<img alt="" src="https://secure.visionarycloudvision.com/780791.png" style="display:none;">

Delivering value for customers with end-to-end delivery

by Steve Cannon, on Jun 22, 2020 4:31:38 PM

Steve Canon 4-2

At Agenor Technology we are specialists in solution design and architecture. With our forensic attention to detail minimising customer impacts we can ensure the end-to-end delivery of value to customers on time and on budget. Recently we undertook a complex project for a customer looking for a solution that would allow all their devices to be built to a standardised configuration for security policies, access controls and device management. The following is an outline of the process we designed to meet the customer requirements and realise increased value for the business as a result.

 

Customer Brief

The company has been focusing on increasing security presence and awareness and had started the accreditation process to gain ISO 9001 & 27001. As a result, they had several key policy and application requirements:

  • To improve device security policies and develop a process to standardise the configuration of their devices.
  • All devices had to be manageable from cloud services.
  • The architecture design was to be implemented and documented to allow handover to the internal IT Manager for administration post deployment.
  • There was also a training element required.
 

The Goal

To design and implement all policies and application suites to meet internal customer requirements.ICEFLO Whiteboard 1 2000px1334px

The Challenge

The initial challenge was to establish a baseline on the available hardware. The decision was made to replace any older laptops that were running Windows Home edition and lacked TPM chips as a major goal was to implement a standardised device encryption policy that used TPM & Bit-locker. Recommended security settings from the National Cyber Security Centre (NCSC) were researched to feed into the security policies to be created. There were a number of device hardening and baseline policies that the NCSC recommend for In-Tune. After looking at their recommended policies we adopted a customised set of policies that met the needs of the project. In some cases, security policies that were higher than the NCSC standards were used. 

  • Desktop Deployment

A key area of the project was to develop an automated way that would create a common desktop configuration to adopt across the company’s estate. The obvious choice here was to use Autopilot for deployments of the Operating Systems. This would then give the company the ability to deliver new equipment to users directly from the vendor. Previously all equipment was delivered to the company and manually configured by in-house IT staff before being shipped out, creating an unnecessary overhead, and extending the timescales for deployment.

  • Application Deployment

There were several applications in use by the company and they wanted to make sure that the applications had a common way of deployment and were manageable from In-Tune.

An initial pillar of the security configuration was to ensure that the antivirus software was deployed. Using In-Tune and the company’s cloud-based antivirus solution, an MSI installer package was obtained from the vendors portal and a line of business install app created. This was then configured as a required application and automatically pushed out to all devices.

In addition to the antivirus package deployment we added the Office 365 package through Client apps. The policy was set to remove previously installed versions of Office 365 and keep the app updated to current levels. By selecting the monthly update channel on the application settings this ensured that new features were rolled out as soon as they were available. In addition to the above we also added Google Chrome and the newest version of Edge web browsers as required installs.

  • Company Portal

In addition to the required application installs there was a desire to create a software repository function. This would allow users a self-service method of installing approved applications without additional governance and requesting elevated rights. To enable this, we created an application policy to deploy the Company Portal to all devices. This allowed us to select an appropriate suite of apps available from both the Microsoft Business store and custom MSI line of business apps. Examples of these are the Citrix Receiver app required for some business users and other productivity apps such as Egress and Zoom client. Users would then have the ability to install these apps individually from a known source and at the required software level.Support

  • SharePoint Migration

The company wanted to consolidate their IT vendors as much as possible. They had an existing subscription to a cloud-based storage solution in addition to their Microsoft 365 subscription. There was an identified and significant saving to be made from migrating all the user and shared data into SharePoint. Following a discovery phase on the sizing and folder structures in-place with the alternative cloud provider we also undertook an access audit to replicate the secure folder structure on SharePoint. Using the output from the exercise allowed communications to be sent to all users of the folders and to plan an out of hours folder migration using the SharePoint migration tool available from Microsoft. All data was subsequently migrated across and a decommission of the previous cloud supplier’s folder structure took place.

The Result
Shutterstock 1

On the successful completion of the solution deployment outlined above:

  • The company now has a solution that allows all devices to be built to a standardised configuration for security policies, access controls and device management.
  • Using In-Tune and Autopilot has added the ability to remotely delete data on any devices that are lost or stolen or just simply need a rebuild without the requirement to be returned to a head office location.
  • Significant cost savings have already been made with this implementation and it has reduced IT overheads when dealing with hardware and software issues leading to a decrease in help desk calls.

Agenor Technology would be happy to discuss any requirements from other organisations who face similar business challenges and are looking to perform a migration using this type of process.  Please contact us here to arrange a callback and discussion with one of our experts today.

Topics:Stakeholder Managementconsultancyoutcomebasedtimeandmaterialsdigital transformationtechnologymicrosoftSharePoint

Comments

About Agenor Blog

Welcome to the Agenor blog, where you can stay up to date with the latest Agenor activities, news and content. Don't forget to have your say and join the conversation! 

Subscribe to Updates