See how organisations across regulated industries eliminated credential phishing, simplified MFA rollout, and kept their workforce protected. While eliminating the need for a second device.
Customer Stories
Select a case study to read in full
Pharmaceutical Manufacturing~5,000 UsersGlobal
Read full story →
Aenova Group Secures Its Global Workforce with Passwordless Same-Device MFA
Eliminating Business Email Compromise & Phishing Risks for Microsoft 365 — 3 Years of Proven Protection, Renewed for 5 More.
About Aenova. Aenova Group is a leading global contract manufacturer and development service provider for the pharmaceutical and healthcare industries, with nearly 5,000 employees across manufacturing sites worldwide. In an industry where a single breach can result in contaminated drugs, regulatory sanctions, and risks to patient lives, enterprise-grade security that works for every worker — including shift staff on shared kiosks — is non-negotiable.
AuthN by IDEE delivers exactly what we needed — phishing-proof authentication on any device without the need of an additional device. User adoption is seamless, support tickets are minimal, and the solution has performed flawlessly. That's why we recently signed a five-year renewal.
Elena Zerner-Kaening — Head of IT Infrastructure, Aenova Group
Want results like these for your organisation?
Book a 30-minute call — no pressure, just a clear look at what AuthN can do for your team.
Aenova Group Secures Its Global Workforce with Passwordless Same-Device MFA
Eliminating Business Email Compromise & Phishing Risks for Microsoft 365 — 3 Years of Proven Protection, Renewed for 5 More
Aenova Group, a leading global contract manufacturer and development service provider for the pharmaceutical and healthcare industries, has strengthened its security posture with IDEE's AuthN passwordless same-device MFA solution.
In an industry where a single breach can result in contaminated drugs, regulatory sanctions, billions in losses, and even risks to patient lives, Aenova required enterprise-grade protection that was practical for its global workforce — nearly 5,000 users who rely primarily on their PCs without company-issued smartphones or hardware tokens for MFA.
The Challenge: Rising Phishing Threats Demand Immediate, Practical MFA
Aenova had suffered multiple phishing attempts targeting Microsoft 365 credentials. With cyber insurance requirements tightening, NIS2 designating the healthcare and pharmaceutical sectors as critical infrastructure requiring robust cybersecurity measures, and the pharmaceutical sector facing heightened attacks, deploying strong MFA across its nearly 5,000 users became urgent.
Traditional MFA solutions were ruled out because they demanded second devices (phones, USB keys, or cards) — impractical for a global organization where most employees work exclusively on PCs. Moreover, typical deployments require extensive time, dedicated security staff, and significant change management — resources Aenova did not want to expend.
"We couldn't rely on employees using personal devices for authentication — especially in production environments — and we didn't want the logistics of distributing USB keys. AuthN by IDEE solved both problems elegantly."
— Joel Knecht, Team Lead IT Cloud Services, Aenova Group
Existing Microsoft Tools Were Not Enough
Although Aenova already had Conditional Access enabled and Microsoft Authenticator included in its Microsoft 365 licensing tier, these native capabilities fell short of the organization's security requirements for three key reasons:
Phishing resistant vs. phishing proof: Microsoft Authenticator provides phishing resistance, but not true phishing-proof protection — a critical distinction when safeguarding high-stakes pharmaceutical operations and intellectual property.
Second device requirement: Setting up a new device or registering for the 1st time on M365 requires a second device, which is not practical given not all employees have a company device and not all employees are willing to use their private devices for work.
BYOD limitations: With widespread Bring Your Own Device (BYOD) usage, phishable factors such as push notifications and one-time passwords (OTPs) can not be fully eliminated, leaving phishing attacks a daily risk.
The Solution: AuthN by IDEE — Same-Device MFA Deployed in Record Time
Ease of deployment was a key deciding factor. After evaluating several MFA solutions, Aenova selected AuthN by IDEE for its true phishing-proof protection and native support for shared kiosk environments without requiring additional hardware or personal devices.
The solution did not require additional software installation or changes to Aenova's existing IT infrastructure, and it does not store personally identifiable information (PII).
