Free IT Review

Case Study

From shared AutoCAD logins to Cyber Essentials Plus.

A leading construction firm — Construction — UK — 850 employees, 35+ sites

The client is a UK construction firm specialising in infrastructure development, with around 850 employees operating across 35+ sites nationwide. They came to iTVerse with the full set of problems that most construction firms share — shared logins, uncontrolled devices, no Cyber Essentials, and a pressing need to become Tier 1 supply chain audit-ready. We rebuilt their IT governance from the ground up. They are now Cyber Essentials Plus certified with fully attributable identity, Intune-governed devices including Trimble-based site tablets, and automated joiner-mover-leaver across every system.

This project was built on the Microsoft 365 Business Premium security stack with Entra ID at the core. For deeper detail on the technology, see our dedicated M365 resource at m365powered.com.

IndustryConstruction
LocationUK (35+ sites)
Headcount850 employees
SolutionEntra ID, Intune, SSO, CE+ certification
The challenge
👥

Shared AutoCAD logins

Design team accessing AutoCAD via shared accounts. No attribution of who drew what. Autodesk licensing nobody fully understood.

📱

Uncontrolled site tablets

Trimble and field apps running on devices that anyone on site could pick up. No enrolment, no compliance, no remote wipe capability if a tablet went missing.

🔓

No MFA, no Conditional Access

Single-factor authentication across the estate. No device compliance checks. No location or risk-based policies. A compromised password anywhere was a compromised account everywhere.

🚪

Leavers retaining access

Manual, ticket-driven joiner-mover-leaver. Former employees retaining access to SharePoint, AutoCAD and mailboxes for weeks after departure.

📋

No Cyber Essentials

Zero CE coverage, no CE+ path, no supply chain audit readiness. Tier 1 contractor framework inclusion at risk.

The solution

Identity & access

  • Entra ID (Azure AD) deployed as the single source of truth for every user
  • MFA enforced across all accounts, no exceptions
  • Conditional Access policies baselined — device compliance, sign-in risk, location, role
  • Legacy authentication blocked tenant-wide

Single sign-on to specialist software

  • AutoCAD (Autodesk) federated via SSO — no separate logins, no shared seats
  • Bluebeam Revu federated to Entra ID
  • Shared design-team accounts retired, replaced with individual named accounts
  • Licence usage tracked, right-sizing applied

Device management at scale

  • Intune rolled out across laptops, phones and tablets
  • Trimble delivered via Intune managed apps on site tablets, protected by Conditional Access and SSO
  • BitLocker encryption enforced estate-wide
  • Microsoft Defender for Endpoint deployed

Joiner-mover-leaver automation

  • HR system integrated with Entra ID to drive lifecycle events
  • Leavers disabled automatically — AutoCAD licence returned, device wiped, mailbox archived
  • Movers' group memberships and access rights updated by role change
  • Joiners provisioned with correct apps and access from day one

Cyber Essentials Plus

  • Gap analysis against the full CE+ control set
  • Remediation delivered in staged rollout to minimise disruption
  • External audit coordination and support through certification
  • Annual recertification built into the managed service

Multi-site operations

  • Connectivity and IT support across 35+ UK sites
  • Consistent policy enforcement regardless of site location
  • Centralised visibility of every device, every user, every access event
  • One IT partner rather than a patchwork of regional providers
The results

Cyber Essentials Plus certified

Full externally-audited CE+ certification achieved, not just the self-assessed basic badge. Tier 1 supply chain audit-ready.

No shared logins

Every user has their own identity. AutoCAD, Bluebeam, Microsoft 365, Trimble — all access through a single attributable account.

Leavers automated

Leaver in HR on Friday equals no access anywhere on Monday. No tickets, no delay, no forgotten accounts retaining AutoCAD licences.

Full attribution

Every login, every file access, every sign-in event is attributable to a named user. Audit evidence generated automatically.

Licensing under control

Autodesk and Bluebeam usage visible. Unused seats identified and returned to the pool. Renewal costs rightsized.

Site tablets governed

Every site device enrolled in Intune, policy-compliant, and remote-wipeable. Lost tablets no longer a data breach.

Could we do this for your construction firm?

We deliver this for construction firms across the UK.

End-to-end IT governance for UK construction firms — identity-first architecture, SSO to AutoCAD and Bluebeam, Intune including Trimble devices, automated joiner-mover-leaver, Cyber Essentials Plus. Tier 1 supply chain audit-ready.

See what we cover for construction Book a review

M365 Powered

Microsoft 365 security in detail

This case study covers the high-level approach. For deeper technical resources on Conditional Access, Intune device compliance and Microsoft Defender — the tools used here — see our sister site m365powered.com.

Visit m365powered.com ↗

Related case studies

Legal · Bradford

Cybersecurity transformation at a Bradford law firm
Manufacturing · Leeds

Cloud migration for a Leeds manufacturer
Interiors · Yorkshire

Secure IT refresh for a Yorkshire interiors business

Want to see more?

Browse our full list of case studies covering construction, legal, manufacturing, membership organisations and more.

All case studies Book a free IT review

Independently reviewed by our customers

★★★★
4.3 / 5
★★★★★
5.0 / 5