Server Virtualisation and Hyperconvergence for SMEs

Server virtualisation runs several independent virtual machines on a single physical host, so one server can do the work of many. Most Melbourne SMEs still keep some on-premises compute for performance, control or cost reasons. The 2026 question isn’t whether to virtualise — it’s which hypervisor, and whether you need hyperconverged infrastructure at all.

This post explains virtualisation in plain terms, walks through the hypervisor shake-up after Broadcom’s acquisition of VMware, and tells you honestly when hyperconverged infrastructure (HCI) earns its keep — and when it’s overkill. Most small SMEs don’t need it.

What server virtualisation actually is

A physical server has finite CPU, RAM and disk. Run one operating system on it directly and most of that hardware sits idle most of the time. Virtualisation inserts a thin software layer — a hypervisor — between the hardware and the operating systems, so you can run multiple virtual machines (VMs) on the one host. Each VM behaves like its own separate server: its own OS, its own applications, its own network identity, isolated from its neighbours.

The payoff is consolidation. A business that once had a domain controller, a file server, a line-of-business application server and a print server on four ageing boxes can run all four as VMs on a single modern host, with capacity to spare. Fewer machines to power, cool, patch and replace. VMs are also portable — you can back one up as a file, move it to another host, or spin up a copy for testing without touching the others.

Why SMEs still run on-premises compute

The cloud handles a great deal of what used to live in a server room, but on-premises compute hasn’t gone away, and for good reasons:

  • Latency-sensitive applications — CAD, large file editing, manufacturing line systems and some practice-management software perform better when the server is on the same LAN as the users.
  • Data gravity — when you hold terabytes of project files, shifting it all to cloud egress charges and re-downloading it daily makes no financial sense.
  • Specific software — plenty of legacy line-of-business applications simply aren’t built to run as SaaS.
  • Control and predictability — a fixed capital outlay every five years can beat an ever-climbing monthly cloud bill for steady, predictable workloads.

A construction firm in Box Hill we work with keeps its estimating and document servers on-premises precisely because the project files are enormous and the estimators can’t tolerate cloud latency mid-tender. Their email and collaboration live in Microsoft 365; their heavy compute stays local. That hybrid split is typical.

The hypervisor landscape in 2026

For over a decade VMware vSphere was the default choice and the safe one. That changed when Broadcom acquired VMware and overhauled the licensing — moving to subscription-only bundles, raising minimum core counts, and discontinuing the free ESXi hypervisor and the perpetual licences many SMEs relied on. For a small business running two or three hosts, the renewal quotes have in many cases multiplied. The result is a genuine migration away from VMware among cost-conscious SMEs, and a healthier set of alternatives than the market has had in years.

HypervisorWhat it isBest fit for SMEs
VMware vSphereThe long-standing enterprise standard; mature, feature-richExisting VMware shops who can absorb the new subscription costs
Microsoft Hyper-VBuilt into Windows Server; included with the licence you likely already buyWindows-centric SMEs wanting a no-extra-cost, well-supported option
Proxmox VEOpen-source virtualisation with clustering and built-in backupBudget-conscious businesses with capable IT support; no licence fees
NutanixHCI platform with its own hypervisor (AHV); compute and storage combinedGrowing SMEs wanting an integrated, scalable appliance approach
Azure Local (Azure Stack HCI)Microsoft’s hybrid HCI stack, managed through AzureMicrosoft-aligned businesses wanting on-prem hardware with cloud management

For most Melbourne SMEs already invested in Windows Server, Hyper-V is the pragmatic answer. It’s a Type 1 hypervisor that ships with Windows Server, it’s well documented, and the live migration and replication features that used to cost extra in VMware are built in. Proxmox is a strong open-source alternative where there’s no appetite for licence fees and the IT partner is comfortable supporting it. Nutanix and Azure Local are HCI platforms — which brings us to the next question.

What hyperconverged infrastructure (HCI) is

Traditional virtualisation often kept three things separate: the servers that provide compute, a shared storage array (a SAN or NAS) that holds the VM data, and the network switching that ties them together. That works, but it means buying, managing and troubleshooting three distinct systems, often from three vendors.

Hyperconverged infrastructure collapses compute, storage and networking into clustered nodes — standardised server units that each contribute CPU, RAM and local disk to a shared pool, managed as one system through a single software layer. Add capacity by adding another node. There’s no separate SAN to maintain; the storage is software-defined across the cluster. A three-node HCI cluster can lose a whole node and keep running, because the data is mirrored across the others.

When HCI suits a growing SME

HCI makes sense when an SME has outgrown a single host but doesn’t want the complexity and cost of a traditional SAN-plus-hosts build. The signals we look for:

  • You’re running enough VMs that one host is no longer enough, and you need genuine high availability — workloads that must survive a hardware failure without downtime.
  • You expect to grow and want to scale by adding nodes rather than forklifting in a bigger array.
  • You want fewer moving parts and a single support relationship rather than separate storage, compute and hypervisor vendors.
  • You have, or your MSP provides, the discipline to manage a clustered platform properly.

A manufacturer in Dandenong we support moved to a three-node HCI cluster when their ageing single host couldn’t run their ERP, MES and file workloads with any headroom — and a hardware failure would have stopped the production line. The cluster gave them the ability to patch and reboot a node during business hours without anyone noticing, which a single host never could.

High availability, backup and disaster recovery

Virtualisation makes resilience easier, but it does not provide it automatically. Three distinct things often get muddled, and the distinction matters when a server room floods or ransomware hits.

High availability (HA) keeps workloads running when a host fails. In a cluster, if one node dies, its VMs restart automatically on the surviving nodes. HA protects against hardware failure — it does not protect your data from deletion, corruption or encryption.

Backup is your independent, recoverable copy. The cardinal rule is that a VM snapshot is not a backup — snapshots live on the same storage as the VM and vanish with it. You need proper, application-aware backups written to separate storage, ideally following a 3-2-1 approach with at least one immutable, off-site copy that ransomware can’t reach. We go deeper on this in our guide to backup and disaster recovery for Melbourne businesses.

Disaster recovery (DR) is the plan and the tested capability to get the whole environment running again somewhere else after a serious incident. Virtualisation helps enormously here — because a VM is just a file, you can replicate it to a second site or to the cloud and bring it up there. The numbers that govern this are your recovery time objective and recovery point objective, which we unpack in RTO vs RPO explained. Set those targets before you design the platform, not after.

Cloud vs on-premises vs hybrid

The honest position is that this is rarely all-or-nothing. Three broad paths:

  • Cloud-first — run workloads in Azure or AWS, or replace servers with SaaS entirely. Best for businesses with variable demand, distributed teams, or no desire to own hardware. You trade capital cost for an operating bill that scales with use.
  • On-premises — keep compute local for latency, data gravity or cost predictability. Best for steady, heavy workloads where the maths favours owning the kit.
  • Hybrid — the common reality. Keep latency-sensitive and data-heavy workloads on-premises, push email, collaboration and backup targets to the cloud, and use the cloud as a DR site. Our cloud services work is mostly designing and running exactly this kind of split.

The mistake we see is treating cloud as automatically cheaper. For a server that runs flat-out twenty-four hours a day, owning the hardware over five years often beats the equivalent cloud instance. For a workload that’s busy three days a month, the cloud wins easily. Match the model to the workload.

Right-sizing: most small SMEs don’t need HCI

Here’s the part the appliance vendors won’t lead with: the majority of small businesses do not need hyperconverged infrastructure. A five-to-twenty-person professional services firm with a couple of VMs is perfectly well served by a single well-specified Hyper-V host with solid backups and a tested cloud DR plan. HCI starts to earn its cost at three nodes and a real high-availability requirement — below that, you’re paying for resilience and scale you won’t use.

Equally, plenty of SMEs we onboard are running more on-premises than they need to. If your file server, line-of-business app and identity could all sensibly move to Microsoft 365 and Azure, the right answer might be fewer servers, not a fancier cluster. Right-sizing cuts both ways — sometimes up to HCI, often sideways to hybrid, occasionally down to almost nothing on-site. The discipline is matching the architecture to the actual workload and risk tolerance rather than the brochure.

The MSP role in design and management

Virtualisation and HCI are easy to buy and easy to get wrong. The value of a competent MSP is in the design decisions made before anything is purchased: sizing the hosts to the workload with genuine headroom, choosing the hypervisor that fits your licensing and skills, designing HA and backup so they actually protect you, and setting RTO and RPO targets you’ve signed off on.

Then there’s the ongoing work — patching hosts and guests, monitoring capacity before you run out of it, testing DR restores so you know they work rather than hoping, and keeping the platform aligned to the Essential Eight. TechAssist is a Melbourne-based MSP founded in 2014 with 13 Australian-employed engineers — not offshore — and our managed IT services include this design-and-run work under fixed per-user monthly pricing rather than scope-creeping hourly billing. Our 24/7 NOC in Tecoma watches the hosts overnight so a failed node at 2am gets handled before you walk in.

Frequently asked questions

Is server virtualisation still worth it for a small business in 2026?

Yes, for almost any business running more than one server workload. Consolidating several roles onto one virtualised host saves on hardware, power and management, and makes backup and recovery far simpler because each VM is portable. The only businesses that genuinely don’t benefit are those that have moved everything to SaaS and the cloud and keep nothing on-premises.

Should I move off VMware because of the Broadcom changes?

Not reflexively — but it’s worth pricing the alternatives at your next renewal. If your VMware subscription quote has jumped substantially, Hyper-V (which you likely already licence through Windows Server) or Proxmox can deliver the same outcomes for an SME at far lower cost. Migration takes planning, so don’t leave it to the week before renewal.

What’s the difference between virtualisation and hyperconverged infrastructure?

Virtualisation runs multiple VMs on a host. HCI is an architecture that combines compute, storage and networking into clustered nodes managed as one system, removing the need for a separate storage array. All HCI involves virtualisation, but you can virtualise perfectly well on a single host without any HCI at all.

Do I need high availability or just good backups?

They solve different problems. High availability keeps you running through a hardware failure; backups let you recover from data loss, corruption or ransomware. A single host with excellent, tested backups is fine for many small businesses. If even an hour of downtime is unacceptable, you need HA as well — but never HA instead of backups.

Getting the architecture right

Server virtualisation is settled technology; the interesting decisions in 2026 are which hypervisor, how much resilience you genuinely need, and where the line between on-premises and cloud should sit for your business. Get those right and you spend nothing you don’t have to. Get them wrong and you either over-build a cluster you’ll never fill or under-protect a server you can’t afford to lose.

If you’re facing a VMware renewal, an ageing host, or a growth jump that’s straining your current setup, get in touch. We’ll look at what you actually run before recommending anything — and quite often the right answer costs less than you expect.

For most Microsoft-centric Australian SMEs, the honest answer to Azure vs AWS is Azure — because your fleet already runs Windows, Microsoft 365 and Entra ID, and Azure plugs straight into all three. Dev-heavy and startup teams more often land on AWS for its breadth and tooling. Both have Sydney regions, so data residency rarely decides it.

That short answer hides a lot of nuance, and the wrong call gets expensive to unwind. Below is a fair, SME-grade comparison — not the enterprise architecture wishlist you’ll find on the vendors’ own sites.

The two platforms, in plain terms

Microsoft Azure and Amazon Web Services (AWS) are the two dominant public cloud platforms. They both rent you compute, storage, databases, networking and a long catalogue of managed services, billed by consumption. For a 10-to-150-seat business in Melbourne, you will likely never touch more than a dozen of the hundreds of services either one offers. So the question isn’t “which platform is bigger” — AWS is — it’s “which one fits the way your business already works.”

