Cloud

Managed Apple and Microsoft services for Paris organisations

Monitoring, maintenance and hardening of your IT for a reliable, secure and controlled environment.

Service managé, supervision et automatisation

Performant IT rests on proactive, controlled fleet management. Every workstation is a critical point of your operations. Deployment, updates, compliance, monitoring — each is handled with precision.

Who it is for

Who it is for

SMBs with a mostly-Apple fleet

10 to 500 Mac, iPhone and iPad endpoints. Consultancies, agencies, galleries, cultural institutions, brands — any organisation that has chosen the Apple ecosystem for stability and user experience.

Organisations in growth

Companies that onboard regularly and can no longer improvise on every arrival. Zero-touch onboarding and automation become essential past 20 hires per year.

Subsidiaries of international groups

Paris offices of foreign groups that must hold group security and compliance standards while adapting to French specifics.

Multi-site structures

Regional offices, distributed locations. Centralised supervision keeps the service level high without multiplying local staff.

IT leaders seeking predictability

In-house IT teams that want to outsource operations to focus on strategy and business projects.

What we do

What we do

01

MDM and centralised inventory

Kandji, Microsoft Intune or Jamf depending on context. Automatic enrolment via Apple Business Manager or Windows Autopilot, compliance policies, application delivery, disk encryption (FileVault / BitLocker), real-time hardware and software inventory.

02

Zero-touch onboarding

Every new hire receives a blank Mac or PC, signs in with their Entra ID identity, and the workstation self-configures in 20 minutes: business apps, VPN, security profiles, shared access. Zero physical intervention by a technician.

03

SSO SAML, OIDC and passkeys

Microsoft Entra ID, Okta or Google Workspace as the central identity provider. SAML and OIDC single sign-on across business applications, mandatory MFA, passkeys (FIDO2) on sensitive accounts, SCIM provisioning from your HRIS.

04

EDR and endpoint security

Microsoft Defender for Endpoint, CrowdStrike Falcon or SentinelOne depending on context. Continuous alert supervision, XDR correlation, incident response, configuration hardening per CIS and ANSSI baselines.

05

Zero Trust Network Access

Replacement of traditional VPN by modern ZTNA solutions: Cloudflare Access, Zscaler Private Access, Tailscale. Access based on identity and device compliance rather than location.

06

Migrations and modernisation

Google Workspace to Microsoft 365, on-premise to cloud, Active Directory to Entra ID, legacy VPN to ZTNA, Windows Server to Azure / M365. Planned, tested migrations with no data loss and no service interruption.

07

Patch management and 24/7 supervision

OS, application and firmware updates deployed in cohorts within negotiated maintenance windows. 24/7 monitoring of critical equipment (servers, storage, firewalls, internet links). Alerts before the user notices the incident.

08

Governance and compliance

GDPR-aligned policies, ISO 27001 readiness when required by your enterprise customers, Conditional Access with device-compliance checks, Privileged Identity Management (PIM) on admin accounts, logging and audits.

Methodology

Methodology

01

Assessment

Hardware and software inventory, existing fleet analysis, technical-debt and risk measurement.

02

Target and roadmap

Definition of the target SI state at 12-18 months. Replacement vs. standardisation trade-offs. Costed budget.

03

Deployment

MDM rollout, configuration standardisation, progressive migration. Full documentation at each step.

04

Operations

Continuous supervision, patch management, monthly reporting, continuous improvement. You no longer handle day-to-day operations.

Stack

Technologies

Our reference tools for operating an Apple and Microsoft fleet in production.

MDM

  • Kandji
  • Jamf Pro
  • Microsoft Intune
  • Apple Business Manager

Identity

  • Microsoft Entra ID P2
  • SSO
  • Conditional Access
  • MFA
  • Passkeys

Monitoring

  • PRTG
  • Datadog
  • Uptime Kuma
  • Better Stack

Backup

  • Veeam
  • iDrive
  • Backblaze B2

Systems

  • macOS
  • iOS
  • iPadOS
  • Windows 11
  • Linux (selective)

Case studies

Case studies

Paris office of a global reinsurer

Reinsurance · corporate workplace

Mixed Mac and Windows fleet managed via Intune and Kandji, Entra ID P2 with Conditional Access aligned on group standards, continuous supervision, monthly reporting to group IT.

