A Microsoft customer story published June 3, 2026 details how Soleno Therapeutics, a rare-disease biotechnology company based in the United States, transformed its security and compliance posture by deploying Microsoft Defender and Microsoft Purview. Working with Microsoft partner Netwoven, the midmarket firm migrated to Microsoft 365 Business Premium, unlocking a suite of advanced protection and governance tools that previously seemed reserved for large enterprises. The move shows how tightly integrated Microsoft security solutions are now within reach for smaller, highly regulated organizations.

Soleno Therapeutics develops treatments for orphan diseases—conditions affecting fewer than 200,000 people. Its research involves sensitive patient data, clinical trial records, and proprietary molecular research. The company must comply with stringent regulations such as HIPAA, FDA guidelines on electronic records, and state-level privacy laws. A security breach or data leak could derail drug development, expose patients, and invite severe fines. Yet like many small-to-midsize biotechs, Soleno initially relied on a patchwork of security tools and manual compliance processes that strained its lean IT team.

“We had antivirus here, some email filtering there, and a lot of manual document reviews,” Soleno’s CIO, Sarah Lin, is quoted in the story. “It was reactive, and every new regulation meant more spreadsheets and checklists.” The fragmented approach created blind spots: shadow IT, unclassified sensitive data, and no unified view of threats. The company recognized it needed a proactive, automated system that could scale without adding headcount.

The Biotech’s Security Dilemma

Midmarket biotech firms face a unique convergence of risks. Their intellectual property—often the company’s sole asset—is highly portable and targeted by nation-state actors. Patient data is the most regulated personal information in the United States. Meanwhile, lean budgets and scarce cybersecurity talent make it hard to build a robust defense in-house. According to the 2024 Verizon Data Breach Investigations Report, healthcare and pharmaceutical sectors saw a 60% increase in ransomware attacks year-over-year, with the average cost of a breach exceeding $10 million.

Soleno’s leadership saw that traditional on-premises tools couldn’t keep pace. Employees were increasingly mobile, collaborating via Teams and SharePoint, and storing files in OneDrive. The company needed cloud-native security that could protect identities, devices, and data everywhere, while automatically enforcing compliance policies.

Enter Microsoft 365 Business Premium

Rather than procure disjointed point solutions, Soleno and Netwoven opted for Microsoft 365 Business Premium. The subscription, designed for organizations with up to 300 users, bundles Windows 11, Office 365, Intune, and critically, the full Microsoft Defender suite and core Microsoft Purview capabilities. It is Microsoft’s all-in-one offering for the midmarket, and it’s gaining traction among security-conscious smaller firms.

“Netwoven demonstrated how Defender and Purview work together out of the box,” Lin said. “We didn’t need a SOC. The integration was the game-changer.” Netwoven, a Microsoft Solutions Partner with specializations in security and modern work, guided Soleno through a four-week pilot followed by full deployment across 120 users.

Microsoft Defender: Unified Threat Protection

The deployment covered the three main pillars of Microsoft Defender for Business (included in Business Premium):

  • Defender for Endpoint: Deployed via Intune, the agent monitors Windows and mobile devices for behavioral threats, ransomware, and zero-day exploits. Policy templates simplified configuration, and automated investigation and remediation (AIR) immediately handled low-level incidents without IT intervention. Within the first month, Defender blocked three phishing campaigns that had bypassed the previous email filter and quarantined a trojan on a contractor’s laptop.
  • Defender for Office 365: Safe Links and Safe Attachments protect email, Teams, and SharePoint against malicious links and payloads. Real-time scanning replaced the delayed batch processing that had frustrated users. Attack simulation training, a new addition to Business Premium, began preparing employees to spot social engineering.
  • Defender for Identity: This was turned on for Soleno’s on-premises Active Directory, giving visibility into lateral movement, pass-the-hash attempts, and privilege escalation. No additional sensors were required; the agent on domain controllers fed signals to Microsoft 365 Defender, which correlates them with endpoint and cloud activities.

The Microsoft 365 Defender portal (security.microsoft.com) provided a single pane of glass. “We could see a timeline of an incident across identities, devices, and apps,” Netwoven’s lead engineer noted. “Correlating signals from a suspicious email click to a compromised endpoint and account is what stops breaches before they spread.”

