Milton Keynes University Hospital simplifies endpoint management, elevates mobile clinical care efficiency with Microsoft Intune

Milton Keynes University Hospital (MKUH) is recognized across the National Health Service (NHS) in the United Kingdom as a leader in innovative health services and technology-led patient care. Located between London and Birmingham, it provides its community with many hospital services for acute medical conditions and a growing list of specialty services. The hospital’s more than 3,500 endpoints are vital, providing access to private information and highly secure data essential to the delivery of effective patient care. To help ensure the security and compliance of its endpoints, the hospital deployed Microsoft Intune, a cloud-based endpoint management solution. Intune provides the hospital with a comprehensive set of modern cloud security and application management tools for all types of endpoints, including on-premises, cloud, and virtual, across different devices, operating systems, and platforms.

“With this caliber of endpoint management technology, anything is possible,” says Ibrar Mahmood, Cyber Security Manager at Milton Keynes University Hospital. “If someone in the security community or a National Health Service peer comes to me with a complex question, I tell them to check out Microsoft Intune.”

The hospital’s Digital Services and Cyber Security teams stands on the shoulders of giants. Its neighbor to the south, Bletchley Park, an English country estate at the center of Allied code-breaking operations during the Second World War, was home to a set of the first programmable electronic computers—code named “Colossus.” Here, Cyber Security forebearers collaborated to engineer processes and systems that today influence how Mahmood and team create, deploy, and manage technology to help protect the digital data and networks that are crucial to hospital operations.

“Intune was easily adaptable to our current environment, which is about 80 percent in the Microsoft Cloud now,” says Mahmood. “It’s the soul of our security environment.”

In a matter of weeks, the hospital instituted Windows Autopilot for zero-touch deployments of Windows 10 and Windows 11. It also provides more flexible endpoint management that directly affects the patient care capabilities and overall efficiency of IT and hospital staff without disrupting the ability to deliver the best possible patient care. MKUH now has several enhanced endpoint management measures that help protect the hospital’s data and systems from potential threats at the endpoint and simplify security and IT management tasks. Mahmood and his team can enforce security policies and ensure that its mobile iOS and Android devices and thousands of Windows endpoints are better protected against ransomware and other threats.

Gaining greater control in the cloud

MKUH implements multiple layers of security to defend against threats and protect the confidentiality and integrity of patient data. Intune is the centralized endpoint management solution that adds cross-platform device compliance and a modern authentication security layer. Microsoft Defender for Endpoint and Azure Active Directory (Azure AD) also play a vital role in the hospital’s journey to a cloud-first, Zero Trust security model.

“Intune gives us more control of our Microsoft Defender suite,” says Mahmood. “And deployment for managing Defender for Endpoint settings on our iOS and Android devices is much simpler now.”

By deploying more software as a service (SaaS) security offerings, the hospital streamlined how it controls its environment, authenticates devices, configures policies, implements conditional access controls, deploys updates and security patches, and automatically detects and remediates threats.

“Intune simplifies how we customize policies and test configurations,” says Mahmood. “Compared with previous endpoint management tools, which can get quite overwhelming, the Intune interface is easy to navigate, adding to the overall convenience and accessibility of this solution.”

Specializing in frontline efficiency

Contributing to the high quality of care that MKUH provides is an emphasis on innovation at the frontline. The hospital turned to the capabilities of Intune, Defender for Endpoint, and Azure AD to implement a successful shared iPad program for its staff. Using federated authentication with Azure AD, hospital staff can easily sign in to iPads with their existing credentials and access Microsoft 365 apps like Microsoft Teams with a highly secure single sign-on (SSO) experience.

Clinicians and nurses can quickly complete core patient care tasks on the go. With SSO enabled for a wide range of apps and services, they can use one sign-in credential to access all the apps and services they need, regardless of the platform device or operating system. Hospital staff can seamlessly connect to various healthcare-specific apps and services on Android and iOS devices, electronic patient record (EPR) systems, scheduling and care management apps, and other tools.

With Intune, the IT team can support the diverse needs of the hospital’s frontline workers by providing them with highly secure and efficient access to specialty devices and applications unique to the clinical environment. Now, the team can more easily manage and secure a broader range of iOS and Android devices, ensuring that hospital staff have the tools they need to deliver the best patient care and experiences. 

Engineering endpoints

Mahmood and his team partnered with the hospital’s EPR provider on a project to implement new handheld mobile devices to enhance maternity services. The new Android-based handheld scanners, manufactured by Zebra, run an EPR application that midwives and nurses use to track and schedule feedings for newborns. The feedback on the overall experience of staff who are using the devices for a critical maternity service is positive. Mahmood credits Intune and Azure AD with helping him deliver a more efficient build and deployment process for cross-platform devices and cloud apps.

“Dynamic grouping and Intune made this project simple enough for one build engineer to deploy hundreds of devices in a matter of hours,” says Mahmood. “Deploying a device now is as simple as scanning a QR code with the device.”

MKUH simplified how it connects staff to a variety of services and tools on Android and iOS devices. It can automate app updates and streamline removal across mobile devices, desktop computers, and virtual endpoints, so employees can always access the most up-to-date version of critical apps and workloads. The hospital also manages authentication with Intune to help ensure that only authorized users can access certain apps.

Intune makes it easier for the IT team to remotely manage cloud-native, Azure AD–joined devices. Cloud-native endpoints can deploy anywhere and receive configurations and applications from the cloud. They can also be quickly restored or reset with an internet connection, potentially eliminating the need for costly VPN connections and dependencies to on-premises resources. Additionally, Intune provides endpoint analytics that can help identify app and device performance issues and limit interruptions to a productive clinical environment using data to drive IT best practices.

“Our environment is more secure and easier to audit than before,” says Mahmood. “Tying in apps with Azure AD and Intune makes life much easier.”

Deploying Intune was a game-changer for MKUH, helping the hospital elevate the efficiency of digital patient care operations while keeping sensitive patient data and care-critical networks highly secure. The Digital Services team can now manage all mobile apps and devices, including those running Android, Windows 10, Windows 11, Mac OS, iOS, and iPad OS and reduce the complexity of managing Group Policy. 

The increased configuration and control that Intune provides over the Defender for Endpoint environment also helps the team simplify configuration and provides cloud-based SaaS and automation capabilities that can help protect devices, networks, and data from potential threats.

“I’m consistently impressed by the level of security that Intune provides,” says Mahmood. “Now with the Microsoft Intune Suite on the horizon, I feel even more confident that my company’s data will remain highly secure, and the straightforward management and deployment of policies will make it easier to help ensure that all devices are safeguarded.”

Mahmood is also looking forward to completing the journey to Windows 11, the prospect of managing deployment and security requirements more efficiently, and remediating policy issues with clinical applications using efficiencies gained from Autopilot and Intune.

“The Microsoft Intune Suite is going to help consolidate our endpoint management solutions, saving costs, making our lives easier, and helping secure the hospital’s data,” says Mahmood. “I would highly recommend the Microsoft Intune Suite to any organization that wants to enhance its security posture.”

Find out more about Milton Keynes University Hospital on Twitter, Facebook, and LinkedIn.