Krones is a global manufacturer of process and packaging technology for the food and beverage industry, with distributed operations across more than 100 sites worldwide and a product portfolio that includes digital systems solutions, factory planning, and intralogistics services. Krones’s culture of innovation and engineering expertise has produced more than 7,000 patents and utility models. With a future-forward focus on sustainable innovation, its mission is to deliver “solutions beyond tomorrow.”
“The combination of solutions we are using now, including Windows 11 Enterprise, Windows 365, Intune, Autopilot, and Autopatch, means we can get physical devices or cloud PCs deployed and enrolled quickly, anywhere with a connection, and it’s much simpler for IT to deploy and the employee to get started.”
Micheal Meier, Technical Client Design, Krones
Work-anywhere enterprise innovation
Krones is keeping pace with its employees’ demands for flexible, remote work. Every workday, more than 16,000 Krones employees, 30,000 devices, and large volumes of production data create a dynamic enterprise environment at Krones. More than half of its employees work remotely, and employees work in shared spaces when onsite at the office. The company’s future-forward hybrid workplace model optimizes for cost and collaborative office space by combining the flexibility of remote work with a shared desk environment for employees working onsite.
The company recognized that its new workplace would also require an upgrade to the digital environment. As a result, they updated from Windows 10 to Windows 11 Enterprise. The change to Windows 11 Enterprise did not require any new processes or technologies and has enabled Krones to realize additional security, IT, and productivity benefits—allowing employees to access company resources very securely, from anywhere.
“Windows 11 Enterprise was in demand at Krones and within the scope of our IT mission to support our innovation initiatives at Krones,” says Roman Kleyn, Head of Workplace Design at Krones. “We integrated it into our environment on the first day it was available.”
Krones changed how it organizes work, scaling digital infrastructure with cloud-first solutions to create a flexible and highly secure digital workplace that complements its new future-forward office environment. “The past three years taught us that flexibility and fast adaptation to new challenges are important,” says Silke Riedl, Assistant to the Head of Information Management at Krones. “The Windows 11 Enterprise ecosystem provides more standardization to our workflows and an improved employee experience as we adapt to our new hybrid workplace environment.”
Windows 11 Enterprise is built to optimize the digital-first workplace with unique features that effectively deliver integrated cloud services such as Microsoft Teams and Microsoft 365 apps for seamless on-demand communication, collaboration, and creation capabilities across the enterprise. Its intuitive user interface and the enhanced design of a modern desktop built for more seamless creation and collaboration is helping Krones employees thrive in a new flexible, hybrid workplace model. Employees are staying organized and productive in shared workspaces, and while working remotely.
“The Windows 11 Enterprise operating system was the right choice to help us take full advantage of the convenience and operational efficiencies of the hybrid workplace and remain productive,” says Riedl.
“One of the most beneficial features of Autopatch has been no longer having to do a technical deep dive to pull update compliance reports for our devices. In the past, we had to build manual reports to access this information, and now it’s right there in Microsoft Intune, summarized and ready to send to our executives.”
Michael Meier, Technical Client Design, Krones
Frontline control and compatibility without compromise
Krones has a variety of highly skilled employees working in dynamic environments worldwide, so the ability to easily customize and configure Windows 11 Enterprise to fit various environments, the needs of its distributed workforce, and the demands of its global customer base is critical to the company’s innovation and growth. The company’s service engineers appreciate the improved performance and battery efficiency of their Windows 11 Enterprise devices while working for extended periods onsite at different customer locations worldwide, and employees working onsite in shared workspaces appreciate that they can keep all their business-critical apps organized according to their preferred display configuration at different workstations.
“We didn’t have to promote Windows 11 Enterprise. Our employees wanted it as soon as possible,” says Florian Kroiss, Technical Client Design, Patch Management, and Application Delivery at Krones. “Windows 11 Enterprise was a win for IT and the business.”
Krones employees report that Windows 11 Enterprise feels more user-friendly and intuitive, and they feel well prepared for work because it’s easier to navigate systems and quickly find the correct information. The workplace design team found that its previous digitization efforts, investments in modern management with Microsoft Intune, and high proficiency and experience with Windows 10 made the deployment of Windows 11 Enterprise feel non-disruptive and like “business as usual,” and technologies like Windows Autopatch have helped to further streamline deployment and management of PCs.
“The workplace design team wants to stay at the leading edge and provide the latest benefits and newest features to employees,” says Kleyn. “The path provided to deploy Windows 11 Enterprise to all compatible hardware seamlessly and remotely, and the overall ease of the deployment, affirmed our decision.”
