HPE transforms to cloud-native endpoint management with a rapid Intune migration

The HPE workforce uses more than 70,000 mobile devices and 115,000 Windows laptop PCs. For many years, HPE managed the Windows devices using a Microsoft Configuration Manager solution housed in a third-party datacenter. This on-premises solution served the company well for years but required ongoing hardware lifecycle management, relied on manual IT interventions, and suffered increased exposure to security breaches due to the lack of cloud-managed bug fixes and updates. Seeking to reduce complexity and modernize its operations, HPE saw a chance to vacate the third-party location and move device management to the cloud.

“We have at least 15 internal device SKUs that constantly need patches, updates, and new drivers, so the burden of doing this all with an on-premises system posed many challenges,” says Kregg Nelson, End User Compute Manager at HPE. “We realized that a cloud-based solution would not only make us more efficient but also open up new ways of integrating with other HPE workstreams, like security operations and human resources.”

In the case of HR, for example, the onboarding process for new devices was past due for modernization. Whenever a new employee or contractor joined the company, setting up their devices typically entailed multiple phone calls between IT, the user, and often the user’s manager. With the right collaboration between IT and HR, Nelson’s team knew cloud-based device management could help increase the speed and efficiency of making workers productive.

Driving parallel cloud journeys: Endpoint and identity access management

HPE knew it needed a cloud-based digital transformation to keep pace with business needs and security risks. The company chose Microsoft based on the capabilities of Microsoft Intune and accompanying technologies to simplify endpoint management and empower better user experiences. It also factored in the strength of the two companies’ past working relationship. “We got buy-in by showing our executives how deploying Intune would help reduce costs and make our employees more productive, and by presenting a Microsoft Defender for Endpoint P1 licensing plan that projected a positive ROI,” says Nelson. “Ultimately, our relationship with Microsoft sold the deal—we knew we’d benefit from their input and experience if we chose Intune to manage our thousands and thousands of endpoints.”

Side by side with the device management effort was the identity and access management journey Nelson’s team had been pursuing since 2018. HPE invested in Windows Autopilot and other Microsoft technologies at that time, including buying licenses for Intune in anticipation of implementing access management features. More recently, as part of its modernization, HPE simplified user authentication by using Windows Hello, streamlined deployment with help from Windows Autopilot, and used Windows Update to help ensure up-to-date devices during its ongoing Windows 11 migration.

“We learned that you can’t have modern fleet management without modern endpoint management, so we made it our focus to do both of these in the cloud,” says Nelson. “Migrating and consolidating our identity and access and device management systems put us onto a three-stage journey, going from on-premises to hybrid to fully cloud native.”

From there, Nelson’s team met with stakeholders across business groups and across the company to evaluate use cases and determine the best path forward for implementing the Intune solution. In April 2023, they rolled out full-scale device management capabilities to all Windows devices at HPE. Then, over the next five months, they did the same for implementing Intune with employees’ personal, unenrolled mobile devices using Mobile Application Management, enabling a centralized, highly secure way for supporting bring-your-own-device culture. By September 2023, only some mobile edge cases remained, which Nelson expects to fully resolve and complete the migration by early 2024.

Streamlining workflows for IT, cybersecurity, HR, and users

The Intune rollout has led to improved collaboration between IT and HPE cybersecurity teams. The rollout has also enabled other security improvements, such as remote wipe—detecting a lost or stolen device as soon as it touches the internet and shutting down user access to sensitive apps and data.

Security postures and policies with the new system are also producing positive results. “We have new levels of granularity that let us operate more effectively and also sectionalize the business in helpful ways,” says Nelson. “A huge example is that by proving we can create profiles that have extremely granular policies and privileges, we’re now able to comply with government requirements that help us win contracts we couldn’t have qualified for before.”

Other benefits of moving to the cloud include running leaner, smarter IT operations and improving new employees’ experience with their HPE equipment. Nelson reports that he has been able to refocus the time and talents of his operations team on more innovative and revenue-driven activities. System patches that formerly took five to seven days to get installed on a user’s device now take only 24 to 48 hours at most, and many update processes are now automated. And by working with HR, Nelson’s team also reinvented the way first-day employees start using their devices to do work, helping them start contributing in their roles more quickly than in the past.

“You really want to help new employees feel productive right away, and getting them through first-time setup in 35 minutes or less is a great way to achieve that—it used to take two hours or more,” says Nelson. “Windows Autopilot has been critical for achieving this. We’ve had 4,500-plus people try it the new way since April, and customer satisfaction scores are at 98 percent—an all-time high.”

Simplifying and modernizing with cloud-native endpoint management

By dismantling its on-premises endpoint management infrastructure, HPE transformed its operations for a new era of efficient and agile cloud-based management for all devices. The key change, Nelson notes, has been simplicity. “Where it used to be time-consuming and costly to manage all the complexities of our on-premises environment, we can now perceive everything through a cloud-connected ecosystem with Intune and proactively manage the day-to-day,” he explains. “And with Microsoft, we achieved speed, not only by rolling it out steadily, but also by becoming more agile and responsive to users because we’re in the cloud.”

This success demonstrates that big companies can move device management to the cloud at a fast pace—even ones with hundreds of thousands of devices in use, and whose systems were fully on-premises less than two years ago. Nelson says his company’s return on investment has already proven beneficial. “Cloud-native endpoint management with Intune was the right choice for us,” he says. “All the savings we see from comprehensively securing and patching our endpoints, along with all the options and agility we get, and freeing up our IT time for other activities—it all more than pays for itself.”

Future plans include adopting Microsoft Intune Suite solutions, such as enabling endpoint privilege management in ways that further help secure new customer contracts by enabling device management without requiring administrative access. The company is also interested in trying Remote Help as a way of providing very secure, enterprise-level user support. Meanwhile, Nelson offers the following advice to other companies thinking about their own digital transformations:

• Do all of your homework ahead of time so when you’re ready to implement your cloud-based endpoint management solution, you can move quickly and get it done. “We did a lot of pre-work over the first few months, meeting with stakeholder groups and identifying potential security hiccups,” says Nelson. “Then with help from Microsoft, we specified all of our use cases in one day, setting us on a clear path to a very smooth deployment.”
• Always be moving forward, not backward. The need for modernization and future growth at HPE overcame the temptation to rebuild its on-premises solution, and Nelson says Intune was the obvious choice for his team. “Honestly, when I think about Intune, I really don’t feel like I have limitations,” he says. “The feeling is more like: What can Intune do for us today? How can we use Intune to configure and meet the demands of whatever challenges we’re currently facing?”