Silversands Logo

Silversands Ltd, Albany Business Park, Cabot Lane
Poole, Dorset, BH17 7BX

Customer Portal
Global financial organisation benefits from modern device management hero image

Global financial organisation benefits from modern device management

A leading global private equity advisory firm, this organisation helps to accelerate growth and transform businesses through its offices across the world. 

Technology used :

Microsoft Intune

Microsoft Windows Autopilot

Global financial organisation benefits from modern device management hero image
What were the challenges?
  • An existing Intune and Autopilot implementation did not support the deployment of hybrid-joined computers
  • Due to the need to access on-premises resources not all devices could be migrated to Autopilot and be Azure AD joined
  • Domain-joined Intune enrolled devices still rely on legacy Group Policy for configuration
  • Azure AD devices were not as competently configured as those subject to Group Policy
What was the solution?
  • Silversands was asked to provide advice and recommendations
  • Autopilot was reconfigured to support hybrid Azure AD join
  • Group Policy to mobile device management migration  analysis was performed
  • Security baselines implemented
What were the results?
  • The full capabilities of Intune and Autopilot have been realised
  • Computers can be built, updated or wiped from anywhere
  • All AD-authenticated access works as normal
  • Applications can be deployed from the cloud
  • Group Policy will be migrated to Intune policy to complete the move to modern management
  • Configuration Manager will be decommissioned to remove an admin burden

The Background 

In 2012, we deployed a Microsoft System Center Configuration Manager (SCCM) solution for this organisation so that it could build Windows computers and deploy applications with minimal manual intervention in each of its global offices.  This worked well for many years but more flexible solutions such as Microsoft Intune and Windows Autopilot had become available and there was a desire to move to these more modern options. 

An incumbent support partner implemented the new solutions, but the configuration did not give the organisation the functionality it desired (specifically, Hybrid Azure AD Join).  

Challenges
  • The organisation wanted to implement modern device management solutions
  • The incumbent support partner deployed Intune and Windows Autopilot
  • The deployment did not provide the desired functionality
<p>“Having worked with Microsoft device management for over 20 years, we have a wealth of experience both in legacy and modern management solutions like Configuration Manager, Intune and Autopilot  and were ideally placed to help this organisation overcome the issues with the incumbent’s deployment and achieve its modern management goals.”</p>

“Having worked with Microsoft device management for over 20 years, we have a wealth of experience both in legacy and modern management solutions like Configuration Manager, Intune and Autopilot  and were ideally placed to help this organisation overcome the issues with the incumbent’s deployment and achieve its modern management goals.”

Mark Ison, Lead Consultant, Silversands

The Solution 

As experts in device management, we were asked to help the organisation by reviewing the deployment and enabling the desired functionality. 

Following a discovery process and analysis of the existing deployment, we ran a workshop with the IT team, provided them with an ‘art of the possible’ overview, and outlined our recommendations to allow the full functionality of Windows Autopilot to be realised. 

Finally, we reconfigured the existing solution and created a new Autopilot deployment process.  Following functional testing, we handed it over to the IT team so that they could start using the new service. 

Solution
  • Silversands asked to provide device management expertise
  • 'Art of the possible' workshop showed what the organisation could achieve
  • Autopilot reconfigured to provide desired functionality

The Results

With this improved Intune and Autopilot deployment, several benefits were realised:

  • By supporting Hybrid Azure AD Join, there was no requirement to migrate Group Policy to Intune. This allowed the organisation to accelerate the move to Intune management and Autopilot operating system deployments.
  • All AD-authenticated integrations and interactions, such as file shares, applications and printers, continue to work as normal.
  • Desktop and laptop computers can now be built in any location with a wifi connection – there is no longer a requirement for computers to be physically located in the offices.
  • Computers can be deployed, updated or wiped from Intune.
  • Applications and updates can be pushed from Intune.

The next stages of the work will further improve the organisation’s device management position by:

  • Migrating Group Policies to Intune management to complete the move to modern management.
  • Decommissioning the extensive SCCM infrastructure, which will remove a significant admin burden.
  • Making use of advanced features such as Endpoint Analytics to measure startup performance and app reliability to proactively identify issues before they cause work interruptions.

With Intune and Autopilot correctly configured, this organisation has a powerful capability to manage its devices, deploy Windows desktop, deliver applications and deploy policy regardless of the location of the device or user, while also making it easier for the IT team to manage. The move to modern management is a significant improvement over the legacy solution.

“Although Configuration Manager has been a solid device management workhorse for many years, modern management with Intune and Autopilot is an order of magnitude better and is the recommended path for any Microsoft-focused organisation or business.

Mark Ison, Lead Consultant, Silversands

Results
  • Our implementation gave flexibility to allow immediate migration to Intune management
  • On-premises services and authentication work as normal
  • Computers can be built over wifi in any location
  • Computers can be deployed, updated or wiped from Intune
  • Applications can be pushed from Intune