top of page
Search
Where Purview Ends, Defender for Cloud Apps Begins
Microsoft Purview protects sensitive data inside Microsoft 365. But work rarely stays there. This field note looks at where Microsoft Defender for Cloud Apps fits in a Purview strategy and how it provides visibility and compensating controls when sensitive data interacts with external cloud services.
E.C. Scherer
8 hours ago5 min read
Why DLP Policies Fail Before Users Ever See Them
DLP policies often fail before users ever see them. Not because the policy is wrong, but because the environment doesn’t support it. In this field note, we walk through how identity, collaboration models, and organizational maturity shape whether DLP works as intended. Learn how to design policies that align with how your organization actually operates.
E.C. Scherer
2 days ago3 min read
For Christopher
This piece is for my cousin, Chris, and for the quiet ways we kept each other going.
Content note: This piece talks openly about suicide, grief, and the loss of someone I love. I wrote this letter Friday after learning we lost him, so if these topics are difficult for you right now, please take care of yourself and consider reading this another time.
E.C. Scherer
3 days ago3 min read
The Purview Labeling Mistake Almost Every Organization Makes
Many organizations approach Microsoft Purview labeling by creating labels for types of data: PII, PHI, Client, Legal, and more. It seems logical, but it quickly leads to confusion, conflicting policies, and labels that don’t scale. In this field note, I walk through the most common Purview labeling mistake I see during deployments and explain why effective label strategies focus on data classification and controls instead.
E.C. Scherer
Mar 184 min read
Five Minutes Into a Bad Purview Deployment
I can usually tell within five minutes whether a data security program is going to work. Hundreds of DLP policies, label sprawl, and everything stuck in simulation mode are common signs something went wrong early. In this post, I break down the patterns I see in struggling Purview deployments and why successful programs start by understanding how people actually work.
E.C. Scherer
Mar 164 min read
Purview DLP: The Warning That Wasn’t
A Purview DLP policy that was supposed to warn users ended up blocking their email instead. Here’s why licensing and where policies run in the mail flow matters.
E.C. Scherer
Mar 44 min read
People-First Purview (Strategy): Insider Risk Management
Insider Risk Management (IRM) is one of those topics that makes people uncomfortable fast. When it comes up, most organizations go one of three directions: They assume it means they don’t trust their people. They picture some kind of internal surveillance program. Or they say, “We don’t have anything worth stealing.” None of those are risk conversations. They’re fear, optics, or denial. Insider risk isn’t about catching bad employees. It’s about recognizing when normal access
E.C. Scherer
Jan 134 min read
People-First Purview (Technical): Sensitivity Labels as Architecture
Sensitivity labels are not sticky notes or filing systems. They are architecture. This technical guide walks through how to design a label foundation in Microsoft Purview that supports real workflows, DLP, and long-term scale without breaking trust.
E.C. Scherer
Dec 29, 20256 min read
People-First Purview (Strategy): DLP Without Breaking Trust
Most DLP programs fail because they treat data protection like a binary rule engine instead of a human system. This post explores a people-first approach to Microsoft Purview DLP that reduces risk without surveillance.
E.C. Scherer
Dec 29, 20254 min read
People-First Purview (Strategy): Labeling
People-First Labeling isn’t about lowering standards. It’s about making them work.
When sensitivity labels rely on perfect user behavior, they fail quietly and early. This post breaks down how to design labeling in Microsoft Purview around real workflows, not wishful thinking. From audit-first auto-labeling to label-based DLP exceptions, this is practical guidance for security leaders who need controls that protect data and keep the business moving.
E.C. Scherer
Dec 28, 20255 min read
Layoff Recovery Phase 3: Rebuilding
This post explores the rebuilding phase after a layoff, when survival gives way to standards, confidence starts to return, and the power dynamic quietly shifts. From interviews that felt human instead of performative to choosing companies based on values, not fear, this is a reflection on rebuilding a career without losing yourself in the process.
If you’re navigating what comes after stabilization, this chapter is for you.
E.C. Scherer
Dec 23, 20254 min read
When Fraud Prevention Works and Still Fails
Fraud prevention is meant to protect people, but sometimes it protects systems at the expense of real life. This post explores what that experience reveals about fraud models, adaptive controls, and why verification should unlock progress.
E.C. Scherer
Dec 22, 20254 min read
The Safe Inbox Initiative with Purview
This isn’t a typical Purview use case. When a university leader’s inbox was effectively denial-of-serviced by harassment and threats, the problem stopped being technical and became human. This post explains how Microsoft Purview was adapted to protect people, not just inboxes.
E.C. Scherer
Dec 15, 20255 min read
Information Protection: Label It or Block It?
Understand When to Use Data Loss Prevention versus Sensitivity Labels
E.C. Scherer
Dec 11, 20254 min read
Layoff Recovery Phase 2: Stabilizing After Losing Your Job
The shock fades faster than people think. Not because you suddenly feel better, but because your brain realizes it can’t stay in freefall forever. Stabilization isn’t graceful. It’s not peaceful. It’s the point where you stop spiraling long enough to put your feet on the ground and say, “I have to handle this.” Not “I can.” Not “I’m ready.” Just “I have to.” DoorDash, Survival Mode, and the First Look at Control The very first thing that helped me feel even a sliver of contro
E.C. Scherer
Nov 17, 20254 min read
So You’ve Been Laid Off, RIF-ed, Fired: Phase 1 – The First Impact
I didn’t expect the call. I mean, part of me did. The weeks leading up to it had been tense. My manager and I were no longer aligned. Our 1:1s had become increasingly difficult and unproductive, and even when I walked him through my work in detail, the conversations felt circular. It often seemed like expectations were shifting without context, and no matter how clearly I demonstrated progress, something wasn’t connecting. It left me with a quiet sense that something was comi
E.C. Scherer
Nov 14, 20254 min read
Join the Mailing List
Join our email list and get updates on new blog posts!
ABOUT ME
Welcome! I'm Elias (or maybe you know me by my middle name, Cade) Scherer.
I help organizations protect sensitive data without making people miserable.
I’m a Microsoft Purview engineer focused on people-first information protection: clear classification, proportional controls, and security that respects context instead of assuming bad intent. This blog covers Purview, data protection architecture, insider risk, and the gray areas most teams struggle to navigate.
You’ll also see the occasional wildlife photo because brains work better with breaks.
bottom of page