Case Study BLS
BLS connects – With this slogan, BLS carries over 63 million passengers by train, bus or boat, connecting people, regions and places. The extended core business also includes freight transport. This makes BLS one of the largest transport companies in Switzerland.
Customer orientation is a top priority for the company. At the same time, the company aims to be an attractive employer for its more than 3’700 employees. A modern and safe workplace is an essential requirement for this.
Initial situation
Years ago, BLS decided to digitize its processes to optimize its workflow. The approximately 2,000 mobile devices have become indispensable to the locomotive cab, mobile maintenance, and shipping fields. Depending on the area of expertise, tablets or smartphones are used. The wide range of business devices is also complemented by 2,800 private devices belonging to BLS employees. By migrating essential IT services to Microsoft 365, all employees can now work independently of location and device. BLS provides its employees with a modern and mobile workplace.
Microsoft Intune has been in use at the company for a long time. Before the project, all devices were set up as “personal devices with work profiles” combined with the Knox Configure Tool. This setup worked wonderfully, but with the release of the latest Android versions, more and more features were removed for administrators to increase user privacy. As a result, this approach can no longer extract serial numbers since Android 12, which means that company and private devices can no longer be distinguished from each other.
Years ago, BLS decided to digitize its processes to optimize its workflow. The approximately 2,000 mobile devices have become indispensable to the locomotive cab, mobile maintenance, and shipping fields. Depending on the area of expertise, tablets or smartphones are used. The wide range of business devices is also complemented by 2,800 private devices belonging to BLS employees. By migrating essential IT services to Microsoft 365, all employees can now work independently of location and device. BLS provides its employees with a modern and mobile workplace.
Microsoft Intune has been in use at the company for a long time. Before the project, all devices were set up as “personal devices with work profiles” combined with the Knox Configure Tool. This setup worked wonderfully, but with the release of the latest Android versions, more and more features were removed for administrators to increase user privacy. As a result, this approach can no longer extract serial numbers since Android 12, which means that company and private devices can no longer be distinguished from each other.
The Vision
In 2022, all BLS business devices were replaced as part of the device lifecycle. The baseVISION specialist examined the current mobile setup during a workshop at the beginning of the year. A proposal was developed on how to renew the BLS mobile setup, with a focus on the following points:
- Simplification of the enrollment process: The process should be as simple as possible for the end user. As soon as a device is unpacked, it should automatically connect to the systems of the BLS systems.
- Security: The solution should be safe and therefore meet all security requirements of the BLS.
- Long-term: The solution should continue to provide BLS with a reliable basis for its mobile device setup in the future.
- Update Management: KNOX E-FOTA is to be part of the new approach so that the BLS is able to manage and roll out updates to its equipment in a granular way.
«BLS AG is convinced that collaborating with baseVISION AG four years ago during the first steps towards Microsoft Intune was the right decision. The work was thorough and sustainable, which built a strong relationship of trust. Many ideas from baseVISION AG have already had a positive impact on the current MDM configuration. In the future, BLS AG will continue to rely on the comprehensive knowledge and technical skills of baseVISION’s employees.»
Michael Gribi, Mobile Engineer BLS AG
The Vision
In 2022, all BLS business devices were replaced as part of the device lifecycle. The baseVISION specialist examined the current mobile setup during a workshop at the beginning of the year. A proposal was developed on how to renew the BLS mobile setup, with a focus on the following points:
- Simplification of the enrollment process: The process should be as simple as possible for the end user. As soon as a device is unpacked, it should automatically connect to the systems of the BLS systems.
- Security: The solution should be safe and therefore meet all security requirements of the BLS.
- Long-term: The solution should continue to provide BLS with a reliable basis for its mobile device setup in the future.
- Update Management: KNOX E-FOTA is to be part of the new approach so that the BLS is able to manage and roll out updates to its equipment in a granular way.
«BLS AG is convinced that collaborating with baseVISION AG four years ago during the first steps towards Microsoft Intune was the right decision. The work was thorough and sustainable, which built a strong relationship of trust. Many ideas from baseVISION AG have already had a positive impact on the current MDM configuration. In the future, BLS AG will continue to rely on the comprehensive knowledge and technical skills of baseVISION’s employees.»
Michael Gribi, Mobile Engineer BLS AG
The Transformation
Preparation
The partner registers the purchased Samsung devices in the BLS Samsung Knox environment, where the devices are assigned their respective configurations.
Enrollment
BLS employees unpack the device and turn it on. After starting, the device is automatically enrolled in the Microsoft Intune environment of the BLS using “KNOX Mobile Enrollment”. Additionally, users are prompted to authenticate with their Azure AD credentials during the setup.
Update Management
After completing the out-of-the-box experience, the device is automatically registered in the KNOX E-FOTA solution. The device is then assigned to the respective update campaign, which determines when and under what conditions Android updates are installed.
Finalisation & Setup
Now, employees have unrestricted access to the device. The user experience is designed to be as simple as possible: many app settings are pre-configured, and end-users do not need to worry about setting up the apps. This was achieved thanks to the KNOX Service Plugin and various app configuration settings. The specific configuration that needs to be set up is described in a detailed guide that supports users throughout the entire process.
Preparation
The partner registers the purchased Samsung devices in the BLS Samsung Knox environment, where the devices are assigned their respective configurations.
Enrollment
BLS employees unpack the device and turn it on. After starting, the device is automatically enrolled in the Microsoft Intune environment of the BLS using “KNOX Mobile Enrollment”. Additionally, users are prompted to authenticate with their Azure AD credentials during the setup.
Update Management
After completing the out-of-the-box experience, the device is automatically registered in the KNOX E-FOTA solution. The device is then assigned to the respective update campaign, which determines when and under what conditions Android updates are installed.
Finalisation & Setup
Now, employees have unrestricted access to the device. The user experience is designed to be as simple as possible: many app settings are pre-configured, and end-users do not need to worry about setting up the apps. This was achieved thanks to the KNOX Service Plugin and various app configuration settings. The specific configuration that needs to be set up is described in a detailed guide that supports users throughout the entire process.
«baseVISION’s long-term cooperation with its customers shows that it has understood the Microsoft philosophy and optimally aligns its services with Microsoft technologies. The services can therefore be adapted and used effectively by customers in the long term»
Daniel von Büren, Technical Specialist for Security & Compliance, Microsoft
Most beneficial Microsoft technologies used
- Azure AD
- Microsoft Intune
- Microsoft 365