CASE STUDY

A UK Manufacturer Closes the Cloud-Server Patching Gap with Application Workspace 

A UK-based manufacturer needed to patch third-party apps on cloud servers that Intune cannot manage and SCCM-based patching cannot reach. Application Workspace solved that problem....

Summary

The organization is a UK-based manufacturer running roughly 1,000 devices: about 800 to 900 endpoints and around 50 servers, plus a small fleet of Macs. As it moves its servers to Azure, retires Configuration Manager (SCCM), and keeps Intune for endpoints, the team set out to modernize application management across the whole estate and finally patch third-party applications on its cloud-hosted servers.

Results

By enhancing Intune and Autopilot with Application Workspace, the team can now keep third-party applications on cloud servers patched with no user logged in, retire its manual patch tool, and manage every application from one workspace instead of five catalogs. Application delivery went from minutes-or-hours to near-instant, and a heavy Autopilot build that used to take about 30+ minutes finished in 13 minutes during testing.
“We now have one place to manage everything instead of going through five different catalogs.”
Systems Administrator
UK-based manufacturer

Customer snapshot 

Industry: UK-based manufacturer with an office, production, and packing-floor workforce 

Scale: Roughly 1,000 devices, about 800 to 900 endpoints and around 50 servers, plus a small fleet of Macs 

Environment: Primarily Windows; servers migrating to Azure, with some on-premises servers still in place 

Management stack: Intune for endpoints (co-managed, hybrid AD-joined) and retiring SCCM; Autopilot for provisioning; Jamf for Macs 

Priorities: Patch third-party applications on cloud servers, cut manual packaging and daily patch babysitting, speed up Autopilot, and consolidate multiple application catalogs into one 

Constraints: Small IT and security teams, a near-transparent transition for existing builds and deployed applications, and a vendor security review 

The gap that opened the door 

Before Application Workspace, the manufacturer’s servers sat in a blind spot. Traditional patching leaned on a ConfigMgr background and could not reach cloud servers, and Intune cannot manage servers or patch third-party applications well. That left the applications on its cloud-hosted servers, including admin toolboxes running tools like Wireshark and Chrome, without a reliable way to stay current, right next to sensitive systems. 

  • A third-party patching gap on servers. Cloud servers had no delivery path for updates. The team called it a “weird spot” where toolbox servers piled up applications and quietly went out of date. 
  • Manual babysitting. The incumbent patch tool “tries to overcomplicate a simple application install,” forcing near-daily checks and redeploys. 
  • Autopilot drag. To keep provisioning times down, the team trimmed Autopilot to core required applications, and a heavy build still took about half an hour. 
  • Too many sources of truth. Applications and catalogs were scattered across “five different catalogs, two different things on different computers.” 

Solution: Application Workspace 

Application Workspace complements the tools the team already runs. Because its lightweight agent delivers and updates applications directly, it reaches places Intune and SCCM cannot, including cloud servers with no user signed in. Application Workspace enhances Intune and Autopilot; it does not replace them. 

During a cloud-hosted proof of concept, the team: 

  • Stood it up fast, with nothing to host. They used a cloud-hosted zone, so the only firewall change was HTTPS access. Setup took an application registration and a few connectors. 
  • Patched a server with no one logged in. They installed the agent on a cloud domain controller and watched everyday applications like Chrome update themselves on the server, hands-off. 
  • Automated packaging. They live-packaged a broad catalog, from Chrome and Microsoft 365 to specialized in-house and licensed tools, and confirmed that custom and paywalled applications get packaged once and updated with a single click. 
  • Slimmed Autopilot to one application. Using a single bootstrapper during provisioning, Application Workspace delivered the rest of the build and sequenced applications by role, so a heavy build finished in about 13 minutes. 
  • Branded the experience and targeted the right groups. Workspace branding, smart icons, and group-based collections put the right applications in front of production, packing, and office users. 
  • Surfaced the reporting leadership wanted. Built-in reports plus an OData feed into Power BI gave the team install and failure data, plus version and security-posture visibility. 

Results and impact 

  1. Set-and-forget server patching. The problem that started it all is solved. Application Workspace keeps third-party applications on cloud servers current with no user logged in, so the team no longer babysits a patch tool every day. In their words, it is “self-sufficient,” something they “set and then only check on if we need to.” 
  1. One workspace instead of five catalogs. Applications, packaging, and patching now live in a single place. The team retires its manual patch tool and stops chasing so many different sources of truth. 
  1. Faster delivery and faster Autopilot. Delivery moved from what the team described as “15 minutes if we’re lucky, six hours if not” to near-instant, and a heavy Autopilot build dropped to about 13 minutes with a single bootstrapper doing the work. 
  1. Security posture leadership can see. Leadership wanted a straight answer when the next advisory lands: Is our fleet on the safe version? Reporting through Power BI and OData gives IT and security that oversight, pairing admin time-savings with leadership-facing visibility. 

“This is doing more than I originally set out to get for the business, and this is perfect.” 

Systems Administrator, UK-based manufacturer 

Why it matters 

The manufacturer came for one fix, patching third-party applications on cloud servers, and left with a single, self-sufficient way to manage applications across endpoints, servers, and Macs. The broader capabilities were “a glorious free bonus,” the systems administrator said, while Application Workspace still delivered “the original thing I wanted in the first place.” Next steps: finish the Azure migration and lean further into reporting and automation. 

See what Application Workspace can do for your estate. 

Patch third-party applications everywhere, including cloud servers with no user logged in, simplify Autopilot, and manage every application from one place. Book a tour

decorative stock imageof people at office gathered

Let's Chat

You’ve done the research—now make IT simpler, faster, and safer.