Classify the data. Label the data. Govern the AI that sees the data.

Why This Matters

Copilot doesn't have a security model. The access model is the security model.

Microsoft 365 Copilot respects existing access controls. If a user has access to a document, Copilot can surface it. If a SharePoint site has been over-shared, Copilot has just become the search engine that finds it. If a user pastes a contract into ChatGPT, the data has already left the boundary. The first principle of AI data protection is not a Copilot setting. It's that AI sees what the user sees — and most organizations have not audited what the user sees in years.

Data Protection & Governance closes the gap on paper, in the platform, and at the user. A classification taxonomy is built against the actual data types the business handles — PHI, PII, financial, legal, IP, general business. Microsoft Purview sensitivity labels are deployed against the taxonomy with encryption, marking, and access controls per level. DLP is scoped against the data patterns in flight. Auto-labeling is tuned. Third-party AI tools are governed. And the Copilot readiness checklist is run before the license is activated, not after the first oversharing incident.

35%

of data breaches in 2024 involved data stored across multiple environments or in unmanaged 'shadow' data the security team didn't know existed. The data you can't see is the data you can't govern.

IBM · Cost of a Data Breach Report 2024

By The Numbers

80%

of enterprise data is unstructured, sitting in documents, email, chat, and file shares where access controls and classification rarely meet. Governance has to find it before it can protect it.

IDC · Global DataSphere

$10.22M

average cost of a data breach in the United States in 2025, the highest of any country tracked and a record high for the report.

IBM · Cost of a Data Breach Report 2025

Three situations where data classification has to come before the next decision.

Who This Is For

Situation 1

Copilot for M365 is on the procurement list

The license is sitting in the cart, the executive team wants the productivity story, and the security team is the only group asking what data Copilot will see on day one. Activating without classification is AI-powered data leakage.

Situation 2

A regulator, customer, or framework requires data classification

HIPAA, SOC 2, HITRUST, PCI-DSS, or a customer contract requires a documented classification scheme and evidence of enforcement. The team has a draft policy in SharePoint and no labels in the wild. The auditor is asking for the artifact.

Situation 3

An incident or audit named oversharing as the gap

An incident review surfaced a SharePoint site shared with the wrong audience. An audit named external sharing as a finding. A customer found data they shouldn't have through a search box. The next conversation is about the access model, not the perimeter.

Best Outcome

A Copilot readiness assessment with the seven prerequisites checked, the critical data classified, oversharing remediated, and the policy that governs third-party AI tools published before the license is turned on.

Best Outcome

A documented taxonomy, sensitivity labels deployed in Microsoft Purview, DLP policies enforcing the labels, and the monitoring dashboard that produces the evidence the auditor reads first.

Best Outcome

A SharePoint and OneDrive sharing audit, an access review across the affected scope, label-driven site protection enforced, and the monitoring that catches the next oversharing event before the next incident does.

How It Works

Level L4

Highly Confidential

PHI, PII with SSN or financial identifiers, legal-privileged communications, M&A materials. Encryption at rest and in transit, access restricted to named groups, no external sharing, DLP enforced, all access audited. AI processing only with explicit approval.

Four classification levels. Every other control hangs off them.

The taxonomy is the spine of the program. Once it's set, sensitivity labels enforce it, DLP polices it, auto-labeling scales it, Copilot respects it, and the dashboard measures adoption against it. The taxonomy is built against the actual data types the business handles, not lifted from a template.

Level L3

Confidential

Financial reports, HR records, customer contracts, strategic plans, source code. Encryption at rest, department- or project-scoped access, external sharing only with encryption and approval. AI access governed by the sensitivity label, DLP enforced.

Level L2

Internal

Memos, project plans, meeting notes, training materials, operational procedures. Standard group-based access, external sharing requires intent. AI tools can access with standard controls. The default label for new documents.

Level L1

Public

Marketing materials, published reports, website content, press releases. No access restrictions, no DLP, AI tools can access freely. The classification that says explicit approval has already been granted.

Five principles. Every Copilot and third-party AI decision flows back to one of them.

Most "AI governance" frameworks read as wish lists. These are the operational principles the program is built on: the rules that decide what gets blocked, what gets labeled, and what gets allowed.

