Have you also tried to roll-out Windows 10 with Azure AD and potentially also Microsoft Intune and lack capabilities?

With many projects and thousands of Windows 10 client roll-out behind us, we at EnvokeIT have realized that business and IT struggles to deliver a fully integrated and functioning mobile workplace.

There are capabilities that IT needs that Microsoft doesn’t provide in Windows 10, Azure AD and Microsoft Intune, we need something else and don’t want to build a costly on-premise infrastructure just to deliver our workplace. We want to deliver our service without leveraging Active Directory, System Center Configuration Manager and corporate networks etc…why?

  • Reduce TCO
    • Don’t use on-premise of Azure IaaS infrastructure (AD, Configurations Manager etc).
    • Don’t expand your corporate WAN to all sites where infrastructure is not needed, leverage Internet, Office365, Intune too deliver your Windows workplace.
  • Reduce complexity
    • Use SaaS services when possible and don’t build your own that increases your OPEX and CAPEX costs.
  • Increase availability and service evolution
    • Let the vendors deliver the service to you, they are better and cheaper at it.

How it works

The EnvokeIT Workspace Client service is an Internet-connected cloud service that your clients will communicate with. It´s built to provide that capabilities that we have seen that Office365, Azure AD and Microsoft Intune are lacking to deliver to a fully managed Windows workplace from the cloud.

You install our agent on your devices and it will ensure that your devices are kept in the desired state that you have configured them to be from our services portal.

In the Portal you as an IT administrator configure the taks that the agent should perform on all devices. Currently the service and agent supports the following configurable items:

  • Registry Management
  • File Management
  • PowerShell Scripting


The service is built for Windows on Azure and leverages the latest technology to ensure that you can adopt the Windows and Azure AD architecture without lacking what you need from good old Group Policies!

Here are some examples of what the service can solve for you:

  • If you want to specify and ensure that all your users have the same company background, you can do that!
  • If you need to configure Office application settings for all users, no problem!
  • Do you need to have updated User Guides or other material easily pushed to your users, no problem!
  • If your web applications require that they are put in Local Intranet or Trusted Sites in your browsers, then you can push that out!
  • Does your Windows application require specific local settings files to be pushed to the clients, no worries we’ve got you covered there as well!
  • Do you need to push out Microsoft Edge policies you can do that as well! For a complete list of built-in Group Policy objects that you can configure see this list.
  • IF you need to do special configuration of the OS, applications or user settings you can do that through PowerShell scripts, you write the scripts and our agent makes sure it’s run in user or system context. Configuration possibilities are endless!

Architecture Overview

The following picture shows an overview of how the Windows 10 device is managed and a typical Windows 10, Office 365 and cloud-based architecture:

Agent and Release Management

When you sign up for the service we provision a tenant for your company, within this tenant you can then define and configure the following items:

    • Company information – here you can update all the relevant information about your company and billing details.
    • Users – these are your IT administrators that will configure and manage the service for your company
    • Configuration Groups – a Configuration Group is set of items that an agent/device shall fulfill. You can create a Configuration Group item called HR and make sure that all configurations for the HR agents are configured for this, then create another Configuration Group for Sales that all sales devices shall be configured against. It’s also possible to have an agent be a part of multiple Releases, for instance if you like a “Generic settings” and “Sales” to be applied to a device.
    • Registry items – these are registry values that you choose to configure from built-in templates (~4000 Group Policy Objects) or your own custom ones that shall be configured. Registry items can be enforced so that the agent keeps them in the desired state or only not enforced which would instruct the agent to configure it once and then the end-user can change it.
    • File items – these items are files that you want to ensure exists on a device in a specific destination. It could be that you want to copy out a background picture that shall be on each device or an application setting file that shall be distributed to the device(s). Files can also be enforced, which would instruct the agent to make sure that it’s there and is updated if the central source is updated. If not enforced the file will be copied once to the device.
    • PowerShell Scripts – these PowerShell scripts that you want to run as the logged in user or as local system on the device. Just imagine what you can do, possibilities are endless! Write the PowerShell script and then publish it to the Configuration Group that you like to receive and run it and the EWC agent will make sure it’s done!

Note; currently the service is limited to file smaller than 10Mb in size. Contact us if you require larger files to be supported for your tenant.


Our price plan is built for companies and teams of all sizes. Start with 30 days for free!

Click here to start your Free Trial!


Do you want to talk about the Cloud or any other specific topic don't hesitate to contact us.

Contact us