Migrating to Azure Virtual Desktop

A well-established law firm with around 60 fee earners and 25 support staff operating from offices in Reading and Newbury needed to provide reliable and secure remote working capability for their solicitors. The firm handled sensitive client matters including family law, conveyancing, and commercial litigation, meaning data security and regulatory compliance were non-negotiable requirements. Their existing remote access solution - a traditional SSL VPN - had become a persistent source of frustration. Connection drops were frequent, performance over the VPN was poor when accessing their case management system, and the IT team spent significant time troubleshooting connectivity issues. More critically, the VPN allowed data to be downloaded to personal devices, creating a compliance risk that the firm's COLP (Compliance Officer for Legal Practice) had flagged as unacceptable under SRA requirements. With hybrid working now a permanent expectation among legal professionals, the firm needed a solution that would give solicitors a seamless desktop experience from any location while ensuring that confidential client data never left a controlled environment.

Coffee Cup Solutions designed and deployed a full Azure Virtual Desktop (AVD) environment tailored to the specific needs of a regulated legal practice. The project was delivered over a six-week period, working closely with the firm's practice manager and compliance officer throughout. We began by assessing application requirements and user profiles, identifying that solicitors needed access to their case management system, document management platform, legal accounts software, and Microsoft 365 applications. We provisioned a multi-session Windows 11 host pool in Azure, sized to support the firm's user count with headroom for growth, and configured FSLogix profile containers on Azure Files for fast and consistent login experiences. Security was central to the design. We implemented Azure AD conditional access policies to restrict access based on device compliance, location, and multi-factor authentication status. Microsoft Defender for Endpoint was deployed across all session hosts, and we configured screen watermarking to deter unauthorised photography of sensitive documents. Data loss prevention controls were applied to prevent copying of files to local devices, USB redirection was disabled, and clipboard redirection was restricted for external-facing roles. All data remained within the Azure tenant at all times, with no local caching. The firm's case management and legal accounts applications were installed on the AVD image and tested thoroughly before go-live. We migrated users in two phases - support staff first, followed by fee earners - with each group receiving a tailored walkthrough of the new environment. The rollout was timed so that each phase had a full week of supported use before the next group moved across.