Roll-out playbook

This is a phased plan for deploying BeeSensible. The shape (pilot, second team, organization-wide) consistently produces a smoother roll-out than a big-bang launch. A typical organization completes the three phases in three to six weeks.

For a faster path to a single pilot group, see Quick start for admins.

#Phase 1: Pilot

Goal: confirm BeeSensible behaves well in your environment and collect early feedback.

Pick five to ten users from a high-risk team (HR, finance, legal, or a clinical team). They will encounter meaningful detections quickly.

Before inviting them:

1. Create a detection profile tailored to their team. Err on the side of more data types rather than fewer; you can tune down later.
2. Create a user group for the pilot and assign the profile.

After five working days, open the analytics dashboard and look at:

• Detections per app.
• Handled rate (how often users acted).
• Which data types generate the most detections.
• Apps with zero detections (the extension may not be activating).

The dashboard does not show stats for groups smaller than 10 active users. If your pilot is below 10, you will see organization-wide totals only.

#Phase 2: Second team

Goal: confirm your configuration generalizes beyond the first team.

Apply what you learned in Phase 1:

• Lower severity for data types where the handled rate was very low (users were dismissing them as noise).
• Review missing-app feedback with BeeSensible.
• Refine the detection profile for the second team if their risk profile differs.

After two weeks, compare metrics between the two groups. Cross-team comparison surfaces configuration issues that a single-group pilot can hide.

#Phase 3: Organization-wide

Goal: extend BeeSensible to remaining users in a controlled, well-communicated way.

Before the wider roll-out:

• Finalize detection profiles per team.
• Schedule monthly reports for the compliance team under Analytics → Reports.
• Brief the help-desk so they can answer questions about the extension.

Roll out the remaining teams in batches that match your IT and communications capacity. There is no technical reason to stagger; batching makes support and analytics easier to manage.

#Employee communication

Before inviting any team, send a short message from a senior leader that covers:

• What BeeSensible does: it highlights sensitive data in real time so users catch accidental disclosures before they happen.
• What it does not do: it is not for performance monitoring. It does not capture keystrokes, screenshots, or message content. The dashboard records the type of data detected, the application, and the user action. The 10-user aggregation threshold means individual users are non-identifiable in reports.
• Why now: name the relevant compliance obligations (GDPR and others) and the specific risk you are managing.
• Where to get help: link to the user-facing docs.

Employees who understand the purpose and scope are far more likely to engage constructively than those who discover the extension by accident.

#MDM deployment

On managed devices, push the extension via your device-management tool so users do not have to install it manually.

• Chrome and Edge: use the ExtensionInstallForcelist policy. The extension ID is available under Settings → MDM Deployment.
• Microsoft Intune: use the managed browser-extension configuration profile.

Allow one to two extra days for policy propagation across a fleet, and test on a representative device before rolling out everywhere.

#Common blockers

For anything not in the table, email hello@beesensible.eu.