How M365 Protects Sensitive Data
By Mike Brimberry
Published April 10, 2023
Estimated Reading Time: 3 minutes

In today’s collaborative, work-from-anywhere world, files containing your company’s sensitive information – whether it be confidential business data or customer records often leave the four walls of your office. An employee may download a file to a USB drive to work on it at home. You may send financial information to your banker or accountant.

Wouldn’t it be nice to control who can access these documents, even after they have been shared or saved outside your company? Now you can.

Microsoft 365 Business Protects Your Sensitive Documents

With Microsoft 365 Business, you can:

  • Limit access to files or email, so only employees or invited guests can access them
  • Disable access to classified documents when an employee leaves the company

How It Works

Control access to email. With Microsoft 365 Business, you can help ensure that only the intended recipient of an email has access to the information, with controls like “Do Not Forward” or “Do Not Print.” And for even more added security, you can easily encrypt an email message and its attachments, so it can only be read by the person you sent it to.

Control access to documents and files. Microsoft 365 Business allows you to restrict access to a file – a spreadsheet containing names and contact information of your customers, for example – so that it can only be accessed by people in your company. You can control whether that document is editable, restricted to read-only, or prevent it from being printed.

Restrict access, even if the file is saved outside the company. Restrictions and protections stay with the files and emails, regardless of the location. Even if the file is emailed outside the company, or saved to an employee’s personal computer, you remain in control of your data.

Here’s An Example

Megan is the Sales Manager for the Contoso company. She creates the company’s annual sales forecast and classifies it as “Highly Confidential.” This essentially locks the document, because at her company “Highly Confidential” files are automatically encrypted, and only accessible to company employees.

After Megan shares the file with her team, Carlos, a Contoso salesperson, attempts to open the file. When he opens the file, Microsoft 365 Business verifies that he is a Contoso employee and decrypts the file for him. This verification occurs each time that the file is accessed.

This protection stays with the document even if it is saved outside the company. Let’s say that Carlos saves the document to a USB drive, and then gets a job at another company. Even though Carlos still has Contoso’s sales forecast, it is useless to him. When he tries to open the file, he is unable to decrypt it since he is no longer a Contoso employee.


Healthcare organizations deal with data containing sensitive patient health information that is highly valuable to threat actors. PHI is so valuable that industry regulations like HIPAA enforce compliance to protect it.

Organizations handling PHI must take steps to prevent unauthorized health information transfers, restrict access, monitor and log data access. Data owners must initiate a data management process, label and classify PHI data, understand their data flow and have a data inventory.

Leveraging Microsoft Purview DLP solutions can help you manage these critical tasks and protect your sensitive data.

Financial Services

Data protection is critical to business operations in financial institutions. They have to follow a long list of security, compliance and governance controls. Companies must balance facing both external and internal threats, while also maintaining customer trust in how personal and financial information will be handled.

Technology that can identity sensitive data, prevent data loss, and protect customer’s personal information while enabling the organization to operate in a secure fashion is key. Microsoft tools enable you to govern data, comply with regulations, and protect against data exfiltration and insider risk.


Manufactures have data containing sensitive intellectual property flowing across their supply chain. Organizations need to protect it from insiders, competitors and other adversaries looking to gain access to it.

Safeguards that balance security without interrupting operations must be top of the list. Microsoft solutions can protect your data from unauthorized users and enable secure business operations.


The energy industry is regulated with strict standards, as they provide critical infrastructural services such as power, communications, and water. Protecting data, from customer information to internal operations documentation for plant maps, metrics or environmental data, is critical for day-to-day operations.

Leveraging solutions that identify sensitive data, govern data, and prevent data loss is required. Microsoft provides comprehensive platforms and tools to ensure security and compliance.

Article By Mike Brimberry
Mike is the Director of Cybersecurity at Model Technology solutions. Mike has over 20 years working experience for large and small organizations in service desk, endpoint management, data center, cloud, Cybersecurity, IT leadership and service delivery. He loves to travel, cook, listen to beach music, and he's a self-proclaimed Disney expert in addition to his numerous other areas of expertise. He currently lives in southern Illinois with his wife and 5 kids.

Related Posts