“We have at least 15 internal device SKUs that constantly need patches, updates, and new drivers, so the burden of doing this all with an on-premises system posed many challenges,” says Kregg Nelson, End User Compute Manager at HPE. “We realized that a cloud-based solution would not only make us more efficient but also open up new ways of integrating with other HPE workstreams, like security operations and human resources.”

In the case of HR, for example, the onboarding process for new devices was past due for modernization. Whenever a new employee or contractor joined the company, setting up their devices typically entailed multiple phone calls between IT, the user, and often the user’s manager. With the right collaboration between IT and HR, Nelson’s team knew cloud-based device management could help increase the speed and efficiency of making workers productive.

Driving parallel cloud journeys: Endpoint and identity access management

HPE knew it needed a cloud-based digital transformation to keep pace with business needs and security risks. The company chose Microsoft based on the capabilities of Microsoft Intune and accompanying technologies to simplify endpoint management and empower better user experiences. It also factored in the strength of the two companies’ past working relationship. “We got buy-in by showing our executives how deploying Intune would help reduce costs and make our employees more productive, and by presenting a Microsoft Defender for Endpoint P1 licensing plan that projected a positive ROI,” says Nelson. “Ultimately, our relationship with Microsoft sold the deal—we knew we’d benefit from their input and experience if we chose Intune to manage our thousands and thousands of endpoints.”

Side by side with the device management effort was the identity and access management journey Nelson’s team had been pursuing since 2018. HPE invested in Windows Autopilot and other Microsoft technologies at that time, including buying licenses for Intune in anticipation of implementing access management features. More recently, as part of its modernization, HPE simplified user authentication by using Windows Hello, streamlined deployment with help from Windows Autopilot, and used Windows Update to help ensure up-to-date devices during its ongoing Windows 11 migration.

“We learned that you can’t have modern fleet management without modern endpoint management, so we made it our focus to do both of these in the cloud,” says Nelson. “Migrating and consolidating our identity and access and device management systems put us onto a three-stage journey, going from on-premises to hybrid to fully cloud native.”

From there, Nelson’s team met with stakeholders across business groups and across the company to evaluate use cases and determine the best path forward for implementing the Intune solution. In April 2023, they rolled out full-scale device management capabilities to all Windows devices at HPE. Then, over the next five months, they did the same for implementing Intune with employees’ personal, unenrolled mobile devices using Mobile Application Management, enabling a centralized, highly secure way for supporting bring-your-own-device culture. By September 2023, only some mobile edge cases remained, which Nelson expects to fully resolve and complete the migration by early 2024.

By dismantling its on-premises endpoint management infrastructure, HPE transformed its operations for a new era of efficient and agile cloud-based management for all devices. The key change, Nelson notes, has been simplicity. “Where it used to be time-consuming and costly to manage all the complexities of our on-premises environment, we can now perceive everything through a cloud-connected ecosystem with Intune and proactively manage the day-to-day,” he explains. “And with Microsoft, we achieved speed, not only by rolling it out steadily, but also by becoming more agile and responsive to users because we’re in the cloud.”

This success demonstrates that big companies can move device management to the cloud at a fast pace—even ones with hundreds of thousands of devices in use, and whose systems were fully on-premises less than two years ago. Nelson says his company’s return on investment has already proven beneficial. “Cloud-native endpoint management with Intune was the right choice for us,” he says. “All the savings we see from comprehensively securing and patching our endpoints, along with all the options and agility we get, and freeing up our IT time for other activities—it all more than pays for itself.”

Future plans include adopting Microsoft Intune Suite solutions, such as enabling endpoint privilege management in ways that further help secure new customer contracts by enabling device management without requiring administrative access. The company is also interested in trying Remote Help as a way of providing very secure, enterprise-level user support. Meanwhile, Nelson offers the following advice to other companies thinking about their own digital transformations:

• Do all of your homework ahead of time so when you’re ready to implement your cloud-based endpoint management solution, you can move quickly and get it done. “We did a lot of pre-work over the first few months, meeting with stakeholder groups and identifying potential security hiccups,” says Nelson. “Then with help from Microsoft, we specified all of our use cases in one day, setting us on a clear path to a very smooth deployment.”
• Always be moving forward, not backward. The need for modernization and future growth at HPE overcame the temptation to rebuild its on-premises solution, and Nelson says Intune was the obvious choice for his team. “Honestly, when I think about Intune, I really don’t feel like I have limitations,” he says. “The feeling is more like: What can Intune do for us today? How can we use Intune to configure and meet the demands of whatever challenges we’re currently facing?”