Verdas Technology

info@verdastechnology.com +353 85 151 7413
VERDAS.
Contact
Fleet Modernisation — Verdas Case Study
← Back to Case Studies
MDM & Intune

Fleet Modernization

A large distributed organisation with over 500 remote and hybrid workers was operating with completely unmanaged endpoints. Laptops were leaving the network with no security policies, devices were being used by multiple employees without segmentation, and there was no visibility into patch status or compliance posture. Verdas deployed Microsoft Intune across the entire fleet — delivering enterprise-grade device management, zero-touch enrolment, and real-time compliance visibility within four weeks.

Remote Team
500+ Devices Enrolled
98% Fleet Compliance Rate at Week 6
4 wks Full Deployment Timeline
100% Disk Encryption Enforced
The Challenge

500 Devices. Zero Visibility. Zero Control.

The organisation had expanded rapidly through a period of remote-first hiring and a hybrid work transition. Devices had been shipped directly to employees' homes with a basic setup guide and no MDM enrolment. The IT team had no visibility into what software was installed, whether patches were applied, or whether BitLocker encryption was active.

A security review triggered by a cyber insurance renewal revealed that the organisation would fail to meet policy requirements without a documented device management capability. The risk exposure — both from potential breach and insurance invalidation — forced an urgent response.

  • Zero device management — no MDM, no policies, no oversight
  • Patch levels unknown across the entire 500+ device fleet
  • BitLocker encryption not enforced — data at risk on every lost laptop
  • No mechanism to remotely wipe a lost or compromised device
  • Software inventory non-existent — shadow IT running unchecked
  • Cyber insurance renewal at risk without MDM capability
Laptop Fleet
500+ Windows Devices Enrolled
12 Regional Office Locations
28 Days to Full Deployment
0 User-Impacting Incidents
The Solution

Zero-Touch Enrolment at Scale

Verdas designed a Windows Autopilot-based deployment model that allowed devices to be enrolled into Intune without any manual IT intervention. Employees simply powered on their device, signed in with their corporate credentials, and Intune handled the rest — pushing security policies, installing approved applications, and enforcing compliance baselines automatically.

For the existing fleet of 500+ already-deployed devices, a phased silent enrolment approach was used via a Verdas-authored PowerShell script, minimising disruption to end users while progressively bringing every device under management.

Phase 1 — Week 1
Intune Tenant Configuration & Policy Design

Microsoft Intune tenant configured from scratch. Compliance policies designed for Windows 10/11 covering encryption, password complexity, firewall state, and patch currency. Configuration profiles built for security baseline, Wi-Fi, VPN, and application deployment.

Phase 2 — Weeks 2–3
Existing Fleet Silent Enrolment

PowerShell enrolment script deployed silently via Group Policy to existing devices. Enrolment status tracked in real time via Intune dashboard. Non-compliant devices flagged for follow-up. Helpdesk briefed to handle any user queries arising from Intune Company Portal prompts.

Phase 3 — Week 3
Autopilot for New Device Deployment

Windows Autopilot configured for all future device procurement. Hardware hash import process documented. Enrolment profiles created for different user roles. First batch of 30 new devices shipped directly to employees and enrolled via Autopilot with zero IT desk touchpoints.

Phase 4 — Week 4
Compliance Reporting & Remediation

Full compliance dashboard built in Intune and presented to the IT Director and CISO. Non-compliant devices individually remediated. BitLocker recovery keys escrowed for every device. Full fleet compliance documentation packaged for the cyber insurance renewal submission.

What We Deployed

Intune Capabilities Activated

💻

Windows Autopilot

Zero-touch provisioning for all new devices. Employees receive a laptop, power it on, sign in once, and the entire corporate configuration is applied automatically — no IT desk involvement required.

🔒

BitLocker Encryption Enforcement

Intune compliance policy enforces BitLocker on every Windows device. Recovery keys automatically escrowed to Azure AD — ensuring data protection on lost or stolen devices and satisfying cyber insurance requirements.

📦

App Deployment & Management

Microsoft 365 Apps, corporate VPN client, and approved business tools deployed silently via Intune. Unapproved software blocked via application control policies. Software inventory visible across the entire fleet from a single dashboard.

📡

Compliance Monitoring & Remote Actions

Real-time compliance reporting shows patch status, encryption state, and policy compliance for every device. Remote wipe and remote lock capabilities enabled — critical for lost device scenarios in a distributed workforce.

Technologies Used
Microsoft Intune Windows Autopilot Azure Active Directory BitLocker Microsoft Defender for Endpoint Conditional Access PowerShell Windows Security Baseline Intune Compliance Policies Configuration Profiles App Protection Policies Microsoft Endpoint Manager
The Results

A Fully Managed, Audit-Ready Fleet

At the six-week mark, 98% of the device fleet was fully compliant with all security policies. The remaining 2% were devices belonging to long-term leave employees awaiting their return for manual remediation. The organisation successfully renewed their cyber insurance policy with an improved premium, having provided the insurer with documented Intune compliance reports for every device.

  • 98% device compliance rate achieved within six weeks
  • BitLocker encryption enforced on 100% of the active fleet
  • Cyber insurance successfully renewed with improved terms
  • Patch currency improved from unknown to 94% current within 30 days
  • Zero-touch Autopilot process cut new device setup time from 4 hours to under 20 minutes
  • Complete software inventory visible in Intune for the first time
  • Two lost devices remotely wiped during the project period with no data breach
Secure Devices

"We went from having no idea what was running on our fleet to having a full real-time compliance dashboard in under a month. Two devices were lost during the project and we were able to wipe both remotely within minutes. That alone justified the entire engagement. Verdas delivered exactly what they promised, on time and with almost no disruption to our staff."

— IT Director, Distributed Enterprise Organisation

Need to Secure Your Device Fleet?

We'll assess your current endpoint posture and get every device under management — fast.

Book a Free Endpoint Audit