Case Study 4: Insurance Sector

Microsoft 365 ATP and DLP Implementation for Insurance

Organization Overview

  • Sector: Insurance

  • Location: Hyderabad

  • Employees: 100 Users

Business Challenge

  • Protect sensitive customer data (policy details, medical records, financial info).

  • Defend against phishing and malware threats.

  • Prevent accidental data leaks via Microsoft 365 apps.

  • Ensure compliance with IRDAI regulations.

Solution Overview

  • Licensing Implemented

    • Microsoft 365 Office 365 E3

    • Microsoft Defender

Outcomes & Benefits

  • Reduced email security threats

  • Reduction of data leaks via O365 Suite

  • Reduction of SPAM

Project Goals

  • Improve email security

  • Reduce Data leaks originating from M365

Security & Compliance Implementation

  • Microsoft Defender for Office 365 Plan 1

    • Features Used

      • Safe Links & Safe Attachments: Real-time scanning of emails and documents.

      • Anti-phishing Policies: Targeted protection for executives and claims teams.

      • Threat Explorer: Enabled quick investigation and response.

    • Impact:

      • 60% reduction in phishing attempts.

      • Improved threat visibility and containment.

      • Enhanced protection for high-risk roles.

  • Microsoft Purview DLP Plan 1 (Limited to M365 Apps)

    • Scope

      • Applied to Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams.

      • No endpoint or third-party app coverage.

    • Policies Implemented:

      • Detection of sensitive data types: policy numbers, medical records, financial account details.

      • Blocking external sharing of sensitive documents.

      • Policy tips in Outlook and Teams to guide user behaviour.

    • Impact:

      • Prevented potential data leaks.

      • Increased employee awareness of data protection.

      • Achieved compliance with internal and external audit requirements.

Implementation Strategy

    • Phase 1: Planning & Risk Assessment

      • Identified key data flows in claims processing and customer support.

      • Mapped sensitive data types relevant to insurance operations.

    • Phase 2: Pilot Deployment

      • Tested ATP and DLP with 20 users in high-risk roles.

      • Refined policies based on feedback.

    • Phase 3: Full Rollout

      • Deployed across all 100 users.

      • Focused on ease of use and minimal disruption.

    • Phase 4: Training & Support

      • Conducted short virtual training sessions.

      • Created quick-reference guides and FAQs.