Overview
A leading Australian energy organisation underwent a major transformation following the acquisition of two national retail fuel networks. The company needed to integrate more than 13,000 corporate and frontline retail users into a modern, secure workplace environment while meeting tight transition deadlines.
Arinco delivered a dual-stream solution focused on workplace transformation and security modernisation, introducing Azure Virtual Desktop, identity lifecycle automation and cloud-native infrastructure. The outcome was a secure, flexible and scalable digital environment that delivered over $1.2M in Azure savings, reduced operational overhead by 80%, enhanced user experience, and enabled seamless store transitions, all while meeting transition timelines.
Challenge
The acquisition marked the start of a large-scale transformation. The organisation aimed to establish a standalone, secure digital environment for its diverse workforce including office-based teams and customer-facing staff across hundreds of retail sites.
Integrating thousands of store employees into a traditionally corporate technology ecosystem presented unique challenges. The workforce’s mobility and constant role changes required a flexible identity solution capable of managing over 13,000 user lifecycles automatically and securely.
Legacy systems made it difficult to govern credentials effectively, creating risk and administrative overhead. The company required a least-privileged access model to ensure users received only the permissions necessary for their roles. At the same time, tight transition deadlines under a transition services agreement meant the new solution needed to be deployed rapidly and without business disruption.
Implementing a unified digital workplace
Arinco worked closely with the organisation to deliver a holistic solution built around two integrated streams; security and identity modernisation and modern workplace transformation.
Blueprint and strategy
The engagement began with a detailed blueprint defining the end-to-end strategy for both streams. This plan aligned security, user experience and transition priorities under a minimum viable product (MVP) approach.
Arinco assessed the organisation’s existing identity platform, reviewed architecture and governance controls and collaborated with HR and IT teams to define user personas across corporate and store roles. These personas were mapped to security groups across systems like Azure Virtual Desktop (AVD), ServiceNow and Endpoint Management.
Identity controls were aligned to the Australian Energy Sector Cybersecurity Framework (AESCSF), enabling compliance at Maturity Level 2 while supporting a scalable, cloud-first foundation. This work laid the groundwork for automation and a seamless end-user experience.
Identity and security modernisation
The primary focus of the program was strengthening security and automating identity management to support the organisation’s expanding workforce.
Identity automation and lifecycle management
Arinco integrated the HR system with Microsoft Entra ID, enabling automatic provisioning, updates, and deactivation of accounts based on employment events. When an employee joined, transferred locations, or left the company, their access automatically adjusted to match their role and location.
Using Azure Functions and Logic Apps, Arinco automated identity flows to handle more than 1,500 joiner, mover and leaver events each week. This automation reduced onboarding time from days to minutes and eliminated manual administration, while ensuring compliance and consistency.
Strengthened access controls and compliance
Arinco implemented role-based access control, multi-factor authentication (MFA) and phishing-resistant authentication methods such as FIDO2 security keys to protect both corporate and frontline users.
The team also designed conditional access policies that enforced consistent security across all applications and mapped Microsoft licensing to AESCSF identity controls, ensuring compliance and optimised security coverage.
Enabling a cloud-native identity future
Arinco migrated the customer’s identity environment from on-premises Active Directory to a cloud-native architecture, allowing the company to manage all business units under one unified platform.
This new model supports future acquisitions and workforce changes under a single, scalable identity platform, supported by API-driven provisioning, security auditing, and continuous improvement.
Modern Workplace Transformation
Alongside the security uplift, the workplace transformation stream focused on delivering a consistent, user-friendly experience across corporate and retail operations.
Infrastructure modernisation
Arinco deployed Azure Virtual Desktop (AVD) to centralise application delivery and improve security. The team rearchitected the environment using Infrastructure as Code for consistency, performance and scalability.
Device management and rollout
Arinco rolled out Windows 11 and Microsoft Intune to hundreds of retail support staff in just four weeks. Devices came preconfigured with enterprise-grade security and integrated seamlessly into the company’s identity management framework.
Automatic provisioning and access control
The team automated application provisioning and access management through the company portal and predefined role templates. These automations streamlined onboarding and offboarding, ensuring employees gained access on day one.
Cross-team collaboration
Arinco coordinated cross-functional teams through a shared decision register, aligning technical direction early and accelerating delivery. The resulting cloud-native desktop environment now supports over 1,200 users with secure access from any location.
Outcomes
By combining modern workplace technology with advanced identity automation, Arinco helped a national energy company securely integrate a newly acquired retail business, improve employee experience and position itself for future expansion. The solution delivered measurable cost savings, operational efficiency and security maturity within demanding transition timelines.
Key outcomes include:
- $1.2 million in projected Azure savings: Arinco’s cloud-native design optimised AVD consumption, reducing costs while improving performance and flexibility.
- 80% reduction in operational overhead: Identity automation and modern work practices dramatically cut manual administrative tasks, freeing IT resources for higher-value initiatives.
- 13,000+ users managed automatically: The identity automation framework seamlessly handles joiner, mover and leaver processes across corporate and retail environments, minimising manual intervention.
- Faster onboarding and access: Access provisioning times dropped from days to minutes, ensuring employees are productive from day one.
- 97% VPN-free user environment: The new cloud-first design eliminated VPN reliance for nearly all users, enhancing performance, security and user experience.
- HR and staff time savings: Automated account creation and maintenance reduced workload for HR and IT teams, improving efficiency and accuracy.
- Improved user experience and reliability: Daily AVD-related ServiceNow tickets fell from approximately 500 to just 5, demonstrating a major reduction in access issues and manual troubleshooting.
- Enhanced security and compliance: AESCSF-aligned controls, RBAC, MFA and phishing-resistant authentication strengthened cybersecurity while maintaining ease of use for frontline workers.
- On-time transition with zero disruption: Arinco completed the transformation within all required timelines, avoiding operational impact and ensuring continuity during the transition period.
- Copilot-ready environment: Backend users now operate in a secure, AI-capable environment ready for Microsoft Copilot integration.
- Scalable, future-ready platform: The company can now onboard new business entities and acquisitions with minimal infrastructure change, supporting future growth and innovation.
