Skip to content
Rana Usman Ahmad
All case studies

A North American insurer

Data governance with Microsoft Purview

Anonymized enterprise case study

Industry
Insurance
Region
North America
Project type
Compliance
Technologies
3

OutcomeSensitive data classified, labeled, and protected by policy

Sensitive data sat across Microsoft 365 with no controls. I designed a Purview classification and DLP program that made governance enforceable.

Context

The insurer held large volumes of sensitive data across Microsoft 365, with little classification and inconsistent handling.

Challenge

Without classification there was no way to apply meaningful protection. Compliance was a periodic scramble, not an operating capability.

Scope

  • Define a classification and labeling scheme
  • Design data loss prevention policies
  • Align controls to regulatory obligations
  • Plan a phased rollout

Constraints

  • A business wary of controls that block legitimate work
  • Diverse data types across many teams
  • Strict regulatory expectations

Approach

  1. 01Built a label taxonomy mapped to how the business handles data
  2. 02Designed DLP policies tuned to real risk, piloted before enforcement
  3. 03Mapped controls to the relevant frameworks for a defensible position
  4. 04Rolled out in phases with feedback loops

Technologies

Microsoft PurviewSensitivity LabelsDLP

Outcome

  • Classification and labeling established across core data
  • Lower data loss risk without blocking legitimate work
  • A defensible, repeatable compliance operating model

Lessons

DLP that fights the business gets switched off. Tuning to real workflows is what makes data protection stick.

What made it complex

Strong data protection against a business that could not tolerate broad blocking.

Other case studies

Migration/Middle East

Consolidating a fragmented Azure estate

A Gulf-region financial services group

Azure had grown across disconnected subscriptions. I designed a landing zone and migration path that brought the whole estate under one governable model.

One governable cloud estate, built on a proper landing zone

Azure Landing ZonesEntra IDAzure Policy
Security Operations/United Kingdom

Standing up a healthcare SOC on Sentinel

A UK healthcare provider

Security tools were in place, but there was no real detection capability. I designed a Sentinel-led SOC and the workflows that let the internal team run it.

Centralized visibility and a detection model the team owns

Microsoft SentinelDefender XDRKQL
Security Architecture/Europe

An identity-first Zero Trust uplift

A European professional services firm

Zero Trust was the goal, with no clear starting point. I led with identity and built a Conditional Access and privileged access model that cut standing risk.

Less standing access, and access decisions that are auditable

Entra IDConditional AccessPIM
Work with me

Let me turn complexity into a system you can run.

Securing a Microsoft environment, planning a migration, or getting ready for Copilot. I help you make the call with clarity, then build it to last.

Book a discussionExplore expertise