Trace Id is missing
December 16, 2021

GlaxoSmithKline enhances workplace resiliency, device management with Microsoft Endpoint Manager

As GSK began tackling its device infrastructure, it realized that its primarily on-premises work environment presented unwanted limitations. In response, GSK started its cloud migration journey working with Endpoint Manager, which combines web-based device management services such as Intune and Microsoft System Center Configuration Manager with other Microsoft Security and governance solutions in one highly secure, cloud-based service. In a matter of months, the company was able to deliver crucial employee applications, tools, and services in a highly safe and secure manner with significantly less work.

GlaxoSmithKline

Coping with disruption and embracing workplace resilience

Global healthcare giant GlaxoSmithKline (GSK) is at the forefront of improving the health of millions of people worldwide with life-saving medicines, vaccines, and consumer healthcare products. To stay on track after almost all of its employees were sent home in early 2020, the company had to find a way to deploy new applications, manage employee devices, maintain security policies, and create a rewarding workplace—inside and outside the traditional office setting. Blending its passions for innovation and technology, GSK is using Microsoft Endpoint Manager to accelerate its cloud journey, embrace a more resilient workplace, and enable device provisioning from anywhere without IT intervention.

“I don’t see the cloud as a pressure point, and we have only benefited from our migration to Endpoint Manager. It has helped us create really tremendous opportunities to build a better, more resilient workplace for our employees.”

Michael Freedberg, Director of Modern Workplace Engineering, GlaxoSmithKline

Starting the journey to working remotely and staying connected

Based in London, England, GSK is a mission-driven pharmaceutical company that prides itself on an excellent workplace experience. Its highly dynamic workforce ranges from mobile workers who never come into the office and rely on digital access to GSK systems to employees who work onsite every day on systems that are designed for use in labs and on manufacturing lines.

Motivated by a common goal of serving customers and preserving public health, employees at every level of the company, from leadership to managers and frontline workers who produce critical medicines and vaccines, receive top-of-the-line equipment including tablets and computers to help them perform at their best. A high-functioning device makes all the difference in these employees’ day-to-day lives, especially for many who are now working from home in settings that might not be designed for work.

“Our employees need a system that’s highly secure and will delight them wherever possible and really perform,” says Michael Freedberg, Director of Modern Workplace Engineering at GlaxoSmithKline. “Their access to services and data and their ability to collaborate with others in highly regulated environments all flow through the devices they use.”

As GSK began tackling its device infrastructure, it realized that its primarily on-premises work environment presented unwanted limitations. Having application installations, system management, and other resources accessible only through its internal network prevented employees from collaborating or picking up where they left off in the office. Freedberg explains, “We’ve seen that if you want people to work in an easy, successful way and feel productive at home or wherever they are, we have to make it seamless and give them the same set of services that they’re used to when working in the office.”

In response, GSK started its cloud migration journey working with Endpoint Manager, which combines web-based device management services such as Intune and Microsoft System Center Configuration Manager with other Microsoft Security and governance solutions in one highly secure, cloud-based service. In a matter of months, the company was able to deliver crucial employee applications, tools, and services in a highly safe and secure manner with significantly less work. It also unlocked valuable new insights into user productivity and device performance—all with employees working apart from each other.

“We’ve seen that if you want people to work in an easy, successful way and feel productive at home or wherever they are, we have to make it seamless and give them the same set of services that they’re used to when working in the office.”

Michael Freedberg, Director of Modern Workplace Engineering, GlaxoSmithKline

A cloud-facilitated migration

GSK launched its cloud journey by enabling hybrid Azure Active Directory (Azure AD) joined devices, tenant attach, and co-management within Configuration Manager. With these solutions, the company was able to balance between being completely on-premises and completely cloud managed with Intune and to start optimizing priority workloads. After a relatively small pilot, GSK enrolled all 105,000 standard Windows 10 systems in Intune in two weeks. This immediately gave the company more control over domain-joined devices and data, improved access to analytics, and provided a technology vision for the future that can withstand almost any business disruption.

“We focused on installing, configuring, and managing cloud management gateways for our internet-facing Configuration Manager clients,” says Freedberg. “Previously, a person couldn’t install software from our existing on-demand tool from the internet and instead had to open a VPN connection. With Endpoint Manager, we make every application available through Software Center, so there’s no distinction whether you’re inside or outside the core organization. We can then deploy applications, update policies, and perform internet device configuration directly from Endpoint Manager.”