AI Governance Principles

Principle P1

AI sees what the user sees

Copilot respects existing access controls. The access model is the AI security model. Access governance and oversharing remediation are the primary AI data protection controls, not an AI-specific setting.

Principle P2

Classification before Copilot

Do not enable Copilot for M365 until sensitivity labels are deployed and critical data is classified. The Copilot readiness checklist is a prerequisite, not a parallel workstream.

Principle P3

Oversharing is the #1 risk

The most common AI governance failure is not a technical exploit. It's users having access to data they shouldn't, and Copilot surfacing it. The remediation is access reviews, sharing audits, and label enforcement.

Principle P4

Third-party AI is shadow IT

Employees pasting corporate data into ChatGPT, Gemini, or other consumer AI tools is an uncontrolled data exfiltration channel. Block, govern, or sanction, but never leave it implicit.

Principle P5

Label drives policy

Sensitivity labels are the mechanism that connects classification to enforcement. A label of Highly Confidential automatically applies encryption, restricts sharing, governs AI processing, and triggers DLP.

Principle P6

Measure adoption, not deployment

Labels deployed is not the KPI. Labels applied is. The dashboard tracks adoption rate, downgrade rate, DLP false positives, auto-labeling coverage, and consumer-AI blocks week over week, against published targets.

Principle P7

Train the user, not the policy

The taxonomy succeeds at the point of content creation. Mandatory labeling, default labels, downgrade justification, and a help link (paired with role-based training) make the right choice the easy choice.

An enforcement framework for your sensitive data and AI strategy.

What's Included

After this engagement, you will have:

A documented classification taxonomy

Four levels, mapped to the actual data types the business handles and the regulations it reports against. Approved by client leadership, signed by the engagement partner, written for the audit committee and the regulator.

After this engagement, you will have:

Sensitivity labels deployed in Microsoft Purview

Public, Internal, Confidential, and Highly Confidential labels created and published. Encryption configured for Confidential and Highly Confidential. Visual markings, mandatory labeling, default label, and downgrade justification enforced.

After this engagement, you will have:

DLP policies scoped to the data in flight

Policies for PHI, PII, financial, and label-enforcement scenarios. Tuned against the actual content in the environment, not a template. False positive rate driven below 10% before enforcement is turned on.

After this engagement, you will have:

An AI readiness assessment

The Copilot for M365 readiness checklist, run against the environment. Gaps identified (oversharing, access review currency, guest access, third-party AI policy) with a remediation plan and a sign-off date before activation.

After this engagement, you will have:

Auto-labeling tuned and scoped

Sensitive information types matched against actual data patterns. Simulation mode reviewed before enforcement. Auto-labeling coverage measured against PHI and PII content as a KPI, not a hope.

After this engagement, you will have:

A monitoring dashboard and KPI scorecard

Label adoption rate, DLP match trends, false positive rate, downgrade rate, consumer-AI blocks, Copilot active users. Reported weekly to the team, monthly to the CISO, and quarterly to the audit committee.

How a real data protection program differs from a labeling project or an AI policy.

The market is full of "data governance" engagements that ship a taxonomy and an empty Purview tenant. These are the specific patterns we don't ship.

What This Isn't

A classification PDF

A taxonomy in a Word document, posted on a SharePoint site, never enforced. We don't substitute a document for a control. The taxonomy is published in Purview labels, enforced by DLP, and measured by adoption or it isn't the deliverable.

A stand-alone AI policy

A two-page acceptable-use policy for ChatGPT, sent over email, with no enforcement. The third-party AI control is App Governance and endpoint policy, not a memo. The policy is part of the package; the enforcement is the deliverable.

Activating Copilot first

"Roll out Copilot now, classify later." The first oversharing incident makes the classification project urgent and the Copilot pilot toxic. The readiness checklist is non-negotiable; the order matters.

An untuned DLP rollout

Out-of-the-box DLP policies turned on across the tenant, flooding the team with false positives, getting overridden into oblivion, and ending up effectively off. Tuning is the work. Enforcement comes after the false positive rate is below the published target.

