The Customer
GCH Hotel Group is a leading hotel management company in Europe with over 120 hotels in Germany, Belgium, and Austria. The company is headquartered in Berlin, Germany and has a portfolio of hotels marketed under the brands of well-known franchise companies such as AccorHotels, IHG, Radisson Hotel Group, Wyndham Hotels & Resorts, Hilton, and Best Western. The company’s success is built on strong strategic partnerships, highly qualified personnel, and long-term experience, and they have a goal of continuing to expand their portfolio.
The Challenge
GCH wished to refresh their aging laptops managed through on-premises Active Directory and Group Policies, but lacked the ability to manage laptops that were not on the company network. They also sought a streamlined system for building/imaging laptops and shipping them directly to end-users without additional configurations.
GCH also required a robust and secure mobile device management solution for their corporate mobile phones. Integrating modern desktop/mobile management with their on-premises Active Directory posed another challenge. They had approximately 80 exiting Windows 10 devices and a further 140 which they intended to purchase new. Additionally, they had approximately 200 corporate mobile phones, which were managed using a 3rd party tool which had the capability to only whitelist or blacklist apps.
To address these issues, GCH approached Transputec, a trusted partner known for delivering high-quality services.
What Transputec Did
Transputec proposed a comprehensive solution to address GCH’s challenges by leveraging the capabilities of Microsoft 365. GCH utilised Azure Active Directory (AAD) for Identity & Access Management and Microsoft Endpoint Manager, known as Intune, for Unified Endpoint Management. Intune offered end-to-end lifecycle management for laptops and mobile phones, including imaging, software deployment, patch management, compliance, and security policies.
For laptop management, we employed Microsoft Intune’s modern desktop management, specifically leveraging the Windows Autopilot service. This allowed for efficient imaging of new laptops, seamless integration with both Azure Active Directory and on-premises Active Directory, and enrolment into Intune for ongoing lifecycle management.
For mobile phone management, we implemented Mobile Device Management (MDM) using Intune. Android phones were fully managed user devices, making use of Android Enterprise for enrolment, compliance, application distribution, configurations, restrictions, and security.
The solution required the implementation of Azure Active Directory (AAD) for IAM, which was synchronised with the on-premises Active Directory using an AD Connect server. This integration enabled features such as self-service password reset (SSPR), multi-factor authentication (MFA), single sign-on (SSO), and Conditional Access (CA) for enhanced security.
The deployment process involved uplifting GCH’s 365 licenses to Microsoft 365 Business Premium, setting up their Azure Active Directory tenant, synchronising it with the on-premises Active Directory, and implementing various security aspects.
Transputec manually extracted hardware hashes for existing laptops and uploaded them into Intune to prepare for Autopilot deployment. We customised the OS image, packaged and deployed standard applications, and implemented compliance, security, patching, and configuration policies within Intune.
For Android phones, we implemented enrolment methods for both corporate-owned fully managed user devices and personally owned devices with work profiles, ensuring security, compliance, app deployment, device configuration, and restriction policies were in place. Additionally, we implemented the ‘Mobile Application Management without Enrolment (MAM-WE)’ method for Apple iPhones, focusing on security and compliance.
Lastly Transputec conducted thorough testing to ensure a successful implementation and provided comprehensive documentation, including user guides and admin guides, to assist with the transition and ongoing support. We also conducted knowledge transfer sessions with GCH’s internal IT team, ensuring they were well-equipped to handle the technology changes and provide support.
The Outcome
Transputec solution enabled a faster and more efficient process for device deployment and management. This resulted in improved security management by ensuring systems remained up to date with minimal disruption to end users.
GCH emphasised from the start that the project timeline would be influenced by the ongoing BAU activities of their technical team which took precedence over the project timelines. The project commenced in March 2022, and the End User Computing (EUC) aspect was successfully completed by September 2022. The Mobile Device Management (MDM) project ran concurrently, starting in August and concluding in November 2022
Transputec implemented a Windows 10 Autopilot service, allowing laptops to be imaged and managed over the internet. Microsoft Endpoint Manager (Intune) was utilised to implement Mobile Device Management (MDM) for corporate mobile phones.
Our expertise in the Microsoft Modern Workplace area and lessons learned from previous deployments ensured a tried and tested solution for GCH.
Throughout the project, Transputec emphasised collaboration, enabling GCH’s internal resource teams to familiarise themselves with the technology changes and develop the capability to support them. Timelines for the work delivery were carefully planned to accommodate the business-as-usual activities of the internal GCH teams.
Relationship with Transputec
“The project had its challenges including delivery alongside BAU services that continued to require attention and servicing. However, Transputec delivered on the solution and the key resources were committed and supportive throughout the process. We are very satisfied with the outcome of the project and would happily work in future with Transputec on further projects.”
Bernd Mauritz – Vice President IT & Systems
GCH Hotel Group
May 2023
