26 June 2023

French mutual GPM enhance the governance of user access and sharing on M365

Groupe Pasteur Mutualité | IDECSI

Microsoft 365 protection: Governance of user access and sharing

Groupe Pasteur Mutualité is a global player in the protection, support and well-being of healthcare professionals, embodying 160 years of living mutualism and campaigning for an active fraternity. As a result of all of its commitments, Groupe Pasteur Mutualité provides healthcare professionals with insurance coverage and services that facilitate their professional practice.



Groupe Pasteur Mutualité, which has 500 employees, initially used the IDECSI solution in 2016 to protect the mailboxes of COMEX members to guarantee data confidentiality.

In 2020, with a brand new cybersecurity program called CARE (Confidence, Anticipation, Resilience, Commitment), the CISO is implementing a 3-year roadmap which aims to strengthen the security of Groupe Pasteur Mutualité's information system with a focus on the Cloud, mobility and user engagement.

In addition to strategic and commercial issues, Groupe Pasteur Mutualité, by its nature, processes sensitive data (personal and health data) and has advisers who are particularly mobile at the national level.

It is in this context that GPM decided to extend its scope of protection to all employees and to Microsoft 365 cloud collaborative tools thanks to IDECSI.


Indeed, the CISO needed to control and certify access, rights and sharing in the use of collaborative tools, with both granular elements to be able to deal effectively with security events and tangible elements to communicate with the general management, who are very aware of data protection. Faced with the complexity of analysing Microsoft 365 logs and the lack of visibility, the CISO called on IDECSI to meet 4 main objectives.

The 4 main objectives de GPM


Remediation_ Ensure and maintain data confidentiality


Workspace_Empower the teams to M365, and it particular in the use of Teams and OneDrive


User-check_Guarantee access rights, identify owners (validation of members, team management)


Revue-des-droits_Use granular elements to save processing time during investigations


“I can't see any solution other than the IDECSI tool for managing access rights and sharing. We must give users the means to govern their data, practically and simply.” 

Paloma (1)Paloma Gouin - CISO of Groupe Pasteur Mutualité


Our case studies

These resources may
interest you

Antoine Ancel SNCF feedback for IDECSI

SNCF: Recertification of SharePoint sites

Read the case study
Case study FORVIA

FORVIA: Secure sensitive data for the Workplace

Read the case study
Case study ERAMET

Eramet: Involve users in the security of Microsoft 365 tools

Read the case study

Data protection, let's discuss your project?


Contact us
video background