Microsoft Tools in the Modern Workplace Concept

In today’s rapidly changing business environment, the concept of the modern workplace is evolving faster than ever before. The Modern Workplace is not just a physical office – it is a work environment that fosters innovation, collaboration, and flexibility. Modern IT tools enable teams to collaborate from anywhere in the world. Cloud computing allows for the secure storage and sharing of documents, increasing both efficiency and information accessibility. Flexible working hours and the freedom to work from anywhere allow employees to better manage their time and maintain a work-life balance.

The Microsoft solutions launched at GS1 Poland have simplified IT infrastructure management, enhanced system and data security, and delivered real savings in both time and money. For users and administrators, this translates into easier day-to-day work and greater satisfaction in using IT tools.

Microsoft Intune is a cloud-based endpoint management solution that enables administrators to securely and efficiently supervise devices, applications, identities, and access to users’ resources. It allows for the management of a wide range of devices running not only on Windows, but also on macOS, iOS/iPadOS, and Android operating systems.

Thanks to the Microsoft Intune solution implemented by All for One Poland, administrators at GS1 Poland gained a tool for monitoring of all endpoint devices – both stationary and mobile – in a single system. Microsoft Intune has become an integrator of several other tools (described below). This integration enables management of many aspects of the work environment control in a single central system. As a result, other single-purpose tools for monitoring security, updating or verifying the availability of devices are no longer necessary. Over time, this can have a measurable impact on reducing the costs of doing business.

Microsoft Intune enables the creation and management of security policies, as well as their monitoring in real time. Any incidents indicating non-compliance with these policies are immediately flagged in the console, allowing administrators to respond quickly and minimize potential risks. Devices connected to the system are continuously monitored to ensure they meet the requirements defined by the security policies. Such automation gives the organization a justified sense of increased security of its systems, while also reducing the need for manual effort – resulting in lower personnel costs and enabling staff to focus on other areas.

The integrated environment also eliminates the problem of incompatibility between systems from different vendors. Data security within the company has improved significantly. This applies both to implemented security policies, such as password length and complexity, and permissions of access to resources, or even data encryption.

Microsoft Intune has enabled the organization to transparently manage identities, which in turn allows for fast and flexible assignment of access to corporate resources. This directly translates into time savings and helps minimize the risk of unauthorized user access to resources they shouldn’t have access to. Group policies make it possible to precisely assign permissions to specific applications, resources, or data based on the user’s role within the organization.

One of the challenges faced by employees at GS1 Poland was the need to log in to multiple systems using different passwords. This issue was resolved with the implementation of Microsoft Entra ID, a cloud-based identity management service that enables access to both external resources (in this case, Microsoft 365 solutions) and internal ones (such as applications within the company’s intranet).

Employees can now securely log in to multiple systems using the same credentials. This functionality improves the standard and comfort of daily work, reducing the stress associated with the need to remember multiple logins and passwords. Centralized login and its management also simplify the password reset process. A password only needs to be changed in one place for the employee to immediately regain access to multiple systems. This also improves the standard of work for administrators, allowing them to focus on more complex tasks than switching between systems to reset passwords for various applications.

To ensure an appropriate level of GS1 Poland system and data security, we used the Multi-Factor Authentication (MFA) function. The MFA service uses identities available in Microsoft Entra ID. For example, it is possible to specify applications using Microsoft Entra ID identity that require an additional form of authorization.

Multi-factor authentication allows for the use of various forms of authorization, such as SMS or email messages, push notifications from authentication apps (e.g., Microsoft Authenticator), hardware tokens (e.g., USB keys or smart cards), and biometric methods (such as fingerprint or facial recognition). In our solution, we applied the login option using the Microsoft Authenticator app. After entering their password, users are prompted to enter a two-digit code received in the application.

Marek Strzelczyk, Head of New Products & IT, GS1 Polska: “The implementation of the Microsoft solutions described has delivered benefits to our organization, such as simplified IT infrastructure management, improved security, and increased efficiency of both users and administrators. Automated processes, centralized monitoring and management, as well as simplified log-in have significantly streamlined work and enhanced security at GS1 Poland. The deployed virtual solutions directly translate into tangible financial savings for the company.

We selected All for One as our partner for this and other implementations due to their demonstrated professionalism, high quality of service, and competitive pricing. This decision also reflects our trust in the expertise of All for One’s employees, who have contributed their knowledge and experience throughout the development of the concept of this solution and its implementation.