AWS launched in 2006 and had a multi-year head start. It remains the market leader by revenue and has the deepest catalogue of services, the most mature tooling, and the largest pool of engineers who know it well. Azure arrived later but grew fast on the back of Microsoft’s existing enterprise relationships. If your business runs on Microsoft 365, Windows Server and Entra ID, Azure is built to feel like an extension of that environment rather than a separate world.

Where Azure leads for an Australian SME

Azure’s biggest advantage isn’t technical brilliance — it’s integration. Most Australian SMEs are already deep in the Microsoft stack: Outlook and Teams via Microsoft 365, identity in Entra ID (the platform formerly called Azure AD), and a mix of Windows laptops and servers. Azure treats that as home turf.

The practical wins stack up quickly:

  • One identity system. Entra ID is the same directory that backs your Microsoft 365 logins. Conditional access, multi-factor authentication and single sign-on extend to Azure resources without a separate identity platform to maintain. If you’ve already done the work on conditional access policies, Azure inherits it.
  • Hybrid that actually works. Azure Arc, Azure Files and Azure AD-joined devices make a half-on-premises, half-cloud setup manageable. For a business still running a local file server or a line-of-business app that can’t move yet, this matters more than any benchmark.
  • Licensing leverage. If you hold Windows Server or SQL Server licences with Software Assurance, Azure Hybrid Benefit lets you reuse them and cut the compute bill materially. AWS has nothing equivalent for Microsoft workloads.
  • Familiar admin surface. Your IT team already lives in the Microsoft 365 admin centre and Entra. The Azure portal sits beside them with the same login and similar logic.

For Windows-heavy SMEs, this integration is usually decisive. It reduces the number of systems to secure, the number of consoles to learn, and the number of places a misconfiguration can hide. That’s why most of the Microsoft-centric businesses we support across Melbourne end up on Azure — not because AWS couldn’t do the job, but because Azure does it with fewer moving parts.

Where AWS genuinely leads

It would be dishonest to wave AWS away. For a lot of workloads it’s the stronger platform, and pretending otherwise helps no one.

  • Breadth and maturity. AWS has more services, more configuration options, and more battle-tested edge cases ironed out. If you need something niche — a specific database engine, a particular machine-learning service, an obscure networking feature — AWS very likely shipped it first and shipped it more completely.
  • Developer ecosystem. The pool of engineers, open-source tooling, tutorials, Terraform modules and Stack Overflow answers skews AWS-first. For a startup or a product team building software as the core of the business, that ecosystem shortens development time.
  • Container and serverless depth. AWS Lambda and the surrounding serverless tooling are more mature, and many teams find AWS’s container services (ECS, EKS, Fargate) more flexible for cloud-native architectures.
  • Vendor-neutral footing. If you’re deliberately avoiding a single-vendor Microsoft estate — some businesses are, for good reasons — AWS doesn’t assume you live in that world.

The pattern we see is consistent: dev shops, SaaS startups and product engineering teams in places like Cremorne and Richmond tend to pick AWS and stay there, because their staff already think in AWS and their architecture is cloud-native from day one.

Side-by-side comparison

FactorMicrosoft AzureAmazon Web Services (AWS)
Best fitMicrosoft 365 / Windows / Entra ID shops; hybrid setupsDev teams, startups, cloud-native and product businesses
IdentityNative Entra ID — same directory as your Microsoft 365AWS IAM; integrates with Entra but as a separate system
Service breadthVery broad; deepest on Microsoft workloadsBroadest overall; most mature catalogue
Hybrid on-premisesStrong (Azure Arc, Azure Files, AD-joined devices)Capable (Outposts) but less natural for Windows shops
Windows licensingAzure Hybrid Benefit reuses your existing licencesNo equivalent reuse for Microsoft licences
Developer ecosystemLarge and growingLargest; deepest open-source and tooling support
Australian regionsSydney, Melbourne, CanberraSydney, Melbourne
Pricing modelPay-as-you-go, reserved instances, savings plans, Hybrid BenefitPay-as-you-go, reserved instances, savings plans, Spot
Learning curve for MS adminsLower — familiar portal and identityHigher — new console, new identity model

Pricing: why like-for-like comparison is so hard

Anyone who tells you one platform is “cheaper” full-stop is guessing. Pricing on both is a moving target of instance types, regions, reserved-versus-on-demand commitments, storage tiers, egress charges and a dozen discount mechanisms. The same workload can be cheaper on either platform depending on how you commit and configure it.

A few things hold true regardless of which you pick:

  • On-demand pricing is the most expensive way to run anything steady. Reserved instances or savings plans (both platforms have versions) cut 30–60% off predictable workloads in exchange for a 1- or 3-year commitment.
  • Egress — data leaving the cloud — is the bill that surprises people. Both charge for it, and it’s easy to design an architecture that bleeds money moving data around. This is also why casual multi-cloud is costly: shifting data between AWS and Azure incurs egress on the way out.
  • For Microsoft workloads, Azure Hybrid Benefit can swing the maths decisively. If you already own Windows Server or SQL Server licences, that reuse often makes Azure the cheaper home for those specific workloads.

The right move for an SME isn’t to chase the lowest sticker price. It’s to model your actual workload — steady-state versus bursty, how much data moves, what you already license — and price that. We build that modelling into our cloud services work rather than quoting a platform blind.

Australian regions and data residency

Data residency is the question Australian boards ask first, and it’s usually less of a deciding factor than people expect. Both platforms have multiple Australian regions: AWS runs Sydney and Melbourne; Azure runs Sydney, Melbourne and Canberra (the last partly for government). For nearly any commercial SME workload, you can keep data physically in Australia on either platform.

Where it gets real is for regulated data. Healthcare practices handling patient records under the Privacy Act and OAIC expectations, or firms with contractual data-residency clauses, need to actively configure the region and confirm that backups, logs and replicas don’t quietly land offshore. The default region matters, and so does where your disaster-recovery copy sits. We cover that thinking in our guide to backup and disaster recovery. The point is that residency is a configuration discipline on both clouds, not a reason to pick one over the other.

Support and partner ecosystem

Both vendors sell tiered support, and at SME scale you rarely want to deal with either directly — the base tiers are slow and the enterprise tiers are priced for enterprises. In practice, the support that matters is your partner’s.

Azure has the larger Australian Microsoft partner network, which reflects how embedded Microsoft already is in local business. AWS has a strong partner community too, weighted toward consultancies and dev-focused shops. For an SME, the practical question is: who picks up the phone when something breaks at 7am? A local managed service provider that runs your cloud day-to-day will resolve issues faster than any vendor support queue. That’s the model we run — Australian-employed engineers, sub-15-minute response on critical issues, rather than a ticket that sits offshore overnight.

A Box Hill scenario

A professional services firm in Box Hill we work with came to us mid-migration. They’d started moving a line-of-business app to AWS on a developer’s recommendation, then realised their entire workforce ran on Microsoft 365, Entra ID and Windows laptops. They were now maintaining two identity systems, two sets of security policies, and paying a contractor to bridge the gap.

We didn’t rip out the AWS work for its own sake — that would have been waste. We assessed each workload. The custom app stayed where it ran well; everything tied to identity, file storage and the Windows fleet moved to Azure, where it inherited their existing conditional access and MFA. The result was fewer systems to secure and a smaller monthly bill, because the Windows workloads picked up Hybrid Benefit. The lesson wasn’t “Azure beats AWS” — it was that the platform should follow the business, not a single engineer’s comfort zone.

Should a small team go multi-cloud?

Usually not. Multi-cloud — deliberately running across both platforms for resilience or flexibility — sounds prudent and is genuinely useful at large scale. For a small team it’s mostly a tax: double the platforms to secure, double the expertise to hire or retain, egress charges for any data crossing between them, and twice the surface area for a misconfiguration to slip through.

The exception is incidental, not strategic — a SaaS product you consume that happens to run on the other cloud doesn’t make you multi-cloud. Pick a primary platform, get it right, and only spread out when a specific, costed requirement forces it. For an SME, depth on one cloud beats shallow coverage on two almost every time, and it keeps your security posture coherent.

Frequently asked questions

Is Azure or AWS better for a small business?

For a Microsoft-centric Australian SME — Microsoft 365, Windows fleet, Entra ID — Azure is usually the better fit because it integrates with what you already run and reduces the number of systems to secure. Dev-led and startup teams more often choose AWS for its breadth and tooling. Neither is universally “better”; the right choice follows your existing stack.

Is AWS cheaper than Azure?

Not reliably. The same workload can be cheaper on either platform depending on instance types, reserved commitments, storage tiers and data egress. For Microsoft workloads, Azure Hybrid Benefit often makes Azure cheaper because you reuse existing Windows or SQL licences. Model your actual workload rather than trusting a headline rate.

Does my data stay in Australia on Azure or AWS?

It can on both. AWS has Sydney and Melbourne regions; Azure has Sydney, Melbourne and Canberra. You must actively configure the region and confirm backups, logs and replicas don’t land offshore — residency is a configuration discipline, not a default guarantee, on either platform.

Should my SME run both Azure and AWS?

Rarely. Multi-cloud doubles the platforms to secure, the expertise to maintain and the cost of moving data between them. For most small teams, picking one platform and running it well delivers better security and lower cost than spreading thinly across both.

Making the call

If your business runs on Microsoft and you don’t have a dedicated platform engineering team, Azure is the path of least resistance and usually the right one. If you’re a product or dev-led business with AWS skills in-house, AWS’s depth will serve you better. Either way, the decision should rest on your actual workloads, licences and team — not on a vendor pitch or a benchmark blog.

If you’d like a straight assessment of which cloud suits your specific setup — and a costed migration plan rather than a sales deck — get in touch with our team. We’ll look at what you’ve got and tell you honestly where it should live.

Azure is worth it for a small business when you have a workload that genuinely needs cloud infrastructure — a server to retire, a line-of-business app to host, virtual desktops for a hybrid team. For most Melbourne SMEs, though, Microsoft 365 plus a small NAS does the job, and Azure becomes a bill you didn’t need.

Microsoft Azure small business deployments fail in one of two ways: a business pays for cloud infrastructure it doesn’t need, or it lifts a server into Azure with no cost controls and gets a quarterly bill that triples overnight. Both are avoidable. The trick is knowing what Azure actually does, where it earns its keep for an SME, and where a cheaper option does the same job without the meter running.

What Azure actually is, in plain terms

Azure is Microsoft’s public cloud — a set of data centres you rent compute, storage and networking from by the hour or the gigabyte. Instead of buying a physical server, racking it in a cupboard at your office and replacing it every five years, you run the same workload on Microsoft’s hardware and pay for what you use.

The catalogue is enormous — hundreds of services — but a small business touches a small slice of it. The services that matter for an SME are virtual machines (a server in the cloud), identity (Microsoft Entra ID, formerly Azure AD), file storage, backup, and virtual desktops. Everything else is for software developers and large enterprises, and you can safely ignore it.

One point of confusion worth clearing up: Microsoft 365 is not Azure. Microsoft 365 — your email, Teams, SharePoint and Office apps — runs on Microsoft’s cloud, but it’s a finished, fixed-price product. Azure is the raw infrastructure underneath. Plenty of businesses run entirely on Microsoft 365 and never touch Azure at all, and that’s a perfectly good place to be.

Where Azure earns its keep for an SME

Azure makes sense when you have a specific workload that needs infrastructure. Here are the use cases we actually deploy for Melbourne small businesses, rather than the marketing list.

Lift-and-shift a server as a virtual machine

The most common entry point. You’ve got an ageing physical server running an accounting package, a file share or a legacy app, and it’s due for replacement. Rather than spend $8,000 on new hardware that sits idle most of the day, you rebuild it as an Azure virtual machine. No cupboard, no UPS, no five-year refresh cycle. This is genuinely useful when the app can’t move to a SaaS alternative — but it’s also where the bill-shock stories start, because a VM bills every hour it’s switched on whether anyone’s using it or not.

