"No scheduling, no onboarding time, no generic templates. The agents knew our context and tailored the solution to our needs. For mid-market companies, this is a real game changer: clearly structured, to the point, and zero overhead in project work."

Thorsten Krismann

Head of IT, RHODIUS

Overview

RHODIUS Mineralquellen was using Microsoft 365, but administrative roles were permanently assigned — no just-in-time access, no approval processes for critical permissions. As the new IT leader with a small team, Thorsten Krismann had no capacity for a structured PIM project alongside daily operations. With DAMALO, a system administrator implemented Privileged Identity Management end-to-end — 90% independently with the platform, 10% with expert support. Result: Just-in-time access, approval workflows, NIS2-compliant audit trail, and full documentation in 2 days.

Starting Point

RHODIUS Mineralquellen was using Microsoft 365, but administrative roles were permanently assigned. No just-in-time access, no approval processes for critical permissions. A compromised admin account would have had unrestricted access. Hardening was planned, but day-to-day operations left no room for a structured implementation.

Challenge

Thorsten Krismann brought M365 expertise from a corporate environment. However, the mid-sized company's team did not yet have the specialist knowledge for this specific use case in the Microsoft ecosystem. Internal competence needed to be enriched and developed through external experience and expertise. Traditional consulting would have taken weeks. Budget and timing did not fit.

The Path

The AI agents guided a system administrator at RHODIUS step by step through the entire PIM implementation:

• Role analysis and access inventory

• PIM configuration with just-in-time access

• Approval workflows aligned with management

• Training for the entire admin team

• Change documentation and wiki entry

The administrator completed 90% of the work independently with the platform. For critical decisions, such as break-glass account behavior in the PIM context, an experienced Cloud Architect was brought in. Based on best practices from 450+ projects.

Results

1. Just-in-time access: Permanent admin roles eliminated. Access only on demand, time-limited.

2. Approval workflows: Critical permissions only after management approval.

3. NIS2-compliant: Complete audit trail for every activation. Audit-ready.

4. Full documentation: Processes, decisions, and configurations captured.

5. Knowledge built: The admin team now operates PIM independently.

Outlook

With the PIM implementation, RHODIUS has built a secure foundation. The platform now knows the context of the RHODIUS environment. Further Microsoft 365 projects can build on this without starting from scratch. The path to a fully managed IT landscape has become shorter.

"RHODIUS shows how mid-market companies implement security projects with AI support. Fast, independently, with real competence building in-house. That is exactly what we built DAMALO for."

David Malovecky

Founder, DAMALO

About RHODIUS Mineralquellen

With state-of-the-art infrastructure, RHODIUS fills over 600 million units annually — both proprietary brands and for international, national, and regional brand manufacturers. Since 1827, the family-owned company has stood for expertise, quality, and reliability. At its Burgbrohl site in the Vulkaneifel region, RHODIUS offers cutting-edge technology, flexible packaging solutions, and decades of experience — for professional and efficient contract filling of beverages of all kinds. In 2024, the company generated revenue of over 140 million euros. 360 employees ensure professional production and seamless distribution.