In daily interactions, All for One’s team has consistently shown great availability and flexibility, a customer-friendly approach, and extensive support".

Another solution that was implemented is Microsoft Defender, which further protected the work environment of the organization. As part of the Microsoft ecosystem, Microsoft Defender integrates seamlessly with Intune. This provides administrators with real-time visibility into the status of protection of the devices. The combination of security policies in Microsoft Intune and the features of Microsoft Defender ensures advanced protection against a wide range of cyber threats, such as viruses and malware, significantly enhancing the security level of the whole organization.

Another benefit achieved through the project delivered by All for One is the integration of the IT environment with Windows Hello, i.e. launching a biometric login system. The integration with Intune has removed the need for users to remember long and complex passwords. Windows Hello provides quick and secure access to devices and applications using facial recognition, fingerprint scanning, or a PIN. This not only increased user convenience but also significantly increased security by eliminating risks associated with traditional passwords.

One of the time-consuming aspects of IT departments’ work is the preparation and configuration of endpoint devices. This process can be particularly burdensome, repetitive, and frustrating when the same tasks have to be performed over and over again. It also generates additional costs related to transporting the devices to the IT department and then shipping them to the end user.

This issue was resolved by the implementation of Microsoft Autopilot. One of the key improvements was the reduction in the time required to configure new devices. Thanks to the implemented service, each new computer or smartphone is automatically configured based on predefined policies. Autopilot downloads the required applications and configurations directly from a Microsoft cloud server, and all security settings, user accounts, and other parameters are automatically assigned to the device.

Since the entire process is carried out remotely, there is no need for administrators to have physical contact with the devices. It is therefore possible to ship new equipment directly from the supplier to the end user and configure the service so that upon first startup of the device the service automatically sets up the new equipment, sending the necessary software and settings to the device. Autopilot can also be used to remotely reset devices to their factory settings, allowing them to be reused within the organization by other users, while maintaining corporate policies and configurations.

As a result of the implementation, GS1 Poland has gained the ability to monitor the application status in the Intune dashboard, check installation statuses on selected devices, and define user groups that should receive specific applications. In our project, we focused primarily on applications used on devices running Microsoft Windows and Android systems, however they can be also configured for macOS and iOS/iPadOS systems.

In the case of Windows systems, there are two ways to add applications to Autopilot. We can use applications that come directly from the official Microsoft Store, or – in the case of apps that use the EXE, MSI, or other installer formats – prepare a dedicated package. In this case, we used the Microsoft Win32 Content Prep Tool, which bundles the files into a unified package (so-called packaging) in the appropriate .intunewin format. This solution is particularly useful for distributing custom business applications, legacy programs, or applications that are not available in the Microsoft Store to endpoint devices.

In our implementation, we used both methods of adding applications to Autopilot, which then distributed them to endpoint devices. Administrators at GS1 Poland prepared a list of applications to be installed on specific types of devices in the organization.

For devices running the Android operating system, the process is simpler, as it primarily involves public applications available in Google Play. Organizations managed through Intune use a special version of the Google Play Store called Managed Google Play. It allows administrators to search for and add public applications directly from Google Play into Intune. It is possible to designate applications that will be automatically installed on users’ devices, without requiring manual installation from the standard Google Play store. The integration between Intune and Managed Google Play enables approval and remote updates of applications.

The integration of Autopilot with Intune brings financial benefits by minimizing costs related to the logistics of devices and resources – that is, the time administrators spend preparing endpoint devices. The ability to create various hardware profiles minimizes the risk of human error, such as failure to install certain components needed by a given group of users.

The implementation carried out by All for One Poland at GS1 Poland has ensured the integration of Microsoft Intune with the solutions described above, among others.

The entire project can be considered the first significant step towards establishing a modern work environment in line with the Modern Workplace concept.

GS1 is an international organization headquartered in Brussels, Belgium, and Princeton, USA, responsible for managing the international system of GS1 business standards and solutions designed to streamline supply chain operations across multiple industries. At the national level, administration is the responsibility of respective GS1 member organizations. Poland joined GS1 in 1990, and its national office is located in Poznań. Until 2005, it operated under the name “Centrum Kodów Kreskowych," and currently it functions as GS1 Poland. GS1 Poland’s offer includes consulting services for implementing GS1 logistic labels, barcode print quality verification, traceability audits, and specialized training.