Identity with Microsoft Entra ID

If you’re on Microsoft 365 you already use Entra ID — it’s the directory your staff log in against. Azure lets you extend it: conditional access, single sign-on to other apps, and proper multi-factor enforcement. We treat identity as the foundation of any cloud build, and we’ve written separately about conditional access policies in Microsoft 365 because getting them right is what stops a leaked password becoming a breach.

Azure Files and Azure Backup

Azure Files gives you a cloud file share that maps like a normal network drive. Azure Backup and Azure Site Recovery protect servers and workloads — Backup for restoring files and machines, Site Recovery for failing a whole server over to the cloud if your primary site goes down. These are solid, and we use them, but they’re only one ingredient in a proper recovery plan. The thinking that matters is your RTO and RPO — how long you can be down and how much data you can afford to lose — not the tool itself.

Hosting a line-of-business app

If your business runs on a specific Windows application — a job-management system, a CAD licence server, an old ERP — and the vendor won’t or can’t move it to SaaS, Azure is a sensible home for it. You get a reliable, monitored, backed-up environment without owning the hardware. This is where Azure clearly beats a server in the cupboard.

Virtual desktops: Azure Virtual Desktop and Windows 365

If you have staff who need a full Windows desktop from anywhere — contractors, a hybrid team, people on locked-down or BYO laptops — virtual desktops put that desktop in Azure. Azure Virtual Desktop is the flexible, consumption-priced option; Windows 365 is the simpler fixed-per-user-per-month version (a Cloud PC). Windows 365 is usually the better fit for a small business precisely because the price is predictable. AVD is more powerful but needs someone watching the meter.

The cost model reality

This is the part nobody enjoys, and it’s the part that decides whether Azure is worth it. Azure is consumption-based: you pay for compute by the hour, storage by the gigabyte, and data movement by the transaction. There’s no fixed monthly number on the box. That flexibility is the whole appeal, and it’s also exactly how businesses overspend.

A few realities to hold onto:

  • VMs bill while they’re running, not while they’re being used. A server left on 24/7 that’s only needed during business hours is burning roughly three times the cost it should. Auto-shutdown schedules fix this in minutes.
  • Reserved instances cut compute costs sharply. If a VM is going to run for the long haul, committing to a one- or three-year reservation can cut the compute price by 40 percent or more versus pay-as-you-go. Most SMEs leave this money on the table.
  • Storage and egress add up quietly. Old backups, orphaned disks from deleted VMs, and data being pulled out of Azure all bill in the background. These are the line items that make a quarterly invoice mysterious.
  • Data residency matters. For Australian businesses, you deploy into the Australia East region (Sydney). Your data stays onshore, which keeps you comfortable for privacy and contractual reasons under the Privacy Act and the OAIC’s expectations. Don’t let a default drop your data into a US region.

Azure vs Microsoft 365 plus a NAS vs staying on-prem

Azure is not the default answer. For a lot of Melbourne SMEs, the right call is the cheaper one. Here’s how we frame the decision.

ScenarioBest fitWhy
Small team, files and email, no legacy server appsMicrosoft 365 + a small NASSharePoint/OneDrive handles documents; a NAS gives fast local storage and cheap backup. No Azure bill, no meter.
Ageing server running a Windows-only line-of-business appAzure VMRetires the hardware, removes the refresh cycle, and hosts an app that can’t move to SaaS.
Hybrid or contractor-heavy team needing full Windows desktopsWindows 365 / Azure Virtual DesktopCentralised, secure desktops from any device, no fleet of company laptops to manage.
Heavy local data, low internet reliability, latency-sensitive workStay on-prem (or hybrid)Large CAD or video files and patchy connectivity make cloud-only painful and slow.
Regulated data with strict residency or recovery requirementsAzure (Australia East) or hybridOnshore region, auditable backups, and documented recovery you can show an insurer or regulator.

The pattern is simple: if your needs are documents, email and collaboration, Microsoft 365 with sensible backup is enough, and Azure is overkill. The moment you have a server-based workload, virtual desktops, or a recovery requirement you can’t meet locally, Azure starts earning its place.

FinOps: the cost-control discipline that makes Azure worth it

FinOps is just the practice of treating cloud spend like any other managed expense — measured, budgeted and reviewed, not left to drift. For a small business it doesn’t need to be a department. It needs a handful of controls:

  1. Budgets and alerts. Set a monthly budget in Azure Cost Management with alerts at 50, 80 and 100 percent. You should hear about an overspend the week it happens, not on the invoice.
  2. Auto-shutdown and right-sizing. Switch off VMs out of hours and match the VM size to the actual workload. Most environments are over-provisioned because someone picked a bigger size “to be safe”.
  3. Reservations for steady workloads. Anything running long-term should be on a reservation, not pay-as-you-go.
  4. Tagging and clean-up. Tag resources by purpose so you can see what’s costing what, and delete orphaned disks, snapshots and old backups on a schedule.

None of this is exotic. It’s the difference between Azure being a controlled line item and Azure being a surprise.

A scenario from the eastern suburbs

A surveying firm in Box Hill we work with came to us after a self-managed Azure setup. They’d lifted their old file-and-app server into a VM, which was the right call — but the VM ran 24/7, the original oversized disk was still being billed alongside its replacement, and there were no budget alerts. Their spend had crept to nearly double what the workload justified. Adding an out-of-hours shutdown schedule, right-sizing the VM, moving it onto a one-year reservation and deleting the orphaned disk brought the monthly cost down by roughly a third — for the same performance. Nothing clever; just the discipline that should have been there from day one.

The MSP role: governance, not just deployment

Anyone can spin up a VM in Azure. The value an MSP adds is everything around it — making sure the build is sized correctly, deployed to Australia East, backed up to a tested standard, secured with proper identity controls, and watched so the bill doesn’t run away. That’s governance, and it’s the part a business can’t easily do for itself between everything else it’s juggling.

At TechAssist we’re a Melbourne-based MSP, founded in 2014, with 13 Australian-employed engineers — no offshore helpdesk. Our 24/7 NOC at Tecoma monitors the environments we run, so a backup that silently fails or a cost that spikes gets caught by us, not discovered by you on the invoice. We build and manage Azure as part of our broader cloud services, and we’ll tell you plainly when Azure is the wrong answer and Microsoft 365 plus a NAS would serve you better and cheaper. We’re also Essential Eight aligned, which matters once you’re putting business data into the cloud.

The honest position is this: Azure is a powerful tool that’s worth it for the right workload, with the right controls, in the right region — and an expensive mistake without them. The job is matching the tool to your actual needs.

Frequently asked questions

Is Azure cheaper than buying a server?

Sometimes. Over five years, a well-governed Azure VM with a reservation and an out-of-hours shutdown can beat the total cost of owning, powering and replacing a physical server — and you avoid the capital outlay. Without those controls, Azure is usually more expensive. The cost discipline is what decides it.

Where is my data stored if I use Azure in Australia?

If you deploy into the Australia East region, your data sits in Microsoft’s Sydney data centres and stays onshore. This is the right default for Australian businesses with privacy or contractual obligations. Always confirm the region at deployment — don’t assume it.

Do I need Azure if I already have Microsoft 365?

Usually not. Microsoft 365 already covers email, documents and collaboration. You only need Azure on top of it when you have a workload that needs actual infrastructure — a server, a hosted line-of-business app, or virtual desktops.

How do I avoid a surprise Azure bill?

Set budgets and alerts in Azure Cost Management, switch off VMs out of hours, use reservations for steady workloads, and delete orphaned resources. An MSP managing the environment should be doing all of this and reviewing the spend with you regularly.

Can a small business run virtual desktops affordably?

Yes. Windows 365 gives you a fixed per-user-per-month Cloud PC, which keeps costs predictable for a small team. Azure Virtual Desktop is more flexible but consumption-priced, so it needs the cost discipline to stay affordable.

Not sure whether Azure is worth it for your situation, or worried an existing setup is costing more than it should? Talk to us — we’ll give you a straight answer, not a sales pitch.

For most Australian SMEs the honest answer to Microsoft 365 vs Google Workspace comes down to how your team actually works. Google suits lean, cloud-native businesses that live in a browser. Microsoft suits desktop-heavy, Windows-fleet, compliance-driven operations. Both are mature, secure platforms — the wrong fit just costs you in friction.

We’re a Microsoft-centric MSP, so I’ll declare that bias up front. But there are plenty of Melbourne businesses where I’d point a client to Google without hesitation. This is a fair comparison, not a sales pitch, and below there’s a table to cut through the marketing on both sides.

The quick comparison

AreaMicrosoft 365Google Workspace
Productivity appsFull desktop Word, Excel, PowerPoint, Outlook (plus web versions)Web-first Docs, Sheets, Slides — fast, but lighter than desktop Office
EmailExchange Online + Outlook — rich rules, shared mailboxes, calendaringGmail — excellent search and spam filtering, simpler admin
StorageOneDrive (per user) + SharePoint (team sites), 1 TB+ per userGoogle Drive + Shared Drives, pooled storage by tier
Meetings & chatTeams — meetings, chat, calls, channels, deep app integrationGoogle Meet + Google Chat/Spaces — clean, lightweight
IdentityMicrosoft Entra ID — granular conditional access, hybrid ADGoogle identity / Cloud Identity — strong, but less enterprise-deep
Admin & securityDefender, Purview, very granular controls — steep but powerfulAdmin console — simpler, faster to learn, fewer knobs
Data residency (AU)Australian data centres available for core data at restRegional storage options; some data still processed globally
Entry pricing (AUD, ex GST)Business Basic ~$8.20/user/mo; Standard ~$17.20; Premium ~$30.20Business Starter ~$10/user/mo; Standard ~$20; Plus ~$32
Best fitDesktop-heavy, Windows fleets, regulated industriesCloud-native startups, lean teams, browser-first work

Pricing changes regularly and varies by term and reseller, so treat those figures as a guide rather than a quote. The real cost difference between the two is usually rounding error compared with the cost of choosing the platform that fights your workflow.

Apps: desktop power vs web speed

This is the clearest fork in the road. Microsoft gives you the full desktop Office suite — the real Excel, with the pivot tables, Power Query, macros and add-ins that finance teams and engineers depend on. If your business runs complex spreadsheets, branded Word templates, or PowerPoint decks that have to look identical every time, desktop Office still has no equal.

Google Workspace is web-first and proud of it. Docs, Sheets and Slides load instantly, autosave constantly, and make real-time co-editing feel effortless. For a marketing agency or a startup where two people are in the same document at once all day, that collaboration model is genuinely better. The trade-off is depth: heavy Excel users hit Sheets’ ceiling quickly, and complex formatting can drift.

Where Google clearly wins: if your team already does everything in a browser and nobody opens a desktop app from one week to the next, paying for desktop Office you’ll never install is waste.

Email: Outlook vs Gmail

Exchange Online with Outlook is the workhorse of Australian business email. Shared mailboxes, delegate access, distribution groups, calendar scheduling across a team — it’s all mature and granular. For a law firm in Hawthorn juggling shared client inboxes and rigid retention rules, Exchange and Microsoft Purview make that straightforward.

Gmail’s strength is search and filtering. Its spam and phishing detection is excellent, the interface is clean, and conversation threading is hard to beat. Smaller teams often find Gmail simply gets out of the way. Either way, email is your single biggest attack surface — we cover that in our guide to business email security and BEC, and the controls matter more than the brand.

Storage: OneDrive/SharePoint vs Drive

Microsoft splits storage into OneDrive (your personal files) and SharePoint (team document libraries). Done well, SharePoint is a proper intranet and document-management system with versioning, metadata and permissions. Done badly, it’s a sprawl of sites nobody can navigate. It rewards structure.

