Customer snapshot
Industry: UK-based manufacturer with an office, production, and packing-floor workforce
Scale: Roughly 1,000 devices, about 800 to 900 endpoints and around 50 servers, plus a small fleet of Macs
Environment: Primarily Windows; servers migrating to Azure, with some on-premises servers still in place
Management stack: Intune for endpoints (co-managed, hybrid AD-joined) and retiring SCCM; Autopilot for provisioning; Jamf for Macs
Priorities: Patch third-party applications on cloud servers, cut manual packaging and daily patch babysitting, speed up Autopilot, and consolidate multiple application catalogs into one
Constraints: Small IT and security teams, a near-transparent transition for existing builds and deployed applications, and a vendor security review
The gap that opened the door
Before Application Workspace, the manufacturer’s servers sat in a blind spot. Traditional patching leaned on a ConfigMgr background and could not reach cloud servers, and Intune cannot manage servers or patch third-party applications well. That left the applications on its cloud-hosted servers, including admin toolboxes running tools like Wireshark and Chrome, without a reliable way to stay current, right next to sensitive systems.
- A third-party patching gap on servers. Cloud servers had no delivery path for updates. The team called it a “weird spot” where toolbox servers piled up applications and quietly went out of date.
- Manual babysitting. The incumbent patch tool “tries to overcomplicate a simple application install,” forcing near-daily checks and redeploys.
- Autopilot drag. To keep provisioning times down, the team trimmed Autopilot to core required applications, and a heavy build still took about half an hour.
- Too many sources of truth. Applications and catalogs were scattered across “five different catalogs, two different things on different computers.”
Solution: Application Workspace
Application Workspace complements the tools the team already runs. Because its lightweight agent delivers and updates applications directly, it reaches places Intune and SCCM cannot, including cloud servers with no user signed in. Application Workspace enhances Intune and Autopilot; it does not replace them.
During a cloud-hosted proof of concept, the team:
- Stood it up fast, with nothing to host. They used a cloud-hosted zone, so the only firewall change was HTTPS access. Setup took an application registration and a few connectors.
- Patched a server with no one logged in. They installed the agent on a cloud domain controller and watched everyday applications like Chrome update themselves on the server, hands-off.
- Automated packaging. They live-packaged a broad catalog, from Chrome and Microsoft 365 to specialized in-house and licensed tools, and confirmed that custom and paywalled applications get packaged once and updated with a single click.
- Slimmed Autopilot to one application. Using a single bootstrapper during provisioning, Application Workspace delivered the rest of the build and sequenced applications by role, so a heavy build finished in about 13 minutes.
- Branded the experience and targeted the right groups. Workspace branding, smart icons, and group-based collections put the right applications in front of production, packing, and office users.
- Surfaced the reporting leadership wanted. Built-in reports plus an OData feed into Power BI gave the team install and failure data, plus version and security-posture visibility.
Results and impact
- Set-and-forget server patching. The problem that started it all is solved. Application Workspace keeps third-party applications on cloud servers current with no user logged in, so the team no longer babysits a patch tool every day. In their words, it is “self-sufficient,” something they “set and then only check on if we need to.”
- One workspace instead of five catalogs. Applications, packaging, and patching now live in a single place. The team retires its manual patch tool and stops chasing so many different sources of truth.
- Faster delivery and faster Autopilot. Delivery moved from what the team described as “15 minutes if we’re lucky, six hours if not” to near-instant, and a heavy Autopilot build dropped to about 13 minutes with a single bootstrapper doing the work.
- Security posture leadership can see. Leadership wanted a straight answer when the next advisory lands: Is our fleet on the safe version? Reporting through Power BI and OData gives IT and security that oversight, pairing admin time-savings with leadership-facing visibility.
“This is doing more than I originally set out to get for the business, and this is perfect.”
—Systems Administrator, UK-based manufacturer
Why it matters
The manufacturer came for one fix, patching third-party applications on cloud servers, and left with a single, self-sufficient way to manage applications across endpoints, servers, and Macs. The broader capabilities were “a glorious free bonus,” the systems administrator said, while Application Workspace still delivered “the original thing I wanted in the first place.” Next steps: finish the Azure migration and lean further into reporting and automation.
See what Application Workspace can do for your estate.
Patch third-party applications everywhere, including cloud servers with no user logged in, simplify Autopilot, and manage every application from one place. Book a tour.