🔎At a glance

• Large infrastructure programme
• Over 1,500 staff supported
• Multi-site construction environment
• Microsoft-based technology platform

🚨The challenge

The organisation required a secure and scalable IT platform capable of supporting construction teams across distributed project locations.

💡The approach

Advania implemented a modern digital workplace and infrastructure platform built on Microsoft technologies including:

• Microsoft 365 collaboration platform
• Azure infrastructure services
• Identity and access management
• Enterprise mobility and security solutions
• Network infrastructure across project sites

☑️The outcome

The programme delivered a secure and scalable technology platform supporting large-scale infrastructure delivery.

⚡️Why this matters

Large infrastructure projects require resilient digital platforms to coordinate operations across contractors, locations and complex project environments.

🔎At a glance

• Major UK residential property developer
• Over 120 operational sites
• Microsoft-centric technology environment
• Large-scale digital transformation programme

🚨The challenge

Following a migration to Microsoft Azure, the organisation needed a technology partner capable of supporting its continued digital transformation.

Key challenges included:

• Legacy desktop estate requiring refresh
• Strengthening cyber security capabilities
• Managing complex infrastructure environments
• Supporting secure remote working

💡The approach

Advania implemented an integrated managed services model across infrastructure, workplace and cyber security.

The programme included:

• Azure managed services
• Modern workplace deployment using Intune and Autopilot
• Identity and access management improvements
• Cyber security operations centre services
• Security monitoring using Microsoft security platforms

☑️The outcome

The programme significantly improved operational performance and security posture.Key outcomes included:

• Major reduction in critical incidents
• Improved operational resilience
• Higher user satisfaction scores
• Accelerated digital transformation initiatives

⚡️Why this matters

Modern digital workplaces require strong foundations across infrastructure, security and device management. Integrated managed services help organisations modernise safely while maintaining operational stability.

This article provides a practical approach to workload analysis, persona definition, persona-to-endpoint mapping, and ongoing optimisation, plus a cost comparison view to help you make informed decisions.

Why Workload & Persona Analysis Matters

• Over-provisioning wastes money; under-provisioning degrades user experience.
• Security gaps emerge when policies are misaligned with roles.
• Clear personas create a blueprint for sizing, images, and endpoint configuration.

Step 1: Understand Your Workloads

Workloads represent the applications, processes, and resource demands users place on their endpoints.

• Lightweight Productivity: Email, Office apps, web browsing
• Knowledge Workers: Office apps + collaboration tools (Teams, SharePoint)
• Power Users: Heavy Excel, multiple apps, data analysis
• Specialised: CAD/graphics, engineering, dev environments

Metrics to capture: CPU/RAM, storage, network bandwidth/latency, app dependencies.

Step 2: Define Device Personas

• Task Worker: Minimal compute, single or few apps
• Knowledge Worker: Balanced compute, collaboration tools
• Developer: High compute, custom toolchains, admin rights
• Graphics Designer: GPU-enabled workloads

Benefits: Simplifies design, enables policy-based management, improves cost predictability.

Step 3: Map Personas to Cloud Endpoint Options

Step 4: Design Considerations

• Image Strategy: Persona-based images, app packaging, and updates.
• Security & Compliance: Conditional Access, Defender, baseline policies per persona.
• Connectivity & Identity: Entra ID, hybrid join as needed; optimise sign-in and latency.
• User Experience: Validate with Endpoint Analytics (PCs) and AVD Insights (session hosts).

Step 5: Cost Optimisation Strategies

Windows 365:

• Choose the right SKU for each persona; avoid oversizing.
• Use Business vs Enterprise appropriately; Enterprise for Intune-led management.
• Monitor performance and resize where appropriate.

Azure Virtual Desktop:

• Autoscaling: Power management or dynamic autoscale for pooled host pools to cut idle time.
• Pooled vs Personal: Prefer pooled for task/knowledge workers; personal for specialised use.
• Reservations/Savings Plans: Reserve baseline compute and use autoscale for peaks.
• Right-size VM/storage: Tune vCPU/RAM, disk types, and profile storage (FSLogix).

