On July 2, 2026, Microsoft published a customer story that reveals a significant shift in how Brazil's GOL Airlines manages its airport technology. The airline has replaced its legacy endpoint management with a fully cloud-native stack built on Microsoft Intune, Microsoft Entra ID, and Windows Autopilot. The overhaul covers 84 operational endpoints across the airline's domestic and international network, transforming the way devices are provisioned, secured, and updated at some of the busiest airports in South America.

For an airline that handles over 30 million passengers annually, the reliability of check-in kiosks, boarding gate systems, and back-office terminals is not just an IT concern—it's a critical operational imperative. Any downtime or delay at an airport endpoint can ripple into flight disruptions and passenger frustration. Yet, until recently, GOL's endpoint management relied on traditional, on-premises tools that were ill-suited to the dynamic, security-conscious demands of modern air travel.

The migration to Intune, Entra ID, and Autopilot marks a deliberate pivot toward speed, security, and scalability. It eliminates the need for IT staff to physically touch every device, allowing new endpoints to be deployed and configured entirely over the air. This is especially valuable in the airport environment, where devices are often replaced, refreshed, or repurposed with tight turnaround windows between flights.

From Imaging to Instant Provisioning: The Autopilot Advantage

Before the cloud transition, GOL's IT team spent considerable time manually imaging and configuring Windows devices destined for airport use. Each device required hands-on setup with a custom golden image, driver installation, and domain join—a process that could take hours per unit. This model not only tied up skilled technicians but also introduced security risks from stagnant configurations and delayed patch cycles.

With Windows Autopilot, GOL essentially flipped the script. Now, when a new device arrives at an airport, a staff member simply unboxes it, connects it to the internet, and signs in with corporate credentials. The device automatically enrolls in Intune, joins Entra ID (the rebranded Azure Active Directory), and applies the correct policies, applications, and settings designated for that specific location and role. The entire process completes in minutes, not hours, and requires zero IT intervention on-site.

This capability is powered by the device's hardware hash, which is pre-registered in the Autopilot service by the hardware vendor or the IT team. Once linked to GOL's tenant, the device knows exactly which configuration path to follow as soon as it boots. For an airline, this means that a replacement check-in kiosk can be fully operational before the next flight boards, even if it was just pulled from storage.

Unified Identity and Access with Entra ID

At the core of this modernization is Microsoft Entra ID, which now serves as the single identity provider for all airport endpoints. Instead of relying on fragmented local accounts or a legacy Active Directory that required VPN connections back to the data center, GOL's devices authenticate directly against Entra ID in the cloud. This shift brings several benefits. First, it supports modern authentication protocols like multi-factor authentication and conditional access, ensuring that only authorized personnel can access sensitive airline systems. Second, it simplifies user lifecycle management; when an employee leaves or changes roles, access is revoked or adjusted centrally without needing to touch the endpoint.

Moreover, Entra ID's integration with Intune enables dynamic group-based policy assignment. GOL can create security groups for each airport location, device type, or employee role, and have the corresponding compliance and configuration policies automatically enforced. For instance, check-in kiosks might have a locked-down, single-app kiosk mode configured via Intune, while a supervisor's laptop gets a more flexible but still compliant set of applications. All of this is managed through the cloud, with no on-premises infrastructure required at the airports themselves.

Centralized Management, Decentralized Operations

The combination of Intune and Entra ID allows GOL's central IT team to manage all 84 airport endpoints from a single console, despite the devices being geographically dispersed across Brazil. This centralized visibility is crucial for maintaining security posture and ensuring compliance with industry regulations like GDPR and Brazil's LGPD. The IT team can instantly check which devices are encrypted, which have outdated software, or which are showing signs of compromise, and take remedial action remotely—including pushing updates, wiping a lost device, or isolating a compromised endpoint.

For day-to-day operations, Intune's policy-driven approach eliminates configuration drift. Airline-specific applications, security baselines, and Windows updates are delivered automatically. GOL reported in the case study that patch compliance improved dramatically, with critical updates now applied within hours rather than weeks. This speed is vital in an industry where cyberattacks can ground flights or leak passenger data.

