Professional Documents
Culture Documents
Modern Endpoint Management Pilot With Azure AD and Intune
Modern Endpoint Management Pilot With Azure AD and Intune
Date: 01/12/2023
Prepared For: Ben Parker
Prepared By: Brett Sower, Adam Eldred, Bob Prahl, Randy
Elsethagen
Blaine County
Modern Endpoint Management Pilot with Azure
AD and Intune
ENGAGEMENT SUMMARY
This Statement of Work ("SOW") is made as of 01/12/2023 (the "Effective Date") by and between Blaine
County ("Customer") and CompuNet, Inc. This SOW is made a part of and is subject to the Terms and
Conditions (Appendix A). Collectively, this SOW, and Appendix A are referred to as the "Agreement."
CompuNet, Inc. will provide services to Customer under this Agreement as further described below.
Overview Of Services
Executive Summary
Customer has engaged CompuNet to help modernize endpoint management within the
organization using Microsoft technologies, specifically Azure Active Directory and Intune.
The IT landscape has changed radically over the last decade: Increased security threats demand constant
vigilance while business needs dictate a highly mobile workforce. Many IT departments struggle to
monitor, secure, and support corporate endpoints, much less handle BYOD initiatives. Traditional
management tools, such as Active Directory and Group Policies, were simply not designed with today’s
needs in mind. Microsoft recognized this industry shift and has spent years moving their focus to cloud-
based technologies that offer better flexibility and simplified management. Microsoft’s Azure Active
Directory (for identity management) and Intune (for mobile device/application management) are both
industry leading tools that greatly simplify modern endpoint management. Adopting these technologies
allows endpoints to be rapidly updated and monitored, while reducing the reliance on connectivity to local
network resources.
CompuNet has developed a set of best practices around endpoint modernization after multitudes of
deployments across several verticals. Mass-deployment of new technologies often taxes an organization’s
tolerance for change and can have unexpected conflicts with existing systems. Working with your staff on
a “greenfield” pilot deployment provides ample opportunity for education and testing without impacting
business users. This pilot starts with a broad training session to educate your staff on the capabilities of
Microsoft's endpoint management suite. The following pilot implementation will cover deployment
methodology, securing endpoints, software deployment, and interoperability testing with your specific
environment. This pilot configuration will then easily roll into production at a pace that is comfortable for
your team, with adequate training to ensure they can expand and maintain the deployment with minimal
outside assistance.
CompuNet has worked diligently to prove our value and commitment to our Customers. We will continue
to strive to bring value, integrity, and a shared commitment to your goals. Thank you for the opportunity
to earn your business.
Project Overview
CompuNet will start with a technical overview of Microsoft’s cloud-based endpoint management tools. We
will then work with your team to configure a pilot deployment of cloud managed Windows endpoints. This
will include configuration and testing of:
Blaine County
Modern Endpoint Management Pilot with Azure
AD and Intune
In addition to configuration items around Windows management, we will also cover basic configuration of
other Microsoft tools that frequently help support modern endpoint deployments:
• Mobile application management policy within Intune to limit data exposure when using Office apps
on mobile devices
• Microsoft Application Proxy to simplify access to internal web services without the need for
Customer VPN
Location
All work will be completed remotely.
Engagement Timeline
Project duration is expected to take up to 4 weeks. Project start date will be agreed upon in advance by
both Customer and CompuNet. Work schedule will be driven by the schedules and availability of critical
personnel.
In this session, CompuNet will lead a 90-minute training session for staff to become familiar with
Microsoft's modern endpoint management tools and their capabilities. This training is technical in nature,
but applicable to most IT team members. Participation of multiple groups within IT is encouraged, even if
those users will not directly support endpoint management tools. Broad understanding of endpoint
management capabilities will help ensure a successful rollout. Questions and informal planning are
expected during this session as staff identify features that would like to see implemented in the pilot.
