Skip to content

MWP Project

MWP (Managed Workplace Services) Project

MWP Project Description:

Managed workplace services implementation project aims to implement or upgrade the current managed workplace services, ensuring that end-user devices are compliant with the business policies, corporate data can only be accessed and used on compliant devices, but ensuring a positive end-user experience during and after the transformation period.

The project is implementing Microsoft Intune to manage workstations and mobile devices. Microsoft Intune offers hundreds of policies that can be applied and enforced to these devices. In this project, we provide a set of policies that are most common and are the basis of securing corporate data access. During this or a separate project, we can assess and develop a plan for the policies needed for customized business requirements. 

MWP Project Implementation Approach:

The project is split into the following phases:

Phase 1: Microsoft Intune configuration and hybrid join of the devices via on-premise Active Directory Group Policy: 

We will implement and configure Microsoft Intune to manage workstations and mobile devices during this project. If a Microsoft SCCM System is already configured, we implement co-management, meaning that the devices can receive software updates, patches, and applications from both Microsoft SCCM and Intune.   

This will trigger getting all devices hybrid-joined via group policy settings from the on-premise Active Directory, securing that all workstations will be hybrid-joined at the end of this phase and Microsoft Intune settings can be applied/deployed to them. 

Phase 2:  Policies enablement and enforcement to workstations 

During this phase, the policies planned to be enabled are tested with the UAT user group, piloted with approximately 10% of the overall end-users/devices, and then rolled out in waves. 

Phase 3: Policies enablement and enforcement to mobile devices

During this project phase, we have to consider two use cases: when the mobile devices are corporate devices and when they are personal devices. Depending on the company’s needs, we can use the native functions already implemented in the latest mobile device operating systems, or dependency on the “Comp portal” mobile application installation is a pre-requirement. In this case, the user cannot access corporate data without installing the “Comp portal” application and enrolling the device in Microsoft Intune.  

During this phase, depending on the use cases and scenarios, all of the settings and planned policies are to be tested and validated by the nominated “Pre-UAT” users. After the “Pre-UAT” users fully understand and test the process, including the different use cases, the project will present the overall documentation for approval. After finetuning and approval, the project will continue by enabling and enforcing the approach with the UAT user group. For the pilot, we will use the two-step approach, 1st we allow, then enforce the policy. We need user feedback for both steps to finetune the process before enrolling all users. 

The mass roll-out is divided into waves based on the complexity and the number of users. 

Phase 4: Monitoring reports and facelift/finetuning of the policies

Usually, Phase 4 of the project is related to an extended hyper-care and review of the Intune reports. We finetune and roll out additional user-transparent policies and settings if needed during this phase. 

MWP Project Scope:

  • Configure Microsoft Intune for workstations and mobile device accommodation
  • Setup co-management between On-Premise Microsoft SCCM and Microsoft Intune
  • Deploy group policies in the on-premise Active Directory for triggering hybrid join on all workstations
  • Setup Microsoft Intune for AzureAD join of the devices that are not joined in the on-premise active directory
  • Assess and agree on the needed policies, policies configuration into Intune
  • Configure Intune policies for workstation management
  • Configure Intune policies for mobile device management
  • Perform all roll-outs in waves according to the plan.
  • Configure patching according to the agreed process.
MWP Project Needed Hardware and Software:

No hardware needed

The Client needs to have appropriate Microsoft licenses for the selected features. Licenses can be purchased during the planning phase of the project. 

MWP Project Pre-Requirements

  • Appropriate permissions in the On-Premise Active Directory and Azure (example: Global Azure Administrator, Domain Administrator)
  • On-premise Active Directory synchronized to Entra with Active Directory Connect
  • Current patching process
  • DPO requirements for corporate data access
  • Test hardware (exact model of the corporate workstations and mobile phones)