Security at the Forefront

The airport environment poses unique security challenges. Endpoints are often in public or semi-public areas, making them susceptible to physical tampering or theft. Windows Autopilot combined with Intune's security policies allows GOL to enforce BitLocker encryption on all devices, ensuring that data remains protected even if hardware falls into the wrong hands. Additionally, Microsoft Defender for Endpoint can be deployed and managed through Intune, providing next-generation antivirus, endpoint detection and response, and threat analytics.

Entra ID's conditional access policies add another layer. For example, a policy might require a device to be marked as compliant by Intune before it can access the airline's reservation system. If a device falls out of compliance—say, due to a missing security update—access is automatically blocked until the issue is resolved. This zero-trust approach is fast becoming the standard for critical infrastructure operators.

Overcoming Migration Hurdles

Any migration of this scale is not without challenges. GOL had to ensure that the network infrastructure at 84 airports could support cloud-based enrollment and management. Many airport networks are tightly controlled, with limited internet access or strict firewall rules. The airline worked with Microsoft to configure the necessary endpoints for Autopilot and Intune, ensuring that devices could reach the cloud services without compromising network security. Additionally, GOL's IT team had to repackage and deploy airline-specific legacy applications through Intune, which sometimes required converting installers to modern formats like MSIX or deploying them as Win32 apps.

User training was another critical component. Although Autopilot minimizes the need for technical expertise at the airport, frontline workers still needed to understand the new sign-in process. GOL developed quick reference guides and short video tutorials to ease the transition. According to the Microsoft story, the feedback from airport staff was overwhelmingly positive, with many commenting on the reduced downtime and the more intuitive experience.

Measurable Business Impact

GOL quantified several key benefits from the modernization. Device provisioning time dropped from hours to under 15 minutes on average. IT staff could be redirected from mundane imaging tasks to higher-value security and innovation projects. The airline also reported a 60% reduction in help desk calls related to endpoint configuration, freeing up support resources. Perhaps most importantly, the new infrastructure positioned GOL to respond more agilely to operational changes, such as opening a new check-in counter during a peak travel season or rapidly deploying devices for temporary pop-up kiosks.

From a financial perspective, the cloud-native model eliminated the need for on-premises management servers and their associated licensing, power, and cooling costs. It also reduced the travel expenses for IT technicians who previously had to visit airports for routine setups. These hard savings, combined with productivity gains, yielded a rapid return on investment.

Industry-Wide Implications

GOL's success story is a bellwether for the transportation sector. Airlines, rail operators, and logistics companies have long struggled with distributed endpoint management. The blueprint demonstrated here—leveraging Autopilot for zero-touch provisioning, Intune for unified endpoint management, and Entra ID for cloud-first identity—can be replicated across similar environments. Microsoft's case study serves as both inspiration and practical guide for other enterprises dealing with high-security, geographically dispersed, and operationally critical endpoints.

The adoption of Windows 11 also plays a role. While the customer story did not specify the Windows version, it is reasonable to assume that GOL moved to the latest operating system to take full advantage of the security and management enhancements that integrate tightly with Intune and Autopilot. Windows 11's improved security baseline, including hardware-enforced features like TPM 2.0 and virtualization-based security, aligns perfectly with the needs of an airline that must safeguard passenger data and operational continuity.

A New Era for Airport IT

GOL Airlines' transformation is more than a technology refresh; it marks a cultural shift in how airport IT services are delivered. By embracing a cloud-native, zero-touch approach, the airline has turned endpoint management from a logistical headache into a strategic enabler. The IT team is no longer weighed down by repetitive manual tasks, and airport staff enjoy a more reliable, responsive device experience. As travel rebounds and passenger expectations rise, this modern infrastructure will be a cornerstone of GOL's ability to deliver smooth, secure, and efficient service.

For Windows enthusiasts and enterprise IT professionals, this story underscores the power of the Microsoft 365 ecosystem when components are fully integrated. It also validates the years of development that Microsoft has poured into Intune and Autopilot, showing that even the most demanding, distributed environments can be tamed with the right cloud tools. GOL Airlines has set a new standard for endpoint management in the skies, and other airlines are surely taking note.