The challenge: gearing up before rolling out AI

Biron, a leading healthcare company in Quebec, was preparing to roll out Microsoft Copilot. However, the state of Microsoft 365 environments needed to be reviewed and revised before integrating this technology.

Despite already having some cybersecurity maturity, a small dedicated internal team, and an awareness program, Biron’s head of cybersecurity wanted to be prepared to minimize the risk associated with rolling out Copilot. Generative AI draws upon data available in the organization’s environments, regardless of whether that data has been shared legitimately. And that is where the major risk lies.

With Microsoft 365 admin center tools, it was difficult for IT and cybersecurity teams to develop an accurate picture of the shared file inventory and access rights. This lack of clarity represented a growing threat, including but not limited to unintended exfiltration, regulatory non-compliance, ghost access, and forgotten public links.

The Biron team was therefore looking for an approach that could work at the source, with users, to help them take control of their collaborative practices before Copilot exposed undetectable cybersecurity holes.

The challenge in securing unstructured data

The IT and cybersecurity teams needed to find a simple, user-friendly solution that was fully integrated into the day-to-day work environment and capable of addressing not only security issues, but also governance and employee engagement issues.

The solution: empowering users through WeActis

The cybersecurity team then discovered the innovative WeActis approach that makes it possible to cleanup Microsoft 365 environments by directly involving users, through customized and contextualized notifications, without exiting the Teams application.

In addition to integrating perfectly with an ongoing initiative to modernize cybersecurity awareness, WeActis offers a concrete response to operational overload and the lack of visibility over unstructured data.

Why Biron chose WeActis

Biron has been one of Mondata’s clients since 2022 for managed detection and response (MDR) services, and together they have developed a trusting relationship based on listening, transparency and rigour. Broadening this collaboration to WeActis was only natural to maintain consistency between the solution and Biron’s organizational culture.

Motivating factors

1. A simple, universally accessible solution

With its intuitive interface directly integrated into Microsoft Teams, even less-computer-savvy users had no problem adopting WeActis.

The result: a thorough and effective cleanup, where a manual approach would have been laborious, incomplete or even abandoned.

2. A human and empowering approach

No moral overtone: WeActis aligns with Biron’s internal culture by encouraging voluntary and proactive participation rather than instilling fear or guilt.

3. Concrete relief for IT teams

Cleanup responsibility is distributed intelligently across the organization, significantly reducing the burden on IT and security teams.

Tangible results and measurable impacts

While Biron only adopted WeActis recently, results already demonstrate a tangible impact on its security posture and employee engagement.

1. New visibility over unstructured data

Thanks to WeActis, Biron was finally able to clearly map out files that are exposed or shared too widely in Microsoft 365.

2. Seamless deployment and rapid adoption

Smooth adoption: after a single wave of communication explaining good collaboration practices in Microsoft 365 collaborative environments and a brief demonstration of WeActis with managers, employees quickly adopted the tool for themselves.

3. At-source and ongoing risk reduction

Each user plays a part in governance:

• Access certifications have produced approximately 20% of revoked Teams and SharePoint site access to date.
• Several hundred collaborative resources are managed through governance models or targeted actions.
• Over 75% of invited collaborators have been deleted, drastically reducing the risk of data exfiltration.

User engagement

78%

User engagement in the application is at 78%, allowing for ongoing user access review.

4. Productivity gains for IT teams

Previously, certain activities had to be done manually, such as access review. Now, it is an automated, continuous process delegated directly to the users themselves in Microsoft Teams.

Results:

• lower volume of IT requests related to permissions review or file cleanup
• less time spent by managers validating access
• faster and more contextual risk management by the right people

5. Transforming security culture

WeActis enabled Biron to move from an information-based awareness model to active and measurable engagement:

• several hundred notifications sent every week
• high action rate following notifications
• positive feedback on user-friendliness and clear impacts
• proactive reduction of unintentional or inappropriate sharing
• WeActis used to promote other projects, such as using OneDrive vs. saving to a local workstation

Conclusion

Transforming behaviour, and reducing risks on an ongoing basis

WeActis not only secures an environment, it mobilizes users where they are to act in real time, with impact, through shared accountability. At Biron, this approach has made it possible to transform a structural risk into a cultural opportunity where employees are no longer sources of vulnerability, but instead the first line of defence in security.

WeActis strength also lies in its ability to continuously reduce risks. Through weekly reminders, behaviour-reinforcing feedback loops and monitoring actions in Teams, security posture no longer comes into play just once a quarter during an audit: it is continuously, sustainably and measurably improving.

For heads of cybersecurity, IT or compliance, WeActis represents the missing link in Microsoft 365 security: it is a lever for smart governance and vital behavioural transformation within the context of generative AI.