ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more

Enabling seamless access and secure device management for a leading recruitment firm


The recruitment industry is fiercely competitive. Jobseekers and HR departments alike want to work with recruitment providers in new digital ways – making it easy to find, post, and share job information and CVs. A recruitment company’s stock and trade are to store and process personal information on a daily basis – so trust, security and privacy of sensitive information is absolutely paramount.

Our client in this space are currently undergoing a period of massive technical change to enhance the security stance of their enterprise infrastructure – whilst also offering productivity and collaboration gains to end-users.

Through improvements to its security visibility and deployment of Microsoft technologies such as multi-factor authentication (MFA), conditional access (CA), Intune and cloud authentication processes, the firm has re-enforced its position as a leader in digital transformation and security in the recruitment sector.


  • Cost savings from vendor / technology consolidation.
  • Cost savings from simplifying legacy on-premises infrastructure.
  • Secure and seamless single sign-on to O365 and third-party applications.
  • Improved security awareness at all levels of the organisation.
  • Boosted MDM and BYOD security through the deployment of Microsoft Intune.
  • Improved security posture through MFA, conditional access and Intune.

The client

Our client (who wishes to remain anonymous) is a large recruitment company employing over 7,500 people both remotely and out of their 100+ international offices. The organisation has extensive experience across recruitment, training and consulting, with a presence in over 30 countries across the globe.

The challenge

This once traditional recruitment and training provider has been on a journey of digital transformation over the last five years, which has brought about some tremendous growth opportunities. With the growth of the Internet and social media as a means for jobseekers to find their dream role, our client has invested heavily in new digital platforms and routes to market.

Our client has a very large online presence in the recruitment sector in over 35 countries across the globe. It offers a website with a huge database of job opportunities that also acts as a customer portal, where they can login, save down CVs, save job searches, update personal details and more.

As a result of its growth and digital presence, the organisation holds and processes vast amounts of personally identifiable information (PII) on its customers. As their CISO stated, “CV sharing is our business, and we need to find the most secure solutions to share this information safely.” As a result, data protection and compliance with new GDPR regulations where extremely important the organisation and the Board.

“CV sharing is our business, and we need to find the most secure solutions to share this information safely.”

With over 7,000 employees spread across 140+ offices (and working remotely), the organisation also had challenges around ensuring they controlled access to this sensitive information – and in a way that promoted collaboration and productivity in the workplace.

As the workforce became more mobile (with employees having increased freedom to work from home / from mobile), this presented the organisation with new challenges around securing devices as well as controlling identities. The organisation was keen to find a solution to secure devices across the entire group.

Finally, with cybercrime on the rise, the organisation was also worried about the risks of any potential breach, as it digitally transformed and moved more and more data from on-premises servers into the Cloud. The security team was concerned about visibility of their security posture, security reporting at Board level, as well as post-breach strategy and incident response plans.

With this renewed focus on security, privacy and compliance, the organisation sought to invest heavily in Microsoft 365 technologies.

A buyer’s guide to Microsoft Enterprise Security

A buyer’s guide to Microsoft Enterprise Security

Remove the complexity from Microsoft’s comprehensive security technology ecosystem. Download the 43-page e-Guide today and understand:

  • What Microsoft security technologies exist – and their key features and benefits
  • How each technology integrates and works together to maximise your security
  • Microsoft 365 licensing requirements – including a handy infographic
Download e-Guide

The solution

ThirdSpace’s relationship with the client started at our annual Identity and Security Summit held at Microsoft’s UK HQ. The client was starting on a journey to enhance the security stance of their enterprise infrastructure. When Microsoft recommended ThirdSpace as their Gold Partner of choice, the decision was easy.

After careful consideration, the organisation chose to invest in the Enterprise Mobility + Security Suite (EMS) from Microsoft. They also made the decision to maximise the effectiveness of their existing Microsoft licencing by rolling out Office 365 across the group.

ThirdSpace also presented a unique solution offering that was highly valued by the client – The Security and Privacy Current State Assessment. This unique solution helped the organisation understand its current security posture,articulate threats/gaps, and provided clear next steps for remediation, which the Board could easily understand.

