Zero-touch, factory provisioning and modern management: What’s it about?

 In |

Reading Time: 5 minutes

Quick: What’s the difference between Zero Trust and Zero Touch? Have you ever heard of Modern Management? Or Factory Provisioning?

You may have heard some of these terms before, but what do they mean exactly? And just as critically, how can they benefit your organization? (Hint: they most certainly can.)

That’s what this blog is all about. We’ll help you understand what these terms are all about – and why modern management is so crucial to organizations just like yours. We’ll walk you through the consultative approach SHI has developed, and when you finish reading this article, you will fully understand not only what they all are, but how SHI can leverage them to help your organization improve PC lifecycle management, drive efficiencies, and reduce shipping costs.

Let’s begin the discussion with a few definitions.

Zero-Touch Provisioning: The act of automated enrolling and registering an end user’s device into a Unified Endpoint Management (UEM) System with “zero” touches from a human.

Zero-Trust: The concept of having zero trust for a device on a company network. The architectural components for the concept include devices, users, and networks.

Factory Provisioning: Configuring Windows PCs in a factory setting and deploying the pre-configured machines directly to the end-user.

Drop Ship Provisioning: Factory provisioning powered by VMware’s Workspace ONE product suite.

Modern Management: A contemporary approach to securing and managing endpoint devices (Windows, macOS, iOS, and Android) in a centralized location.

What is it all about?

Now that we know what these things mean, we’ll take a closer look at how SHI is leveraging these technologies to solve common workplace challenges.

Over the past decade, organizations have increasingly used zero-touch provisioning to enroll mobile devices into management systems including Apple’s Device Enrollment Program (DEP) or Google’s Android Enterprise (AE). Over the years, this process has become increasingly automated.

These days, organizations are expanding their attention beyond mobile devices, and are increasingly focusing on Windows devices. At SHI, we’re seeing growing demand for using a Modern Management approach to secure these types of devices. The advantages of this approach include the ability to securely manage devices over the air, preconfigure them in the factory, and drop ship them directly to end-users. This process frees internal IT staff from having to configure Windows devices and keeps shipping costs in check.

Given the rapid pandemic-driven shift to remote and hybrid work styles over the past couple of years, SHI has created a Windows 10 factory provisioning solution. It harnesses modern solutions such as VMware’s Workspace ONE and Microsoft’s Windows alongside SHI’s Integration Centers. It provides our customers with a dependable solution that saves time, money, and resources by allowing SHI to ship pre-configured devices directly to end-users.

What is the process?

SHI’s five-step consultative process helps organizations of any size, in any sector – including aerospace, healthcare, retail, manufacturing, and others – to understand the unique business challenges they face, and how they’ll need to resolve them. The process includes the following key steps:

Step 1: The process begins with a quick discussion with your SHI account representative to identify the use case that requires solving. If you do not have an SHI account representative, fill out this form, and we will be in contact to schedule our initial briefing.

Step 2: This is a more technical conversation to discuss what it takes to get your organization from today to where you want it to be. We gather enough information to present the total cost of ownership, project deliverables, and timelines.

Step 3: During this phase, SHI presents a custom statement of work designed to fit your organization’s needs. This phase also provides the opportunity to navigate contractual language, security questionnaires, customer referrals, and any other pre-sales discussions.

Step 4: We’ll kick off the project by bringing all the responsible parties together to start changing how your organization manages its endpoint devices. After project kick-off, we help you configure your VMware Workspace ONE tenant to facilitate zero-touch factory provisioning.

Step 5: We leverage our advanced Integration Centers to configure your devices and ship them directly to your end-users at any predetermined location.

Download PDF

The Customer Experience

What are the pain points we have identified? Why are organizations turning to SHI to help solve their challenges related to end-user computing?

As a case study, we will use a real example and call the company “OrgZ” for privacy reasons.

OrgZ is a Fortune 200 company and has been a partner with SHI for many years. While working on a VMware ELA, they brought up a recent challenge related to end-user computing. OrgZ had 20,000 Windows 10 machines they needed to enroll into Workspace ONE, and 20,000 iOS and Android, and macOS devices migrated from another UEM console. OrgZ had multiple goals:

  • Configure a new Workspace ONE SaaS tenant.
  • Create the ability to Modern Manage and Factory Provision Windows 10 devices with improved enrollment and out-of-box experience (OOBE).
  • Provide a turnkey environment for managing all corporate and bring-your-own devices (BYOD) from a single pane of glass.
  • Deploy mobile device management (MDM) profiles and policies for managing and securing iOS, Android, and macOS devices to replace another MDM within three months.
  • Configure Workspace ONE integrations with Okta as the primary identity provider for zero trust access to corporate apps.
  • Develop formal written policies to reflect corporate acceptable use guidelines and ensure these are enforced via the Workspace ONE console.

How did OrgZ benefit, and what experiences did SHI enable with technology?

With the help of SHI, OrgZ was able to benefit from a cost, security, and end-user experience perspective.


By consolidating their device management system to Workspace One to develop a Modern Management approach, and leveraging SHI’s Integration Center Services to Factory Provision devices, and shipping them directly to their end-users, OrgZ reduced costs associated with configuring and deploying and managing devices.


SHI helped improve the security of OrgZ by bringing them closer to a Zero-Trust architecture by incorporating Okta into their application authentication process. SHI also established a baseline for ensuring that corporate policies around mobile strategy, security, device management, email management, app management, and content management are implemented appropriately within the organization.

End-User Experience:

By leveraging the appropriate technologies and services, SHI helped OrgZ create a better end-user experience. Implementing a product that provides users with a single pane of glass for accessing their applications and implementing a single sign-on experience for those applications increases workplace efficiency and satisfaction. Furthermore, SHI’s ability to drop ship devices directly to end-users and create consistent out-of-the-box experiences made onboarding new users and refreshing devices a better experience for OrgZ users.

What’s next?

To learn more about SHI’s Windows 10 Factory Provisioning Services on Workspace ONE, reach out to your Account Executive, or submit a request here.