When Spectrum Brands had to ­provision laptops for 300 employees on short notice, Microsoft Intune made it easy, says Timothy Watson, Senior Manager of Desktop Engineering.

Mar 24 2022
Digital Workspace

How Businesses Simplify Device Management in a Remote Work World

Unified endpoint management is gaining favor as the cloud-based solution of choice.

It’s a challenge under the best of circumstances to provision, manage and secure mobile devices for any global company. Throw in a worldwide pandemic and the shift to remote work, and the task gets harder.

Spectrum Brands, an international consumer products company based in Middleton, Wis., is making it easier by migrating from on-premises solutions to two cloud-based services: Microsoft Intune and Azure Active Directory.

When the company previously onboarded new employees, IT staff unboxed every new laptop and spent 90 minutes manually configuring and installing software before handing them out to employees. Now, they can ship computers directly to users unopened. When workers start up and log in to the devices for the first time, the computers are configured automatically over the cloud.

“We don’t do it manually anymore. It’s provisioned right out of the box without IT getting involved,” says Timothy Watson, Spectrum Brands’ senior manager of desktop engineering.

Click the banner below to receive exclusive cloud content when you register as an Insider.

Managing Devices Through a Single Pane of Glass

Many organizations are deploying unified endpoint management solutions to centrally configure, control and secure a wide range of endpoint devices and operating systems across their enterprises. Through a single console, IT departments can automate the deployment of software and security patches and enforce policies.

Demand for cloud-based UEM tools has increased during the pandemic, analysts say. With more people working from home or in flexible work arrangements, IT teams have had to manage more remote devices outside their corporate firewalls.

“Organizations are prioritizing the need for a more modern and mobile-first endpoint and application management approach,” Omdia analyst Adam Holtby says.

In the past, many organizations used separate endpoint management tools to manage PCs and mobile devices. UEM solutions enable organizations to streamline the management of desktop computers, laptops, tablets, smartphones and even wearables and other connected devices, Holtby says.

While mobile device management and mobile application management are core UEM features, some vendors are beefing up their solutions with enhanced security ­features, such as data leakage prevention controls, and new capabilities including analytics, automation and improved employee experiences, he says.

READ MORE: Learn why UEM tools are essential for helping utilities manage and secure assets.

How to Simplify Device Provisioning

Spectrum Brands, which is behind well-known brands such as Black+Decker appliances, Iams pet foods and Black Flag pest control, upgraded to a new cloud-based UEM solution in early 2020 when executives tasked the IT department with an urgent project to provision laptops to 300 employees in 16 countries on short notice.

Watson and his four-person team quickly deployed Microsoft Intune for device and application management and Azure Active Directory for identity and access management. The IT staff, which had been testing Intune and Azure AD as part of a broader cloud effort, demonstrated the technology to senior executives, who were impressed that laptops self-provisioned in 30 minutes over the cloud. They greenlit the project.

“Their minds were blown, and they asked why we didn’t do this before. The necessity of it drove the innovation,” Watson says.

The IT staff provisioned laptops to the 300 employees in six weeks, making the deadline with three weeks to spare.


Shortly after that, the COVID-19 pandemic arrived and office workers went remote, but Spectrum Brands had no trouble continuing to onboard new employees, including 200 staffers from company acquisitions. Today, most office workers, including new hires, work remotely, so zero-touch provisioning is critical, Watson says.

The company uses Windows Autopilot, a cloud service that enrolls new laptops to Spectrum Brands’ Azure AD and Intune instances. When users authenticate through Azure AD, Intune automatically installs the applications, anti-virus software, and settings and policies each user is approved for.

“We can literally ship a device from the factory or from our partner CDW. The user opens it up, and it’s ready to go,” Watson says.

Overall, the cloud-based solution saves money and simplifies IT management. The IT department no longer uses a dozen different systems to manage devices, such as separate encryption, password and patch management tools.

“Now it’s one self-contained solution,” he says. “Things have completely changed for the better.”

Leveraging Automation to Monitor Devices

SouthStar Bank, which has 15 branches across Central Texas, uses a mix of on-premises and cloud-based Ivanti tools to manage its devices and its help desk.

The IT department has deployed Ivanti Endpoint Manager in-house to configure desktops, laptops and tablets and update software for SouthStar’s 200 employees.

Two years ago, the bank adopted the cloud-based Ivanti Neurons “automation bots” solution, which uses machine learning and artificial intelligence to monitor devices. It identifies performance, security and compliance issues and remediates them automatically, says SouthStar IT specialist Jesse Miller.

For example, if the technology detects that a computer has low disk space, it automatically discards temporary and other unnecessary files to free up space and ensure the device has no performance or stability issues.

The technology improves the employee experience and saves IT staff time, Miller says.

“It proactively resolves the small issues, which gives us the time to handle the bigger, more important stuff,” he says.

WATCH: See how cloud-based management can help facilitate better remote collaboration.

How Cloud-Based Solutions Can Ease Remote Management

When the more than 500 employees of ECRI switched to working virtually because of COVID-19, leaders at the nonprofit organization began researching ways to better manage its laptop computers and mobile devices that were suddenly remote.

ECRI, based in Plymouth Meeting, Pa., has offices in Malaysia, the U.K. and the United Arab Emirates and focuses on improving the safety, quality and cost-effectiveness of healthcare. Its experts conduct independent research and provide guidance on new medical equipment, procedures and health ­policy issues.

Before 2020, the organization used multiple device management and security tools, including Jamf for a small group of Apple MacBooks and iPhones and Microsoft’s System Center Configuration Manager to manage Dell laptops on-premises.

“The challenge was that we were no longer on-premises,” says Stephen Pearl, who joined ECRI as executive director of technology operations in April 2020. “It was time to streamline endpoint management and mobile device security under a single pane of glass.”

SCCM does a good job, but it requires employees to connect to on-premises servers to update their laptops. With staff increasingly using cloud apps such as Microsoft 365 and Teams, “people had less reason to jump on the VPN on any given day to get updates pushed to them,” Pearl says.

To improve management, Pearl and his eight-person team tested different UEM solutions. In fall 2020, they standardized on Microsoft Intune, Azure AD, Windows Autopilot and Microsoft Defender endpoint security software, all part of the Microsoft Endpoint Manager cloud ecosystem.

“We now have real-time visibility from the cloud and can see everything about each laptop: applications they use and whether we can improve compliance,” Pearl says. “We can see every security event and can detect potential threats before they get out of control, and it’s all on the same dashboard.”

The nonprofit is upgrading users to new Microsoft Surface Pro laptops in phases, and as the IT staff rolls them out, the devices are configured with zero-touch provisioning, he says.

ECRI also plans to manage workers’ own devices this year. Some employees want to use their personal smartphones for work, so through Intune, the IT staff can isolate work data in an encrypted, secure container that’s separate from personal data, he says.

Managing personal devices is sensitive because of “perception issues,” Pearl says, but he hopes to enroll about 100 employees who want to use their personal smartphones for work.

ECRI, like many organizations, will support a hybrid work environment, with a mix of onsite and remote employees for the long term. “We will never go back to an everybody-in-the-office world, so we need to be ready to support any user anywhere,” Pearl says. “With this new infrastructure, we have simplified our ability to support users as they need it, when they need it, whether they are home, at the airport or in the office.”

Photography By Darren Hauck

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT