Case Study Feintool
Feintool is an international technology and market leader in electric sheet metal stamping, fine blanking and forming for the production of high-quality precision parts. These technologies are characterized by economy, quality and productivity. With its innovative approach, Feintool is constantly expanding the limits of these technologies and developing intelligent solutions, innovative tools and state-of the-art manufacturing processes for sheet steel in large quantities for automotive and industrial applications as well as for renewable energies. Its processes support the megatrends of green energy generation, storage and application. Founded in 1959 and headquartered in Switzerland, the company has 17 production sites in Europe, the USA, China and Japan. Some 3,300 employees and 100 apprentices work on new solutions worldwide. Feintool, which is listed on the stock exchange, is majority-owned by the Artemis Group.
The situation before baseVISION: Inflexible environment
The Feintool Group operates in the industrial sector and is faced with the challenge of integrating new technologies with numerous technical requirements. Feintool had been using a Configuration Manager (ConfigMgr) environment for some time. However, with the advent of Windows 11, the company decided to take a greenfield approach, moving from a conventional IT setup to a more dynamic and adaptable framework.
The reliance on localised directories, network infrastructure and other associated constraints created complexities when plannng a new workplace setup. As a result, the company made a strategic decision to centralise device management through the exclusive use of Entra ID and Microsoft Intune. However, it was first necessary to assess the potential impact of this transition on the existing IT landscape and operational processes.
Feintool’s main challenges included:
- Inefficient traditional workplace management with ConfigMgr
- Using manual procedures for endpoint management, resulting in complexity throughout the endpoint lifecycle.
- Dependence on localised Active Directory and network infrastructure.
- Windows 10 and the need to upgrade to Windows 11
- Imbalance between security and usability due to the lack of Windows Hello for Business.
- Increased endpoint security requirements
The Vision: Increased endpoint security requirements
The Feintool Group’s vision encompassed the creation of a robust and secure platform for its employees. Through a greenfield approach, the company aimed to construct a standardized workplace that would enable end-users to seamlessly carry out their daily tasks. This overarching vision also included the following key objectives:
Empowering IT with Cutting-Edge Services: By embracing the latest endpoint and security solutions offered by Microsoft, Feintool sought to equip its IT infrastructure with advanced tools and services.
Implementing Entra ID Joined Devices: The vision entailed introducing devices exclusively joined to Entra ID while ensuring seamless access to local resources and the existing environment.
Enhancing Security through Microsoft Security Configuration Framework: Feintool aimed to bolster its security measures by adopting the Microsoft Security Configuration Framework, thereby fortifying its defense against potential threats.
Endpoint Protection and Attack Mitigation: To heighten endpoint security with Microsoft Defender for Endpoint, the company aimed to minimize attack vectors, adopt a password-less approach, and proactively prevent pass-the-hash and lateral-traversal attacks.
- Automating Update Processes: The vision emphasized the automation of update processes, thereby optimizing performance and reliability, and concurrently reducing the need for manual intervention.
Empowering IT with Cutting-Edge Services: By embracing the latest endpoint and security solutions offered by Microsoft, Feintool sought to equip its IT infrastructure with advanced tools and services.
Implementing Entra ID Joined Devices: The vision entailed introducing devices exclusively joined to Entra ID while ensuring seamless access to local resources and the existing environment.
Enhancing Security through Microsoft Security Configuration Framework: Feintool aimed to bolster its security measures by adopting the Microsoft Security Configuration Framework, thereby fortifying its defense against potential threats.
Endpoint Protection and Attack Mitigation: To heighten endpoint security with Microsoft Defender for Endpoint, the company aimed to minimize attack vectors, adopt a password-less approach, and proactively prevent pass-the-hash and lateral-traversal attacks.
- Automating Update Processes: The vision emphasized the automation of update processes, thereby optimizing performance and reliability, and concurrently reducing the need for manual intervention.
Feintool’s comprehensive vision underscored its commitment to cultivating an environment that prioritized both security and operational efficiency, while harnessing the latest advancements in technology to drive its objectives forward.