Configuration is focused on best practice settings developed by CompuNet engineering with slight
adjustments for the specific environment. While not all features within Intune are covered, the pilot will
provide a solid foundational baseline that covers common use-cases.
• CompuNet review of any key notes or specific information related to Customer's environment
• Q&A session to cover any remaining topics
• Validation all success criteria have been met and project closeout
Customer Prerequisites
Customer is responsible for procuring appropriate licensing prior to project start.
• A license will be required for any user logging onto a managed workstation, specifically one of
these:
• Microsoft 365 E5
• Microsoft 365 E3
• Enterprise Mobility + Security E5
• Enterprise Mobility + Security E3
• Microsoft 365 Business Premium
• Microsoft 365 F1
• Microsoft 365 F3
• Microsoft 365 Government G5
Blaine County
Modern Endpoint Management Pilot with Azure
AD and Intune
• This may be supervised access but granting temporary access to the CompuNet engineer as a
guest user is often helpful for troubleshooting during the project.
• Some setup may require Global Administrator privileges, but most actions can be performed by the
"Intune Administrator" role.
A functional Azure Active Directory tenant synced with on-premise Active Directory is required
prior to project kickoff.
• Azure AD Connect settings will be validated by CompuNet engineer during project kickoff.
Scripted installation files and procedure must be provided for any applications to be deployed
as part of the pilot.
• Typically, a MSI installer satisfies this requirement, but Customer is responsible for validating
deployment process with the application vendor.
Customer is responsible for user data migration strategy when moving systems to Intune
management.
• CompuNet strongly recommends deployment of OneDrive with common folder redirection prior to
pilot deployment.
• Basic support for ensuring OneDrive data is restored upon user login will be covered during
the project, but a broad deployment of OneDrive is outside the scope of this project.
• CompuNet will assist with developing a migration strategy, but deployment of data migration tools
on existing systems is outside the scope of this project.
This CPOR association is important to both your organization and CompuNet because it helps us maintain
our strong partnership with Microsoft through competencies and advanced specializations. CPOR then
provides CompuNet access to additional programs that allow us to better support you, our Customer.
CompuNet will request association as your Partner of Record during the kickoff phase for the Microsoft
365 workloads relevant to this engagement. Once our request is made you will receive an email from
Microsoft informing you of the association.
PROJECT MANAGEMENT
The Project Manager shall provide the following services:
• Project Initiation - The Project Management team will coordinate a kick-off call to commence the
project
• Project Planning - The Project Management team will develop project planning documents
including timelines, tasks, resource assignments
• Project Management - The Project Management team will manage the project in accordance with
the CompuNet Project Methodology and Framework
• Project Closure - The Project Management team will create project acceptance documentation to
be signed upon completion of the project
PROFESSIONAL FEES
Pricing for the proposed scope of work is as follows:
Amendments
This SOW may only be changed by a written amendment executed by an authorized representative of
each party. The amendment must expressly refer to the SOW being amended; no amendment is binding
or effective until it is completed by an authorized officer of each party as provided herein.
Blaine County
Modern Endpoint Management Pilot with Azure
AD and Intune
Randy Elsethagen
Senior Account Executive
(208) 562-4720
randyelsethagen@compunet.biz
Brett Sower
Solutions Engineer
(208) 813-3194
bsower@compunet.biz
Adam Eldred
Solutions Architect
(208) 813-3228
aeldred@compunet.biz
Bob Prahl
Project Manager
(208) 488-7264
bprahl@compunet.biz
Blaine County
Modern Endpoint Management Pilot with Azure
AD and Intune
CUSTOMER ACCEPTANCE
Pricing is effective if Statement of Work is signed by 02/11/2023.
Customer authorizes CompuNet to deliver consulting services under the terms defined in this Statement
of Work. In addition, you hereby represent that the signatory below is duly authorized to execute this
Agreement on Customer's behalf. The Effective Date of the Agreement is the date of last signature below.
For: For:
Blaine County CompuNet, Inc.
By: By:
Name: Name:
Title: Title: