+44 3301 333 307 magma@magmacloud.co.uk
Pillar 05

Data Security, DLP
& Microsoft Purview

Classify, protect, and govern your sensitive data across Microsoft 365, Azure, and beyond. Sensitivity labels, Data Loss Prevention policies, Microsoft Purview governance, and UK GDPR-aligned controls — for organisations that need to know where their data is and prove it's protected.

From £TBC — fixed fee, scoped after your Ignite Assessment
The Challenge

Most organisations don't know where their sensitive data actually lives.

Data grows faster than the governance frameworks meant to protect it. SharePoint sites accumulate documents across years of projects. Mailboxes contain client data, financial information, and credentials shared before anyone thought about data classification. OneDrive folders sync sensitive files to personal devices. Meanwhile, the ICO expects organisations to know where their personal data is, what controls protect it, and how quickly they can respond to a subject access request or a breach.

Microsoft's Purview platform provides powerful tools for discovering, classifying, and protecting data — but they require expert configuration to deliver value. Default sensitivity labels, poorly scoped DLP policies, and inconsistent labelling create a false sense of security. We build data protection programmes that start with discovery, apply classification that reflects your actual risk, and implement DLP rules that protect without making your people's working lives miserable.

What We Deliver

Data Security Services

What we deliver
  • Sensitive data discovery & classification
  • Microsoft Purview sensitivity label taxonomy
  • Information protection policy design
  • Data Loss Prevention (DLP) policy implementation
  • SharePoint & OneDrive permissions audit
  • Insider risk management configuration
  • Communication compliance policies
  • Data lifecycle management & retention
  • Azure data encryption & key management
  • UK GDPR technical controls alignment
Outcomes you can measure
  • Complete sensitive data inventory
  • Consistently applied sensitivity labels
  • DLP policies blocking inappropriate sharing
  • Audit-ready compliance evidence
  • Reduced data breach risk
  • Copilot-safe data environment
How It's Delivered

The Magma Cloud Lifecycle

Data security starts with discovery and ends with continuous governance — we work through every phase from initial data mapping to ongoing compliance monitoring.

01
Strategy
02
Assess
03
Implement
04
Optimise
05
Manage
06
Assure
Related Security Services
Common Questions

Frequently Asked Questions

Microsoft Purview is Microsoft's unified data governance and compliance platform. It includes sensitivity labels, data loss prevention, information barriers, insider risk management, and data catalogue capabilities. If you handle personal data, regulated information, or commercially sensitive data in M365 or Azure, Purview gives you the controls to classify, protect, and monitor it — and the audit evidence regulators expect. Most organisations with M365 E3 or above already have access to core Purview features and aren't using them.

DLP policies detect and act on sensitive data — personal information, financial data, health records, credentials — to prevent it being shared inappropriately. In Microsoft 365, DLP policies can block sharing of sensitive content via email, Teams, SharePoint, and OneDrive, notify users when they're about to violate a policy, and generate compliance alerts for review. We design DLP rules that protect without generating noise that causes your people to ignore the warnings.

Sensitivity labels are a critical pre-requisite for safe Copilot deployment. Labels persist with documents and emails, enforcing encryption and access controls wherever that content travels. When Copilot summarises or references documents, it respects the labels — but only if the labelling is applied correctly and consistently. Inconsistent or missing labels mean Copilot can surface protected content to users who shouldn't see it. We sort the labelling estate before Copilot goes live.

UK GDPR requires appropriate technical measures to protect personal data — which in a Microsoft environment means classification, DLP, encryption, access controls, audit logging, and a documented record of processing activities. Purview provides most of the technical controls; we configure them correctly and help you build the governance layer on top. We advise on what's proportionate for your risk level — not every organisation needs every feature enabled.

Yes. Data discovery is often the starting point — organisations frequently don't have a complete picture of where their sensitive data actually lives. We use Microsoft Purview's data catalogue, content search, and trainable classifier capabilities to map your sensitive data across M365 and Azure, then build classification and protection policies on what we find. No assumptions, no guesswork.

Start with a Free
Ignite Assessment

The Ignite Assessment

A free 30-minute call with a senior security architect. For data security, you leave with a read of your current data classification and DLP gaps, the top three risks to your sensitive data, and a clear view of whether and how we can help. No pitch deck, no obligation.

  • Free — no charge, no catch
  • 30 minutes with a senior architect
  • Data-specific, honest assessment
  • No obligation to proceed
Data Security Specialists

Book Your
Ignite Assessment

Whether you need a full data classification programme, DLP implementation, or pre-Copilot data governance — we'll tell you exactly where you stand.

Book Ignite Assessment