Label deployment without adoption

Labels published, mandatory labeling not enabled, no default, no auto-labeling, no measurement. Adoption sits at 4% a year later. The KPI is labels applied, not labels deployed, and the program is measured against the right number from week one.

Ignoring the access model

The most common reason Copilot leaks data is not Copilot. It's stale SharePoint sharing, orphaned guest access, and access reviews that never close. A data protection engagement that doesn't touch the access model is solving the wrong problem.

Four phases. Framework first. Activation last.

How It Works

Phase 1

Framework & AI readiness

The classification taxonomy is built against the actual data types in the business and the regulations on the books. The AI tool inventory is captured (Copilot for M365, Azure OpenAI, custom apps, and the third-party tools already in use). The Copilot readiness checklist is run against the environment and a gap list is published.

Phase 2

Label deployment & site protection

Sensitivity labels created and published in Microsoft Purview. Encryption, visual marking, and access controls configured per level. Site and group labels enforce sharing, privacy, and unmanaged-device access. Mandatory labeling, default label, and downgrade justification turned on. End-to-end testing validates every behavior.

Phase 3

DLP, auto-labeling & AI controls

DLP policies scoped against PHI, PII, financial, and label-enforcement scenarios. Tuned in simulation mode until false positives are below the published threshold, then turned on in enforcement. Auto-labeling tuned against actual data patterns. Third-party AI tools blocked or governed via App Governance and endpoint policy.

Phase 4

Monitoring, KPIs & handover

The data protection dashboard is configured. Weekly metrics collection automated. KPIs published — label adoption, DLP false positive rate, auto-labeling coverage, consumer-AI blocks, downgrade rate. Reporting cadence wired into the existing security reporting from the operations program.

You Walk Away With:

• An approved classification taxonomy mapped to compliance frameworks.

• An AI tool inventory and readiness gap list.

• A remediation plan and a sign-off date before Copilot activation.

You Walk Away With:

• Four labels published, encryption configured.

• Site and group labels enforcing sharing and access.

• Test cases validated and evidence captured in SharePoint.

You Walk Away With:

• DLP policies tuned and enforced.

• Auto-labeling enabled against PHI and PII patterns.

• Third-party AI tool policy published and technically enforced.

You Walk Away With:

• A data protection dashboard with weekly metrics.

• Published KPI targets and a monthly executive readout.

• A handover packet and a defined next step into Managed Security.

Expertise This Work Draws On

The components behind a Data Protection & Governance engagement.

Cybersecurity & Compliance

Data Protection & AI Governance

The published Data Protection and AI Governance Framework Playbook, the Sensitivity Labels and Label Policies Runbook, and the Data Protection Monitoring and Reporting Runbook anchor the engagement. The methodology is repeatable, the evidence shape is consistent, and the KPIs are published.

Cybersecurity & Compliance

GRC Program Design

Classification cross-mapped to HIPAA, SOC 2, HITRUST, PCI-DSS, and the state and sectoral rules that reach the mid-market. Drawing on the firm's experience as former auditors and GRC leaders, the taxonomy is built to satisfy the audit, not the template.

Technology & Security Operations

Identity & Access Management

The access model is the AI security model. The IAM practice runs the oversharing remediation, the access reviews, and the guest governance that make Copilot deployment safe, with joiner-mover-leaver, privileged access, and the certification cycle behind them.

Secure AI

Secure AI Activation

When the engagement is the prelude to a Copilot for M365 rollout, the AI Activation practice picks up at handover with model selection, prompt governance, agent design, and the data-aware controls that operate on top of the labeled tenant.

A classification taxonomy, sensitivity labels in the tenant, DLP under 10% false positives, and the readiness checklist signed before activation.

Thirty minutes with a senior partner. Bring the AI tools on the procurement list, the regulations the business reports against, and the data types the team handles, and we'll scope the program on the call.

Strategic technology partners
combining deep industry expertise with innovative solutions for regulated industries.

Services

Company

Strategic

Deployment

Managed

Cybersecurity & Compliance

Cloud & Technology Infrastructure

Technology & Security Operations

Expertise

About Us

Resources

Contact

© 2025 Fortellar. All rights reserved.

Careers