Modern data security challenges: defence in depth approach
- welka2111
- Apr 23
- 4 min read

When we talk about data security, we’re essentially talking about cybersecurity at large - because data is what the bad actors are ultimately after. Whether it's for extortion or financial gain, your data is their endgame. This is why we need to rethink our approach to security perimeters. In many organisations, there's still a legacy mindset focused on the network edge, but in today's landscape, the real perimeter is your users, devices, and identities. Once a bad actor gets hold of your user's credentials, it doesn't matter how well-labelled your sensitive files are - they now have a front-row seat to everything.
A shift in thinking: identity is the new perimeter
A lot of the customers I engage with come to me looking for help with Microsoft Purview. They’re often ready to roll out sensitivity labels, data classification, and data loss prevention tools - but after a few conversations, it quickly becomes clear that they’ve jumped the gun. Their identities and devices aren’t properly secured. And in those cases, I always advise starting from the beginning: protect your users and their devices first. That’s your first and most crucial line of defence. It’s not to say data protection should be deprioritised - far from it - but rather that you need to see the bigger picture. Purview is a powerful, often underappreciated suite of tools, but it becomes truly effective when it works in tandem with solutions like Intune, Defender, and Entra. This blog post is all about that holistic, defence-in-depth approach - what you should prioritise, how to get the foundations right, and what’s coming next. Over the next few blogs, I’ll guide you through building a layered security posture - from basic hygiene to conditional access, to app protection policies, and finishing with data protection using Purview.
The key thing to understand is that adversaries don’t always exploit software vulnerabilities - they exploit the gaps in your operations. And that’s what makes modern data security both a challenge and an opportunity.
The top data security challenges right now
The risk landscape has shifted - and here are the key challenges many organisations are currently up against:
Account breaches and identity theft
The complexity of BYOD (Bring Your Own Device) and hybrid working
Unmanaged applications and Shadow IT
Pressure from evolving data protection regulations
AI-related risks, including unintentional data exposure
And growing complexity within Microsoft 365 environments
Practical strategies for real-world protection
Before you even think about data classification or labelling, you must first secure your identities and devices. This is where Microsoft’s Intune, Defender, and Entra step in as your essential first layer of defence.
Let’s walk through how this works in practice...
If your requirement is to control who has access to files or mailboxes - commonly referred to as object-level permissions - you'll rely on platforms like SharePoint and Exchange, with the right configuration depending on your organisational needs.
To ensure devices are encrypted and protected, use BitLocker, which is best managed through Microsoft Intune for full policy enforcement.
For tackling Shadow IT - those unsanctioned apps users install or access - you’ll want to leverage Cloud App Discovery, available via Microsoft Defender for Cloud Apps (MDA), to regain visibility and control.
When it comes to protecting against supply chain attacks, app governance (also part of MDA) helps ensure that connected apps aren’t misusing your data.
If you're looking to control physical access - like USB drives or external storage - device control within Defender (can be managed via Intune) lets you define and enforce policies to block or allow those devices.
In BYOD environments, conditional access policies in Microsoft Entra ensure only trusted, compliant devices and users are allowed access to corporate data and services.
For stopping account breaches before they spiral, identity protection in Entra monitors for suspicious behaviour and can automatically enforce protections like multi-factor authentication or access restrictions.
Build on a secure foundation first
It’s simple:
You cannot protect your data if you haven’t first protected your identities and devices.
Start with Intune, Defender, and Entra. These are your baseline controls. Once they’re in place and your core is secure, then you layer in Microsoft Purview to enable data classification, labelling, loss prevention, and governance.
That layered approach - defence in depth - is what delivers a truly comprehensive, modern data security strategy.
Security vs. productivity? Why not both?
Security doesn’t have to come at the cost of user experience. The right approach balances protection with productivity, enabling your people to work securely without constant friction.
This isn’t just about compliance - it’s about business resilience. A secure organisation is a confident one, and one that's ready to take on whatever’s next.
Conclusion
We’re operating in a world where threats are no longer confined to firewalls and malware signatures. The real vulnerabilities now lie in operational blind spots—compromised credentials, unmanaged devices, and unsecured access. That’s why modern data security demands a layered, identity-centric strategy that goes beyond traditional defences.
In the next few posts, I’ll dive deeper into exactly how to implement these layers:
Conditional Access best practices
Building strong app protection policies
Rolling out Purview for data classification and labelling
👀 Keep an eye out - because if your security strategy isn’t evolving, it’s falling behind.
Comments