The IT setup for a remote-first 20-person team

A growing number of UK businesses don’t have an office, or have one that’s half-empty most days. Twenty people across the UK and Europe, hired on the basis of “work from where you live”. The IT setup is different from a traditional office-based 20-person business. Here’s what actually works.

The non-negotiables

Microsoft 365 Business Standard or Premium

The foundation. Business Standard (£9.40/user/month) for most. Business Premium (£18.10) if you want Intune device management built in. For remote-first teams, Premium usually pays back because you’ll be locking down devices the team buys themselves.

Microsoft Entra ID with conditional access

Replaces the office firewall as your security perimeter. Conditional access means: a sign-in from a recognised device gets through, a sign-in from a new device in a country no-one usually works from triggers MFA plus manager notification. This is how you protect a distributed team without locking them into a VPN.

Multi-factor authentication on everything

Microsoft 365, Xero, your CRM, your project tool, your code repository. If it has a login, it has MFA. Authenticator app, not SMS — SMS-based MFA gets phished.

Endpoint protection on every device

Microsoft Defender on Windows, a paid product like Sophos or Crowdstrike on Mac. Personal Linux laptops in the wild are tricky — either you bring them under management or they don’t touch company data.

Cloud-only file storage

SharePoint and OneDrive. No file servers, no Dropbox business accounts that diverge over time. One source of truth that follows the user across devices.

What you don’t need

  • A VPN. Conditional access does what VPNs used to.
  • A file server. SharePoint handles it.
  • A Bristol office (unless you want one). Address-of-record can be a registered office service.
  • Office phones. Microsoft Teams calling or a cloud PBX is fine.
  • Anti-virus on a server (no server).

The starter onboarding flow

New hire on day one:

  1. Laptop arrives at their home address, pre-configured. They unbox, sign in with their work account, devices auto-enrol into Intune.
  2. Their Microsoft 365 account is created with the right group memberships. They see only the SharePoint sites their role allows.
  3. An automatic email walks them through MFA setup, password manager onboarding, and which Teams channels they’re now in.
  4. By 10am on day one, they’re working.

The leaver offboarding flow

HR tells IT a leaver date. On the day:

  1. Account is disabled at 5pm. Mail forwards to their manager for 30 days.
  2. The laptop is wiped remotely (Intune does this with two clicks). Once wiped, they post it back in a pre-paid box.
  3. Shared documents they owned are transferred to their manager.
  4. Any external service logins (Slack, Notion, Figma) are de-provisioned within an hour.

The bits that bite distributed teams

Tax and residency. If a UK employee spends 183+ days in another country, you might have created a tax presence there. Not an IT problem, but it’s the kind of thing remote-first businesses learn the hard way.

Data residency. Microsoft 365 in the UK tenant means data is stored in the UK. Move to a US tenant and that changes. Worth knowing for clients with strict GDPR or sector rules.

Time zones for support. If half the team is in CEST and the rest in BST, what’s “office hours” for the IT helpdesk? We cover UK working hours and add overnight escalation for critical incidents. Most distributed teams don’t need 24/7 — they need critical-issue cover.

The annual offsite. Once a year the whole team is in one room. Make sure the room has decent wifi, AV, and someone who can set up Teams Room or Zoom Room properly. This is a project, not a ticket.

What it costs

For a 20-person remote-first business, you’re looking at:

  • Microsoft 365 Business Premium: £18.10/user/month × 20 = £362/month
  • Endpoint protection (if not on Premium): £5-£8/user/month
  • Managed IT support (us): £35/user/month × 20 = £700/month
  • Security stack add-on: £8-£15/user/month × 20 = £160-£300/month
  • Total: £1,222-£1,362/month + VAT for everything except project work

Compared to a traditional office-based 20-person setup with a server, network kit, phones, and on-site visits, this is roughly half the cost. Most of the savings come from skipping the office IT infrastructure.

How we set this up

Most distributed teams we work with came from a more traditional setup that didn’t quite work. We do a 2-3 week migration project to flip them across: Microsoft 365 properly configured, conditional access deployed, devices brought under Intune, leavers tidied up, password vault migrated, AI policy written.

Then they’re on the standard monthly support. Book a chat to talk through your team’s specifics.

Submit a Comment

Your email address will not be published. Required fields are marked *