Shared Device Management: April Sprint Update

April 2025 

Welcome to the latest update on the Shared Device Management (SDM) project. 

Throughout the month of April, we progressed well in configuring the RBAC (role-based access control) model in our Visiontype (our non-live test environment). 

Summary of April sprints  

Configuring our Intune Visiontype 

Part of the plan for Intune management is to have an Oxford-wide service so that Information Security compliance policies can be applied to machines across multiple units. We need these policies to be readable by the unit administrators (IT individuals who support the device management within their area including adding specific policies and applications) so they can see what is being applied to their machines. 

Early testing has revealed some issues with how Intune applied permissions - which means our original plan of having read-only rights for the ‘Oxford’ scoping tag, given to unit administrators, needs to be changed.  

A scope tag is a label that, when assigned to an administrative user role, ensures that only objects (such as policies, groups, and applications) with the same scope tag assigned are visible to that user in the Intune console. They restrict admin visibility to objects with matching tags when RBAC filtering is in use. 
After discussion within the team, we have decided that documentation will be provided for ‘Oxford’ policies. We are also testing giving a separate read-only user account with a more limited scope for debugging issues brought about by multi-unit users or devices. 
 
You can watch a brief explanation video from Matt, which we also used during our show and tell: Sprint Review.mov 

We almost completed configuring the RBAC model in April and are aiming to have this wrapped up in the month of May. 

Research for mapping out the ‘As Is’ 

April also saw a start on drafting the service blueprint to document all findings for the as-is process around device management. This will collate all the different ways that departments meet the needs of users for device management.  

Think of it like a menu or ‘bingo card’ that contains all the different local processes in one place. Moving forward this will be used to iteratively move towards a to-be service blueprint, with the same user needs being met by different solutions as they are tested and developed.  

As part of this we’ve continued outreach and completed a set of sessions with Humanities and Geography. The insights of the research highlighting some common themes: 

  • Understanding different user profiles 

  • Provisioning processes (and the variations between departments) 

  • Self-service instances 

  • It can be disjointed between local and central processes 

These sessions generated good discussions in the team about the current landscape and how these findings might inform the future service offering. 

The Saïd Business School 

In April we delved deeper into how departments such as the Saïd Business School are currently using Intune. Our face-to-face user research conducted with the Saïd Business School provided valuable insights and a deeper understanding of how Microsoft Intune is utilised by the department for managing Windows devices.  

The session covered several use cases, including setting up standard and custom builds for devices, as well as wiping devices. Additionally, it highlighted key challenging areas and the mitigation activities undertaken by the department to address these challenges. 

SDM team meet with Said Business school - image of 4 staff members around a table with laptops and mugs

Face to Face research session at the Said Business school. L-R: Ben Sumner, Robert Smith, Princy Wilson Abraham, James Cox

 

File and Print Management 

An investigation is currently underway for the management of on-premises file sharing and print management. Various options have been identified, and an initial draft will be shared with key stakeholders for their review and feedback. 

What have we learnt in April? 

We have learnt that communication and collaboration is very important for the team to work efficiently. The scrum master has booked a fortnightly project space for the team to use for white board sessions – which are offline team gatherings used to discuss progress and make decisions. In a recent session, we merged the ongoing research with the technical progress, more of which is mentioned above in the ‘As Is’ section.  

 What’s coming up next? 

In this next month, we plan to wrap up the configuration of the RBAC model and decide on how we can pick up the pace on delivering the rest of the work on the Visiontype.  

We will also refine our user research plan and continue our work on the service blueprint, engaging with more departments across the university to understand their device management. 

We also plan to have sessions with a Microsoft consultant who can support the team in configuring Intune and help us use it in the best way possible that will benefit the shared device management across university.  

We hope this has been a helpful insight into what April has involved for the SDM project. We’ll be back again with more updates on the May sprints, and how the project is progressing at the end of the month. 

Any questions, or if you would like to attend the next sprint review (taking place 21 May 14:30-15:30) please email shared.infrastructure@admin.ox.ac.uk and do join the Teams channel for further updates.

Sign up to receive SISP updates via email 

 

Contact

Add contact details here