Standardize device management globally with Intune. Supporting Fujitsu's company-wide DX for flexible work by improving security and UX.

"Migration from on-premises Microsoft Office to Microsoft 365 in the cloud led to the adoption of Intune," Mr. Tanomo Haga, who is also a manager of the End User Services Division in the Digital Systems Platform Unit, reflects on the adoption process.

"Users expressed the need to expand the tasks that can be performed with mobile devices beyond just email. By introducing the Microsoft 365 mobile app and the Intune app protection policy, we can safely create the same environment on mobile devices as we do on desktops. To provide a user-friendly environment, Intune, which is highly compatible with Microsoft 365, was required to centrally manage users, mobile devices, and mobile apps."

Enhanced security and user-experience with the introduction of Microsoft Entra and Intune

When deploying Intune to enable work on mobile devices, Fujitsu worked with the Intune product development team at Microsoft's U.S. headquarters to identify potential risks and scenarios during operation, and determined how to address potential issues by using the features provided by Microsoft Entra and Intune.”

Haga explained, “We were able to confirm that if a device is lost, multi-factor authentication ensures that the device is accessed by the correct user and not by a third party. The device itself also has a device lock function, as well as security features like multi-layered protection and authentication when launching the Microsoft 365 mobile app.”

Haga comments further on security, user-experience, and ease of operation. “The integration between Microsoft Entra and Intune allows users to launch the Microsoft 365 mobile app, perform a single authentication, and then switch to other apps such as Microsoft Outlook, Microsoft Teams, and Microsoft PowerPoint without having to authenticate for each individual application used without having to authenticate for each individual application used.”

"In addition, the ability to integrate and manage various platforms, including Android and iOS, simplifies management. We also have a BYOD (bring your own device) policy for employees, and Intune's ability to separate personal and business data on personal devices is very useful," said Haga.

Two approaches to deploying Microsoft Intune in a PC environment

In 2018, Fujitsu completed the deployment of Intune on mobile devices in Japan.

Intune's global expansion is consistent with the direction of Fujitsu's DX project. The installation of Intune on PCs at domestic sites was almost completed in 2023. Deployment to PCs at overseas locations is being conducted while considering localization needs. Although, the company's overseas offices were the first to introduce Intune for PCs. "Our overseas offices deployed an on-premises device management solution, Microsoft Configuration Manager (hereinafter "Configuration Manager"), to manage PCs. The on-premises Active Directory and Configuration Manager policy settings allowed for a smooth transition to co-management (PC management with Intune and Configuration Manager)," says Fukazawa.

The challenge was accommodating different requirements for different regions. Fukuzawa explained, “As regulations differ by country and some regions do not use Configuration Manager, we are working on updating our global policies and deploying region-specific apps as we deepen our understanding of regional requirements during the Discovery Phase,” said Fukuzawa.

Haga speaks about how the company used a variety of tools in the past to manage PCs at domestic offices. "Management had become more complex while the application of security policies grew more cumbersome. It was also more costly due to on-premises management. The introduction of Intune into the PC environment to solve these challenges was the next natural evolution after the mobile device environment."

There were two approaches for the deployment of Intune in the PC environment in Japan.

Fukuzawa explained “The Microsoft Entra Hybrid Join (formerly Azure Ad Hybrid Join) approach was used for existing PC’s in Japan’s on-premises Active Directory environment. New PC’s were put into use using Microsoft Entra Join (formerly Azure AD Join) approach. This method allowed expansion without the need to reset the operating system on existing PCs. The use of Microsoft Entra Join and Microsoft Entra Hybrid Join together has enabled Intune PC management for both new and existing PCs.”

Fukazawa also said that the company plans to switch from Microsoft Entra Hybrid Join PCs to Microsoft Entra Join as the lifecycle of Fujitsu's PCs evolve in the future.

Advanced security and automated kitting

Fujitsu has identified three key security enhancements enabled for its PCs resulting from the introduction of Intune.

The first is visibility into the status of its PCs. Haga commented, “One challenge in PC management, for example, is that administrators are unable to determine in a timely manner whether security policies are being appropriately applied. Intune makes it possible to view the status of managed PCs, including whether applications have been installed and whether devices are encrypted, all from a single management console. Understanding the current situation helps us to create the next action plan. This also allows the support desk to be more responsive,” said Haga.

The second enhancement is push-based application delivery. "Instead of users installing applications, Intune allows the administrator to determine a framework of applications that can be installed and pushed to the user. While eliminating the hassle of installation for users, it also helps solve shadow IT issues," said Fukazawa.

The third advantage is automated enforcement of security policies. "Until now, users had to configure their PCs according to security policies. This was an issue due to misconfigurations, omissions, and a lack of skills among employees to correctly configure the settings. Intune allows us to apply security policies automatically and vigorously, eliminating the time and effort required for configuration and security checks, thereby saving time for users. It removes the hassle for users, while providing security that does not rely on humans and ensures thorough security measures at the same time," said Fukazawa.

One of Intune's features, Windows Autopilot (hereinafter "Autopilot"), has shown great promise from an operational standpoint.

Autopilot is a cloud service that works with Microsoft Entra ID (hereinafter "Entra ID") and Intune to automate the initial setup of employee PCs, including security settings and application installation. The main point is that Autopilot can be utilized because Intune manages devices and Entra ID manages IDs and access.

"Intune allows existing PCs to remain in line with the company's specifications, needs, and security policies. When a new PC is deployed, Autopilot automatically configures it to company specifications, putting it under Intune's supervision. Although it is still in the preparation stage, automation will reduce the time and effort required for kitting. With this development, employees can start working immediately by simply turning on the power when working from home or on PCs distributed to remote locations, provided that there is a network environment," said Haga.

Smooth deployment with Microsoft's seamless global support

Device management is a new field with many new functions to learn, so it was difficult to independently gain sufficient knowledge to anticipate the future, according to Fukazawa. "The various suggestions from the Intune product development team made the implementation seamless. The expansion was also reinforced thanks to Microsoft Mission-Critical Support. The team has a deep understanding of Fujitsu's IT environment and challenges, which helped us resolve environmental dependencies and technical issues during the implementation of Intune."

Microsoft Mission-Critical Support is provided to Fujitsu by dedicated personnel in Japan and overseas. Haga commented, “Microsoft's seamless global support has improved the quality and speed of our information sharing both domestically and internationally. In addition to Intune, cross-organizational teams of dedicated personnel were created for Entra ID, Microsoft Azure, and other products, so we were able to accelerate the resolution of issues thanks to comprehensive support.”

Intune's global expansion is consistent with the direction of Fujitsu's DX project. The installation of Intune on PCs at domestic sites was almost completed in 2023. Deployment to PCs at overseas locations is being conducted while considering localization needs.

Enhancing user-experience and security with new Intune capabilities

Fukazawa comments on the future outlook as follows: "We would like to work with the Microsoft Development Department to introduce the latest Intune upgrades. For example, we are very interested in Microsoft Intune Suite, which extends Intune's capabilities further through features such as Endpoint Privilege Management (EPM)."

"Intune supports diverse work styles by promoting the use of data through secure devices, and contributes to the productivity of each employee," says Haga. "We want to pass on the know-how and knowledge gained through the deployment and operation of Intune to our customers, and help them promote DX and work-style reform."