Microsoft Purview: Data Governance and Compliance

On the governance side, Soleno activated Purview capabilities included and extended via add-ons:

  • Information Protection (Sensitivity Labels): Labels like “Confidential – Clinical Trial Data” and “Restricted – Patient PHI” were created using a framework aligned with HIPAA classifications. Labels can encrypt and restrict access. They are automatically applied when sensitive info types (e.g., ICD-10 codes, credit card numbers) are detected, or users manually label in Office apps.
  • Data Loss Prevention (DLP): DLP policies block the sharing of labeled data outside the organization, block upload to unapproved cloud services, and block email to non-corporate domains. A custom policy prevents copying clinical data to USB drives. The company set up an audit-only test mode for two weeks, tuning policies before enforcing them.
  • Data Lifecycle Management (Retention): Retention policies now govern emails, Teams messages, and SharePoint documents. Clinical trial records are retained for 30 years per FDA requirements, while general business correspondence purges after two years. Automation replaced manual archive removals.
  • Insider Risk Management: With patient data and trade secrets, Soleno enabled insider risk analytics to detect unusual data exfiltration, like recent large downloads by a departing employee or anomalous research data access from a home IP. The system surfaces only high-fidelity alerts, respecting employee privacy.

Netwoven configured the Purview compliance portal for Soleno’s specific regulatory needs. “Biotech has a unique vocabulary: protocols, investigator brochures, case report forms,” explained the Netwoven consultant. “We built custom sensitive info types using keyword dictionaries and pattern matching to identify these artifacts. Then we layered on DLP and retention automatically.”

Deployment, Not an Overhaul

The phased rollout began with a pilot group of 15 researchers and administrators. Endpoint onboarding was zero-touch via Intune; users saw a brief notification and continued working. Sensitivity labels appeared in Office apps, and tooltips taught staff how to classify documents without disrupting flow. After two weeks, Soleno expanded to the full 120-seat organization.

Training was minimal. “We did a 30-minute lunch-and-learn, and that was it,” said Lin. “The labeling is intuitive, and the DLP pop-ups are clear. No one wants to break the rules, now they know instantly if they’re about to.” The IT team, formerly spending half its week on compliance audits, now monitors dashboards and handles exceptions.

Measurable Business Outcomes

Soleno’s case illustrates tangible gains:

  • 65% reduction in security alerts requiring manual review due to AIR and correlated detection.
  • Zero data loss incidents in the first six months post-deployment, versus an average of two per quarter previously.
  • Audit preparation time cut from 12 person-days to 2, thanks to Purview’s electronic discovery and content search.
  • Employee compliance awareness rose, with voluntary labeling accuracy hitting 89% within the first month, a metric tracked via Purview activity explorer.

“Investors and partners now ask about our security during due diligence,” Lin noted. “We can show them a unified score, we can demonstrate comprehensive controls. It’s become a competitive differentiator.”

The Netwoven Partnership

Netwoven’s role was crucial. The consultant not only architected the solution but also addressed Soleno’s legacy infrastructure: a hybrid Active Directory environment with some file servers still on-premises. Netwoven deployed Azure Arc to extend Purview classification and DLP to on-premises repositories, ensuring consistent governance across cloud and local data.

“We see a lot of midmarket biotech clients who think they can’t afford proper security,” said Netwoven’s CEO in the story. “Microsoft 365 Business Premium flips the script. For less than the cost of a single dedicated security analyst, you get a full stack. Our job is to make it work for the specific regulatory framework.”

Industry Implications: Midmarket Security Democratized

The Soleno story underscores a broader trend: sophisticated security and compliance capabilities are trickling down to the midmarket. Microsoft 365 Business Premium, which also includes Intune for device management and Azure AD Premium for identity protection, is becoming a default choice for small businesses that face enterprise-grade threats. According to Microsoft, Business Premium adoption grew 37% in the healthcare and life sciences sector in 2025.

For regulated verticals like biotech, the combination of Defender and Purview addresses two critical needs: preventing cyberattacks that could halt research and safeguarding data that must remain confidential for decades. The integration eliminates the tool sprawl and manual correlation that often burden small IT teams.

“We’re not a technology company, we’re a therapeutics company,” Lin said. “We need to focus on science, not on firewalls. This platform lets us do that while being more secure than ever.”

Looking Ahead: AI and Maturity

Soleno is now exploring advanced Purview features, including adaptive protection and AI-driven insider risk scoring, which adjust controls based on user risk level. The company also plans to connect Purview with Microsoft Sentinel for cloud-native SIEM capabilities, though Sentinel requires an additional subscription beyond Business Premium. Netwoven is assisting with a proof-of-concept.

Moreover, Soleno’s experience has influenced its peer network. “I’ve recommended this approach to three other biotech CEOs,” said Lin. “Midmarket doesn’t mean weak security anymore.”

The Microsoft customer story serves not only as a win for the vendors but as a blueprint for similar businesses. As cyber threats grow in sophistication, the ability to deploy integrated, automated protections quickly and cost-effectively will separate resilient organizations from vulnerable ones. Soleno Therapeutics shows it can be done.