A direct insurance provider operating across Australia and New Zealand, with recent expansion into Canada, specialises in technology and data analytics to design, administer, and distribute affordable insurance products tailored to its customers. Sensitive customer and policy data sits at the heart of the business, making data governance and protection a critical strategic priority.
The organisation had taken important early steps in data governance, implementing Microsoft Purview Information Protection to classify and label sensitive data. However, the business lacked the enforcement and monitoring capability needed to actively prevent data leakage. There was no unified Data Loss Prevention solution spanning email, endpoint, and SaaS, and sensitive data movement was difficult to see, let alone control.
Manual compliance effort and reporting was high, with limited automated evidence available for regulatory and audit purposes. Gaps remained in mitigating accidental or malicious data exfiltration across the Microsoft 365 estate, and the organisation needed a defensible, end-to-end data governance posture aligned to the financial services regulatory environment.
Oreta designed and implemented a 360° Microsoft Purview rollout that extended classification and labelling into active enforcement across every layer of the data estate. A proof of concept established the technical and operational pattern, after which a full production rollout was delivered across email, endpoint, and Teams.
Custom policies were configured to block external sharing of sensitive information, enforced consistently across channels to align technical controls with policy intent. Real-time monitoring, policy enforcement, and compliance reporting were layered across files, mailboxes, and collaboration tools, with automated audit evidence available for regulatory and internal compliance needs. The label taxonomy and policy logic were aligned to insurance sector regulatory obligations, building a defensible data governance position across the Microsoft 365 estate.
• 95% reduction in data leakage, with a measurable drop in policy violations following enforcement.
• 70% reduction in manual compliance effort, with automation replacing day-to-day manual checks.
• End-to-end visibility of sensitive data movement across the Microsoft 365 estate.
• Stronger regulatory adherence and improved compliance posture across email, endpoint, and Teams.
We empower businesses to thrive by delivering tailored cloud, security, network, and telco solutions. Through advisory, delivery, and managed services, we partner with our customers to innovate, connect, and achieve lasting impact.
Level 7, Tower 2
727 Collins Street
Melbourne, VIC 3000
The Offices 5, Level 3,
Office 303,
One Central Dubai
World Trade Centre
Dubai, United Arab Emirates
