A fast-growing insurtech company operating across three countries managed sensitive personal and financial data daily.

However, their security posture was fragmented — identity management was inconsistent, endpoint protection varied by region, and there were no unified DLP policies to safeguard confidential information.

With increasing regulatory pressure and internal compliance requirements, they needed a comprehensive, modern cybersecurity framework based on Microsoft 365, Entra ID, and Intune.n-critical environments of their datacenter operations.

Zakini led a full cybersecurity and compliance transformation project, implementing identity synchronization, data protection, DLP policies, collaboration security, and endpoint management, all using native Microsoft technologies.

The engagement included configuration, troubleshooting, workshops, and a complete POC to validate controls across all business units.

All work and capabilities referenced below were validated through the final project documentation

Project Overview

The company engaged Zakini to design and implement a robust cybersecurity and data-protection framework. The objective was to secure identities, protect sensitive records, enforce compliance, and enable device-level control all without interrupting operations across the three regions.

Challenge

The organization needed to:

Protect sensitive personal and financial data across cloud applications.

Implement cross-country data compliance aligned with regional regulations.

Enforce identity synchronization between on-prem AD and Microsoft Entra ID.

Control data sharing and movement across email, cloud storage, and Teams.

Secure Windows and macOS devices using modern endpoint management.

Gain visibility into threats, alerts, and risky behaviors across the environment.

Standardize security tools using native Microsoft 365 capabilities.

Solution

Zakini delivered an end-to-end cybersecurity and DLP program built entirely on Microsoft’s security ecosystem.

The implementation included:

1. Identity Security & Directory Synchronization

Azure AD Connect (Entra Connect) configuration across domain controllers.

Custom synchronization roles and connector adjustments.

Troubleshooting account provisioning issues and service identities.

2. Data Classification & Sensitivity Labels

Creation of base labels: Pública, Interna, Confidencial, Crítica.

Classification model aligned to business and regulatory needs.

3. Data Loss Prevention (DLP)

Standard PCI DSS template activation.

Custom DLP policies targeting local sensitive data types: DNI, CUIT.

DLP enforcement across Exchange, SharePoint, OneDrive, and Teams chat.

Real-time alerting and policy tuning.

4. Collaboration Security (Email & Teams)

DKIM verification for all domains and recommendation to enforce DMARC.

Safe Links, Safe Attachments, Anti-Phishing, Anti-Spam, Anti-Malware configuration.

Organization-wide quarantine policies.

5. Device Management & Endpoint Protection

Intune deployment for Windows and macOS.

Baselines for:

• Firewall

• Antivirus

• BitLocker

• Port blocking

• Compliance and configuration policies

Detailed enrollment guidelines for all device types.

6. Microsoft Defender for Business

Auto-onboarding via Intune.

Web content filtering.

Alert handling and tuning.

Result

The insurtech company now operates under a modern, unified cybersecurity framework with full alignment across all three countries:

Strong identity security with synchronized access and consistent user provisioning.

Standardized DLP policies protecting financial and personal data across all Microsoft 365 services.

Compliant collaboration environment, significantly reducing email and Teams-related risks.

Fully managed endpoints with automated security baselines and consistent controls.

Increased visibility into alerts, behaviors, and vulnerabilities.

Regulatory alignment supporting audits and compliance obligations.

The company now has a scalable, policy-driven foundation ready to support future growth and evolving security requirements.