Skip to content

47-Day Certificates Are Coming. Are You Ready?

Act Now →
Case Study

120 Facilities. 19,000 Employees. A Beverage Giant's Security Infrastructure Built for the Future.

How Encryption Consulting built a PKI for a 165-year-old US beverage leader, integrated it with Microsoft Intune and Windows Hello for Business, and moved 19,000 employees to passwordless authentication.
120 Facilities. 19,000 Employees. A Beverage Giant’s Security Infrastructure Built for the Future.

Customer Profile

A US beverage company with over 165 years in the market, 100+ brands, 120+ facilities across America, and 19,000+ employees serving customers worldwide, with a long-standing security-first operating culture.

Industry

Consumer Goods — Beverage Manufacturing & Distribution

Incident Type

PKI Design & Implementation with Microsoft Intune and Windows Hello for Business

At a Glance Outcome

19,000+

Employees secured with PKI-backed identity and authentication

120+

Facilities connected under centralized identity and device management

FIPS · GDPR

Regulatory compliance addressed through PKI implementation

4 Phases

Structured engagement from planning through disaster recovery

The Enterprise

Challenges

With 19,000+ employees across 120+ facilities handling PII and financial data, the company needed to secure its communications, bring identity and device management under one roof, and replace passwords with biometric login — without interrupting operations or missing regulatory requirements. Three blockers stood in the way.

Sensitive data unprotected across all states

Employee and client PII — names, addresses, emails, phone, financial details — needed encryption at rest, in use, in transit, and in backup. No single framework enforced that.
01 Data Protection

No centralized identity and device management

Identity and device management was scattered across 120+ facilities, with no way to enforce policies or check endpoint compliance — and it had to make PKI, Intune, and Windows Hello work together.
02 Identity Management

Password-dependent authentication

Passwords left the company exposed to credential theft, phishing, and breaches. The fix: passwordless biometric login — tighter security and easier sign-in for employees.
03 Authentication
The hard part wasn’t standing up the PKI. It was integrating it with Intune and Windows Hello across 120+ facilities and 19,000+ employees without interrupting a 165-year-old business.

Encryption Consulting

Engagement Summary · Encryption Consulting · PKI Services

Our Offered

Solutions

The work ran across four phases — project planning, CP/CPS development, PKI design and implementation, and business continuity. Each phase fed into the Microsoft Intune and Windows Hello for Business integration shown below.

Capability 01

Project Planning & CP/CPS Development

Stakeholder meetings set scope and requirements. We assessed the environment and drafted the CP and CPS with the client, handing over ownership through knowledge transfer.

Capability 02

PKI Design, Build & Use Case Integration

Authored the trust model and build docs, stood up the PKI in production with OCSP, and integrated Windows Hello and Intune as the two core use cases.

Capability 03

Security Policy Enforcement & Automation

Intune centralized policy enforcement and compliance. Automated issuance and renewal cut workload; RBAC and encrypted data limited access.

Capability 04

Business Continuity & Disaster Recovery

Built a BCP and DR for the Root CA, Issuing CA, and OCSP, plus an operations guide — leaving the team able to run and recover independently.
The result is a PKI framework that secures communications, centralizes identity management, supports passwordless login, and scales with the company — all delivered across four phases without interrupting day-to-day operations.

Encryption Consulting

Engagement Summary · Encryption Consulting · PKI Services

The Overall

Business Outcome

The PKI gave the company an identity and authentication setup that is secure, scales with growth, and meets its compliance obligations — covering 19,000+ employees across 120+ facilities and signing its electronic transactions.

01

Security strengthened & unauthorized access reduced

PKI, RBAC, and Windows Hello biometric login restrict sensitive resources to approved users and devices — cutting breach and credential-theft risk and holding trust with customers, partners, and stakeholders.
02

Operations streamlined & compliance achieved

Intune centralized identity and device management, and automated certificate issuance and renewal cut IT overhead. Windows Hello removed passwords from daily sign-in, and PKI policies align with FIPS and GDPR.
03

Scalable foundation for long-term growth

The PKI scales with the client base, and Intune’s cloud management absorbs future expansion. Digital signatures verifiably sign electronic transactions, keeping the foundation steady as the business grows.

Discover Our

Latest Resources

Education Center

Introduction to Microsoft Intune 

Microsoft Intune is Microsoft's cloud-based endpoint management service. Learn how it works, MDM vs. MAM, licensing, and Entra ID integration.

Read more
Case-Studies

White Paper

Post-Quantum Cryptography for Finance: Threats, Standards, and the Road to 2035

Discover the quantum threats, NIST standards, and future of post-quantum cryptography for finance in our comprehensive white paper.

Read more
Case-Studies

Video

Decoding Post-Quantum Security on the International Space Station (Part 2) | What It Means For You

Explore expert insights on cybersecurity, PKI, and post-quantum readiness, with practical guidance to strengthen security and future-proof cryptography.

Watch Now
Case-Studies