Streaming Windows from the cloud with Windows 365
Another recent benefit of the new hybrid workplace model at Krones has been the ability to use Windows in the cloud, with Windows 365 Cloud PCs, for scenarios where new employees need to onboard quickly, or where employees need temporary cloud PCs that they can use to stay connected and do their work from anywhere, on any device.
Kleyn says, “Windows 365 has enabled us to deliver a personal workspace from the cloud right to an employee wherever they are located, in Asia, Europe, or the US, without having to provision and ship a physical device. That’s a lot of physical infrastructure, time, and energy saved.”
They have also brought Windows to the shop floor and anywhere else it is needed, with Windows 365 Frontline and Windows 365 Boot. Kleyn says, “our frontline workers can now log in to the shared Windows 11 machines we have on the shop floor area, and find their ‘own’ workspace, exactly at the same state as they left off. Everyone has a solely owned, personal cloud PC, accessible from anywhere, even available to them at home if needed. For example, if they need to log in quickly for activities like shift planning, they have the flexibility to do that rather than come all the way into the office to use a corporate owned device.”
Shared operational efficiency for the win
The upgrade to Windows 11 Enterprise required less time and fewer resources dedicated to training, support, and change management compared to the company’s previous operating system deployments. The improved front-end performance and user interface optimizations provide Krones with a standardized, simplified platform for all employees to access business-critical apps and resources, regardless of role or technical proficiency.
Application compatibility was also not an issue with the update. “Krones uses almost 1,000 complex line-of-business applications in the development and machine configuration environment, and we have not experienced any issues with the compatibility of these apps and Windows 11 Enterprise,” says Michael Meier, Technical Client Design at Krones.
Using Windows 11 Enterprise and Intune saves time for Krones IT. Features like Windows Autopatch, device readiness reports, and Remediations in endpoint analytics help IT staff manage and monitor critical workflows more seamlessly. They acknowledged that the less disruptive, smaller Windows 11 Enterprise feature updates also generated positive feedback, not to mention the efficiencies gained by enhanced control and configuration of the company’s virtualized environments.
“Before Windows 11 Enterprise and Intune, we always had to rely on an on-premises network or a VPN to push policies to our endpoints, and a fresh OS installation took multiple hours,” says Meier. “The combination of solutions we are using now, including Windows 11 Enterprise, Windows 365, Intune, Autopilot, and Autopatch, means we can get physical devices or cloud PCs deployed and enrolled quickly, anywhere with a connection, and it’s much simpler for IT to deploy and the employee to get started.”
Meier expanded on Windows Autopatch, describing it as a natural transition to the latest available technology that not only helped improve compliance metrics and overall security posture by keeping devices up to date, but also added convenience though features like update rings and automated reporting, that alleviate repetitive tasks.
Meier says, “one of the most beneficial features of Autopatch has been no longer having to do a technical deep dive to pull update compliance reports for our devices. In the past, we had to build manual reports to access this information, and now it’s right there in Microsoft Intune, summarized and ready to send to our executives.”
This has also helped alleviate initial concerns around increased data telemetry access needed to adopt Autopatch. Meier and team were able to demonstrate how only specific device data is accessed and how it remains securely siloed and anonymous within the processes that use it, purely for the technical purposes of keeping devices up to date. With Windows Autopatch the Krones team has optimized their fleet of devices to meet the stringent EU data and privacy compliance standards with improved efficiency.
“Our service engineers and frontline technicians rely on stable and secure PCs to help Krones successfully support our global customers,” says Kleyn. “Windows 11 Enterprise and Autopatch play a crucial role in our organization to deliver optimized and highly efficient PC performance and security components, which is critical to our collective IT and business mission.”
"Windows 365 has enabled us to deliver a personal workspace from the cloud right to an employee wherever they are located, in Asia, Europe, or the US, without having to provision and ship a physical device. That’s a lot of physical infrastructure, time, and energy saved."
Roman Kleyn, Head of Workplace Design, Krones
Raising the bar for Zero Trust
As it navigates its workplace roadmap, Krones is developing its security and operations environment around Zero Trust principles. This is to bolster against new risks, including advanced cyberthreats and the attack-anywhere opportunities that target the modern distributed enterprise and the expansion of remote, always active endpoints.
“With Windows 11 Enterprise, we have a platform that raises the security baselines to our requirements for advanced hardware and software protection,” says Andreas Eichelhardt, Public Key Infrastructure and Endpoint Security Design and Operations at Krones. “The virtualization security features extend seamlessly, so we can deliver high performance without compromising security.”