Flowchart: Persona-to-Endpoint Mapping Workflow

Figure: Workload → Personas → Endpoint Mapping → Design & Deploy → Monitor & Optimise (loop).

Cost Comparison: Windows 365 vs Azure Virtual Desktop (Illustrative)

Figure: W365 fixed subscription vs AVD consumption components (compute, storage, networking).

How Advania Can Help

If you are uncertain whether W365 or AVD is the most suitable solution for your organization, Advania can assist by conducting a thorough analysis of your workloads through a Microsoft-funded workshop and proof of concept. We will carry out a discovery workshop to assess your user personas, deploy proof-of-concept desktops, monitor performance, and analyse data to provide well-informed recommendations tailored to your business needs.

Please contact us for further information.

References (pricing & optimisation)

Windows 365 plans & pricing (Business/Enterprise); persona sizing examples (Microsoft Learn).

Azure Virtual Desktop pricing overview; licensing (eligible Microsoft 365/Windows or per-user access).

Autoscale guidance and AVD Insights (Microsoft Learn; Microsoft Mechanics).

Note: Cost figures shown are illustrative. Use the Azure Pricing Calculator and official Windows 365 pricing to model your environment by region, usage, and agreements.

What Are Windows 365 Cloud Apps?

Windows 365 Cloud Apps enable organisations to deliver individual business applications such as Microsoft Outlook, Word, or bespoke line-of-business solutions directly from the cloud to any device. In contrast to traditional virtual desktops, Cloud Apps eliminate the need for each user to maintain a dedicated Cloud PC. Instead, these applications operate on shared Windows 365 Frontline Cloud PCs, allowing multiple users to access resources simultaneously.

This approach is especially advantageous for organisations with a varied workforce, including frontline team members, part-time employees, contractors, and remote staff who require access to specific applications without incurring the complexity or expense typically associated with full desktop environments.

Why It Matters for Your Business

Here’s why Windows 365 Cloud Apps are a game-changer for business leaders:

1. Reduce Costs with Shared Licensing

Traditional virtual desktop infrastructure (VDI) often requires a one-to-one ratio of virtual machines to users a costly and inefficient model for organisations with fluctuating or part-time workforces. Windows 365 Cloud Apps leverage Windows 365 Frontline’s shared licensing, allowing multiple users to access applications on a single Cloud PC. This concurrency model significantly reduces licensing and infrastructure costs while maintaining performance and security.

2. Accelerate Workforce Productivity

With Cloud Apps, employees can access the applications they need from any device, anywhere without waiting for full desktop provisioning. Whether it’s a nurse accessing a patient management system during a shift or a contractor using a finance tool on a personal laptop, Cloud Apps ensure fast, reliable access to business-critical tools.

New features like Autopilot Device Preparation allow IT teams to pre-install essential apps, ensuring users are productive from their very first login. This reduces onboarding time and enhances employee satisfaction.

3. Simplify IT Operations

Cloud Apps eliminate the need for complex VDI infrastructure and image management. IT teams can deploy and manage applications through Microsoft Intune, using familiar tools and policies. Updates, provisioning, and user access are all handled centrally, reducing operational overhead and freeing up IT resources for strategic initiatives.

4. Strengthen Security and Compliance

Security remains a top priority for any organisation. With Cloud Apps, applications and data reside entirely in Microsoft’s secure cloud environment, never touching unmanaged endpoints. Integration with Microsoft Entra ID (formerly Azure AD) enables robust identity and access controls, including multi-factor authentication and conditional access policies.

This architecture supports Zero Trust principles and is ideal for bring-your-own-device (BYOD) and external contractor scenarios, ensuring sensitive data remains protected.

5. Deliver a Consistent User Experience

Cloud Apps include User Experience Sync, a feature that preserves user settings and preferences across sessions and devices. This ensures a personalised and consistent experience, even in shared environments; a critical factor in maintaining productivity and reducing user frustration.

