Modern Workplace
New devices that simply work on day one
We set up your Windows devices, laptops and phones so people can unbox them, sign in and start working right away, no IT appointment needed. Everything is managed centrally through Microsoft Intune and secured to Swiss data protection. Honestly: the technology is only half the job, the rest is a clean rollout.
The challenge
Devices cost time before they create value
Every new laptop means hours of manual setup, every lost phone is a data risk, and nobody quite knows which device is on which state. In an SME without a large IT team, this lands on a few individuals, or it simply doesn't get done. Updates slip, and old devices leave the building without proper offboarding.
How it helps
What changes in your day to day.
Unbox instead of set up
With Windows Autopilot a new device configures itself on first boot. People sign in with their account and find apps, settings and printers already in place, with no one needing to visit.
Updates run in the background
Windows and app updates are rolled out and monitored automatically via Autopatch. Security gaps close without anyone having to remember or interrupt their work.
Only secure devices get in
Compliance policies continuously check whether a device is encrypted, up to date and protected. If it falls short, Conditional Access blocks access to company data until it is compliant again.
Bring personal devices in without intruding
On private phones (BYOD) we protect only the company area via app management (MAM). On exit we selectively wipe business data, while the employee's photos and private content stay untouched.
Loss is no longer an emergency
If a device goes missing, we lock or wipe it remotely, fully or just the company container. Data is gone before it becomes a problem.
What's included
What we deliver.
Zero-touch provisioning
Setup via Microsoft Intune and Windows Autopilot so devices are ready without manual installation, including predefined apps and settings.
Security baseline
Enabled by default: BitLocker encryption, Secure Boot, firewall, antivirus and a password requirement of at least 14 characters, tuned to SME reality.
Compliance and Conditional Access
Policies check every device (validity typically 30 days) and govern access: notify, lock or reset, depending on status.
Defender for Business
Threat detection and response directly on the device, integrated into the central view, with no separate console for day-to-day work.
Mobile and BYOD management
Management of company and personal devices via MDM and MAM, with a clear separation between full device management and protecting only the company container.
Lifecycle to retirement
A clean process from first boot through Windows 11 to offboarding, including selective or full wipe on device return or departure.
Outcomes
FAQ
Frequently asked questions
Does our device data stay in Switzerland?
Management runs on Microsoft 365 with data residency in Switzerland or the EU, aligned with revDSG and GDPR. We configure storage location and policies so your data protection requirements are demonstrably met.
Do we need our own server for this?
No. We deliberately favour cloud-native Entra join over hybrid, unless legacy systems genuinely require otherwise. That removes a local server, lowers cost and noticeably simplifies operations.
Which licence do we need?
For most SMEs Microsoft 365 Business Premium is the right basis, it includes Intune (Plan 1) and Defender for Business. We tell you upfront and transparently what you actually need, rather than selling more than necessary.
What happens to a personal phone when someone leaves?
With BYOD we manage only the company area via app management. On exit we selectively wipe business data, while everything private to the employee stays intact and untouched.
More building blocks
The modern workplace, end to end.
Ready for the next step?
Let's talk about your workplace.
Whether it's migrating to Microsoft 365, zero-trust security or a Copilot rollout — together we'll find the right path.