Long question about how to minimize in-house servers so as to minimize security holes and maintenance and personnel time on IT.
* As a children's services charity we have access to WinServer 2012 R2 Std for very cheap. Also WinServer 2012 Multi-point Premium cheap.
* We also get Office 365 Enterprise very cheap. Our email/exchange is through it. 
* We have a ton of shared files on an old in-house server. Needs replacing, updating. Robust nightly data backups.
* Offices in 2 cities and need to coordinate that pool of files.
* 25-30 employees total, not all on at once. Some don't use in-house resources, just Office 365.
* Accounting program must run on a server with SQL (just basic MS SQL).
* Other than that there are virtually no server functions used. In fact some people bring in their own laptops which are Home edition so are not on the domain. I just make their win logon match a user on the server to get them permission to the file sections they need.
* The few users who need to work from home/outside use their home computer to a remote desktop session on their work computer.
* We keep a few files in Office 365 SharePoint shared site. Files like sign-up sheets multiple people need to modify at once, or that outside volunteers need browser access to. Nobody wants to move our entire pool of shared files there. Too slow and awkward.
* Would rather not continue to maintain domain controller or full function servers with all the endless keeping up with security issues and such. Would love to move it all to a cloud server and RDP sessions and the server maintained by a big outfit, but such services either leave maintenance to the user or are too expensive. Especially compared with trying to make the most of what we get cheap.

Two scenarios I'd love feedback on:
1. File servers
Just enable file server functions. No domain. DNS/DHCP/port-forwarding via business class router (we have). VLANs via a good switch (we have). No outside data access except via RDP sessions to in-house computers. Would need another file server in the other city and some way to sync. Not sure how to do that. Might be a big issue. Also means an outside data connection and related security issues.
2. File server and RDP server
One file server at main office. Also a MultiPoint server. The few people in the other city who need access to the pool of shared files could do that work via RDP sessions. No server or storage at the other city. No outside data access except RDP sessions.

In either case we'll figure a way around the accounting/SQL issue. Maybe use the vendor's cloud version.

We lean on Office 365 for other features, video conf, shared calendars on smart phones, etc. but isolated from our core files store.

Thoughts?

Thanks,
Tom