SEVERIAN

Severian Technology Group is the data security practice of Matthew Silcox, one of three U.S.-based Microsoft MVPs in Purview Data Security.

The work is architecting and implementing Microsoft Purview programs for organizations that already own E5 licensing and need their Purview tenant to do what their auditors and compliance frameworks already assume it is doing.

The clients are typically regulated: U.S. healthcare payers, financial services firms, and professional services organizations operating under sector-specific disclosure rules.

If this describes your situation: matt@severiansecurity.com

The work

Severian Technology Group architects and implements data security programs on Microsoft Purview. The platform already exists inside your E5 tenant. The work is configuring it with the specificity it demands.

Assessment

A comprehensive examination of sensitive data across Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. For mailbox scanning specifically, Severian deploys proprietary tooling that produces results Microsoft's native compliance capabilities do not (actionable, exportable, on-demand inventories of sensitive information types across the full breadth of an Exchange environment).

Content Search and eDiscovery were designed for legal holds and targeted investigation, not for the kind of systematic, organization-wide data mapping that a serious DLP architecture requires. The tool was built because the gap in the platform existed and no one had closed it.

Architecture

Sensitivity labels designed not as a taxonomy exercise but as an operational framework. Each label maps directly to encryption behavior, access restrictions, and downstream DLP policy enforcement.

Information protection policies written to accommodate how people actually work, which is never quite how compliance frameworks imagine they do. DLP rules built with sufficient precision to avoid the characteristic failure modes of the discipline: policies so broadly scoped they produce debilitating alert volumes, and policies so narrowly defined they miss the regulated data they were designed to intercept.

Integration

Where Purview intersects with security infrastructure already deployed (Symantec DLP, Digital Guardian, Varonis, or other platforms), Severian builds integration through the Microsoft Information Protection SDK.

Classification decisions made within Purview propagate to third-party enforcement points. The sensitivity label follows the document across system boundaries. The security ecosystem becomes technically coherent rather than administratively stitched together.

The Baseline

Most engagements start with the Baseline.

The Baseline is a defined two-week diagnostic that produces a written assessment of what your Purview tenant is actually classifying, what it is missing, and where the gap between your attested compliance posture and your operational reality is widest. It is fixed-scope and fixed-fee.

The artifact is something you can hand to an auditor, a board, or a remediation team. Sometimes the Baseline is the entire engagement. More often it becomes the basis for the architecture and implementation work that follows.

Matthew Silcox

Severian is the practice of Matthew Silcox, a Microsoft Most Valuable Professional in the category of Purview Data Security. MVPs gain access to pre-release capabilities, roadmap briefings, and the architectural context that determines how these platforms will evolve before that evolution reaches public documentation.

The technical depth (implementation specifics, undocumented platform behaviors, the problems that emerge only at the boundary between what the documentation promises and what the software actually does) is published at severian.ghost.io for practitioners who do the work, not the people who approve the budget.

Recent writing

More at severian.ghost.io

If this described your situation with uncomfortable accuracy, the appropriate next step is a direct conversation.

matt@severiansecurity.com