6. Support Sustainability Goals

Recent research from WSP USA highlights that Windows 365 and Azure Virtual Desktop can significantly reduce carbon emissions by extending the lifecycle of physical devices. By shifting workloads to the cloud, organisations can reduce their environmental footprint while also lowering hardware costs.

Strategic Use Cases

The Bigger Picture

Windows 365 Cloud Apps are part of a broader evolution of the Windows 365 platform, which now includes:

• Windows 365 Frontline: Designed for part-time and shift-based workers with shared Cloud PCs.
• Windows 365 Reserve: Pre-configured Cloud PCs for temporary or emergency use.
• User Experience Sync: Ensures consistent settings across sessions.
• Autopilot Device Preparation: Simplifies app deployment and accelerates time-to-productivity.

Together, these innovations offer a flexible, scalable, and secure foundation for modern work whether your employees need full desktops, part-time access, or just a single application.

Final Thoughts

Windows 365 Cloud Apps provide an effective way for business leaders to maximise IT investments, support hybrid teams, and enhance operational flexibility. Supplying secure and efficient tools to employees helps organisations achieve greater productivity while lowering expenses and simplifying operations.

It's a great moment to consider new approaches for delivering applications in your company. Windows 365 Cloud Apps enable you to strengthen your workforce, simplify IT processes, and prepare your digital workplace for the future.

Reach out to Advania to if you want a demo or help understanding how this will fit into your current device and user personas.

Hi all,

We’ve been moving away from an ageing WDS + MDT setup and over to Windows Autopilot, and I thought I’d share a few key lessons and experiences from the journey. In case anyone else is working through the same transition (...or about to).

Why the change? MDT was becoming unreliable, drivers/apps would randomly fail to install, WDS is on the way out, and we needed a more remote-friendly approach. We also wanted to simplify things for our small IT team and shift from Hybrid Azure AD Join to Azure AD Join only.

We’re doing this as a phased rollout. I harvested existing device hashes using a script from a central server, and manually added machines that weren’t online at the time (most of which were just unused spares, we haven't introduced new hardware yet).

If you want a copy of this auto-harvest, please see my next post, this script is useful as it'll just go off and import the hardware hashes into Intune, and can run against multiple computers at a time. (I will add the link to the post once made).

Some of the biggest hurdles:
•    0x80070002 / 0x80070643 errors (typically due to incomplete registration or app deployment failures)
•    Enrollment Status Page (ESP) hangs due to app targeting issues (user vs device) and BitLocker config conflicts
•    Wi-Fi setup with RADIUS (NPS) was complex, Enterprise Certificates and we're still using internal AD for authentication, so user accounts exist there and sync over to Azure.
•    Legacy GPOs had to be rebuilt manually in Intune, lots of trial and error
•    Some software (like SolidWorks) wouldn’t install silently via Intune, so I used NinjaOne to handle these, along with remediation scripts in Intune where needed

We also moved from WSUS to Windows Autopatch, which improved update reliability and even helped with driver delivery via Windows Update.

What’s gone well: Device provisioning is more consistent, updates are more reliable, build time per machine has dropped, and remote users get systems faster. It’s also reduced our reliance on legacy infrastructure.

What I’m still working on: Tightening up compliance and reporting, improving detection/remediation coverage, figuring out new errors that may occur, and automating as much manual processes as possible.

Ask me anything or share your own experience! I’m happy to help anyone dealing with similar issues or just curious about the move. Feel free to reply here or message me. Always happy to trade lessons learned, especially if you’re in the middle of an Autopilot project yourself.

Cheers,
Timothy Jeens

So, here is the script I used to pre-seed the hardware hashes into my Intune environment.

Please check it over before just running it..

You'll need to create a csv called: computernamelist.csv

In this file, you'll need a list of all your computer names like this:

"ComputerName"
"SID-1234"
"SID-4345"

You can use a the Get-ADComputer command to gather all your computers and output to a CSV.

Features:

• It will run through 10 computers at a time.
• It will remove computers that it has confirmed as being updated in Intune.
• Pings a computer first to speed it up.
• Only for devices on your network or on the VPN.

You can schedule it to run, or I just re-ran it a bunch of times over a few weeks.

