Case Study SVA-Aargau
Case Study SVA-Aargau
Introduction
SVA Aargau, the public institution responsible for key social insurance services in the Canton of Aargau, modernized its endpoint management with a fully cloud-based platform.
By implementing Microsoft Intune, CIS-based hardening, and Microsoft Defender for Endpoint, the organization strengthened security, streamlined device management, and increased operational transparency. Automated processes now reduce administrative effort and accelerate deployments. The result is a scalable, secure, and future-ready digital workplace that supports SVA Aargau’s ongoing growth and digital transformation.
Initial situation: End of the existing client lifecycle
SVA Aargau’s IT infrastructure is entering an exciting phase of transformation. Until now, the organization has relied on Empirum for software distribution, while Microsoft Intune has not yet been part of its system landscape. However, the current client lifecycle is reaching its end, and a complete restart is planned for March 2025. This upcoming reset provides SVA Aargau with the opportunity to rethink its IT environment from the ground up. It is the perfect moment to integrate innovative, cloud-based technologies and elevate the digital workplace to the next level. The result will be a modern, high-performing, and secure IT infrastructure, one that not only meets today’s requirements but is also well prepared for future challenges.
The Vision: Greenfield Approach
Using a greenfield approach, the goal was to build a modern, secure, and fully cloud-based platform for Windows management. The objective was to complete the full enablement phase by the end of February, establishing the foundation for a future-ready client infrastructure.
Software packages were planned to be delivered via Empirum, while the Matrix agent would be deployed through Intune. A key element of the project was also the enablement of Intune itself, ensuring unified and secure management of all endpoints.
In addition, system hardening based on CIS benchmarks was planned to meet the highest security and compliance standards. The integration of Microsoft Defender for Endpoint was included to provide comprehensive protection against threats. Another important part of the security strategy was the introduction of Windows Hello for Business, replacing traditional password-based authentication with a modern multi-factor solution.
The combination of biometric authentication and PIN improved user experience while significantly strengthening security. The overall objective was to create a platform that is not only flexible and efficient, but also meets the highest standards of security and stability. With this strategic approach, SVA Aargau aimed to lay the foundation for a modern workplace environment that simplifies processes, accelerates digital transformation, and strengthens the organization sustainably.
The Transformation: Transforming Hybrid IT into a Secure, Compliant, and Agile Environment
The modernization was implemented in several clearly defined phases to ensure a structured and successful transformation.
Workshop
The project began with interactive workshops covering Microsoft Intune, passwordless authentication, and certificate and update management. Together with the customer, requirements were analyzed and initial solution approaches were developed.
The workshops supported knowledge transfer, shared best practices, and addressed individual questions. They also provided an ideal platform to actively involve participants in the transformation process and establish a shared understanding of the project objectives. Through hands-on demonstrations and direct exchange, the sessions not only conveyed technical details but also enabled discussion of concrete use cases. These workshops laid the foundation for a successful implementation and the sustainable evolution of the new IT platform.
Concept Phase
Based on the outcomes of the workshops, a comprehensive concept for modernizing the client lifecycle was developed. The focus was on introducing Microsoft Intune, integrating Windows Hello for Business, implementing a modern certificate deployment, and establishing an efficient, future-oriented update management approach based on Windows Autopatch.
Special emphasis was placed on designing a secure, cloud-based platform tailored to the specific requirements of SVA Aargau.
Technical Implementation
The implementation was carried out in close collaboration with the customer. Microsoft Intune was configured according to the agreed concept, and the planned security and management solutions were integrated.
This joint approach enabled the direct transfer of know-how and best practices. Open communication and the strong commitment of all stakeholders contributed significantly to the project’s success. In addition, a structured handover ensured sustainable operations. Training sessions and documentation empowered the customer to manage the solutions independently. Continuous alignment throughout the project ensured that individual requirements were fully addressed. The result is a modern, scalable, and secure platform that provides a solid foundation for future enhancements.
Testing and Deployment
After the implementation was completed, extensive testing was carried out to ensure the functionality and security of the new environment. The deployment followed a phased approach: pilot users were onboarded first, and their feedback was used for fine-tuning before rolling out the solution company-wide. Feedback from the pilot users was essential in aligning the new devices with users’ daily needs and workflows. This ensured that the new platform meets both technical requirements and practical business needs.
SVA Aargau is an independent public-law institution of the Canton of Aargau. On behalf of the federal and cantonal authorities, it administers all first-pillar social insurance schemes, including the cantonal compensation office, the family compensation fund, disability insurance, and the regional medical service. Its core services include old-age and survivors’ insurance (AHV), disability insurance (IV), supplementary benefits, income compensation, as well as maternity and paternity benefits. In addition, SVA Aargau provides caregiving allowances, family benefits, premium subsidies, and bridging benefits for older unemployed individuals. The organization’s vision is to become a leading provider of social security solutions across Switzerland. To achieve this, it focuses on digital processes, personal advisory services, and sustainable development.