How Ravanty Deployed Microsoft Intune and Entra ID for 3000 users

Industry | Mortgages Services

Objectives

The Company needed a migration plan to transition from
on-premises legacy device management mechanisms to Microsoft’s secure modern Device Management solution and eliminate on-premises infrastructure where possible.

Key Considerations

A key consideration with the project was to establish a supported path to transition to Microsoft's modern device management solution. As there was no supported path for migrating devices from Hybrid Azure AD joined to Azure AD-joined model, therefore the Company chose the option of attrition model. This model supports the vision by replacing machines as they reach end of their useful hardware lifecycle.

Goals

• Establish foundational secure and compliant infrastructure with Microsoft Intune and Entra ID to support the Company’s objectives.
• Accomplish the requirements of upgrading to Windows 11 as part of the process prior to Windows 10 end-of-life date of October 14, 2025.
• Address security and compliance requirements to ensure only devices that meet company’s standards can access the company data.
• Ensure a clear path provided to address the subset of devices that do not meet minimum requirements for Windows 11.

Solutions

In this personalized journey to upgrade the company's legacy processes, we initiated our mission with a deep dive into the existing Group Policies, employing Intune GPO Analytics for insightful analysis. Our exploration included mechanisms for accessing legacy applications, with a focus on Microsoft Entra ID (Azure AD) and Microsoft Intune.

One of the pivotal challenges we addressed was transitioning from the traditional image-building process to the more streamlined Intune Autopilot. In tandem, we meticulously planned the seamless integration of Azure AD joined machines with on-premises resources during the transitional phase, harnessing the power of Entra ID Single Sign-On.

Our team's commitment extended to a thorough evaluation of the operational environment and the specific business and technical needs, including elements of networking components such as Wi-Fi, DHCP, DNS, RADIUS, LDAP, Kerberos, and NTLM. This led us to also formulate a cutting-edge strategy for integrating cloud-based Universal Printing into the company's workflow.

To ensure our strategies were sound and practical, we embarked on a 10-day pilot program, offering remote support as subset of devices were tested in accessing on-premises resources in Hybrid Azure AD- and Azure AD-joined scenarios. This comprehensive analysis paved the way for the creation of a detailed project plan focused on migration design.