Strategy consulting firm

Consulting

Full managed service: Kandji MDM, Microsoft 365 admin, Entra ID P2, SSO SAML on business apps, Defender EDR, supervision, quarterly reporting to executive leadership.

Paris creative agency

Communication & creative

Standardisation of a 100 % Apple fleet, Kandji MDM, zero-touch onboarding for new hires, supervision and patch management without disrupting creative rushes.

Executive education institution

Education

Full fleet management for faculty, administrative teams and equipped classrooms, Entra ID, SSO on pedagogical applications, strict security policies.

Engagement

Engagement model

Fee per managed endpoint, annual commitment. Includes supervision, patch management, MDM administration, level-2 support and reporting. Initial deployment projects (MDM, migrations) are scoped separately. Reversibility is guaranteed: you keep control of your tenant and fleet at all times.

FAQ

Frequently asked questions

What is the difference between IT support and managed services?
IT support responds to user incidents (reactive). Managed services proactively operate the infrastructure: continuous supervision, updates, compliance, standardisation. The two are typically combined: at Macinwork, managed services include level-2 user support and sit on an MDM foundation that structurally reduces incident volume.
Which MDM should we choose for an enterprise Mac fleet?
Kandji is our default recommendation for Paris SMBs on Apple fleets: modern interface, native Apple Business Manager integration, a library of 200+ ready-to-use compliance recipes, responsive support. Jamf remains relevant for large accounts with advanced customisation needs. Intune is the coherent choice for mixed Mac + Windows environments sitting on a Microsoft 365 base.
How long does MDM deployment take on an existing fleet?
For 50 to 100 unmanaged Macs: 4 to 8 weeks. Phase 1 (2 weeks): Kandji setup, policy definition, pilot on 5 workstations. Phase 2 (2-4 weeks): progressive enrolment by team with white-glove handling. Phase 3 (2 weeks): switch security policies to enforcement and train teams.
Does zero-touch onboarding really work?
Yes, with a properly configured MDM and Apple Business Manager enrolment. The new hire receives a sealed Mac, powers it on, signs in with Entra ID, and within 20 minutes the workstation is ready: business apps installed, VPN configured, email, Slack, file shares, security profiles. No physical technician intervention.
How do you manage updates without disrupting users?
Cohort-based deployment within negotiated maintenance windows. Critical security updates are pushed within 48-72 hours. Major updates (new macOS version) are tested for 2 to 4 weeks on a pilot sample, then rolled out to the rest of the fleet with proactive user communication. We carefully avoid Fashion Week weeks, closings, or activity peaks.
Can you manage a mixed Mac + Windows environment?
Yes. Kandji for Macs, Intune for Windows and mobile, a single Entra ID directory for identity. Policies are aligned across both worlds: mandatory MFA, disk encryption (FileVault / BitLocker), auto-lock, device compliance gating for resource access. The user experience stays coherent regardless of OS.
What level of supervision is included?
24/7 monitoring of critical equipment (servers, NAS, switches, firewalls, internet access) with automatic alerts. For user workstations, supervision covers compliance (up-to-date antivirus, active encryption, current OS, application inventory). A monthly dashboard presents the fleet state and gaps to close.
What is in the monthly report?
Updated inventory (hardware, software, licenses), fleet compliance rate, incident volume and nature, average resolution times, major evolutions of the month, identified risks, improvement recommendations. The report is calibrated to your audience: summary for leadership, technical detail for an in-house IT team when one exists.

Next step

Take back control of your IT fleet

An initial audit to measure technical debt and define a concrete action plan.

Book a meeting Contact us

Nos autres services

Support informatique, gestion du parc
Proximity

IT Support

Day-to-day management of your IT fleet (Mac, PC, mobile) with human on-site and remote support. Built on modern tooling: MDM, inventory, SSO identity, EDR.

En savoir plus
DSI à temps partagé
Strategy

Fractional CIO

Strategic expertise to steer your information system, without the weight of a full-time role.

En savoir plus
Stratégie IA pour PME et marques
Innovation

AI Strategy

Define, test and deploy generative AI in service of your business. Maturity audit, measured pilots, Claude for Work / Microsoft Copilot rollout, data governance.

En savoir plus
Point de vente Shopify POS
Retail

Point of Sale

Performant POS systems and traffic analytics to elevate the customer experience and grow sales.

En savoir plus