Case Study:Secure Collaboration and Sensitivity Labels
A Refdexcop a 30‑user accounting firm needed to modernise how staff and partners collaborated on client files while keeping highly sensitive financial data protected. By standardising on Microsoft Teams and implementing Microsoft 365 sensitivity labels, they created secure, policy‑driven workspaces for each client, reduced the risk of accidental data sharing, and made it easier for staff to “do the right thing” without extra friction.
Client overview
The client is a mid‑sized accounting firm with 30 staff working across tax, business advisory, and compliance services. Teams regularly collaborate on confidential financial statements, tax returns, and payroll data, often involving external stakeholders such as bookkeepers, auditors, and client directors. The firm already used Microsoft 365 for email and documents but had inconsistent use of Teams, SharePoint, and email for client communication. They needed a simple, secure collaboration model that aligned with professional standards and regulatory expectations for protecting client information.
Challenges
The firm relied heavily on email attachments and shared drives, making it difficult to control who had access to sensitive client information and where the latest version of a document was stored. Different teams created their own informal collaboration practices, leading to inconsistent use of Teams, ad‑hoc sharing links, and limited visibility for partners into where client data was held. There was no clear data classification framework, so staff could not easily distinguish between internal‑only content and material that could safely be shared with clients or external partners. Partners were concerned about the risk of accidental oversharing, especially when staff worked remotely and used multiple devices to access client files.
Our solution
We designed a simple information protection model for the firm using Microsoft 365 sensitivity labels mapped to their data classification needs, such as “Internal”, “Confidential – Client”, and “Highly Confidential – Partners Only”.These labels were configured to apply appropriate controls, including encryption, restrictions on external sharing, and limits on downloading data to unmanaged devices. We integrated sensitivity labels with Microsoft Teams so that each new client team or channel was created with the correct label, automatically setting privacy, guest access, and sharing rules at the workspace level. Staff were trained to apply labels directly to documents and emails from within Office apps, with clear guidance and examples relevant to accounting scenarios.
Client experience
After the rollout, staff reported that collaborating in Teams felt more streamlined, with dedicated, labelled workspaces for each client that brought together chat, meetings, files, and notes.Applying sensitivity labels became a natural part of working in Word, Excel, and Outlook, with prompts and defaults helping users choose the appropriate label without needing to understand every technical detail. Partners gained greater confidence that highly sensitive engagements—such as complex tax planning or restructuring work—were restricted to the right people, with clear controls on external guest access. The IT team could centrally monitor label usage and sharing activity, making it easier to respond to compliance queries and demonstrate good governance to stakeholders.
Owner | Refdexcop
Outcomes
By standardising on Microsoft Teams and sensitivity labels, the firm reduced reliance on unmanaged email attachments and informal file sharing, significantly lowering the risk of accidental data exposure.Client collaboration moved into labelled Teams workspaces, improving version control and making it easier for staff to find the right information quickly. Automated protections—such as encryption and restricted external sharing—now follow labelled documents and emails wherever they go, strengthening compliance without slowing down day‑to‑day work. Overall, the firm achieved more secure, consistent collaboration while giving partners better visibility and assurance that client data is handled in line with regulatory and professional expectations.