Purview implementation at large global retail company

Customer

A global retail company with over 100,000 employees, known for offering fashion-forward clothing, accessories, and home goods at affordable prices. It operates a vast network of stores globally and has a strong online presence.

Problem

The retailer relying on Microsoft 365 for communication and collaboration faced heightened risks of data theft and loss. Sensitive information such as design plans, financial projections, and agreements is stored and shared across Microsoft 365 apps like SharePoint, OneDrive, Teams, and Exchange. Despite the platform’s operational efficiency, the organization struggled with:

Uncontrolled Data Sharing: Employees frequently share sensitive documents, both internally and externally without proper oversight, increasing exposure to data breaches.
Limited Data Visibility: The organization lacks a clear understanding of where sensitive information resides, how it is being used, and who has access to it across the Microsoft 365 environment.
Lack of Data Classification: Without consistent classification, organizations struggle to identify and protect sensitive information such as PII, financial data, or intellectual property.
Compliance Challenges: With growing privacy regulations like GDPR and CCPA, the organization risks non-compliance due to insufficient data protection measures and reporting capabilities.
Inefficient Incident Response: Without automated tools to detect and respond to data loss or theft incidents, identifying risks and mitigating their impact is slow and costly.

Goal

Implement Microsoft Purview to improve data security and govern and ensure compliance with ISO/IEC 27001.

Protect data in Microsoft 365 based on its content sensitivity and establish the desired sharing controls to reduce risk of oversharing and exposure.
Prevent data loss from Microsoft 365 based by establishing rules to only allow data transfer / sharing through an allowed list of sequences and transfer channels.
Identify and stop data theft by cyber criminals, malicious insiders, negligent insiders, and AI
Keep what we need and delete the rest in Microsoft 365 to reduce risks and storage costs

Solution

Success required the following deliverables by Infotechtion:

Governance Model: User stories and requirements were identified from across the business to determine how sensitive data must be protected and governed.
Microsoft Purview Blueprint: Based on requirements, design was agreed upon for implementing Microsoft Purview Information Protection, Data Loss Prevention, Insider Risk Management, and Data Lifecycle Management.
Change Management: Communication and educational resources were established to ensure all staff knows about the change.
Operating Model: Tasks, roles and responsibilities were defined with metrics and KPIs to manage alerts and reporting, but also for ongoing improvements.
Implementation: Support retailer staff implement Purview to ensure they get the required knowledge to maintain and improve the solutions.

Please feel free to contact us if you want us to demonstrate the value of Microsoft Purview to any of your customers but also explain how we use Infotechtion templates to quickly ensure a successful implementation.