Security That Works With People, Not Against Them: RAW Capital and Microsoft Intune

The Challenge

RAW Capital operates in financial services from Guernsey, with a team of 60 people handling work where compliance isn’t optional and device security isn’t negotiable. The challenge they came to us with was not that they lacked security - it was that their security didn’t hang together.

Every device in the company was being managed and monitored through a combination of individual tools. There was no single security configuration that applied across the fleet. As a result:

• Compliance standards kept moving - Financial services regulation was raising the bar, and the existing patchwork approach couldn’t keep pace
• User experience was fragmented - Different tools with different behaviours gave staff a disjointed, frustrating day-to-day experience with their own laptops
• No single source of truth - There was no one place to answer the question “are all our devices compliant right now?”
• Build processes were slow - New device setup was a time-consuming, manual effort every time a new person joined

The brief to us was clear: raise the bar on security, but do it in a way that works with the people using the devices - not against them.

Our Approach

We started by listening. Before recommending any tooling or policy, we spent time understanding how RAW Capital’s staff actually used their devices day to day - because a security policy that staff quietly work around is worse than no policy at all.

Designing the Policy First

Using the picture we built, we designed a modern device compliance policy that reflected both industry best practice and the realities of RAW’s working environment. The goal was a security baseline users would barely notice in normal operation - and that would kick in firmly and predictably when something genuinely needed attention.

Deploying the Microsoft Stack

We consolidated device management onto a single Microsoft stack:

• Microsoft Entra ID as the identity foundation for every user and device
• Microsoft Intune to apply the compliance baseline across every endpoint
• Windows Autopilot to provision new devices directly from the box without IT having to touch them
• Microsoft 365 tying the whole experience together with a single identity and single set of policies

Rolling Out Without Breaking Anything

The policy changes were rolled out over several weeks rather than overnight, giving us the chance to catch edge cases and adjust before anyone was disrupted. The result was a migration users described as uneventful - which, for a security project, is the best review you can get.

Rethinking the Build Process

As part of the same project, we redesigned RAW’s new device build process. Instead of a manual, hours-long setup for every new starter, a new device now arrives in the box, is unboxed by the user, and self-configures through Autopilot. A new joiner can be up and running in under an hour, without IT ever touching the hardware.

The Results

RAW Capital now has a single, enforced compliance baseline across every device in the company. Microsoft Intune continuously reconciles device state, and if a device drifts out of compliance, CloudMatters is notified automatically. Remediation happens silently where it can, and escalates through a managed support ticket when it can’t - so nothing gets missed and users aren’t left guessing.

New device deployment has been transformed. Autopilot means new employees receive a device in the box, power it on, sign in, and are working within an hour. That is time RAW’s team gets back, every single time someone joins.

Most importantly, RAW’s compliance position is now something they can describe with confidence to regulators and stakeholders - backed by a system that actively maintains it rather than a checklist someone has to remember to run.

Looking Forward

We continue to manage RAW Capital’s device estate through Intune and support their broader Microsoft 365 environment - evolving the compliance baseline as regulation evolves, and keeping the user experience as frictionless as the day we deployed it.