, even when it’s not what you want to hear.
A project like this typically involves $50,000–$100,000+ across multiple phases, depending on the size and condition of your environment. That’s a wide range because every network is different. The only way to get an accurate number is through an on-site assessment.
The goal isn’t just fixing problems — it’s building a security posture that holds up over time. This client didn’t just get their issues resolved. They got a fully managed IT partnership with 24/7 monitoring, ongoing security, and quarterly planning reviews.
Frequently Asked Questions
What should I expect when switching managed IT providers?
A good new IT provider will start with a full assessment of your current environment before making any changes. In this case, Facet discovered failed domain controllers, security gaps, orphaned cloud resources, and incomplete migration work left by the prior provider. We built a prioritized 20-item remediation plan with impact ratings and scheduled every change in advance. Expect a complex transition to take several months, but a thorough process prevents surprises and gets the environment where it needs to be. Our onboarding process is almost always less than 30 days, and even if work needs to continue in the background, we work quickly to stabilize your systems so you can continue operations.
How do I know if my Azure migration was done correctly?
Check whether your on-premises servers are actually decommissioned. If DNS, DHCP, and other services are still running on old hardware “just in case,” the migration isn’t finished. Also look for orphaned Azure resources (unused VMs and disks still billing monthly), unfiltered internet traffic from Azure, and whether your Azure VPN has failover across multiple internet connections. Facet found all of these issues in this client’s environment.
How much does IT stabilization and security remediation cost for a manufacturer?
Projects of this scope typically run $50,000–$100,000 or more, often spread across two to three phases depending on the size of the environment, the number of endpoints, the extent of security gaps, and how much work the previous provider left undone. The only way to get an accurate number is through an on-site assessment, which is why Facet starts every new client relationship with one.
Can you manage printers in an Azure Virtual Desktop environment?
Yes. Facet configured centralized print management for this client’s AVD environment using Group Policy. Printers are mapped to users by security group with correct defaults set for production printing. This replaced a setup where each printer had to be maintained individually on every virtual desktop session host — a process that was causing daily production disruptions.
What security protections should a manufacturing company have in place?
At minimum: a managed next-gen firewall, endpoint protection on every device, multi-factor authentication, email security with phishing protection, dark web monitoring, endpoint encryption, regular security awareness training for employees, and 24/7 network monitoring. When Facet assessed this manufacturer, most of those protections were either missing or partially configured. All of them are now part of their managed services agreement with Facet.
How much can Azure Reservations save compared to pay-as-you-go?
Azure Reservations typically save 30–70% over pay-as-you-go rates depending on the VM type and commitment term. Beyond the cost savings, reserved VMs have guaranteed hardware allocation — which prevents availability issues where a pay-as-you-go session host can’t start because Microsoft doesn’t have capacity at that moment.
Ready to Find Out Where Your IT Actually Stands?
If your current IT provider hasn’t given you a full security assessment, or if you suspect your environment has gaps nobody’s told you about, we can help.
Facet Technologies has been providing IT services to Central Illinois businesses for over 30 years. We’ll give you an honest picture of your environment, explain what needs attention and why, and build a plan that fits your budget and timeline.
Fill out the form on this page to request a consultation.
Not ready to talk yet?
Download our free guide: Beyond the Quote: 11 Questions You Must Ask Before Hiring a Managed IT Service Provider (https://facettech.com/11-questions) — it’ll help you evaluate any IT company, including your current one.