The rollout to nearly 5,000 users was completed within a short timeframe, with relatively low effort from IT and minimal training required. Users authenticate by unlocking their device.
Six Week Deployment Across All Knowledge Workers
3 WEEKS
All knowledge workers were asked to register their devices.
15 MINUTES
It took just 15 minutes to federate (integrate) the various domains.
SECONDS
It took just a few seconds for each user to register their device(s).
3 WEEKS
Monitoring to ensure all use cases were covered with active support from IDEE.
Kiosk & Shared Workstation Support: MFA for Multi-User Environments
Aenova's manufacturing and production environments rely heavily on shared kiosk PCs and shift-based workstations. Supporting these scenarios securely was a key requirement. AuthN by IDEE enables secure authentication on shared devices without requiring users to carry a second device such as a smartphone or hardware token. This allows every login—whether on a personal PC or shared workstation—to be protected while maintaining operational efficiency for factory floor staff and rotating shifts.
AuthN by IDEE turns any device into a phishing-resistant authenticator using the device's TPM chip and biometrics/PIN.
About the Solution
AuthN by IDEE provides a streamlined authentication experience while removing reliance on passwords. By leveraging device-based security, it helps protect against common attack vectors such as credential phishing, password spraying, and business email compromise.
Users authenticate simply by unlocking their device — no codes, no apps, no friction.
How it works.
User unlocks their device to register for the first time.
Device's cryptographic private key is bound to the user identity & web app/app.
1. Register any device once (in just a few seconds).
Device is now an authenticator.
2. User unlocks device to login with MFA.
The Results: 3 Years of Strong Protection & a 5-Year Renewal
Deployed May 1, 2023 — Now entering its fourth year with a new 5-year renewal signed in 2026.
Since going live in May 2023, Aenova has not experienced a successful password-based, credential phishing, or MFA bypass attack affecting its Microsoft 365 environment.
Key Outcomes
Eliminated BEC & Phishing Risk: No successful password-based, credential phishing, or MFA bypass attacks on M365 infrastructure have been recorded since deployment.
Manufacturing Kiosk Support: Extended full phishing-proof MFA protection to more than 100 shared production kiosks and multi-user devices protecting more than 1,000 shift-based and temporary workers without requiring personal hardware tokens or creating security workarounds.
Frictionless Adoption: Users quickly adapted to the experience - authenticating by unlocking their device (personal or shared kiosk) to login.
Operational Efficiency: 70%+ reduction in password/MFA-related helpdesk tickets since deployment (per internal IT metrics), eliminated hardware token logistics, and freed IT teams to focus on strategic projects and patch management.
Regulatory & Insurance Compliance: Met and exceeded cyber insurance MFA mandates while supporting strict pharmaceutical industry security and data protection requirements for NIS2, KRITIS requirements (BSI), GDPR, and DORA. It delivers phishing-proof authentication that aligns with BSI recommendations for critical infrastructure operators and exceeds traditional MFA approaches still accepted under many existing frameworks.
"When I joined Aenova last year, one of the first things that stood out was how solid our MFA posture already was. We had evaluated Microsoft's native tools, but they fell short on true phishing-proof protection and struggled with our extensive shared kiosk environment and BYOD workforce.
AuthN by IDEE delivers exactly what we needed — phishing-proof authentication on any device without the need of an additional device such as a smartphone or Yubikey. User adoption is seamless, support tickets are minimal, and the solution has performed flawlessly. That's why we recently signed a five-year renewal. It's been a standout security investment."
Elena Zerner-Kaening — Head of IT Infrastructure, Aenova Group
Aenova Group has proven that enterprise-grade, phishing-proof security doesn't have to come at the cost of operational complexity. By deploying AuthN by IDEE, they protected nearly 5,000 users — including over 1,000 shift workers on shared kiosks — achieving zero successful attacks over three years, a significant reduction in helpdesk burden, and full regulatory alignment under NIS2 and KRITIS. The result is a scalable, user-friendly MFA solution that earned a five-year renewal and is now setting a new standard for secure authentication in pharmaceutical manufacturing.
Want results like Aenova's?
Book a short call — we'll show you exactly how it works for your environment.