Activity
Classification maturity review
Where your data sits on the maturity curve — from ad-hoc folders to published labels with auto-classification. A baseline you can track.
Eastbourne · UK
/ AI Consultancy / Data governanceClassify, control and retain the data AI will learn from.
Sensitivity labels, DLP, retention and Purview rollout — the groundwork that decides what Copilot can surface, what it can't, and what it forgets on schedule.
01/ What's involved
The work a governance engagement covers.
Scoped to where you are on the curve — a tenant with no labels gets a different plan to one with a stalled Purview rollout. The building blocks are the same.
Activity
Sensitivity label design
A label taxonomy your people will actually use. Three to five tiers, clear rules, plain-English descriptions — not a twenty-level matrix nobody reads.
Activity
Auto-labelling & content inspection
Trained classifiers and policy rules that tag sensitive content at rest and in flight, so coverage doesn't depend on a user remembering.
Activity
DLP policies scoped to risk
Data-loss-prevention rules on Exchange, SharePoint, Teams and endpoints — tuned to catch what matters and ignore what doesn't.
Activity
Retention & records
Retention labels and policies so old data ages out on schedule and legal-hold content is preserved — a Copilot index is only as good as what's in it.
Activity
Purview rollout plan
A sequenced rollout: pilot group, telemetry, tuning, then tenant-wide. Written so a capable IT lead can run it with our oversight.
02/ What you get
A working programme, not a slide deck.
Label taxonomy & policy pack
Your published labels, scoping and policy definitions — documented and exported so they're reproducible.
DLP & retention ruleset
The active policies, match conditions and exceptions, with the rationale for each — audit-ready.
Classification dashboard
A Purview-driven view of coverage and sensitive-content volume over time, so you can see the programme working.
Rollout runbook
Pilot-to-production steps, comms templates and a troubleshooting guide — the operational side, not just the config.
03/ Labels don't stop at the tenancy edge
Purview labels travel into session control.
Labelling the data is the first half of the answer. The second half is making sure labelled content can't be pasted into ChatGPT, Claude or Gemini in a browser tab.
Sensitivity labels published here propagate into Defender for Cloud Apps session policies, so confidential content can be blocked from upload to AI apps outside your tenancy — at the SaaS perimeter, with an audit trail. The full tandem story lives on the AI security perimeter page.
04/ Typical findings
What we usually surface.
Most tenancies aren't careless — they're busy. Labels get published and then priorities shift. Here's where the gaps cluster.
- HR and payroll folders tagged "General" or unlabelled entirely.
- Client PII sitting in free-text fields that no policy inspects.
- Retention left at default — nothing ages out, everything is indexed.
- Labels published but never auto-applied, so coverage sits below 10%.
- DLP in audit mode for two years, generating noise nobody triages.
- External-sharing links on confidential libraries with no expiry.
/ Backed by
Delivered by M-Tech Labs with the compliance and security discipline of M-Tech Systems — Cyber Essentials certified, aligned to NCSC CAF 4.0 and progressing through the Assurix trustmark programme. Code is continuously scanned for quality and security with Aikido, with independent QA and penetration testing by Zoonou available where engagements call for it, and hosted on our own Nutanix / Fortinet platform — continuously pen-tested, current-version, UK-based. See secure development for the full picture.
Back to AI Consultancy/ Start a conversation
Plan the governance groundwork before the AI rollout.
Two weeks to set direction, or a four-to-six week sprint to actually ship the labels, policies and retention rules your tenant needs.