Together with baseVISION, NSNW AG has implemented a modern and future-proof device management platform – fully based on Microsoft Intune.
Security has been significantly enhanced through device hardening (STIG), seamless integration with Microsoft Defender for Endpoint, and a protected connection via Microsoft Tunnel.
Automations with Intune app configuration profiles simplify onboarding and management, reduce manual effort, and accelerate rollouts.
The result: a centralized management experience, improved compliance, and a scalable foundation for future growth.
The IT workplace of NSNW is now even more modern, flexible, and secure, ready for the demands of tomorrow.
The situation before baseVISION
NSNW AG manages a fleet of around 500 mobile endpoints using MobileIron as the primary Mobile Device Management (MDM) platform. The device portfolio includes:
- Android smartphones in COPE mode (Corporate-Owned, Personally Enabled), offering a balance between corporate control and user flexibility
- Kiosk devices for frontline use
- Fully managed Android tablets for special tasks
Secure access to corporate resources is provided via Ivanti Sentry, a per-app tunnel gateway that protects sensitive data and applications. Despite this foundation, there were several challenges:
- Manual onboarding process: Numerous steps such as staging, app assignment, and policy checks slowed rollouts and tied up valuable IT resources
- No device hardening: The endpoints lacked a standardized, enforced security baseline to reduce attack surfaces and strengthen compliance
- Separate platforms: MobileIron for mobile devices and Microsoft Intune for Windows endpoints led to administrative overhead, limited visibility, and inconsistent policy enforcement
This dual approach impaired efficiency, scalability, and security, making it difficult for NSNW AG to ensure a consistent and secure endpoint environment.
«Wir haben zwei getrennte MDM-Plattformen zu einer einheitlichen, leistungsstarken und zukunftssicheren Lösung zusammengeführt, die sichere Geräte und Verbindungen bereitstellt und gleichzeitig durch Automatisierung schnellere Rollouts ermöglicht.»
The Vision – A Unified Device Management Platform
The goal was to integrate Android devices into Microsoft Intune and create a cloud-based, unified platform for device management across all device platforms to enable faster, automated rollouts and provide hardened, secure endpoints. The solution also needed to support the company’s standard devices and special use cases, ensure a secure connection to local services, and offer a future-proof MDM with optimized enrollment.
Key points of the solution:
- Unified MDM platform based on Microsoft Intune
- Faster setup through automation, app configuration policies, and Google Zero Touch
- Integration of Microsoft Defender for Endpoint
- Device hardening according to STIG benchmarks
- Seamless, secure connection to local resources and web applications
The Transformation
To realize the vision of a unified device management platform, the project was divided into four key phases:
1. Workshop
The first project phase began with a dedicated workshop designed to analyze the current environment, identify existing challenges, and explore possible improvements. This collaborative step was crucial as it provided the insights and clarity needed to create a stable foundation and confidently move into the next phase.
2. Concept Phase
Based on the workshop results, a comprehensive concept for a future-proof mobile device management platform was developed. One of the biggest technical challenges was to enable secure access to custom applications and websites that required a connection to local resources – especially since the solution had to support more than just standard HTTP/HTTPS protocols.
After evaluating several options, we found the ideal solution in Microsoft Tunnel. It offered exactly the functionalities we needed: seamless, secure connectivity across different protocols while adhering to the highest protection and performance standards.
3. Implementation
During the implementation phase, Microsoft Intune was set up according to the agreed concept and customer requirements. The most important step was achieving a fully automated onboarding process.
We used Google Zero Touch to ensure that the devices were pre-registered and automatically contacted Microsoft Intune upon power-up. Additional app configurations covering all Microsoft solutions as well as custom applications made the setup process efficient and seamless.
The setup process also served as practical training for NSNW’s IT team, empowering employees to manage the new platform independently and competently.
4. Testing and Deployment
After implementation, the solution was initially tested in the IT department, then rolled out to power users, and finally expanded to broader user groups. Feedback from these phases was used to fine-tune the platform to meet operational requirements and provide a seamless user experience.
A key insight from this phase was that what seems perfect for an Intune administrator does not always automatically mean a smooth experience for end users. By actively involving power users and considering their feedback, we were able to close this gap and provide a setup that works seamlessly from both perspectives. The result? A new device experience that not only meets technical expectations but also creates a genuine wow effect for the user.
«Die erfolgreiche Umsetzung des Projekts durch baseVISION stellt einen grossen Mehrwert für die NSNW dar, da sie den Verwaltungsaufwand reduziert und gleichzeitig Kosten einspart.»
Leading companies rely on us.