Our Solution
Concept phase
In the initial stage, a workshop was held to define the vision and outline a corresponding roadmap. The guiding principle was to create a flexible, secure and modern workplace in line with Feintool‘s overall vision. This phase included the selection of Microsoft technologies that would drive the company‘s future initiatives.
Implementation
The move to modern endpoint management provided an opportunity to revamp the environment, making it automated, adaptable and user-friendly. This underlined the advantages of Feintool‘s perspective in adopting a pure Intune managed solution.
Proof of Cencept
The proof-of-concept phase involved rigorous testing of the device lifecycle, with adaptations tailored to Feintool‘s specific requirements.
Further projects
Furthermore, recognising the performance and age limitations of the existing Citrix infrastructure, Feintool began implementing Azure Virtual Desktop (AVD) via a Proof of Concept (PoC). The goal was to achieve a high degree of automation, with baseVISION‘s expertise facilitating the successful establishment of the AVD environment through the use of Azure Image Builder.
Outlook
Following the successful completion of the proof of concept at the end of 2022, the roadmap foresees the rollout of Azure Virtual Desktop (AVD) across the entire Feintool environment in Q2 2023. The overall goal is to structure the entire AVD environment, including the network, using an Infrastructure as Code (IaC) template. This approach accelerates the resolution of misconfigurations and the automated documentation of changes. Endpoint Manager (Intune) is used to deploy applications and configurations to AVD machines.
With FSLogix, each user will have personalised profiles and data that can be accessed across virtual machines.
Concept phase
In the initial stage, a workshop was held to define the vision and outline a corresponding roadmap. The guiding principle was to create a flexible, secure and modern workplace in line with Feintool‘s overall vision. This phase included the selection of Microsoft technologies that would drive the company‘s future initiatives.
Implementation
The move to modern endpoint management provided an opportunity to revamp the environment, making it automated, adaptable and user-friendly. This underlined the advantages of Feintool‘s perspective in adopting a pure Intune managed solution.
Proof of Concept
The proof-of-concept phase involved rigorous testing of the device lifecycle, with adaptations tailored to Feintool‘s specific requirements.
Further projects
Furthermore, recognising the performance and age limitations of the existing Citrix infrastructure, Feintool began implementing Azure Virtual Desktop (AVD) via a Proof of Concept (PoC). The goal was to achieve a high degree of automation, with baseVISION‘s expertise facilitating the successful establishment of the AVD environment through the use of Azure Image Builder.
Outlook
Following the successful completion of the proof of concept at the end of 2022, the roadmap foresees the rollout of Azure Virtual Desktop (AVD) across the entire Feintool environment in Q2 2023. The overall goal is to structure the entire AVD environment, including the network, using an Infrastructure as Code (IaC) template. This approach accelerates the resolution of misconfigurations and the automated documentation of changes. Endpoint Manager(Intune) is used to deploy applications and configurations to AVD machines. With FSLogix, each user will have personalised profiles and data that can be accessed across virtual machines.
«We were very satisfied with the company’s services and results. The interaction with the engineers is conducted on an equal level and one can clearly perceive the team’s extensive experience and broad knowledge. Each question or challenge is answered or resolved promptly and competently. We feel completely well cared for. As a manufacturing company, the transformation from traditional endpoint management with ConfigMgr to Intune and Autopilot was an exciting project for us. During the course of the project, all uncertainties were dispelled. Thanks to our collaboration with baseVISION, we have been able to create a modern workplace with the latest Microsoft technologies. Due to the short project duration, we will soon be able to test the new Windows 11 client in remote locations.»
Michael Heinrich, IT Solution Engineer Cloud, Feintool Group
Most beneficial Microsoft technologies used
- Microsoft Intune
- Windows Autopilot
- Microsoft Security Baselines
- Windows Hello for Business
- Windows LAPS
- Intune Certificate Connector
- Azure Virtual Desktop
- Azure Image Builder
- Defender for Endpoint