The security engagement began with a two-hour onsite workshop where ThirdSpace held detailed conversations and ran assessments to determine the organisations current security posture. The assessments included:

  • A custom-built security and privacy survey
  • A technical gap analysis
  • A cyber-attack vulnerability assessment
  • A shadow IT assessment
  • Local active directory credential risk assessments

At the end of the assessment stage, we supplied the client with a unique dashboard that highlighted their risk exposure and identified security gaps.

Alongside the dashboard, ThirdSpace also provided a detailed business report prioritising the security gaps and proposing recommended remediation. This detailed report was designed to help articulate security risks and investments at Board level.

“ThirdSpace also presented a unique solution offering that was highly valued by the client – The Security and Privacy Current State Assessment.”

Following on from the Current State Assessment and report, the organisation was then keen to take the security journey to the next stage. We engaged with the client through the delivery of a series of architect-led strategy workshops to define a detailed solution and improvement plan, including:

  • A pilot scheme and phased roll-out for conditional access (CA) and multi-factor authentication (MFA).
  • A strategy workshop for deployment of Intune and Mobile Device Management (MDM) – moving away from the incumbent system using Mobile Iron.
  • A strategy workshop around cloud identity and moving from federated to managed authentication (including a separate Proof of Concept (PoC) for UK & EU Regions to use Microsoft Authenticator, moving away from RSA tokens and/or Google Authenticator).

After the strategy workshops, ThirdSpace then set out on a 12-week project to consult, deploy and embed the following solutions:

Merged Intune, CA and MFA pilot and solution deployment

ThirdSpace introduced the deployment of Intune into a production environment to create a joined-up pilot including Intune, MFA and CA.

This included:

  • Policy updates: Updates to all Intune and CA/MFA policies including a block all ‘back stop’ policy.
  • Architecture design documentation: ThirdSpace created a joined-up architecture design document detailing how MFA, CA, Intune solutions and workstreams would interact and affect the end-user experience.
  • Detailed solution testing: ThirdSpace and the client created thorough test plans and test use cases for a new joined-up experience for end users.
  • Knowledge transfer sessions and user adoption: Training was held with the operational teams to give them sufficient understanding to support the Intune and MFA platforms. Additional documentation and required end-user comms and announcements were also provided.

Migration to managed authentication

Often referred to as ‘cloud identity’, this activity sought to take authentication requests away from ADFS (federated authentication/identity), and migrate over to Azure AD Connect (managed authentication/synchronised identity), using either password hash sync (PHS) or pass-through authentication (PTA).

This request was important to the organisation as a way to modernise its remote authentication procedures for non-office workers, and to reduce the amount of authentication tokens created daily and save on costs.

ThirdSpace was successful in securing the client onto a ‘private preview’ program with Microsoft and Azure – designed to ease migration capability from ADFS to Azure AD in a staged manner.

As part of the migration to managed authentication project, ThirdSpace also helped to domain-join all the organisation’s Windows 10 devices, allowing easier device management. This ensured that devices were joined to both the on-premises Active Directory and the Azure Active Directory.

This was a key factor in helping the client understand how it could evaluate ‘device trust’ and ‘device ownership’ for use with conditional access – making the authentication process more seamless for the end user.

Throughout the authentication migration project, ThirdSpace worked with the client on the following:

  • Readiness Assessment for migration of the authentication methods from ADFS to Azure AD.
  • Configuration of Azure AD Connect to support single sign-on.
  • Disaster Recovery (DR) and High-availability (HA) server build.
  • Migration support.


At the time of writing, the client had successfully rolled out MFA/CA and Intune, including the Windows 10 managed devices components globally.

After ThirdSpace’s initial Current State Assessment, follow-on support and strategy workshops, the organisation was in a great position to put in place a lot of the new technologies with their existing team. ThirdSpace were there to support where needed with call-off support days.

The organisation is now looking to roll-out some of the new Office 365 collaboration and security tools over the next 12–18 months.

Next, see how you can get control of the devices within your organisation with our free strategy for devices and mobility.

You may also like...


A strategy for devices and mobility across the enterprise


The future of enterprise mobility

Our client is a leading recruitment firm with 40+ years of experience and employs over 7,500 people across the globe.

With 141 offices across 36 countries they feature in the FTSE 250 index.


A buyer’s guide to Microsoft security

Understand what each Microsoft technology does and how they all integrate.

Download 43-page Guide

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.