GSK ultimately needed to be able to manage devices in a way that protected data security, provided accurate productivity and performance reporting and outcomes, and made it as simple as possible for those outcomes to occur. The company’s security department was also concerned about pushing out security policies without users coming onsite or connecting to the corporate network.

Fortunately, with nearly all of its devices onboarded into Endpoint Manager, GSK can more securely and intelligently deploy compliance policies across multiple devices at a time by using Intune. From there, it can easily make sure that all of its devices are configured with the most up-to-date security settings, which are essential for the work that GSK does—and everything can be done in minutes without employees needing to come into the office.

The company taps into Microsoft Defender for Endpoint, firewall policies, and tampering protection as needed for maximum security. These milestones mark the beginning of GSK’s road map to moving fully to the cloud with a Zero Trust strategy, giving only trusted and compliant devices access to corporate data and sensitive health information.

“With Microsoft Endpoint Manager, we can start getting more data about what’s happening with our systems’ reliability and upgrade compliance,” says Freedberg. “So now we can begin to make our overall cloud journey really expand into something big.” 

“With Microsoft Endpoint Manager, we can start getting more data about what’s happening with our systems’ reliability and upgrade compliance. So now we can begin to make our overall cloud journey really expand into something big.”

Michael Freedberg, Director of Modern Workplace Engineering, GlaxoSmithKline

Selecting Endpoint Manager, deploying policy configurations, and getting everything with little effort

GSK uses Endpoint Manager as a command center for enabling a productive and secure workforce and to unify Microsoft 365 apps and services with traditional and modern endpoint management to optimize IT productivity and reduce costs. The company pulls reports and analytics from Endpoint Manager to supply its business analysts with insights into system telemetry and what’s happening in the device landscape. This helps them identify whether devices are having issues or patches are being applied on time. GSK can also use the same analytics to monitor and evaluate the performance of its remaining on-premises environments. 

All of this data helps the company speak with confidence about the status of its entire estate, make proactive changes, and ensure that what it wants to happen with devices is what actually happens—despite only having a small team consisting of Matthew Holtz, Gabe Owen, and Carlos Rodriguez. These three engineers are responsible for the initial design, testing, and deployment of new cloud-based services for Windows OS and app deployments, systems management services, and security updates. 

At this stage in its cloud journey, which is constantly evolving, GSK particularly enjoys being able to deploy policy configurations and settings to internet-facing devices and gather diagnostic logs from devices while minimizing or entirely removing downtime. “If a client is having problems, rather than making them connect with the VPN and trying to get some subset of log files, we just use Intune to gather diagnostic logs from the device and get a .zip file with 50 event logs and all kinds of data that we can look at offline,” says Freedberg. “We’re getting everything we need, and our client doesn’t have to do anything.”

“If a client is having problems, rather than making them connect with the VPN and trying to get some subset of log files, we just use Intune to gather diagnostic logs from the device and get a .zip file with 50 event logs and all kinds of data that we can look at offline.”

Michael Freedberg, Director of Modern Workplace Engineering, GlaxoSmithKline

Invisible efficiencies and better employee experiences

Part of GSK’s goal is to disrupt the user experience as little as possible. In fact, the less changes or upgrades are noticed, the better. The company’s IT administrators configure cloud servers and applications like OneDrive, Microsoft Teams, and Microsoft Edge for automatic updates so that users can expect files, programs, and software to stay up to date and never have to worry or wonder about the outcome of an action.

“All of this is visible to us because we’re managing those systems, but with Endpoint Manager, it’s all utterly invisible to users,” says Freedberg. “If we make a firewall update or policy change, it will just happen.” Better yet, automating menial tasks like driver updates and patching has removed a time-consuming burden from employees, who are now empowered to focus on projects that might require extra attention or a human touch.

Currently managing a hybrid environment, GSK will continue to test and deploy cloud devices into 2022, and it’s also testing Windows Autopilot to accelerate setup and configuration of new devices for all of its users and Azure AD to support a pure cloud environment. Despite any adjustments to working in the cloud, GSK says the journey is worth the effort, and it now feels better prepared for whatever disruptions might come next.

“I don’t see the cloud as a pressure point, and we have only benefited from our migration to Endpoint Manager,” says Freedberg. “It has helped us create really tremendous opportunities to build a better, more resilient workplace for our employees. In the end, that will be a lot better for our customers too.”

Find out more about GSK on Twitter, Facebook, YouTube, and LinkedIn.

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft