A global enterprise modernizing their device management with Microsoft Intune and Autopilot faced a common hurdle: device provisioning was too slow and keeping third‑party apps secure was too manual. By enhancing their stack with Application Workspace, they bypassed Autopilot limitations, automated app updates, and reclaimed dozens of IT hours every month.
Customer Snapshot
- Organization: Global enterprise (~7,000 endpoints)
- Environment: Primarily Windows; growing Mac footprint
- Stack: Microsoft Intune and enrollments through Autopilot; WinGet for some application delivery
- Security Context: Facing “thousands of application vulnerabilities” from outdated third‑party software
- Key Constraints: Rolling out zero‑trust (Zscaler) at the same time as uplifting to Intune; any new solution had to fit existing timelines with no heavy infrastructure additions
The Challenges
Before Application Workspace, the team was wrestling with:
Manual third‑party patching and slow delivery
Their patching process was completely manual, which led to slow and sometimes incomplete deployments across ~150 applications. WinGet didn’t cover everything, so the team spent extra time handling apps outside its catalog.
Autopilot + Intune bottlenecks
Native Autopilot limitations, such as the 10-app cap, app dependency sprawl, and enrollment status page delays, choked provisioning speed. Additionally, without proper sequencing between Win32 and LOB apps, new devices often sat in limbo, awaiting manual IT intervention and delaying user productivity.
Mounting security exposure
Internal stakeholders flagged “thousands of devices with vulnerabilities” stemming from delayed updates across the estate, putting pressure on IT and security teams.
Fragmented experience for users and admins
With multiple delivery methods and app types, users lacked a simple way to get the software they needed, and IT lacked a cohesive, identity‑aware way to deliver applications across roles and locations.
Limited room for disruption
A concurrent zero‑trust (Zscaler) rollout meant the organization needed an application solution that would layer onto Intune and Autopilot,—not replace them or restart the project.
Solution: Application Workspace
Application Workspace enhanced their existing Intune and Autopilot workflow. During Autopilot, devices only needed one required app: the Application Workspace bootstrapper. Once the agent was installed, Application Workspace delivered the rest of the build. Sequencing the right apps by department and keeping them automatically up to date.
With the team having enabled managed third-party apps and Smart Icons, users saw a single application catalog, while IT controlled how and where each app launched. Identity- and role-based catalogs meant applications followed people across devices and locations, and automated third-party updates helped close existing CVE gaps while reducing manual patching effort.
Results and Impact
Reclaimed onboarding time
Their IT leader estimated that device onboarding took 1–3 hours per device. With about 10 new hires every other Monday, that added up to 30–60 hours of hands-on work each month. By using a single required bootstrapper during Autopilot provisioning and letting Application Workspace orchestrate the rest of the apps, the team eliminated most manual onboarding steps.
Reduced risk profile
Automated third-party patching aggressively closed CVE windows. Security leadership gained confidence as the vulnerability backlog shrank, proving that compliance doesn’t have to come at the cost of speed.
Tailored role‑based deployments (even within Autopilot)
Local IT reported that they “loved the tools,” particularly the ability to tailor Autopilot deployments by department and job description instead of managing a one‑size‑fits‑all image.
“Our local teams love that we can tune Autopilot deployments by department and role instead of fighting the 10‑app limit and sequencing issues.”
— IT lead, global organization
Why It Matters
For organizations stuck with Autopilot limits and manual patching cycles, Application Workspace changes the game. It turns application delivery into a predictable, identity‑driven service that complements your existing tools. By removing barriers during imaging and automating application updates, IT teams stop wrestling with deployments and start making the modern workplace work.
