top of page
Search
Where Purview Ends, Defender for Cloud Apps Begins
Microsoft Purview protects sensitive data inside Microsoft 365. But work rarely stays there. This field note looks at where Microsoft Defender for Cloud Apps fits in a Purview strategy and how it provides visibility and compensating controls when sensitive data interacts with external cloud services.
E.C. Scherer
6 hours ago5 min read
Why DLP Policies Fail Before Users Ever See Them
DLP policies often fail before users ever see them. Not because the policy is wrong, but because the environment doesn’t support it. In this field note, we walk through how identity, collaboration models, and organizational maturity shape whether DLP works as intended. Learn how to design policies that align with how your organization actually operates.
E.C. Scherer
2 days ago3 min read
The Purview Labeling Mistake Almost Every Organization Makes
Many organizations approach Microsoft Purview labeling by creating labels for types of data: PII, PHI, Client, Legal, and more. It seems logical, but it quickly leads to confusion, conflicting policies, and labels that don’t scale. In this field note, I walk through the most common Purview labeling mistake I see during deployments and explain why effective label strategies focus on data classification and controls instead.
E.C. Scherer
Mar 184 min read
Five Minutes Into a Bad Purview Deployment
I can usually tell within five minutes whether a data security program is going to work. Hundreds of DLP policies, label sprawl, and everything stuck in simulation mode are common signs something went wrong early. In this post, I break down the patterns I see in struggling Purview deployments and why successful programs start by understanding how people actually work.
E.C. Scherer
Mar 164 min read
People-First Purview (Strategy): Insider Risk Management
Insider Risk Management (IRM) is one of those topics that makes people uncomfortable fast. When it comes up, most organizations go one of three directions: They assume it means they don’t trust their people. They picture some kind of internal surveillance program. Or they say, “We don’t have anything worth stealing.” None of those are risk conversations. They’re fear, optics, or denial. Insider risk isn’t about catching bad employees. It’s about recognizing when normal access
E.C. Scherer
Jan 134 min read
People-First Purview (Technical): Sensitivity Labels as Architecture
Sensitivity labels are not sticky notes or filing systems. They are architecture. This technical guide walks through how to design a label foundation in Microsoft Purview that supports real workflows, DLP, and long-term scale without breaking trust.
E.C. Scherer
Dec 29, 20256 min read
People-First Purview (Strategy): DLP Without Breaking Trust
Most DLP programs fail because they treat data protection like a binary rule engine instead of a human system. This post explores a people-first approach to Microsoft Purview DLP that reduces risk without surveillance.
E.C. Scherer
Dec 29, 20254 min read
People-First Purview (Strategy): Labeling
People-First Labeling isn’t about lowering standards. It’s about making them work.
When sensitivity labels rely on perfect user behavior, they fail quietly and early. This post breaks down how to design labeling in Microsoft Purview around real workflows, not wishful thinking. From audit-first auto-labeling to label-based DLP exceptions, this is practical guidance for security leaders who need controls that protect data and keep the business moving.
E.C. Scherer
Dec 28, 20255 min read
The Safe Inbox Initiative with Purview
This isn’t a typical Purview use case. When a university leader’s inbox was effectively denial-of-serviced by harassment and threats, the problem stopped being technical and became human. This post explains how Microsoft Purview was adapted to protect people, not just inboxes.
E.C. Scherer
Dec 15, 20255 min read
Information Protection: Label It or Block It?
Understand When to Use Data Loss Prevention versus Sensitivity Labels
E.C. Scherer
Dec 11, 20254 min read
Join the Mailing List
Join our email list and get updates on new blog posts!
ABOUT ME
Welcome! I'm Elias (or maybe you know me by my middle name, Cade) Scherer.
I help organizations protect sensitive data without making people miserable.
I’m a Microsoft Purview engineer focused on people-first information protection: clear classification, proportional controls, and security that respects context instead of assuming bad intent. This blog covers Purview, data protection architecture, insider risk, and the gray areas most teams struggle to navigate.
You’ll also see the occasional wildlife photo because brains work better with breaks.
bottom of page