Google Drive with Shared Drives is more intuitive out of the box. Files live where you’d expect, sharing is a couple of clicks, and there’s less to misconfigure. For a business that just wants files in folders without a SharePoint information-architecture project, Drive is the gentler path.

Meetings: Teams vs Meet and Chat

Teams is the centre of gravity in the Microsoft world — meetings, calls, persistent chat, channels and an app platform all in one. For organisations already on Microsoft, that integration is a real advantage; for ones that aren’t, Teams can feel like a lot. Plenty of people find it heavy.

Google Meet and Google Chat are deliberately lighter. Meet is reliable, browser-based and quick to join with no client to install. If your meetings are mostly external and you value “click the link and you’re in”, Meet’s simplicity is a genuine plus. Microsoft’s edge shows up in internal collaboration depth, calling features and telephony integration.

Identity, admin and security

This is where Microsoft pulls ahead for businesses that need it. Microsoft Entra ID (the identity platform formerly known as Azure AD) offers some of the most granular access controls available — you can require multi-factor authentication only from unmanaged devices, block sign-ins from outside Australia, or enforce compliant-device checks. We walk through this in our piece on conditional access policies in Microsoft 365. Defender and Purview add threat protection and data-loss prevention that map neatly onto frameworks like the Essential Eight.

Google’s admin console is more approachable. Fewer settings means less to get wrong, which for a small team without dedicated IT is a real benefit. Google’s identity and security are strong — context-aware access and solid MFA — but Microsoft’s controls go deeper for complex, regulated or hybrid environments where on-premises Active Directory is still in the mix.

Compliance and data residency

For Australian businesses bound by the Privacy Act and the OAIC’s Notifiable Data Breaches scheme, data residency and auditability matter. Microsoft offers Australian data centres for core data at rest and gives detailed control over retention, legal hold and audit logging through Purview — useful for sectors under AHPRA, ASIC or similar oversight.

Google Workspace provides regional storage options and strong compliance certifications, though some processing still happens across its global infrastructure. For most SMEs that’s perfectly acceptable. For a healthcare practice or a firm with strict data-handling obligations, Microsoft’s granular controls usually make the compliance conversation easier — see our notes on healthcare IT and OAIC obligations.

Migration effort

Moving platforms is rarely trivial. Email migrates reasonably well in both directions, but the friction lives in the details: shared mailboxes, calendar permissions, distribution lists, and re-training people on a new interface. Document migration is messier — Google formats don’t always survive a clean trip into Office, and complex Excel or SharePoint structures don’t always land neatly in Sheets and Drive.

The practical rule is to migrate once, deliberately, and stay put. Bouncing between platforms because of a price tweak costs far more in lost time than it saves. Whichever way you go, plan the cutover properly and run the two systems in parallel briefly so nothing falls through the cracks.

A Melbourne example

A construction firm in Box Hill we work with came to us split down the middle — the site teams lived in Gmail on their phones, while the office ran Excel-heavy estimating and project schedules that Sheets simply couldn’t handle. They’d been arguing about it for a year. We standardised them on Microsoft 365 because the desktop Office dependency was non-negotiable for their estimators, then used Teams to pull the field and office staff onto one platform. Had their work been browser-only, we’d have recommended Google and meant it.

That’s the point. TechAssist is a Melbourne-based MSP founded in 2014 with 13 Australian-employed engineers, and most of our client base runs Microsoft because that’s where desktop-heavy, compliance-driven Australian businesses tend to land. But the right answer is the one that fits how your people actually work, not the one your MSP is most comfortable supporting.

Frequently asked questions

Is Microsoft 365 more secure than Google Workspace?

Neither is inherently more secure — both are mature, well-defended platforms. The difference is control depth. Microsoft Entra ID and Defender offer more granular configuration, which helps in regulated or complex environments. Google’s simpler model means fewer settings to misconfigure, which suits smaller teams. Security comes from how you configure either platform, not the logo.

Can I run both Microsoft 365 and Google Workspace?

You can, and some businesses do — for example, Microsoft for email and Office, Google for a specific cloud tool. But running both means two sets of licences, two admin consoles and two security surfaces to manage. For most SMEs the overhead outweighs the benefit. Pick one as your primary platform.

Which is cheaper for a small Australian business?

Entry tiers are close — Microsoft 365 Business Basic and Google Business Starter sit within a few dollars of each other per user per month. The bigger cost is fit: paying for desktop Office you never use, or wrestling with Sheets when you need real Excel, costs far more than the licence-price gap.

How hard is it to migrate from Google to Microsoft?

Email migrates fairly cleanly; documents and shared-drive structures are where the work lives. Expect format conversion, permission rebuilding and user re-training. With a planned cutover and a short parallel-run period it’s very manageable — the mistake is doing it ad hoc without a migration plan.

Getting the decision right

If your business is lean, cloud-native and browser-first, Google Workspace is a strong, often better choice — and we’ll tell you so. If you’re desktop-heavy, running a Windows fleet, or carrying real compliance obligations, Microsoft 365 usually wins, and it’s where our Microsoft 365 support is built to add the most value with security and identity configured properly rather than left on defaults.

Not sure which way to jump? Get in touch and we’ll look at how your team actually works before recommending anything. No pressure to switch, and an honest answer either way.

Windows Autopilot is a Microsoft service that lets a brand-new laptop set itself up automatically the first time a staff member turns it on. The device ships from the vendor straight to the user, connects to your Microsoft tenant over the internet, and configures itself — no imaging, no SOE, no IT hands on it.

If onboarding a new hire still means a laptop landing on an engineer’s desk for a day of imaging, this is the fix. Below: what Autopilot does, how a device self-provisions, the moving parts, the deployment modes, the licensing, and where an MSP fits in.

What Windows Autopilot actually is

Autopilot is not an imaging tool — there is no gold image and no USB stick. It takes the standard Windows installation the manufacturer already put on the device and transforms it into your corporate build during the out-of-box experience (the setup screens a user sees on first boot). It runs on two Microsoft cloud services: Microsoft Entra ID (formerly Azure AD) handles identity and joins the device to your directory, and Microsoft Intune — the mobile device management (MDM) platform inside Microsoft 365 — pushes down your policies, apps, baselines and configuration. A machine the user has never touched arrives configured exactly like every other device in the business, enrolled, encrypted and ready to work.

The problem it solves: no more manual imaging or SOE

The traditional approach was the Standard Operating Environment: you built a master image, captured it, and re-applied it to every new or rebuilt machine. The costs add up. Devices have to be shipped to IT first, imaged, then re-shipped to the user — adding days and double the freight. The image goes stale the moment it is captured and needs constant rebuilding. And it does not scale: imaging a laptop for someone starting in a Dandenong warehouse means shipping it to your office or sending an engineer out.

Autopilot removes the imaging step entirely. The configuration lives in the cloud and is applied at first boot, so the same provisioning works whether the user is in your CBD office or at home in Ringwood.

How a device self-provisions on first login

The sequence when an Autopilot-registered device is unboxed:

  1. The user powers on the laptop and connects to Wi-Fi or ethernet — internet access is the only prerequisite.
  2. Windows checks in with Autopilot, recognises the device by its hardware identity, and pulls down the assigned profile, which customises the setup screens and applies your branding.
  3. The user signs in with their Microsoft 365 work account; Entra ID authenticates them and joins the device to your directory.
  4. Intune enrolment kicks off automatically, pulling down your configuration profiles, security baseline, certificates, Wi-Fi settings and assigned apps.
  5. The Enrollment Status Page blocks the user from reaching the desktop until the mandatory apps and policies have landed.

When it finishes, the first person to log into that machine is the staff member it was bought for — not an engineer — at a fully managed, encrypted desktop.

The moving parts

Autopilot profiles

A profile is the deployment template you assign to a group of devices in Intune. It controls the out-of-box experience: which setup screens are hidden, whether the user becomes a local administrator or standard user, the deployment mode, the naming convention and your branding. Most businesses run one or two — a user-driven profile for staff laptops, sometimes a separate one for shared devices.

The Enrollment Status Page

The Enrollment Status Page (ESP) shows setup progress and gates access to the desktop until the apps and policies you mark mandatory have installed — so a new starter cannot begin work on a half-configured machine. Block on a slow or flaky app, though, and you leave users staring at a spinner; tuning it well is one of the fiddlier parts of the job.

Hardware hash and device registration

Autopilot identifies each device by a hardware hash — a unique fingerprint of its components — which must be registered against your tenant before first boot. With OEM / CSP registration, the hardware vendor or Cloud Solution Provider partner registers the hash to your tenant at purchase, so the device is Autopilot-ready before it leaves the warehouse — the clean path for volume orders. For devices you already own, manual hash collection exports the hash into Intune with a PowerShell script, but that means handling the device once. Build OEM or CSP registration into your procurement so hardware arrives pre-registered; that is what makes true drop-ship onboarding possible.

Deployment modes: user-driven vs self-deploying and kiosk

Autopilot supports several modes, depending on how the device will be used:

ModeHow it worksBest for
User-drivenUser signs in with their work account; the device joins Entra ID and binds to themStandard staff laptops
Self-deployingNo credentials entered; the device provisions itself end to end, using the TPM to prove its identityShared devices, digital signage, meeting-room PCs
KioskA self-deploying device locked to a single app, with no general desktopFront-of-house terminals

User-driven is what most growing teams use. Self-deploying and kiosk modes suit devices no single staff member owns — a reception terminal in a Hawthorn clinic, a warehouse scanning station — and need a TPM 2.0 chip, which any recent business device has.

Prerequisites: what you need before you start

Autopilot is not a standalone product — it is a capability on top of Microsoft 365. You need:

  • Microsoft Entra ID for identity and device join — the standard directory in a Microsoft 365 business or enterprise subscription covers this, though some advanced enrolment options want Entra ID P1.
  • Microsoft Intune licensing for the MDM management — included in Microsoft 365 Business Premium and the E3/E5 plans. On a cheaper plan you will need to add Intune first.
  • Devices that ship with Windows 11 Pro or Enterprise — the Home edition cannot be managed this way.
  • A configured tenant — your Intune profiles, security baselines, app deployments and ESP set up before the first device ships.

That last point is the one businesses underestimate: Autopilot delivers whatever you have built in Intune, so the value is in the policies and app packaging, not the provisioning trick itself. If you are reviewing your licensing, our Microsoft 365 support team can tell you whether your plan already covers what Autopilot needs.

Why this matters: fast onboarding and consistent security baselines

Two things drive most businesses to Autopilot. The first is onboarding speed: a drop-shipped self-provisioning laptop takes the engineer, the queue and the freight out of every hire. The second, and arguably more important, is consistent security baselines. Because every device is built from the same Intune configuration, every machine gets BitLocker encryption, the same firewall and account-protection policies, Defender, conditional access and patching automatically — no engineer remembering to tick a box. An enforced baseline across the fleet is exactly what the Essential Eight mitigation strategies expect, and the same Intune layer lets you wipe a lost device remotely the moment a laptop goes missing on a train at Box Hill — it pairs naturally with conditional access policies in Microsoft 365.

A Melbourne scenario

An engineering consultancy in Camberwell we work with was hiring two or three people a month and rebuilding laptops by hand each time — a machine couriered to their office, half a day of imaging, and a checklist someone occasionally skipped, so no two laptops were quite the same and a couple shipped without disk encryption on.

We stood up their Intune configuration, built a user-driven Autopilot profile with a tuned Enrollment Status Page, and arranged for new hardware to be registered at purchase. Now a laptop is drop-shipped to the new hire; they open the box, sign in, and an hour later are working on a fully configured, encrypted device identical to everyone else’s. Their office manager handles onboarding without touching a technical step, and the fleet has a uniform baseline at last.

