Case Study
Major Australian retail bank
Identity observability and governance review across 100,000+ accounts and 7,500 application identities, deployed inside the bank's own Australian Azure tenant.
Apporetum gave a major Australian retail bank a single pane of glass over HR, Microsoft Entra ID and Active Directory. 100,000+ account objects and 7,500 application, workload and agent identities, with material hygiene findings against PIM, app registrations and account lifecycle.
Headline metric
100,000+
account objects continuously observed across Microsoft Entra ID and Active Directory
Scale and shape
- 100,000+account objects governed
- 7,500+applications, workload IDs and agent IDs reviewed
- Entra ID + ADMicrosoft Entra ID and on-premises Active Directory
- Own tenantDeployed into the bank's own secure Australian Azure tenant
The challenge
What was driving the engagement
The bank operated a hybrid identity estate spanning Microsoft Entra ID and on-premises Active Directory, with no unified picture of how HR records, accounts, application identities and standing privilege lined up.
Application identities, workload identities and emerging agent IDs had grown past 7,500. The security team could not evidence who or what held access at any given time.
Privileged Identity Management (PIM) assignments and elevated roles were drifting, which made access review and audit evidence brittle under APRA CPS 234 and ISO 27001 access-control obligations.
Identity data could not leave the bank's Australian Azure tenant. Any observability platform had to be deployable inside their own sovereign cloud, not consumed as offshore SaaS.
What Apporetum did
Australian-built, cloud-native on Microsoft Entra, deployed inside the customer's own Australian Azure tenant
Apporetum was deployed from the Azure Marketplace into the bank's own secure Australian Azure tenant in weeks, not months. Australian-built, cloud-native on Microsoft Entra, with no per-user licensing.
Identity Observability was run across HR, Microsoft Entra ID, Active Directory, application registrations, workload identities and agent IDs. The result was a single deterministic picture of the estate.
A full hygiene audit was executed against the correlated data covering account lifecycle, orphan accounts, attribute drift and standing privilege.
A targeted PIM review, application identity review and agent ID governance review were delivered against the same dataset. The audit and security functions ended up with evidence they could defend.
The result
What the customer can now show, prove and defend
100,000+
account objects brought under a single observability and review surface
7,500+
applications, workload IDs and agent IDs reviewed in one governance pass
Material findings
across PIM standing privilege, application registration permissions and accounts drifting out of lifecycle
Sovereign
the bank's identity data never left its own Australian Azure tenant
Australian-built, sovereign, fast to value
Apporetum is built specifically for Australian organisations who need Identity Governance and Administration (IGA) on Microsoft Entra without shipping identity data offshore, without per-user licensing, and without waiting quarters for value.
Deployed in the customer's own Australian Azure tenant
Identity data stays inside the customer's sovereign boundary.
Value from deployment, in weeks not quarters
Insight mode from day one, deterministic governance shortly after.
Fixed monthly cost, no per-user licensing
Cost stays predictable as the identity estate grows.
Cloud-native on Microsoft Entra, not parallel to it
Apporetum extends Entra ID and Entra External ID rather than replacing them.
Recognise the shape of this problem?
Book a quick demo and we will walk you through how Apporetum has solved similar problems for organisations in your industry, inside their own Australian Azure tenant.