Activity
Classification maturity review
Where your data sits on the maturity curve — from ad-hoc folders to published labels with auto-classification. A baseline you can track.
M-Tech Labs AIEastbourne · UK
/ AI Consultancy / Data governanceClassify, control and retain the data AI will learn from.
Sensitivity labels, DLP, retention and Purview rollout — the groundwork that decides what Copilot can surface, what it can't, and what it forgets on schedule.
01/ What's involved
The work a governance engagement covers.
Scoped to where you are on the curve — a tenant with no labels gets a different plan to one with a stalled Purview rollout. The building blocks are the same.
Activity
Sensitivity label design
A label taxonomy your people will actually use. Three to five tiers, clear rules, plain-English descriptions — not a twenty-level matrix nobody reads.
Activity
Auto-labelling & content inspection
Trained classifiers and policy rules that tag sensitive content at rest and in flight, so coverage doesn't depend on a user remembering.
Activity
DLP policies scoped to risk
Data-loss-prevention rules on Exchange, SharePoint, Teams and endpoints — tuned to catch what matters and ignore what doesn't.
Activity
Retention & records
Retention labels and policies so old data ages out on schedule and legal-hold content is preserved — a Copilot index is only as good as what's in it.
Activity
Purview rollout plan
A sequenced rollout: pilot group, telemetry, tuning, then tenant-wide. Written so a capable IT lead can run it with our oversight.
02/ What you get
A working programme, not a slide deck.
- 01
Label taxonomy & policy pack
Your published labels, scoping and policy definitions — documented and exported so they're reproducible.
- 02
DLP & retention ruleset
The active policies, match conditions and exceptions, with the rationale for each — audit-ready.
- 03
Classification dashboard
A Purview-driven view of coverage and sensitive-content volume over time, so you can see the programme working.
- 04
Rollout runbook
Pilot-to-production steps, comms templates and a troubleshooting guide — the operational side, not just the config.
03/ Typical findings
What we usually surface.
Most tenancies aren't careless — they're busy. Labels get published and then priorities shift. Here's where the gaps cluster.
- HR and payroll folders tagged "General" or unlabelled entirely.
- Client PII sitting in free-text fields that no policy inspects.
- Retention left at default — nothing ages out, everything is indexed.
- Labels published but never auto-applied, so coverage sits below 10%.
- DLP in audit mode for two years, generating noise nobody triages.
- External-sharing links on confidential libraries with no expiry.
/ Backed by
Delivered by M-Tech Labs with the compliance and security discipline of M-Tech Systems — Cyber Essentials certified, aligned to NCSC CAF 4.0 and progressing through the Assurix trustmark programme.
Back to AI Consultancy/ Start a conversation
Plan the governance groundwork before the AI rollout.
Two weeks to set direction, or a four-to-six week sprint to actually ship the labels, policies and retention rules your tenant needs.