The MSP role in setting it up

The provisioning is the easy part to demonstrate and the hard part to build well. The work an MSP does sits underneath what the user sees:

  • Designing and hardening the Intune configuration — the compliance policies, configuration profiles, security baselines and app deployments every machine inherits — and packaging line-of-business apps to install silently during enrolment.
  • Setting up the procurement pipeline so devices arrive Autopilot-ready, tuning the ESP, and integrating Autopilot with conditional access, encryption and your broader MDM strategy so device management is one coherent system.

TechAssist is a Melbourne MSP, founded in 2014, with thirteen Australian-employed engineers — so the people building your Intune environment are local, not offshore. We bundle this into our managed IT services, so device provisioning, patching and security baselines sit inside the fixed monthly per-user fee, not a per-device charge each time you hire.

Frequently asked questions

Do I need to wipe a new laptop before using Autopilot?

No. Autopilot works with the standard Windows installation the manufacturer ships and transforms it into your corporate configuration during first boot — there is no wiping or imaging step. Devices you already own can be reset and will provision on the next boot once registered.

What happens if there is no internet during setup?

Autopilot needs internet to reach Entra ID and Intune, so the device must connect to Wi-Fi or ethernet during the out-of-box experience. Until it does, the laptop sits at the network screen — which is why drop-ship onboarding assumes the user has working internet.

Is Autopilot the same as Intune?

No, but they work together. Intune is the management platform that holds your policies, apps and baselines; Autopilot hands a new device over to Intune at first boot. You need Intune licensing for Autopilot to do anything.

Where TechAssist fits

Autopilot looks like magic in a demo and falls over in practice if the Intune configuration behind it is thin — the provisioning is the visible part, but the policies, baselines and procurement pipeline are what make the fleet secure and consistent. If manual device setup is slowing your onboarding, get in touch and we will scope what your tenant needs.

Microsoft Defender for Business is Microsoft’s endpoint detection and response (EDR) product built specifically for small and mid-sized businesses. It bundles next-generation antivirus, EDR, threat and vulnerability management, attack surface reduction and automated investigation into one licence — enterprise-grade endpoint security at a price an SME can actually justify.

It is not the same as the free Defender that ships with Windows

This is the confusion we untangle most often. Every Windows 10 and Windows 11 machine already includes Microsoft Defender Antivirus — the free, built-in scanner that replaced the old Windows Defender. It is genuinely good antivirus. It catches known malware, runs real-time scanning, and for a home PC it is fine.

Microsoft Defender for Business is a different product that sits on top of that engine. The free antivirus protects a single device and tells that device about a threat. Defender for Business adds the layer enterprises pay for: it collects telemetry from every endpoint into a central portal, correlates suspicious behaviour across your fleet, hunts for attacker activity that signature-based antivirus never sees, and gives someone a console to investigate and respond. Antivirus asks “is this file bad?”. EDR asks “is something bad happening on this network right now, and how did it get in?”.

A small construction firm in Ringwood we onboarded last year had Defender Antivirus on every laptop and assumed they were covered. They were covered against commodity malware. They had no visibility into lateral movement, no record of what a compromised account did after a phishing click, and no way to isolate an infected machine remotely. That gap is exactly what Defender for Business fills.

How you get it: Business Premium or standalone

There are two ways to licence it. The first, and the one most Melbourne SMEs land on, is Microsoft 365 Business Premium. Defender for Business is included in that plan at no extra cost, alongside the Office apps, Exchange Online, Intune device management and conditional access. If you are already paying for Business Premium, you own Defender for Business whether or not anyone has switched it on — which, frustratingly often, nobody has.

The second is the standalone Defender for Business licence, sold per user per month for organisations that do not want the full Business Premium stack. It is capped at 300 users, in line with Microsoft’s SMB licensing ceiling. Above that you move into the enterprise Defender for Endpoint Plan 1 or Plan 2 tiers.

For most businesses under 300 staff, Business Premium is the better value because you get the security plus Intune, conditional access and the rest of the productivity suite for not much more than the standalone security licence alone. We cover what that plan actually includes in our guide to Microsoft 365 support in Melbourne, and we deploy it through our Microsoft 365 service.

What it actually does

Defender for Business is not a single feature — it is five capabilities working together. Here is what each one buys you in practice.

Next-generation antivirus

The same cloud-delivered protection as the enterprise product: behaviour-based detection, machine-learning models and near-instant cloud lookups, rather than just a local signature file. It blocks fileless attacks and never-before-seen malware that traditional antivirus misses, and it updates protection across your fleet from the cloud in minutes.

Endpoint detection and response (EDR)

This is the heart of it. Every endpoint reports process activity, network connections and file changes back to the Microsoft 365 Defender portal. When something looks like an attack — credential dumping, suspicious PowerShell, a process spawning where it shouldn’t — it raises an alert with the full chain of what happened. You can remotely isolate a device from the network, collect an investigation package, or stop and quarantine a file across every machine at once.

Threat and vulnerability management

It continuously inventories the software on your devices and flags known vulnerabilities and misconfigurations, ranked by real-world risk. Instead of guessing which of 40 outstanding updates matters, you get a prioritised list: this unpatched browser is being actively exploited, fix it first. This feeds directly into Essential Eight patching discipline.

Attack surface reduction

A set of rules that close the doors attackers walk through — blocking Office apps from spawning child processes, stopping credential theft from the Windows credential store, controlling which USB devices can mount, and filtering web content. These map almost one-to-one to the application control and macro restrictions in the Essential Eight.

Automated investigation and remediation

When an alert fires, Defender can automatically investigate it the way a junior analyst would — examining the affected device, determining whether the threat is real, and remediating low-risk detections without a human touching it. For a small team with no overnight security staff, this quietly handles a lot of the noise so the genuine incidents are the ones that reach a person.

Onboarding devices: Windows, macOS and mobile

Coverage is not Windows-only, which matters because most Melbourne SMEs run a mix. Windows 10 and 11 onboard cleanly through Intune or a local script and need no extra agent — the sensor is already in the operating system. macOS is supported with a downloadable agent, so the designer’s MacBook in the same office gets EDR too. iOS and Android are covered through the Defender app via Intune, mainly for web protection and phishing defence on phones that touch company email.

In a typical rollout we push the Windows configuration through Intune policy, deploy the macOS agent to the handful of Macs, and enrol mobiles through the company portal. Servers are worth noting: Defender for Business includes a server add-on (Defender for Business servers) licensed per server per month, so the Windows Server running your file shares or line-of-business app gets the same EDR coverage. We handle this fleet-wide as part of managed cybersecurity and managed IT services.

How it maps to the Essential Eight

The Australian Cyber Security Centre (ACSC) Essential Eight is the baseline most Australian SMEs are measured against, especially for cyber-insurance and government-adjacent work. Defender for Business does not deliver all eight on its own, but it directly supports several and gives you the evidence to prove it.

Essential Eight mitigationHow Defender for Business helps
Patch applicationsThreat and vulnerability management inventories software and prioritises exploited vulnerabilities
Patch operating systemsSurfaces missing OS updates and known exploited flaws across the fleet
Application controlAttack surface reduction rules block untrusted executables and Office child processes
Configure macro settingsASR rules restrict malicious Office macro behaviour
User application hardeningWeb protection and ASR harden browsers and block credential theft

It does not cover multi-factor authentication, restricting administrative privileges, application allow-listing in full, or regular backups — those need Entra ID conditional access, Intune policy and a separate backup platform. For the full picture, see our Essential Eight compliance work. Defender for Business is a strong contributor to maturity, not a one-click compliance button.

The honest question: is it enough, or do you still need a SOC?

Here is the part most vendors skip. Defender for Business is excellent technology. It is also only as good as the person reading the alerts. The product will detect the ransomware operator moving through your network at 2am on a Sunday — but if nobody is watching the portal at 2am on a Sunday, the alert sits unread until Monday, by which point the damage is done.

This is the difference between having an EDR tool and having managed detection and response. The licence gives you the sensor and the console. It does not give you a human who triages alerts around the clock, escalates the real ones, and actually responds. For a 15-person firm, expecting your one IT-savvy staff member to monitor a security console alongside their day job is wishful thinking.

You have three realistic options. Watch it yourself, which works only if you have someone genuinely capable and available. Accept that alerts get reviewed during business hours and live with the overnight gap — defensible for lower-risk businesses, not for anyone holding sensitive client data. Or put it under managed detection and response, where a team monitors the telemetry 24/7. We dig into the distinctions between SIEM, MDR and EDR in our piece on managed cybersecurity services, and our security operations centre is how we close that monitoring gap for clients who need eyes on the alerts at all hours.

The blunt version: buying Defender for Business and switching it on is the right move for almost every SME. Believing that alone means you are protected is the mistake. A smoke detector that nobody can hear is decoration.

Frequently asked questions

Do I need Defender for Business if I already have Microsoft Defender Antivirus?

Yes, if you want real endpoint detection and response. The built-in antivirus protects individual devices against malware but gives you no central visibility, no investigation tools, no vulnerability management and no way to respond across your fleet. Defender for Business adds all of that. They work together — the antivirus is the foundation, Defender for Business is the security operations layer on top.

Is Defender for Business included in Microsoft 365 Business Premium?

Yes, at no additional cost. If you pay for Business Premium you already own it, even if it has never been configured. It is also sold as a standalone per-user licence for businesses that do not want the full Business Premium suite, capped at 300 users.

Will Defender for Business make me Essential Eight compliant?

No single product does that. It strongly supports patching, application control, macro settings and user application hardening, and it produces evidence for assessments. But you still need multi-factor authentication, restricted admin privileges and tested backups from other tools to reach a defensible Essential Eight maturity level.

Can it protect Macs and phones, not just Windows?

Yes. macOS is supported with a dedicated agent, and iOS and Android are covered through the Defender mobile app deployed via Intune, mainly for web and phishing protection. There is also a per-server add-on for Windows Server. A mixed fleet can be fully covered under one approach.

Do I still need a managed SOC if I have Defender for Business?

It depends on who watches the alerts. The tool detects threats brilliantly but does nothing on its own about an alert raised overnight or on a weekend. If you do not have someone monitoring the console around the clock, managed detection and response fills that gap. For most SMEs with sensitive data, that monitoring is what turns the licence into actual protection.

The short version

Microsoft Defender for Business gives Melbourne SMEs the same class of endpoint security that large enterprises run — next-gen antivirus, EDR, vulnerability management, attack surface reduction and automated investigation — included free with Microsoft 365 Business Premium or available standalone. It is a genuinely strong product and an easy decision to deploy. The catch is that the technology only protects you if someone acts on what it finds. As a Melbourne-based MSP with 13 Australian-employed engineers and a 24/7 NOC in Tecoma, that is the half we handle. If you are paying for Business Premium and have never switched the security on, or you are not sure anyone is watching the alerts, get in touch and we will tell you straight where you stand.

A SharePoint intranet is a set of SharePoint Online sites — built on the licence you already pay for in Microsoft 365 — that gives staff one place for news, policies, documents and people. Build it around how people actually work and they use it daily. Build it as a digital filing cabinet and it dies.

Most Melbourne businesses already own SharePoint and don’t realise it. If you have Microsoft 365 Business Standard or Business Premium, the intranet platform is sitting there, unused, while staff email each other PDFs and hunt through a network drive nobody has tidied since 2019. The technology is rarely the problem. The decisions you make before you build it are.

What a modern SharePoint Online intranet actually is

Forget the old picture of a clunky 2010-era SharePoint server. The modern version runs entirely in the cloud, looks like a clean website, works on a phone, and is made of three building blocks: communication sites, team sites and hub sites. You assemble those into an intranet rather than installing a single “intranet product”.