The company can also address the unique challenge of implementing Zero Trust principles by providing a range of automated security features that help protect against threats and deliver more robust authentication, access, and reporting capabilities for more secure work-anywhere access to data and resources. Additionally, Krones can better control which applications can run on which devices, helping to reduce its overall attack surface even as it adds more users and endpoints to the environment.
Attackers constantly adapt to security solutions, so defending against an increasing number of supply chain attacks with innovative solutions is crucial for the Krones security and operations center (SOC). With the comprehensive identity and access management and passwordless sign-in capabilities of Windows 11 Enterprise, Krones can authenticate and authorize users and devices based on various factors, including credentials and device health. The company uses built-in security features, such as Windows Hello for Business and Microsoft Defender SmartScreen, to help prevent unauthorized access to its network and warn Krones employees if a website, application, or download is potentially malicious and harmful.
Feedback at Krones has proven that modern security features, like those built into Windows 11 Enterprise, don’t have to be a burden but can improve user experience in delightful ways: “I love the Windows Hello for Business feature,” says Riedl. “I start my day and sign in to my computer by smiling and I don’t have to manage a password—how great is that?”
The seamless interoperability of Windows 11 Enterprise with Microsoft Security solutions like Intune and Microsoft Defender for Endpoint helps the Krones SOC team quickly detect and respond to active threats by using automated investigations and protect against threats at the endpoint. BitLocker management with Intune is a Windows 11 Enterprise feature that Krones uses to centralize and manage the encryption of devices. With it, Krones can set policies to enable or disable BitLocker encryption, require specific encryption methods, enable recovery options, and manage and monitor encryption keys. And it can help simplify enterprise encryption management, reducing the time and resources dedicated to endpoint security and data protection measures.
“Windows 11 Enterprise, Windows Autopilot, and Intune simplified device deployment so much that now we can enroll a device from anywhere with a few clicks,” says Eichelhardt. “That’s a significant advantage for protecting remote endpoints and employees along with the productivity of our service engineers because they can enroll a device while working in the field anywhere in the world, and employees receive a device that is pre-configured and ready to use right away.”
Krones updated all eligible devices worldwide to Windows 11 Enterprise, with plans to replace ineligible hardware through existing device refresh cycles. “The hardware requirements of Windows 11 Enterprise were positively received by our IT department and encouraged us to move to higher performing and highly secure devices,” says Meier.
Krones updated all eligible devices worldwide to Windows 11 Enterprise, with plans to replace ineligible hardware through existing device refresh cycles. “The hardware requirements of Windows 11 Enterprise were positively received by our IT department and encouraged us to move to higher performing and highly secure devices,” says Meier.
Krones welcomed the TPM (Trusted Platform Module) 2.0 compatible hardware requirements for Windows 11 Enterprise devices because they have helped the company increase its overall security level. A TPM chip is a hardware component that provides secure storage of cryptographic keys and protects the system’s integrity. Windows 11 Enterprise requires a TPM 2.0 chip to be present and enabled in devices.
“The hardware requirements for Windows 11 Enterprise devices help us implement security features now and in the future,” says Eichelhardt. “We also use it for device health attestation and Microsoft Entra ID registration, further increasing our overall security posture.”
“Windows 11 Enterprise and Autopatch play a crucial role in our organization to deliver optimized and highly efficient PC performance and security components, which is critical to our collective IT and business mission.”
Roman Kleyn, Head of Workplace Design, Krones
Sustained ingenuity at scale
By helping drive forward the modernization movement for large enterprises and designing a digital-led hybrid workplace model, made more efficient and economical through technology, Krones continues to provide value to its employees and customers worldwide.
“We focus on the full life cycle of our products and the continuous development of our products,” says Kleyn. “We need the most up-to-date operating system to meet demands for sustainable solutions that help our customers operate more efficiently.”
The company plans to explore how technology designed for the future workplace can help it deliver on the promise of high-quality, safe, and future-forward manufacturing solutions for the food and beverage packaging industry. And with current workplace transformation initiatives and investments in cloud-led, collaborative digital workspaces powered by Microsoft technologies like Windows 11 Enterprise, Windows 365, and Windows Autopatch, Krones is well positioned to deliver on its promise and remain an industry leader for sustainable innovation.
“A modern, secure, and performant operating system is a crucial technical component for our collective ability to deliver solutions beyond tomorrow at Krones,” says Kleyn.
Find out more about Krones on Twitter, Facebook, and LinkedIn.
“The Windows 11 Enterprise operating system was the right choice to help us take full advantage of the convenience and operational efficiencies of the hybrid workplace and remain productive.”
Silke Riedl, Assistant to the Head of Information Management, Krones
Follow Microsoft