Project Overview
Infrassist has provided a solution to a leading non-profit organization based in Geneva to strengthen their data protection within their Microsoft 365 tenancy. The project focused on leveraging Microsoft Purview’s Information Protection capabilities to identify and classify sensitive information across their digital estate, including OneDrive for Business, SharePoint Online, Teams, and Microsoft Exchange Online.
The key objectives were to:
- Identify sensitive data residing in these platforms.
- Classify and categorize the data into different buckets according to its sensitivity.
- Develop and implement sensitivity labels and policies that are easily accessible to all employees, enabling the enforcement of data protection settings across the organization.
Technical Challenges
The healthcare non-profit has sought support to secure corporate data and prevent unauthorized or accidental use of sensitive information.
Their existing setup includes M365 Tenant Subscription for their corporate emails and Office applications for all employees, with data stored across OneDrive for Business, SharePoint Online, and Microsoft Teams.
Infrassist is helping them enhance data security using Microsoft Purview by implementing severity-based sensitivity labels that classify and protect the information stored in employees’ email, personal files (stored in OneDrive for Business), and organization wide shared files (stored in SharePoint Online).
The Need for Enhanced Data Protection
In today’s digitally-empowered world, data protection is no longer an option but pretty much a necessity. By investing in data protection solutions, organisations can safeguard their valuable assets, maintain their confidentiality, ensure compliance, and empower employees to collaborate efficiently without any risk of unauthorized access or accidental exposure.
Protecting sensitive data isn’t just about business confidentiality and compliance— it’s about safeguarding your organisation’s most valuable asset. It’s about ensuring resilience. It’s no longer a nice-to-have option, but a necessity.”
Solution
The primary goal of this project was to implement a robust data protection strategy under the client’s Microsoft 365 tenancy by leveraging the full capabilities of Microsoft Purview Information Protection.
Key aspects of the solution included:
- Discovery and Consultation: Identifying all sensitive information within the client’s Microsoft 365 Tenancy through consulting sessions with key staff members to categorize the data, followed by determining the necessary protection settings they would like to enforce.
- Implementation of Sensitivity Labels and Policy Creation: Creating and applying data security policies, sensitivity labels, and associated protection settings. This step also involves testing these configurations under various scenarios and preparing a User Guide for employees for labelling documents going forward.
- Pilot Rollout for Finetuning the Categorization: Deploying the solution to a select group of users to fine-tune the categorization, labels, configured policies, and User Guide document based on identified false positives and user feedback during the proof of concept with the pilot user group.
- Automating Labelling and Going Live: Labeling all existing files in OneDrive for Business and SharePoint Online using custom-built automation, followed by a full organizational rollout.
- Post-Go-Live Support: Providing escalated support to refine the labels and policies based on user feedback after going live.
Technologies Used
Outcome
The project successfully strengthened the client organization’s data protection posture. The sensitivity labels and associated data protection policies implemented during the project have ensured that sensitive information remains secure, regardless of where it is stored or shared (across Microsoft services and even non-Microsoft apps and services).
Microsoft Purview Information Protection module is also well-integrated with Microsoft Purview Data Loss Prevention (DLP) module, which help prevent unauthorized access and oversharing of sensitive files. This capability includes the ability to automatically block pasting sensitive data into unsupported websites, generative AI tools, or personal emails.
Key Benefits
- Comprehensive Data Security
- Improved and Secure Employee Collaboration
- Preventing Data Exposure to Unauthorized Users
- Enhanced Compliance With Industry Regulations
- Proactive Risk Management Against Data Security Incidents
