bluesource introduced data protection and governance policies to JCB Finance’s Microsoft 365 Platform by using Microsoft Information Protection (MIP)

The Background

JCBF needed to expand, whilst retaining the simplicity, current processes and tools that allowed their employees to classify and retain unstructured data. JCBF also wanted to invest in new tools that aligned with the company’s Microsoft 365 and Azure cloud strategy.

JCBF were keen on introducing information protection and governance policies to their Microsoft 365 platform, leveraging the capabilities provided by the Microsoft Information Protection (MIP) stack of services.

JCBF had an overall idea of how the process should function but needed a Microsoft data protection and governance expert to delivery and support the project.

The Solution

Through a series of onsite workshops, bluesource engaged with the IT and compliance functions to scope out the ‘art of the possible’. Using an iterative approach, a final project plan was devised between bluesource and JCBF.  Following Board signoff, bluesoure undertook the technical work ensuring always to involve JCBF’s IT function whenever necessary.

The work bluesource undertook aimed to improve the accessibility, findability and security of JCBF’s data. Specifically they:

• Defined the sensitivity (unified) label schema, including:
  • Watermarks
  • Encryption settings
• Defined and published the sensitivity label policies for each label relating to Microsoft 365 workloads, specifically referencing to departments/users
• Defined retention labels
• Published and configured retention policies on the target environments, namely: Exchange Online, SharePoint, Teams, and OneDrive for Business
• Defined and deployed Data Loss Prevention (DLP) rules to the target Microsoft 365 workloads
• Configured and executed agreed PowerShell overrides that were applicable to the Office client apps on Windows 10. These included policy overrides to:
  • Auto classify email labels to that of the highest attachment label
  • Colour code labels making them visually easier to distinguish
• Configured the Office Message Encryption (OME) portal and associated IRM and DLP policies to also encrypt PDF files, and enhance the overall experience for external recipients to view and respond to encrypted emails and attachments.

Why bluesource?

Having worked with bluesource before JCBF knew of bluesource’s technical expertise in this arena. JCBF’s original discussions were around multiple products – all of which bluesource had a deep technical knowledge of.

bluesource worked alongside JCBF and were patient and understanding when COVID elongated the process. All projects have unexpected challenges and bluesource were very nimble and responsive in resolving any and every issue found.

Dave Smith, Data Protection Officer for JCB Finance said, “bluesource has been for many years a trusted partner of JCBF in the field of data governance. Their depth of knowledge in the marketplace is first class, as are the people who I felt were genuinely personally invested in the project being successful.”