Purview power-up: Empowering one of Australia’s leading property developers to build stronger foundations

Our client is an Australian property development and funds management company. For over 30 years, our client has built a solid reputation as one of the best real estate investment managers in Australasia.

Challenge

Our client is strongly aware of the need to protect its information assets. While our client had implemented M365 Purview Compliance Suite, its use was limited. Unstructured content stored on Azure Files also limited the level of control that could be applied through retention, DLP, IRM, and other policies.

Our client had the goal of completing several initiatives to improve information compliance within their organisation. Before implementing specific M365/Purview solutions, they were looking for guidance and assurance in the following areas:

• How they could use automated classification of sensitive unstructured and structured data stored across the client M365 Cloud platforms
• Options for implementing monitoring and prevention of data loss via email, online link sharing, Teams, etc.
• Ways to produce compliance reporting in line with global data regulations including GDPR, CCPA and Australian Privacy Principles
• How to implement policies that support data destruction needs
• Understand how Purview might help more broadly with data access, data security, metadata management (business glossary & classification/taxonomy

Solution

To provide maximum value in a short amount of time, we split our approach in two and provided Our client with:

Practical demonstrations of Purview benefits

The aim of our practical demonstrations is to provide in-house information management specialists with the knowledge and skills needed to manage their information in a sustained way. Through a series of sessions, our experts walked the our client team through a deep dive of M365 Purview functionality and how it can be configured to meet their unique business needs. The team also provided a high-level overview and demonstration of Azure Purview functionality. The demo’s were tailored to Carter Halls existing configuration of M365 Purview and Exchange – allowing our team to really contextualise the benefits and advanced features available via Purview.

A roadmap and strategic recommendations

A series of short discovery workshops were held with several stakeholder groups, including representatives from the IT, Risk and Compliance, Finance and Legal teams to understand our client’s priorities and risks related to information compliance.

As part of our discovery activities, a guided configuration session was held to setup and activate selected M365 Purview Compliance Assessment Template, followed by joint analysis of the assessment findings.

Our findings were then compiled into a roadmap and associated report, providing the client with a set of recommended activities to improve their overall information management compliance maturity. To strengthen the protection of our client’s unstructured information assets, we recommended a staged approach that builds maturity over time. This approach ensures our client can take full advantage of advanced classification and retention features and associated DLP and insider risk management options while continuing to refine their approach to govern and protect sensitive information.

Result

From our work together, our client now has:

Enhanced their data governance

• Our client can now confidently implement policies through Purview that guarantee data is used consistently across the organisation, reducing risks from mishandling or misuse of data
• Client stakeholders understand key Purview concepts including sensitivity classification and Information Protection, Data Loss Protection, Retention Policies, Retention Labels and Retention Label Policies

Empowered employees

• Through end user training, our client’s employees now understand how to govern data efficiently and the importance of labelling, and protecting sensitive information
• Client stakeholders understand the various components of Purview and how they can be used to address compliance requirements

Stronger data security and compliance

• The advisory services provided by our Information Management consultants has given our client the knowledge they need to meet their compliance regulations including GDPR, CCPA and Australian Privacy Principles
• A compliance assessment was completed in Purview and an initial Compliance Score established
• The risk of data breaches is lowered because security protocols have been introduced
• Through Purview’s robust auditing and reporting capabilities, it’s easier to prepare for and pass data compliance audits

Improved search capability

• Purview’s data catalogue and search capabilities have improved the way employees can find the information they need

Clear roadmap

• The client was provided with a clear roadmap and is now positioned to make decisions on next steps relating to compliance controls in its Microsoft environment