Fully Automated
Intune Deployment
22 steps. One config file. Zero manual work. The Platform Factory provisions a production-ready M365 tenant automatically — including security baselines, Autopilot, app deployment and CI/CD-powered drift detection.
Platform Capabilities
Autopilot Deployment
Zero-touch enrolment via Windows Autopilot — unbox, sign in, done.
Security Baselines
BitLocker XTS-AES 256, Defender + ASR rules, firewall baseline and Windows LAPS from day one.
Drift Detection
Daily comparison of all Intune policies against templates — deviations reported immediately.
Update Management
Quality +7 days, feature +60 days. No device outside the approved version window.
Compliance Policies
Automatic blocking of non-compliant devices. Conditional Access enforces it — no bypass.
WHfB Cloud Trust
Windows Hello for Business without PKI. Passwordless access for all managed endpoints.
Architecture: bootstrap orchestrates — modules deliver
bootstrap.ps1 is a pure orchestrator. All configuration values come from tenant.json — no hardcoded values in modules. Policy templates use {{Placeholder}} substitution at runtime.
Reference Project
320 devices. 5 sites. Unified management.
Logistics company with uncontrolled Teams sprawl and unmanaged endpoints — Modern Workplace transformation via Intune standardised device management and migrated 28 file shares.
Deployment Pipeline · 22 Steps
Tenant Foundation
- →Break-glass account + Global Admin role
- →6 Entra ID groups (dynamic + assigned)
- →MDM scope validation
Security Stack
- →BitLocker XTS-AES 256, Defender baseline, ASR rules
- →Firewall baseline (all profiles), Credential Guard
- →LAPS — local admin password rotation
Autopilot & Enrolment
- →User-driven deployment profile (AP-%RAND:6%)
- →Pre-provisioning (White Glove) enabled
- →Enrolment Status Page — 90 min timeout
App Deployment
- →M365 Apps Enterprise — 64-bit, Monthly Channel
- →Teams + Edge via WinGet (no Store for Business)
- →Company Portal — self-service catalogue
Identity & Access
- →3 Conditional Access policies (report-only until test OK)
- →Windows Hello for Business Cloud Trust
- →Compliance policy — block on violation
CI/CD & Drift Detection
- →GitHub Actions + Azure DevOps pipelines included
- →Daily drift check at 06:00 UTC
- →All outputs archived as artefacts (90 days)
Fixed price · Fully automated · Rollback-capable
30 minutes. Real answers.
No pitch decks. No discovery questionnaires. A direct conversation about your M365 environment, your biggest challenges, and whether there's a fit.
- →Free, no-obligation 30-minute call
- →Direct with Gordon — no sales team
- →Structured to deliver value regardless of outcome
- →Response within one business day
- →GDPR / DSGVO compliant data handling