Zero-Touch Laptop Deployment
The customer is a marketing and web development agency who have been based in a Manchester city centre office for the last 18 years. All staff were office based including sales, admin and technical departments. All IT systems were based on the premise at the Manchester HQ.
To protect staff the business rapidly moved everyone to working from home in the early part of the 2020 pandemic.
Staff switched to using a combination of personal computers and office computers they had taken home. Facilities were rapidly setup to provide secure access to office-based IT systems so that business could continue with minimal disruption.
Despite this rapid switch in working, this left the business with its staff using a variety of different computer systems, many aging and not configured correctly. This made ongoing IT management extremely difficult and introduced compatibility and security problems.
With no definitive date when the staff could safely return to the office, and the real possibility that a full return to the office was not going to be an option, a solution to upgrade and standardise all staff home IT equipment was required. This needed to be done quickly and with minimal disruption.
Greystone reviewed options with the customer senior management team, and the decision was made to purchase new laptop computers, monitors, docking stations and peripherals for all staff.
By using Microsoft Azure, Intune and Windows Autopilot, Greystone created configuration policies that would centrally control the setup and security of the fleet of laptops. Application policies provided control of the automatic installation of software to different departments and could manage who had access to which applications and data.
The new laptops were shipped directly from the hardware vendor to the user’s home addresses. On receipt of the laptop the user could initiate the automated setup and configuration themselves. By simply powering on the brand-new laptop, entering their username and password, Windows Autopilot would take care of the rest. In less than an hour their laptop was fully configured and ready to go.
Another advantage of this type of “zero-touch” deployment is that if a computer becomes faulty and needs to be wiped and rebuilt, the user can perform this themselves. This can be done at home in under an hour, without the need to send it off to the IT department.
- Microsoft Azure and Intune
- Windows Autopilot
- Dell Latitude Laptops
- BitLocker full disk encryption
- Office 365 Conditional Access and MFA
Results and benefits
The result was the entire company was issued with new laptops that were deployed in a matter of days, without the need for any lengthy setup processes and with minimal interaction from the IT department.
This provided an effective and secure method to deploy new computers to staff in distributed locations, while also minimising contact for staff who are working from home under lockdown restrictions.
Ongoing management of computers is now simple via a single Intune console. This can be used to monitor and report on the status of the devices, control security, and even remotely wipe them if they are lost or stolen.