The point of the thing is to answer the questions staff ask all day: where’s the current leave policy, who do I call in accounts, what’s the new client onboarding process, has anything changed this week. When those answers live in one searchable place that people trust, you stop losing hours to “do you know where the…” messages.

Communication sites versus team sites

This is the first decision that trips people up, so get it straight early. The two site types do different jobs.

AspectCommunication siteTeam site
PurposeBroadcast to many — news, policies, company-wide contentCollaborate within a group — a team’s files and tasks
AudienceMost people read, few people publishEveryone in the group reads and edits
Connected toStandalone, no Microsoft 365 GroupA Microsoft 365 Group, so it pairs with a Teams team
Typical useThe intranet home page, HR hub, IT hubThe Marketing team’s working files, a project workspace

In plain terms: your intranet’s front door and its polished, company-wide pages are communication sites. The messy day-to-day work — drafts, working documents, a project’s files — happens in team sites, which are the same thing that gets created every time someone makes a new team in Microsoft Teams. Most organisations need a handful of communication sites and a growing number of team sites.

Hub sites tie it together

On their own, a dozen separate sites are just a dozen separate sites. A hub site is what makes them feel like one intranet. You designate a site as a hub, then associate other sites with it, and they inherit shared navigation, a consistent look, and rolled-up news and search across everything connected.

A practical structure for a mid-sized business: one hub as the company intranet home, with the HR, IT, Operations and Sales sites associated to it. Staff get one top navigation bar across the lot, news from any connected site surfaces on the home page, and search spans the whole hub. You can re-associate sites later, so the structure isn’t a one-way door — but planning it up front saves a painful reorganisation six months in.

The pieces staff care about

An intranet earns its keep through a few core features. None of them are exotic; the difference is whether they’re set up deliberately or thrown together.

  • News — SharePoint News posts are how you communicate. A short post about a policy change or a new starter beats an all-staff email nobody reads, and it stays findable afterwards.
  • Document libraries — where files live, with version history, check-out, and metadata so you can filter and sort rather than scroll. This is what replaces the network drive.
  • Policies — a single authoritative home for the employee handbook, the leave policy, the WHS documents. One current version, not eleven copies in eleven inboxes.
  • Staff directory — pulled from your Microsoft 365 user accounts, so people can find who does what and how to reach them.

Integration with Teams and Viva Connections

This is where SharePoint stops being a website you have to remember to visit. Every Microsoft Teams team is already backed by a SharePoint team site — the Files tab in any channel is a SharePoint document library. So your collaboration sites are reachable without leaving Teams, where most staff already spend their day.

Viva Connections takes it further: it surfaces your intranet home page, news and resources directly inside Teams as an app, on desktop and mobile. For frontline and on-the-go staff who never open a browser, that’s often the difference between an intranet they see and one they forget exists. If you’re already invested in the Microsoft stack, our Microsoft 365 support covers wiring these pieces together so the intranet meets staff where they work rather than asking them to come to it. For a fuller picture of what the platform includes, our rundown of what Microsoft 365 support covers is a useful companion read.

The decisions that make or break adoption

Information architecture is the unglamorous part everyone skips, and it’s the part that decides whether the intranet works. Information architecture means how you structure and name things so people find them without thinking.

The mistakes are predictable. Folder structures fifteen levels deep that mirror the old network drive. Navigation built around your org chart instead of around tasks — staff don’t think “I need the People & Culture division’s content”, they think “where’s the leave form”. Twenty different document libraries with no naming convention. Search left to fend for itself with no metadata to work with.

Get the architecture right and the platform does the rest. The questions worth arguing about before you build anything are: what are the ten things staff look for most, what should the top navigation be, what’s a hub and what’s associated to it, and how do you name and tag documents consistently. An hour of disagreement in a planning meeting saves a rebuild later.

Permissions and governance

The fastest way to ruin a SharePoint intranet is to let permissions sprawl. Out of the box it’s easy to share a file or site with one person, then another, until nobody can tell who can see what — and a staff directory or HR site with leaky permissions is a privacy problem, not just a tidiness one.

The disciplined approach is to manage access through Microsoft 365 Groups and security groups rather than one-off shares, keep company-wide content readable by everyone and editable by few, and set a clear policy on who can create new sites. Left unchecked, “anyone can spin up a team” produces hundreds of orphaned sites within a year. Governance also means deciding retention, external sharing rules, and a content owner for each site so pages don’t go stale. Conditional access policies sit underneath all of this, controlling who can reach the intranet, from which devices, and under what conditions — important when the same platform holds your policies and your client files. This kind of structure is part of broader cybersecurity hygiene, not an optional extra.

Migrating off file servers and network drives

Most intranet projects are also a migration off an ageing file server or a mapped network drive, and that’s where the real effort lives. You don’t just copy files across — you decide what comes, what gets archived, and how it’s structured on the other side.

A law firm in Hawthorn we work with had a 600GB shared drive built up over a decade, with matter folders, duplicates, and files three people swore were the master copy. The temptation is to lift-and-shift the whole thing into SharePoint and call it done. That just moves the mess to a new address. We sorted what was still live, archived closed matters, agreed a folder and metadata structure that matched how the firm actually worked, then migrated in stages so nobody lost access mid-week. The migration tooling matters — SharePoint has document size and path-length limits the old drive didn’t — and so does timing it around the firm’s quieter periods.

If your file server is also your backup and disaster-recovery weak point, moving to SharePoint changes that equation too — though “it’s in the cloud” still isn’t a backup strategy, which is why our backup and recovery approach covers Microsoft 365 data as well.

Why “build it and they won’t come” happens

The most common SharePoint outcome in Australian SMEs is an intranet that was built with enthusiasm, launched with an email, and abandoned within two months. It happens for clear reasons: nobody owned the content so it went stale, the structure mirrored the org chart instead of staff tasks, the launch was a one-off announcement with no follow-through, and leadership didn’t use it themselves.

Driving adoption is mostly non-technical. Put the things people need daily — the leave form, the phone list, this week’s news — on the front page so there’s a reason to visit. Move a real workflow onto it, like leave requests or IT support requests, so people have to use it. Surface it in Teams via Viva Connections so they don’t have to remember a URL. Name content owners who keep their corner current. And get the leadership team posting news, because staff follow what management actually uses. An intranet that’s the easiest path to the answer wins; one that’s a chore loses.

Realistic effort

Setting up a basic intranet — a home site, a few hub-connected sites, news and document libraries — is days, not months, for someone who knows the platform. The work that takes time is the thinking: the information architecture, the permissions model, the migration off the old drive, and the change management to get people using it. A sensible mid-sized rollout runs over several weeks, with a planning phase, a build, a staged migration, and a launch backed by training rather than an email. Trying to compress all of that into a weekend is exactly how you end up with the abandoned version.

Frequently asked questions

Do we need extra licences to build a SharePoint intranet?

Usually no. SharePoint Online is included in Microsoft 365 Business Standard, Business Premium and most enterprise plans, and Viva Connections is included as well. If you already run Microsoft 365 for email and Teams, you almost certainly have everything you need to build the intranet on your existing licences.

What’s the difference between SharePoint and Teams?

They’re two views of the same data. Teams is where you chat and meet; SharePoint stores the files and pages behind it. Every Teams team has a SharePoint site underneath, and the Files tab in a channel is a SharePoint document library. An intranet adds the company-wide communication sites and hubs on top.

How do we stop the intranet becoming a mess of duplicate files?

Agree a structure and naming convention before you migrate, use metadata and search rather than deep folders, manage permissions through groups, and control who can create new sites. The discipline is in governance and information architecture, not in the platform itself.

Can staff access the intranet on their phones?

Yes. SharePoint sites are mobile-responsive, and Viva Connections puts your intranet home page, news and resources inside the Teams mobile app — which is how frontline and on-the-go staff actually reach it, since most never open a browser at work.

Getting it built properly

A SharePoint intranet is one of the best-value things you can do with Microsoft 365, because the licence is already paid for and the payoff — less time hunting for documents, one source of truth for policies, cleaner communication — compounds. The risk is doing it without the architecture, permissions and adoption work, and ending up with abandoned space. TechAssist is a Melbourne-based MSP, founded in 2014, with 13 Australian-employed engineers — no offshore helpdesk — and per-user fixed pricing, so a project like this is scoped properly rather than billed by the hour. If you’d like to turn the SharePoint you already own into something staff actually use, explore our cloud services or get in touch for a straight conversation about it.

Power BI is Microsoft’s business intelligence tool — it pulls data out of the systems you already run, like Xero or Excel, and turns it into live dashboards. A small business can build genuinely useful reporting with it without hiring a data analyst, provided you start narrow and keep one set of numbers honest.

Most Melbourne SMEs we work with are drowning in spreadsheets. Sales lives in one workbook, the job costing in another, the helpdesk numbers in a portal nobody logs into, and the cashflow forecast in a file the bookkeeper updates monthly. Power BI’s pitch is simple: connect those sources once, and the dashboard refreshes itself. The trap is treating it as a magic spreadsheet. It is not. Used badly it just creates prettier confusion. Used well it gives a director a single screen that answers “how are we actually going?” before the morning coffee.

What Power BI actually is

Power BI is three things wearing one name. Power BI Desktop is a free Windows application where you build reports — connect data, shape it, write the odd calculation, design the visuals. The Power BI Service is the cloud side (app.powerbi.com) where you publish those reports, share them, and let them refresh on a schedule. Power BI Mobile is the phone app for viewing dashboards on the road.

If your business runs Microsoft 365 — and most Melbourne SMEs do — Power BI sits in the same tenant, uses the same logins, and respects the same security. That integration is the main reason it wins over standalone tools for a small business already inside the Microsoft ecosystem. We cover the broader 365 picture in our Microsoft 365 service.

Licensing: Desktop, Pro and Premium Per User

This is where people get confused and overspend, so be clear about it. Building reports is free. Sharing them with other people is what costs money. Pricing below is per user per month and subject to change by Microsoft — treat it as the shape of the decision, not a quote.

TierRough costWhat it gives you
Power BI DesktopFreeBuild and design reports on your own PC. View your own work. No sharing with others.
Power BI Pro~$14 AUD/user/monthPublish to the Service, share dashboards in workspaces, scheduled refresh up to 8 times a day. Included in Microsoft 365 E5.
Premium Per User (PPU)~$30 AUD/user/monthEverything in Pro plus larger data models, more frequent refresh, paginated reports and advanced AI features.

For a typical small business the answer is nearly always Pro. Everyone who needs to view a shared dashboard needs a Pro licence (or PPU), not just the person who built it — that is the line item people forget. Premium Per User only earns its keep once your data models get large or you need refreshes every few minutes. There is also a capacity-based tier (Fabric/Premium capacity) priced for larger organisations; if you are a 25-person firm in Hawthorn, you do not need it.

Connecting your data

Power BI ships with hundreds of connectors. The ones that matter for an Australian SME:

  • Xero and MYOB — both connect, though the path differs. Xero has a native connector and also publishes its own pre-built Power BI reports; MYOB is typically reached through its API or a third-party connector. For deep accounting analysis, many firms export to a database or use a connector tool rather than hitting the accounting platform directly every refresh.
  • Excel and CSV — the workhorse. Point Power BI at a workbook in SharePoint or OneDrive and it refreshes when the file changes. This alone replaces a lot of manual copy-paste.
  • SQL Server and other databases — if you run a line-of-business app (job management, ERP, a practice system) on SQL, Power BI reads it directly. This is where the richest reporting comes from.
  • Dataverse — the data layer behind Microsoft Dynamics and Power Apps. If you have built anything on the Power Platform, Power BI reads it natively.
  • Web and SaaS APIs — helpdesk tools, CRMs and marketing platforms often expose data Power BI can pull.

