Scenario

  • 4 minutes

Contoso is a global financial services company with over 50,000 employees operating across multiple regions. The organization faces several challenges:

  • High IT complexity: Managing updates and recovery for thousands of endpoints requires significant manual effort.
  • Growing security risks: Increased phishing attempts and credential theft have raised concerns about identity protection and compliance.

To address these challenges, think about some of the features you learned about in this module:

  • Cloud Rebuild – Rebuild devices remotely by downloading installation files from the cloud.
  • Point-in-Time Restore – Roll back devices to a previous state quickly.
  • Quick Machine Recovery – Speeds up remediation when devices fail to boot.
  • Windows Hello for Business – Passwordless authentication using biometrics and passkeys.
  • BitLocker encryption – Protects data at rest on devices.
  • Post-Quantum Cryptography (PQC) – Future-proof encryption against quantum attacks.
  • Windows Autopatch – Automates monthly security updates and quality patches.
  • Windows Hotpatch – Applies updates without rebooting to reduce downtime.

Tip

Consider the features you've learned about throughout this module. Which ones can help solve the challenges faced in this scenario?

For example:

  • Challenge: Increased phishing attempts and credential theft raise concerns about identity protection and compliance.
  • Consideration: Passwordless authentication helps reduce phishing and credential theft. Which feature provides that capability?
  • Solution: Windows Hello for Business uses biometrics and passkeys for secure, passwordless sign-in.

Flowchart mapping challenges like high IT complexity and security risk to potential Windows 11 solutions.

Optional challenge

We highlighted only some of the features covered in this module. Can you think of other features or approaches from the module that could help Contoso address its challenges?

  • What other solutions could improve security, simplify management, or reduce downtime?
  • What other challenges might a global organization face that the features you learned about in this module could help address?

Real-world success story

Banco do Brasil is one of the largest and most established financial institutions in the world, with more than 86,000 employees operating across thousands of service locations. The organization faced significant challenges in delivering a consistent and secure digital experience due to fragmented operating systems and complex IT environments.

  • Devices running different operating systems created inconsistencies in security and management.
  • Remote work during the pandemic highlighted the need for a standardized, secure hybrid environment.
  • Increased security risks required stronger identity protection and compliance controls.

Solutions

To address these challenges, Banco do Brasil:

  • Migrated more than 30,000 devices to Windows 11 Enterprise to standardize the operating environment.
  • Implemented Windows Hello for Business for passwordless authentication using facial and fingerprint biometrics.
  • Enabled BitLocker encryption and Microsoft Defender for Endpoint for advanced device security.
  • Adopted Microsoft Intune and Windows Autopilot for centralized device management and automated provisioning.
  • Integrated Microsoft Entra ID for identity-based security, including multifactor authentication (MFA) and Conditional Access.

Outcomes

As a result, they experienced:

  • Improved security posture with advanced encryption and identity protection.
  • Reduced IT complexity through cloud-based management and automated provisioning.
  • Enhanced collaboration with a consistent user experience, resulting in a 117% increase in daily Microsoft Teams message exchanges.

Banco do Brasil’s approach demonstrates how combining identity security (Windows Hello for Business), device protection (BitLocker), and modern management tools (Intune, Autopatch) can create a secure, standardized environment for a global workforce.