Your organization purchased Microsoft 365 E5 licensing. Somewhere in the procurement justification was a line about data security (information protection, data loss prevention, regulatory compliance). The budget was approved and the licenses were provisioned; but, somewhere between that quarter and this one, the configuration never happened.
This is not unusual. It is, in the aggregate, the default condition. The security capabilities embedded in E5 (classification engines, DLP policy frameworks, sensitivity labeling infrastructure) require sustained architectural attention that most internal security teams were never resourced to provide. The license was treated as the deliverable but it was only ever the starting material.
The practical consequence is a compliance posture that exists in reporting but not in reality. Sensitivity labels created during a workshop and never published to users. DLP policies drafted in a pilot and never extended beyond it. Exchange mailboxes, SharePoint libraries, and OneDrive accounts containing regulated data like health records, financial instruments, and personally identifiable information; sitting in environments the organization has already attested to auditors as protected.
Everyone involved understands this. The reason the situation persists is not a lack of awareness but the compounding distance between the documented state and the actual state, a gap that has grown too wide to close with a conversation. Closing it requires technically precise, sustained work.
That is what Severian does.
Severian Technology Group architects and implements data security programs on Microsoft Purview. A platform that already exists inside your E5 tenant, already paid for, provisioned, and waiting to be configured with the specificity it demands. This is not tool deployment. It is the disciplined practice of understanding where an organization's sensitive data actually resides, how it travels through the environment, who touches it, and what controls are architecturally appropriate given the regulatory and operational reality of that specific organization.
The engagement begins with assessment: a comprehensive examination of sensitive data across Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. For mailbox scanning specifically, Severian deploys proprietary tooling that produces results Microsoft's native compliance capabilities do not. This includes actionable, exportable, on-demand inventories of sensitive information types across the full breadth of an Exchange environment. Content Search and eDiscovery were designed for legal holds and targeted investigation, not for the kind of systematic, organization-wide data mapping that a serious DLP architecture requires. The tool was built because the gap in the platform existed and no one had closed it.
From assessment, the work moves to architecture. Sensitivity labels designed not as a taxonomy exercise but as an operational framework. Each label mapping directly to encryption behavior, access restrictions, and downstream DLP policy enforcement. Information protection policies written to accommodate how people actually work, which is never quite how compliance frameworks imagine they do. DLP rules built with sufficient precision to avoid the characteristic failure modes of the discipline: policies so broadly scoped they produce debilitating alert volumes, and policies so narrowly defined they miss the regulated data they were designed to intercept.
Where Purview intersects with security infrastructure already deployed (Symantec DLP, Digital Guardian, Varonis, or other platforms) Severian builds integration through the Microsoft Information Protection SDK. Classification decisions made within Purview propagate to third-party enforcement points. The sensitivity label follows the document across system boundaries. The security ecosystem becomes technically coherent rather than administratively stitched together.
Matthew Silcox
Severian is the practice of Matthew Silcox, a Microsoft Most Valuable Professional in the category of Purview Data Security. The MVP designation is not a certification. It is an ongoing relationship with Microsoft's product engineering organization. MVPs gain access to pre-release capabilities, roadmap briefings, and the architectural context that determines how these platforms will evolve before that evolution reaches public documentation. Solutions designed with this access are built for the trajectory of the platform, not merely its current surface.
The technical depth (implementation specifics, undocumented platform behaviors, the problems that emerge only at the boundary between what the documentation promises and what the software actually does) is published at severian.ghost.io. That writing is for practitioners who do the work, not for the people who approve the budget.
If this described your situation with uncomfortable accuracy, the appropriate next step is a direct conversation.