Case Study NSNW

Case Study NSNW

Together with baseVISION, NSNW AG has implemented a modern, future-proof device management platform, fully based on Microsoft Intune. Security has been significantly enhanced through device hardening (STIG), seamless integration with Microsoft Defender for Endpoint, and secure connectivity via Microsoft Tunnel. Automation with Intune app configuration profiles simplifies onboarding and management, reduces manual effort, and accelerates rollouts. The result is a centralized management experience, improved compliance, and a scalable foundation for future growth. NSNW’s IT workplace is now modern, flexible, and secure, ready to meet tomorrow’s demands.

The situation before baseVISION

NSNW AG manages a fleet of approximately 500 mobile endpoints using MobileIron as the primary Mobile Device Management (MDM) platform. The device portfolio includes:

  • Android smartphones in COPE mode (Corporate-Owned, Personally Enabled) for a balance between corporate control and user flexibility
  • Kiosk devices designed for frontline operations
  • Fully managed Android tablets for specialized tasks

Secure access to corporate resources is provided through Ivanti Sentry, a per-app tunnel gateway that protects sensitive data and applications. Despite this foundation, the setup faced several challenges:

  • Manual onboarding process: Numerous enrolment steps such as staging, app assignment, and policy checks slowed down rollouts and consumed valuable IT resources
  • No device hardening: Endpoints lacked a standardized, enforced security baseline to reduce attack surfaces and strengthen compliance
  • Split management platforms: MobileIron for mobile devices and Microsoft Intune for Windows endpoints created administrative overhead, limited visibility, and inconsistent policy enforcement across the fleet
This fragmented approach impacted efficiency, scalability, and security posture, making it difficult for NSNW AG to maintain a streamlined and secure endpoint environment.
«We’ve unified two separate MDM platforms into a single, robust, and future-proof solution, delivering secure devices and connectivity while accelerating deployments through automation.»
Lucas MagoniSenior Endpoint Engineer at baseVISION AG

The Vision – Unified Device Management Plattform

The goal was to integrate the Android devices into Microsoft Intune and to create a cloud-based, unified device management platform for all device plattforms, enabling faster, automated rollouts and delivering hardened, secure endpoints. The solution also needed to support standard company devices and special use cases, maintain secure connectivity to on-premises services, and provide a future-proof MDM with streamlined enrollment.
Key elements of the solution:

  • Unified MDM platform based on Microsoft Intune
  • Faster setup through automation, app configuration policies, and Google Zero Touch
  • Integration of Microsoft Defender for Endpoint
  • Device hardening aligned with STIG benchmarks
  • Seamless, secure connection to on-premises resources and web apps

The Transformation

To turn the vision of a unified device management platform into reality, the project was structured into four key stages:

1.  Workshop

The first stage of the project began with a dedicated workshop designed to assess the current environment, uncover ongoing challenges, and explore potential improvements. This collaborative step was critical, it provided the insights and clarity needed to build a strong foundation and confidently move forward into the next phase.

2. Concept Phase 

Based on the workshop findings, a comprehensive concept for a future-proof Mobile Device Management platform was developed. One of our biggest technical challenges was enabling secure access to customer-specific applications and websites that required connectivity to on-premises resources, especially since the solution had to support more than just standard HTTP/HTTPS protocols. After evaluating several options, we found the perfect fit with Microsoft Tunnel. It delivered exactly the feature set we needed: seamless, secure connectivity across diverse protocols, while maintaining the highest standards of protection and performance.

3. Enablement

During enablement, Microsoft Intune was implemented according to the agreed concept and customer requirements. The most crucial step was achieving a fully automated onboarding process. We implemented Google Zero Touch to ensure devices were pre-enrolled and configured with minimal user interaction. With additional app configurations, covering all Microsoft solutions and customer-specific applications, the setup process became streamlined and efficient. The setup process also served as hands-on training for NSNW’s IT team, empowering them to manage the new platform effectively.

4. Testing and Deployment

After enablement, the solution was tested within the IT department, then rolled out to power users and finally to broader user groups. Feedback from these phases was used to fine-tune the platform, ensuring it met operational needs and delivered a seamless user experience. One key insight from this phase was that what feels seamless for an Intune administrator doesn’t always translate into a smooth experience for the end user. By actively engaging with the customers power users and incorporating their feedback, we were able to bridge that gap, delivering a setup that works flawlessly from both perspectives. The result? A new device experience that not only meets technical expectations but creates a genuine wow effect for the user.

«The successful implementation of the project by baseVISION represents a great added value for NSNW, as it reduces management effort while simultaneously saving costs.»
Project Manager, NSNW

Most beneficial Microsoft technologies used

  • Microsoft Intune
  • Microsoft Defender for Endpoint
  • Microsoft Tunnel
  • Microsoft Entra ID
Download Case Study (PDF)

Do you have similar challenges? Book a workshop with our experts.