modernizing device management and provisioning for a trusted financial institution

Modernizing device management and provisioning for a trusted financial institution

Overview

A respected lending institution had an immediate need to deploy hundreds of devices. They needed to resolve ongoing challenges caused by legacy device management infrastructure and accommodate remote work. 

Remote fleet management  

Their existing device management infrastructure – using SCCM and a VPN for accessing the network remotely – wasn’t scaling with the organization, or adequately supporting remote work. Remote team members could access enough cloud applications to get their work done without using the VPN, so many devices weren’t receiving essential updates regularly and the organization had minimal visibility of device health. For devices that were connected to the VPN, monthly updates put the link under too much strain.  

Custom applications 

The organization had several existing custom applications. In particular, authenticated access to a web application which was used by the large call center team could not be disrupted. 

Security and compliance 

The organization was keen to move to modern management on Microsoft Intune for its entire fleet of 1,300 devices, but in a highly-regulated industry, it was essential that they retained the security practices they’d built up over time 

18.2% of cyber-attacks worldwide occur in the finance sector.

Distribution of cyberattacks across worldwide industries in 2023, Statista

Solution

The institution needed a solution which would accelerate device provisioning and enable them to streamline device management whilst continuing to meet their security and compliance obligations. The CIO and Senior Infrastructure Engineer - EUC selected a product, Devicie, which automates device management on Microsoft Intune. 

Rapid Intune deployment 

Devicie rapidly designed and created an Intune instance customized to the institution’s unique needs. With reliance on SCCM and VPNs eliminated, devices were configured consistently. The ideal configuration is held in Devicie and any drift quickly identified and remediated.   

Updates are deployed in line with the needs of each user cohort. Each connection is individual over the internet, so there are no VPN congestion issues. 

Zero touch provisioning 

Zero touch provisioning enabled the institution to deploy devices easily to team members anywhere. Users are given the device with a short set of instructions. The CIO tested a device himself, with impressive results. His laptop was set up by the time he finished his morning coffee.  

My new laptop build went to plan and was completed within the time it took me to have my morning coffee (20 mins).

Financial institution CIO

Resource efficiency  

Devicie no-touch management takes care of application updates, OS patching, local administration controls and more. The EUC team, who were experienced in SCCM, had breathing space to learn more about the Intune platform, with Devicie support.  

Manual application packaging and updating was eliminated.  

Enhanced security 

Security processes and policies had been built up over years and with stringent industry regulations, the security team were focused on ensuring they were reflected in the Intune configuration. The modern management transformation provided an opportunity for the IT and security teams to collaborate to achieve security standards.  

Assured compliance 

Devicie’s near-real-time reporting on policies, OS patching, application updates, local administration status and more enables the institution to demonstrate compliance easily. As new CIS controls are released, configuration is available, ensuring the institution remains up-to-date with minimal effort. Controls to meet compliance frameworks can be implemented swiftly.  

Future benefits 

With modern management foundations laid, the institution can easily roll out OS version updates. They can decommission legacy SCCM infrastructure, reducing the number of systems they need to maintain. They can bring mobiles, Macs and other devices into management on Intune.  

Results

The financial institution successfully moved off SCCM and away from use of VPNs to automated modern device management by Devicie on Microsoft Intune. They unlocked zero touch provisioning, enabling them to ship devices directly to end-users and have them set up in 20 minutes, reducing the backlog of laptop provisioning.  

  • Modern device management transformation 

  • Uplift in security and compliance against frameworks 

  • Eliminated daily device management tasks including application packaging and updates, OS patching, local administration control, reporting and more 

  • Increased visibility of device health, warranty status and CIS control compliance 

  • Increased capacity for the EUC team, empowering them to further modernize their infrastructure. 

The Devicie difference

Unlike the time-consuming and inconsistent legacy infrastructure, automated modern device management by Devicie on Microsoft Intune enabled the organization to move into the future securely and productively. Without the burden of manual unboxing and setup of laptops, which was taking up to a day per machine, the EUC team was able to ship devices directly to end-users and have them set up automatically in minutes.