Close up of woman with payment card using a macbook

Case study

Retail giant goes shopping for enterprise mobility: Identity management at the heart of connecting people and systems

arrow icon arrow icon

Addressing employee access to a new company intranet and internal social network using Azure Active Directory Premium.

Our client is a major retail organisation that needed to improve its collaboration, information sharing, and communications by creating a new SharePoint intranet and Yammer internal social network. This system needed to be available to all its employees.

The problem was that most employees didn’t have Active Directory accounts or PCs, as they were unwired users.

We used Azure Active Directory (AAD) Premium to provide employees with a cloud identity for access to SharePoint and Yammer, which could be integrated with a user’s existing on-premises identity for maximum efficiency.


  • All employees have secure and managed access to the superstore collaboration portal.

  • Automated provisioning of accounts and access to the new intranet portal reduced the burden of manually provisioning users and groups.

  • The identity service can be used for other cloud applications and services.

  • Sharing information and ideas is faster and more comprehensive.

  • Strong foundations have been laid for the future.

Speech mark icon

The approach taken, and the technology chosen, means that device management and data protection can be added at any stage. All the elements are in place.

David Guest

Solution architect and technology evangelist, Kocho

The Complete Guide to Microsoft Entra [New for 2024]

Includes: An easy to understand Microsoft licensing chart, business case tips, and Entra Suite guide.

Thousands of users and a painful credentials process

Our client is a retail giant with 1,200 stores and more than 160,000 staff – 15,000 of those employees are users of IT, with accounts in Active Directory. All accounts were created using scripts and manual processes, to allow them to log in to workstations and connect.

The superstore had been building an employee-focused new intranet, available to every employee using Microsoft SharePoint. This new system needed a security framework to authenticate all 160,000 users.

Some of these would be authenticated using the same login details they used to log on to their PC. But others would need a new ID and password, and a way to securely manage access.

Planning a solution based around FIM, and creating a strategy for data protection and device management

Microsoft recommended Kocho as the ‘go to’ people for identity, access, and enterprise mobility. Kocho consultant David Guest then went to talk to the superstore’s technical team.

David says: “I met the architecture and security teams. Among the many things we discussed was identity management […] I mentioned that Forefront Identity Manager (FIM) was part of the EMS (Enterprise Mobility Suite) licencing package. Everything dropped into place. It was a game-changer.”

Discussions with the superstore IT team also revealed that device management was part of their long-term strategy.

This could be achieved with Intune and System Center Configuration Manager (SCCM). This way, any devices could be ‘workplace joined’ and could be used safely and securely.

“We recommended Azure Active Directory (AAD) Premium as the cloud identity service to use to provide a single place to access cloud services and apps. In this case, SharePoint and Yammer.”  – David Guest, Solution architect and technology evangelist, Kocho

Creating an identity synchronisation platform that works for all wired and unwired employees

Kocho presented Azure Active Directory Premium to hold all 160,000+ accounts. 15,000 users had accounts in the on-premises Active Directory. These identities were synchronised using DirSync.

The remaining accounts were provisioned into the Azure Active Directory using Forefront Identity Manager (FIM).

FIM would communicate with the superstore’s HR system to understand who an employee is and, from the rules defined, create an account inside Azure AD or the on-premises AD.

On-premises and cloud identity could become a reality with FIM to manage the automatic provisioning of the accounts into their AD.

All employee accounts were then provisioned into Azure; enabling staff to access the new SharePoint Intranet, the employee portal, and also Yammer.

The Complete Guide to Microsoft Entra [New for 2024]

Discover technologies and features that will:

  • Remove 50% IAM management efforts
  • Reduce your breach chances by 45%
tag icon

Great emails start here

Sign up for free resources and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image

Got a question? Need more information?

Our expert team is here to help.