One practical note: cloud sources (Xero, SharePoint, SaaS) refresh straight from the Service. On-premises sources like a local SQL server need the on-premises data gateway installed — a small piece of software that lets the cloud Service reach back into your network to refresh. It is a five-minute install but easy to forget, and it is usually the reason a dashboard “stopped updating”.

Building your first dashboard

The mistake is starting with the whole business. Start with one question someone actually asks every week. The build then goes:

  1. Connect the source in Power BI Desktop using Get Data.
  2. Clean and shape it in Power Query — rename columns, fix date formats, filter out junk. This step is 70% of real BI work and the part people skip.
  3. Model the data — link tables together so, for example, every invoice knows which customer and which month it belongs to.
  4. Visualise — drop in a few cards for the headline numbers, a line chart for the trend, a table for the detail. Resist the urge to add forty visuals.
  5. Publish to a workspace in the Service and set a refresh schedule.

A clean dashboard answering one question beats a cluttered one trying to answer ten. You can always add a second page.

Sharing, workspaces and row-level security

You do not email a Power BI file around — that defeats the point. You publish a report into a workspace (a shared container in the Service), and people with the right licence and permission view it live. Workspaces are how you separate, say, the finance dashboards from the operations ones, and control who sees which.

For anything sensitive, learn row-level security (RLS) early. RLS filters the data by who is looking. The classic case: a sales manager in South Yarra should see only their own team’s pipeline, not the whole company’s, even though everyone opens the same report. You define roles in Power BI Desktop, assign people to them in the Service, and the data filters itself per viewer. Without RLS, “sharing the dashboard” means sharing everything in it — which is how payroll numbers end up in front of the wrong person.

Dashboards that earn their keep in an SME

The reporting that genuinely pays for itself in a small business is unglamorous:

  • Cashflow — a live view of receivables ageing, upcoming payables and bank position, pulled from Xero or MYOB. This is the one most directors check daily once it exists.
  • Sales pipeline — deals by stage, expected value, conversion rates, from your CRM. Replaces the weekly “where are we at” spreadsheet.
  • Job profitability — quoted versus actual cost per job, margin by job type or client, from your job management or accounting system. For construction, trades and professional services this is the dashboard that changes behaviour.
  • Helpdesk and operations metrics — ticket volumes, response times, recurring issues. We use Power BI on our own helpdesk data for exactly this.

None of these require a data team. They require someone who knows the business, a few hours in Power Query, and the discipline to keep the inputs clean.

One source of truth and the governance that protects it

This is the part that separates BI that helps from BI that causes arguments. The whole value of a dashboard is that everyone trusts the number. The moment two reports disagree on last month’s revenue, people stop trusting both and go back to their own spreadsheets.

One source of truth means the definitions live in one place — what counts as revenue, when a job is “complete”, how margin is calculated — and every dashboard inherits them. In practice that means a curated dataset (a shared, governed data model) that reports draw from, rather than ten people each connecting to Xero and each calculating “profit” their own way. It also means controlling who can publish, keeping a sensible folder structure of workspaces, and not letting a sprawl of half-finished reports accumulate. For a regulated firm — a financial planner under ASIC, a clinic under AHPRA — that governance discipline is also part of keeping client data handled properly. This is the kind of thing we help with under our virtual CIO services, where the question is less “which chart” and more “what should the business be measuring at all”.

When a spreadsheet is still fine

Plenty of times. If a number lives in one place, one or two people use it, and a fortnightly manual update is no burden, Excel is the right tool and Power BI is overkill. The honest test is whether you have a data assembly problem — the same figures stitched together from several systems, by hand, again and again, with someone always asking “is this current?”. That repetitive consolidation is exactly what Power BI removes. A one-off analysis is a spreadsheet job. A report you rebuild every Monday for the rest of your working life is a Power BI job.

A Melbourne example

A commercial fit-out company in Box Hill we work with — around 30 staff — was running its whole management view off three spreadsheets that the office manager rebuilt every Monday morning from Xero exports and the job management system. It took her half a day, and by Wednesday the numbers were stale. Worse, the director’s “job profitability” sheet and the accountant’s margin figures never quite matched, so every management meeting started with an argument about whose numbers were right.

We connected Power BI to Xero and their job system, built one governed model with agreed definitions of cost and margin, and produced three pages: cashflow, job profitability and a simple pipeline view. It refreshes overnight. The Monday rebuild is gone, the two sets of numbers now agree because they come from one model, and the director checks the dashboard on his phone from site. Nothing exotic — just the same data, assembled once and trusted.

Frequently asked questions

Do I need to be a developer to use Power BI?

No. Building a useful dashboard from Xero or Excel is closer to advanced spreadsheet work than programming. The harder calculations use a formula language called DAX, but a competent finance person picks up the basics, and you only need DAX once you go beyond simple sums and trends. Most SMEs get a long way without writing any.

Is the free version enough for a small business?

Power BI Desktop is free and fine if one person builds and views reports alone. The moment you want to share a live dashboard with colleagues, each person needs a Pro licence. For most SMEs the real cost is a handful of Pro seats, not the build.

Can Power BI connect to Xero and MYOB at the same time?

Yes. A single Power BI model can combine multiple sources — Xero, a SQL database, an Excel file and a SaaS API in one report. Combining sources into one trusted view is exactly the problem it is built to solve, though messy accounting data still needs cleaning in Power Query first.

How do we stop dashboards showing the wrong people sensitive numbers?

Use workspaces to separate reporting by audience, and row-level security to filter data by viewer within a report. Combined, they let a manager see only their team’s figures while everyone opens the same dashboard. Get this set up before you share anything financial.

Getting reporting that people actually trust

Power BI is one of the better value tools a small business can adopt, but only if it is set up with clean sources, sensible licensing and the governance to keep one set of numbers honest. Done wrong it is just another spreadsheet nobody believes. TechAssist is a Melbourne-based MSP, founded in 2014, with 13 Australian-employed engineers — not an offshore call centre — and we run Power BI across our own helpdesk and on client data every week. If your management reporting is a Monday-morning spreadsheet rebuild, get in touch and we will help you turn it into something that refreshes itself.

Power Automate is Microsoft’s workflow automation tool, bundled into most Microsoft 365 plans, that lets you build flows to handle repetitive admin — routing emails, saving attachments, chasing approvals — without writing code. For Melbourne SMEs already paying for Microsoft 365, much of it costs nothing extra. The catch is knowing where the free use rights stop.

Every business runs on small, dull tasks done by hand: copying form responses into a spreadsheet, filing invoices, pinging the team when a particular email lands. Power Automate takes that work off your staff. This post covers what it does, the licensing reality nobody warns you about, cloud flows versus desktop automation, the governance traps that bite when staff leave, and when you are better off hiring a developer instead.

What Power Automate actually is

Power Automate is part of the Microsoft Power Platform, alongside Power Apps and Power BI. At its core it is a trigger-and-action engine: something happens (a trigger), and it carries out a sequence of steps (actions) in response. “When an email arrives from a client with an attachment, save it to SharePoint and post a message in Teams” is a complete, useful flow — built by clicking through a designer, not by writing code.

It connects to hundreds of services through connectors. Outlook, Teams, SharePoint, OneDrive, Excel, Forms and Planner are the Microsoft ones most SMEs use, but there are connectors for Dropbox, Salesforce, SQL databases and more. The connector lets a flow read and write data in each service on your behalf.

The licensing reality

This is where most advice online falls apart, because it either pretends everything is free or scares you off entirely. The truth sits in between.

Most Microsoft 365 business and enterprise plans include seeded Power Automate use rights. That means you can build and run cloud flows using standard connectors — the Microsoft services you already pay for: Outlook, Teams, SharePoint, OneDrive, Excel, Forms, Planner. For a large share of genuinely useful SME automations, that included entitlement is all you need, at no extra cost.

You start paying extra the moment you cross one of three lines:

  • Premium connectors. Connecting to a SQL database, Salesforce, an HTTP API or many third-party systems requires a premium licence. The designer marks these “Premium”, so you find out before you build.
  • Per-flow plans. Licence a single business-critical flow that many people rely on, rather than every user. Sensible when one flow serves a whole department.
  • Per-user plans. Licence specific staff who build and run many premium flows. Sensible for a power user or a small automation team.

The practical rule: scope early automations to standard Microsoft connectors and you will likely stay inside what you already pay for. Microsoft reshuffles plan names and inclusions regularly, so confirm the current entitlements against your specific subscription before assuming a flow is free. Our Microsoft 365 team checks this before building anything that might trip a licence.

Cloud flows versus desktop flows (RPA)

Power Automate comes in two flavours, and confusing them leads to building the wrong thing.

AspectCloud flowsDesktop flows (RPA)
Where it runsIn the cloud, on Microsoft’s infrastructureOn a Windows machine, driving the desktop
What it automatesModern apps with APIs and connectorsLegacy apps, desktop software, websites with no API
How it worksTriggers and actions through connectorsRecords and replays clicks, keystrokes, screen actions
ReliabilityHigh — talks to apps the proper wayFragile — breaks when a screen layout changes
Typical useEmail, Teams, SharePoint, approvals, formsPushing data into an old accounting or line-of-business system

Cloud flows are what most SMEs should reach for first; they are reliable because they talk to applications through proper interfaces. Desktop flows — Microsoft’s robotic process automation, or RPA — automate the screen itself, mimicking a human clicking through a Windows program. They are useful for old line-of-business software that has no API, but they are brittle: change a button’s position or a field’s name and the flow breaks. Treat RPA as a last resort for systems you cannot reach any other way, not a default.

Common SME automations worth building

These flows deliver real time savings without exotic licensing, and none need a developer to maintain once set up properly.

  • Email-to-Teams alerts. When an email lands in a shared mailbox from a key client, or with a matching subject, post a card in the relevant Teams channel. Stops important messages drowning in an inbox.
  • Approval workflows. Leave requests, purchase orders, expense sign-offs. The requester fills a form, the approver gets a Teams or email prompt with Approve and Reject buttons, and the outcome is logged. No more chasing managers for a yes.
  • Save attachments to SharePoint. When invoices or signed documents arrive by email, file the attachment in the correct SharePoint library automatically and consistently named. Ends the “where did that PDF go” hunt.
  • Form-to-spreadsheet. A Microsoft Forms submission drops straight into an Excel table or SharePoint list — bookings, incident reports, supplier details — with no manual re-keying.
  • New-client onboarding. One trigger kicks off a sequence: create the SharePoint folders, generate a Planner task list, send the welcome email, notify the account manager in Teams. A checklist people forgot half of becomes one reliable flow.

A construction firm in Box Hill we work with was losing supplier invoices that arrived in a shared mailbox and got buried. We built a cloud flow that saved every invoice attachment to a dated SharePoint library and posted a notification to their accounts channel. It used only standard connectors, so it ran inside their existing licensing, and it removed a recurring source of disputes with subbies over unpaid invoices. That is the shape of a good first automation: narrow, boring, previously done by hand.

The governance and security angle

This is the part MSPs care about and most “just build a flow” tutorials ignore. A flow runs with someone’s permissions, often unattended, sometimes touching sensitive data. Left ungoverned, it becomes a liability.

Flow ownership when staff leave

Here is the scenario that catches businesses out. A capable staffer builds a dozen flows under their own account, then resigns. You disable their account during offboarding, and every flow they owned silently stops — invoices stop being filed, approvals stop routing, and nobody knows why. Critical flows should be owned by a shared service account or have co-owners, never tied to one person’s personal login. Offboarding should include checking what a leaver automated.

Data loss prevention policies

Power Automate moves data between services, which means it can also move data out of places it should stay. Microsoft’s data loss prevention (DLP) policies in the Power Platform admin centre classify connectors as business or non-business and block flows from combining the two — stopping, say, a flow that quietly copies SharePoint data to a personal Dropbox. Setting sensible DLP policies before staff start building is far easier than unwinding a mess later. Under the Privacy Act 1988 and the Australian Privacy Principles, you remain accountable for personal information your automations handle, so this is a compliance control, not just IT hygiene.

