Let´s talk

Case studies

Costa Group Modernises Endpoint Security on Microsoft Intune with Essential Eight Level 2 Alignment

Costa Group is Australia’s largest grower, packer, and marketer of fresh fruit and vegetables, operating a national fleet of corporate and farm-based devices across berries, mushrooms, citrus, tomatoes, avocados, and table grapes. This Microsoft Intune case study highlights how, as part of a modern workplace case study, the organisation leveraged Microsoft Intune, Windows Autopilot deployment, Essential Eight Level 2 endpoint security strategies and WDAC application control to deliver a consistent, secure, and centrally managed endpoint environment to support the business.

Challenges

Costa Group operates Australia’s largest horticultural network, with a national fleet of corporate and farm-based devices spanning multiple business units. The business lacked a standardised endpoint management platform, resulting in inconsistent device configurations across the fleet and making it difficult to enforce or evidence a consistent security baseline.

Windows provisioning was performed manually, creating slow onboarding for new staff and ongoing configuration drift between business units. There was no centralised mechanism to control which applications could execute on endpoints, exposing devices to the risk of unauthorised software execution. Patching, BitLocker, and compliance controls were not centrally enforced, leaving Essential Eight maturity gaps that were difficult to close.

Solution

Oreta designed and deployed a Microsoft Intune foundation aligned to Essential Eight Level 2, covering enrolment, security configuration, application control, and update management. The foundation gave Costa a single, centrally governed endpoint platform across both corporate and farm-based devices.

Windows Autopilot was implemented for Hybrid Entra ID-joined devices, replacing manual builds with zero-touch provisioning and streamlining the end-user onboarding experience. Standardised security baselines were configured for BitLocker, Microsoft LAPS, ASR rules, device compliance, and Windows Update Rings, eliminating drift and automating patching across the fleet.

Windows Defender Application Control (WDAC) was implemented using an audit-first approach. Policies were refined through Defender Advanced Hunting telemetry before being transitioned to enforcement, aligned to Costa’s approved application set.

Outcome

  • Essential Eight Level 2 alignment for application control and patch management across the fleet.
  • Windows Autopilot zero-touch provisioning for Hybrid Entra ID-joined devices.
  • Centralised BitLocker, LAPS, ASR, and compliance policies eliminating configuration drift.
  • Audit-first WDAC application control enforced against Costa’s approved application set.

Other Case Studies

  • Microsoft

Implementing Azure Cloud Modernisation Across a Cultural Institution
  • Microsoft

Enabling Unified Identity Governance Across a Multi Entity Hospitality Network
  • Microsoft

Automating Identity Lifecycle Management with Microsoft Entra ID in a Global Space Services Organisation

We empower businesses to thrive by delivering tailored cloud, security, network, and telco solutions. Through advisory, delivery, and managed services, we partner with our customers to innovate, connect, and achieve lasting impact.

Melbourne Office
(Managed IT Services)

Level 7, Tower 2
727 Collins Street
Melbourne, VIC 3000

Dubai Office

The Offices 5, Level 3,
Office 303,
One Central Dubai
World Trade Centre
Dubai, United Arab Emirates

Sydney Office
(Managed IT Services)

Level 11, 14 Martin Place
Sydney NSW 2000

India Office

11th floor, Plot No. I-56, IT City, Sector 83A, Mohali, Punjab – 140308

Enquiries

Follow us:

Privacy policy
Conrade Pty Ltd, trading as Oreta. All Rights Reserved.
2026

Let's talk