Cloud-managed workplace

About the project

The client provides a cloud-managed workplace as a service, helping over 600,000 users easily update, install, deploy, and manage third-party applications on Windows devices.

Challenge

Keeping third-party apps up-to-date without putting customer data at risk remains one of the biggest issues of modern workplaces. That’s why user privacy and security were a top priority of the project.

Our dedicated development team was tasked to create a GDPR-compliant portal that is both secure and easy to work with. The GDPR requires organizations to protect the personal data they collect and process from unauthorized access, destruction, alteration, or use. On top of that, the whole development process must follow Secure Software Development Lifecycle principles and guidelines.

With a solid background in Microsoft technologies and in-depth knowledge of cybersecurity best practices, we quickly found solutions that met product requirements and client needs. By integrating with Azure Active Directory and Graph API, we’ve fully covered security vulnerabilities that appear during installations and updates on Intune-managed devices.

Solution

The development started with the discovery phase. In one month, our dedicated team outlined software architecture, defined the project scope, and estimated timeframes for delivering the MVP. Our UX/UI designers ensured the product’s value and usability by applying the user-centered design process. They conducted user research, created step-by-step task flow diagrams, and wireframed the entire solution to test it on potential users.

In 5 months, we launched the MVP that included the following features:

• Customer registration with Azure AD
• Inviting customers
• Customer management
• Role management
• Switching between organization (partner only)
• Auditing of all user actions within a tenant
• Storing connection strings in Azure Key Vault
• App Store functionality: apps overview, search, and filter; subscriptions, installations, adding new apps and app versions
• App package management: secure communication with package service, package info setup, app version update, Intune service task creation and management
• Basic Dashboard with predefined reports and fixed Time Ranges

The platform’s App Store provides 950+ pre-packaged applications and enables users to upload custom apps by using the intelligent packaging engine. The engine automatically creates a package and uploads it to Microsoft Intune so that it can be installed on tenants’ devices. This reduces user friction caused by application updates and overcomes limitations of Microsoft Intune, namely updating available apps and custom apps.

If customers can’t find applications they need on the portal, they can request new applications. The process for adding new applications involves several steps to ensure security and legitimacy.

By using Azure AD Identity and Conditional Access services, our dedicated team enabled multi-tenancy and user-based application assignment for Intune users. This way, Managed Service Providers can easily switch between customers and manage their apps within a single platform.

To ensure future scaling and Web Application Firewall protection, we utilized Azure Front Door service. Azure Front Door is a cloud-based, global network that uses the Microsoft Azure edge network to deliver content. Additionally, it integrates with Azure Content Delivery Network (CDN) standard for caching static content at the edge, and with Azure Web Application Firewall (WAF) for protection against common web exploits.

Features

• Customizable install commands
• Application updates testing
• User interaction & postponing of updates
• Background app updates
• Historical reporting
• Multi-tenant management
• Bring-your-own-app
• Automatic update of available apps
• User-based application assignment
• Cross-customer application sets
• Automatic log collection of failed installations

Technologies

.Net 6.0

ASP.Net Core

Azure Function

Azure Service Bus

MS SQL

Azure Key Vault

BLOB storage

SendGrid

CQRS

MediatR Library

Entity Framework Core

Angular

Kendo

Angular Material

Business value

We helped the client conduct effective product discovery – validate their product idea, assess feasibility, and turn it into a clear product vision along with a software development strategy. Our team provided all deliverables to kick off the MVP development: prototypes, SRS, functional and non-functional documentation.

With Blackthorn Vision, the client covered their end-to-end development needs without hiring in-house experts. Throughout our cooperation, we consulted them on possible technical problems and ways to prevent them.

The quality of our implementation helped our client bring unique ideas to life in the most efficient way, boosted product growth, and expanded their customer base. Now, the client has more opportunities to scale and upgrade the solution. And our dedicated development team continues to work on the project as a part of their company.