# Path to the CSV file

$csvPath = "C:\scripts\computernamelist.csv"


# Import the CSV file

$computers = Import-Csv -Path $csvPath


# Number of concurrent jobs (adjust as needed)

$maxConcurrentJobs = 10


# Array to store the job references

$jobs = @()


# Ensure the required settings and script are set up

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned -Force

Install-Script -Name Get-WindowsAutopilotInfo -Force


# Authenticate with Microsoft Graph (Office 365 / Azure AD)

Connect-MGGraph


# Function to remove a computer from the CSV after successful import

function Remove-ComputerFromCSV {

    param (

        [string]$computerName,

        [string]$csvPath

    )

    $computers = Import-Csv -Path $csvPath

    $computers = $computers | Where-Object { $_.ComputerName -ne $computerName }

    $computers | Export-Csv -Path $csvPath -NoTypeInformation

    Write-Host "Removed $computerName from CSV."

}


# Loop through each computer in the CSV

foreach ($computer in $computers) {

    $computerName = $computer.ComputerName


    # Start a new background job for each computer

    $job = Start-Job -ScriptBlock {

        param($computerName, $csvPath)


        # Check if the computer is reachable (ping check)

        if (Test-Connection -ComputerName $computerName -Count 1 -Quiet) {

            Write-Host "$computerName is online. Retrieving Autopilot info..."


            # Ensure TLS 1.2 is used and execution policy is set for the job

            [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

            Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned -Force


            # Run the Autopilot info command and capture the output

            $output = Get-WindowsAutopilotInfo -Online -Name $computerName


            # Check if the output contains the success or error messages

            if ($output -like "*devices imported successfully*") {

                Write-Host "Success: $computerName - Autopilot info imported successfully."


                # Remove the computer from the CSV after successful import

                Remove-ComputerFromCSV -computerName $computerName -csvPath $csvPath

            } elseif ($output -like "*error 806 ZtdDeviceAlreadyAssigned*") {

                Write-Host "Error: $computerName - Device already assigned."

            } else {

                Write-Host "Error: $computerName - Unknown issue during import."

            }

        } else {

            Write-Host "$computerName is offline. Skipping."

        }

    } -ArgumentList $computerName, $csvPath


    # Add the job to the list

    $jobs += $job


    # Monitor job status

    Write-Host "Started job for $computerName with Job ID $($job.Id)."


    # If the number of jobs reaches the limit, wait for them to complete

    if ($jobs.Count -ge $maxConcurrentJobs) {

        # Wait for all current jobs to complete before starting new ones

        $jobs | ForEach-Object {

            Write-Host "Waiting for Job ID $($_.Id) ($($_.State)) to complete..."

            $_ | Wait-Job

            Write-Host "Job ID $($_.Id) has completed."

        }


        # Check job output and clean up completed jobs

        $jobs | ForEach-Object {

            if ($_.State -eq 'Completed') {

                $output = Receive-Job -Job $_

                Write-Host "Output for Job ID $($_.Id): $output"

                Remove-Job $_

            } elseif ($_.State -eq 'Failed') {

                Write-Host "Job ID $($_.Id) failed."

            }

        }


        # Reset the jobs array

        $jobs = @()

    }

}


# Wait for any remaining jobs to complete

$jobs | ForEach-Object {

    Write-Host "Waiting for Job ID $($_.Id) ($($_.State)) to complete..."

    $_ | Wait-Job

    Write-Host "Job ID $($_.Id) has completed."

}


# Check job output for remaining jobs

$jobs | ForEach-Object {

    if ($_.State -eq 'Completed') {

        $output = Receive-Job -Job $_

        Write-Host "Output for Job ID $($_.Id): $output"

        Remove-Job $_

    } elseif ($_.State -eq 'Failed') {

        Write-Host "Job ID $($_.Id) failed."

    }

}

This is all derived from: https://learn.microsoft.com/en-us/autopilot/add-devices

"Get-WindowsAutopilotInfo" is from this link.

Hope this helps someone.

Thanks,

Timothy Jeens