Service accounts and sprawl

Without guardrails, every department builds undocumented flows, and within a year nobody can tell you what automation is running across the business or what it touches. Govern it like any other production system: shared ownership for anything important, a naming convention, an inventory, and DLP policies set centrally. This is the same discipline behind our cybersecurity services work — who can build what, and where the data can flow.

When to use Power Automate versus hiring a developer

Power Automate is brilliant for connecting Microsoft 365 services and orchestrating standard business processes. It is not a replacement for proper software development, and pushing it past its comfort zone produces flows that are slow, hard to debug and impossible to hand over.

Use Power Automate whenHire a developer when
Connecting Microsoft 365 apps and standard servicesBuilding complex logic with many branches and edge cases
Routing approvals, notifications and simple data movesProcessing high volumes where performance matters
Letting non-developers maintain the automationIntegrating systems with no connector via custom code
Quick wins that pay off in weeksA genuine application with a user interface and a database

The honest limits: flows can be slow on large data sets, error handling is clunky compared to real code, and a flow with fifty steps and nested conditions is a maintenance nightmare that one staff departure can orphan. If you are fighting the tool to force complex logic into it, that is the signal to step back. A well-scoped flow that saves an hour a day is a win; a sprawling flow only its author understands is a future incident. Where that line sits for your business is exactly what our virtual CIO conversations are built to answer.

Frequently asked questions

Is Power Automate free with Microsoft 365?

Largely, yes — most business and enterprise Microsoft 365 plans include seeded use rights to build and run cloud flows using standard Microsoft connectors such as Outlook, Teams, SharePoint and Forms. You pay extra only for premium connectors, or per-flow or per-user plans. Confirm current entitlements against your subscription, as Microsoft adjusts inclusions regularly.

What is the difference between a cloud flow and a desktop flow?

Cloud flows run on Microsoft’s infrastructure and talk to apps through connectors and APIs — reliable, and the right default. Desktop flows are robotic process automation (RPA): they run on a Windows machine and mimic a human clicking through software, which suits legacy systems with no API but is fragile and breaks when screens change.

Do I need a developer to build flows?

For standard automations — approvals, alerts, filing attachments, form-to-spreadsheet — no. A capable staff member or your MSP can build them in the designer. You need a developer when the logic gets genuinely complex, performance on large volumes matters, or you are integrating a system with no connector.

What happens to flows when a staff member leaves?

If a flow is owned by an individual’s account and you disable that account during offboarding, the flow stops. Business-critical flows should be owned by a shared service account or have co-owners so they survive staff changes. Reviewing what a leaver automated should be a standard offboarding step.

Where TechAssist fits

We are a Melbourne MSP, founded in 2014, with thirteen Australian-employed engineers — not an offshore queue. We help SMEs identify which manual tasks are worth automating, build the flows inside your existing licensing where possible, and set the DLP policies and ownership rules so automation does not become a security hole or a single point of failure when someone resigns. If you are paying staff to do work a flow could handle, or you have a tangle of flows nobody owns properly, get in touch and we will map the quick wins before you spend a dollar on premium licences you may not need.

Microsoft Planner is the shared task tool for small teams: visual boards, buckets and assignments that live inside Teams. Microsoft To Do is for your personal list. Project is for proper project management with dependencies and Gantt charts. Most small teams need the first two and rarely the third.

If your team has outgrown email-and-spreadsheets but isn’t running multi-month projects with critical paths, Microsoft Planner and To Do are almost certainly already in your Microsoft 365 licence — you just aren’t using them properly. Here’s what each tool is for, how the 2024-2025 unification changed things, and how to roll it out without creating a sprawling mess.

Planner vs To Do vs Project: what each is actually for

These three tools overlap enough to confuse people, but they solve different problems. The simplest framing is scope: To Do is one person, Planner is one team, Project is one complex programme of work.

ToolBuilt forTypical useIncluded in
Microsoft To DoIndividualsYour personal task list, flagged emails, reminders, daily planningAll Microsoft 365 plans
Microsoft PlannerSmall teamsShared work tracked on boards and buckets, assigned to people, with due datesBusiness and Enterprise plans
Microsoft ProjectProject managersMulti-phase projects with task dependencies, Gantt charts, resource levelling and timelinesSeparate paid add-on (Project Plan 1/3/5)

The practical test: if a job has a deadline and an owner but no real dependency chain, it belongs in Planner. If you genuinely need “task B can’t start until task A finishes, and that shifts the whole timeline”, that’s where Project earns its licence. Most Melbourne SMEs we work with never cross that line.

The 2024-2025 unification: one Planner app in Teams

Microsoft spent 2024 and into 2025 folding three separate experiences into one. The old “Tasks by Planner and To Do” app in Teams, the classic Planner web app, and the Project web experience have been consolidated into a single product called Planner, surfaced inside Microsoft Teams and on the web.

In practice, the new Planner app brings your personal To Do tasks, your shared team plans, and — if you hold a Project licence — your Project for the web plans into one place, so you stop hopping between apps. The basic features (buckets, boards, assignments, due dates) stay free with your normal Microsoft 365 licence; the Premium layer — goals, sprints, dependencies, timeline and Copilot — only lights up with a Project/Planner Plan licence. To Do still exists standalone, but its tasks now also appear in the My Tasks view inside the new Planner.

How Planner is structured: boards, buckets, assignments and charts

Planner uses a Kanban-style board, which is why teams pick it up quickly. The building blocks are worth understanding first, because the structure you choose on day one is the one you live with.

Plans and buckets

A plan is the container for a piece of shared work — usually tied to a team or a recurring function. Inside a plan, buckets are columns you define however you like: by stage (To Do / Doing / Done), by client, by team member, or by work type. A logistics operator might bucket by “Awaiting pickup”, “In transit” and “Delivered”. Pick one logic per plan and keep to it.

Tasks, assignments and labels

Each card is a task with an assignee (or several), a due date, a priority, a checklist of sub-steps, attachments, and coloured labels for filtering. The discipline that separates a useful board from an abandoned one is simple: every task has an owner and a due date. Unassigned, undated cards are where boards go to die.

Board, Grid, Schedule and Charts views

The same tasks can be viewed several ways without re-entering anything. Board is the Kanban columns; Grid is a spreadsheet-style list for fast editing; Schedule drops tasks onto a calendar by due date. Charts gives a status dashboard — how many tasks are not started, in progress, late or complete, split across people and buckets. For a team lead it answers “are we on top of this?” in three seconds, and it’s the most underused feature here.

Using Planner inside Teams channels

Planner is at its best when it lives where the work conversation already happens. Add a Planner tab to any Teams channel and the team discusses the work in the Posts tab and tracks it on the Planner tab beside it — no separate tool and no “where did we agree that was due?”.

Create the plan from inside the channel so it’s owned by that team’s Microsoft 365 Group — membership and permissions then follow the team automatically, so people who join get the board and people who leave lose it. Use one plan per channel rather than one giant plan for everything. Assignments notify people in their Teams activity feed and roll up into their My Tasks view, so nobody has to remember to “check the board”.

This is also why Planner suits teams already standardised on Microsoft 365. Our Microsoft 365 services page covers what’s included, and our post on what Microsoft 365 support in Melbourne actually covers goes deeper.

To Do, flagged emails and how tasks roll up

To Do is the personal counterpart — where an individual manages their own day with a “My Day” list, custom lists, reminders and recurring tasks. Two integrations make it more than a notepad. First, flagged emails: flag an email in Outlook and it appears automatically as a task in To Do’s “Flagged email” list, linked back to the message, turning the inbox-as-task-list habit into something you can plan around. Second, assigned tasks roll up: any Planner task assigned to you appears in To Do (and the My Tasks view) under “Assigned to me”.

So an individual sees their reminders, flagged emails and their share of the team’s boards in one consolidated list — the quiet benefit of staying inside the Microsoft stack.

When a small team has outgrown email and spreadsheets

The signal that you’ve outgrown email-and-spreadsheets is usually one of these: work falls through the cracks because it only lived in someone’s inbox; the shared spreadsheet has six versions and no one trusts it; or “who’s doing what by when” takes a meeting to answer. That’s Planner’s sweet spot — structured enough to give visibility, light enough that people will actually use it.

It’s equally important to know when you haven’t crossed into Project territory. You don’t need Project just because the work matters — you need it when timelines genuinely cascade or a client wants a formal Gantt chart. Short of that, Planner plus disciplined ownership does the job.

A Ringwood example

A construction fit-out business in Ringwood we work with was running its job pipeline across a shared Excel file on a network drive and a tangle of email threads. Site supervisors couldn’t see updates from the office, the spreadsheet was routinely locked because someone had it open, and a couple of jobs slipped because a task lived only in one estimator’s inbox. They needed a single source of truth their team would actually open.

We set them up with one Planner board per active project, surfaced as a tab in each job’s Teams channel, with buckets for site stages and every task assigned to a named person with a date. The Charts view became the Monday status check. Supervisors get their tasks in the Teams app on their phones and the office sees the same board live — all already in their Microsoft 365 plan, so no new licence cost.

Governance: don’t let plans sprawl

The failure mode with Planner isn’t the tool — it’s letting it breed. Because anyone can spin up a plan (and creating one quietly creates a Microsoft 365 Group behind it), you can end up with forty half-used boards, three plans called “Projects”, and no idea which is current — worse than the spreadsheet you replaced.

A few governance rules keep it sane:

  • One plan per team or function, not per whim. Tie plans to existing Teams channels so they inherit a clear owner and membership.
  • Name plans consistently and archive dead ones. A retired plan left lying around is clutter and a data-hygiene issue.
  • Control who can create Microsoft 365 Groups. Because each new plan spawns a Group, ungoverned plan creation inflates your Group count and your security surface. Most SMEs should restrict Group creation and govern it centrally.

We bake Planner and Microsoft 365 Group governance into our managed IT services so the collaboration tools stay useful rather than turning into digital landfill.

Frequently asked questions

Is Microsoft Planner free with Microsoft 365?

The core Planner features — boards, buckets, task assignments, due dates, labels and the Charts view — are included with Microsoft 365 Business and Enterprise plans at no extra cost. The Premium layer (goals, sprints, dependencies, timeline and Copilot) requires a separate Project Plan licence that most small teams never need.

What’s the difference between Planner and To Do?

To Do is for one person — your private list, flagged emails and reminders. Planner is for a team — shared boards several people work from, with tasks assigned to named owners. They connect: any Planner task assigned to you appears in your To Do “Assigned to me” list, so you get one personal view of everything on your plate.

Do I still need Microsoft Project?

Only if your work has real task dependencies — where finishing one task is meant to shift the timeline of others — or you need formal Gantt charts and resource levelling. For tracking shared work with owners and due dates, Planner is enough and is already in your licence. Don’t pay for Project to manage a to-do list.

Getting it set up properly

Planner and To Do are quietly capable tools most Melbourne businesses already pay for and barely touch. The value isn’t in the software — it’s in setting it up with sensible structure, keeping tasks owned and dated, and governing plan creation so it doesn’t sprawl. TechAssist is a Melbourne-based MSP, founded in 2014, with 13 Australian-employed engineers and a 24/7 NOC in Tecoma, and we help teams across Melbourne metro get real value out of the Microsoft 365 they already own on per-user fixed monthly pricing. If your team has outgrown the shared spreadsheet, get in touch and we’ll set the boards up to fit how you work.

Ready to Make IT Your
Competitive Advantage?

Book a free consultation with our team. No pressure, no jargon — just a clear-eyed look at where you stand and what's possible.