Nikki Chapple

Container Sensitivity Labels: The Purview “Hack” That Fixes Copilot Oversharing Fast

Posted on 16 May 2026Updated on 16 May 2026by Nikki Chapple

Introduction: Oversharing Starts Before a Single File Exists

Copilot oversharing is one of the most misunderstood risks in Microsoft 365. In reality, it often starts before a single file is uploaded.

It begins when Microsoft Teams, SharePoint sites, and Microsoft 365 Groups are created using generic tenant-wide defaults.

In an AI-enabled world, those overly permissive defaults become significantly more dangerous because Microsoft 365 Copilot operates within existing permissions.

Copilot does not create access.

It reveals it.

How To Use Microsoft Purview Container Sensitivity Labels To Reduce Oversharing And Strengthen Microsoft 365 Copilot Governance

Posted on 15 May 2026Updated on 15 May 2026by Nikki Chapple

Most Microsoft 365 oversharing starts before a single file is uploaded.

It begins when Microsoft Teams, SharePoint sites, and Microsoft 365 Groups are created using generic tenant-wide defaults.

In an AI-enabled world, those overly permissive defaults become significantly more dangerous because Microsoft 365 Copilot operates within existing permissions.

This is why I recently delivered a Microsoft Security Community Purview Lightning Talk titled:

“The Purview Hack No One Talks About: Container Sensitivity Labels That Fix Oversharing Fast”

The session focused on a simple but highly effective governance concept:

Instead of trying to remediate oversharing after it happens, organisations should apply the correct collaboration controls automatically at the point where Teams, Groups, and SharePoint sites are created.

Microsoft Purview container sensitivity labels make this possible by enforcing:

privacy settings
guest access controls
sharing restrictions
Conditional Access integration

consistently across Microsoft 365 collaboration workspaces.

Why Ex‑Employee OneDrive Data Never Dies in Microsoft 365 (and How to Fix It)

Posted on 8 February 2026Updated on 9 February 2026by Nikki Chapple

Ex-employee OneDrive retention is no longer primarily a licensing problem. Since January 2025, Microsoft has reduced one of the biggest historical causes of indefinite OneDrive retention. However, many organisations are still retaining former employees’ OneDrive data for years, sometimes indefinitely.

The reason is governance design.

This article explains how identity lifecycle, OneDrive service behaviour, and Microsoft 365 retention (via Microsoft Purview) interact today; why ex‑employee OneDrive data can still persist indefinitely; and how to design retention so every leaver’s OneDrive reaches a predictable, auditable end‑of‑life.

👉 Read the full guide to understand why ex‑employee OneDrive data can still be retained forever, and how to fix it.

CollabDays Bletchley Park 2025: SharePoint Storage Optimization Recap and Key Takeaways

Posted on 1 October 2025Updated on 1 October 2025by Nikki Chapple

SharePoint storage optimization was the focus of my session at CollabDays Bletchley Park 2025, a fantastic community event that brought together Microsoft 365 professionals to share knowledge and best practices.

My session, “Do We Really Need to Buy More SharePoint Storage?”, addressed a common challenge: organizations hitting storage limits and wondering if buying more space is the only solution.

Do You Really Need More SharePoint Storage? Here’s How to Optimize Instead.

Posted on 30 September 2025Updated on 1 October 2025by Nikki Chapple

Many organizations reach their SharePoint storage limits and assume the only solution is to purchase additional storage. In most cases, you can avoid extra costs by optimizing what you already have. This article explains how to reduce storage consumption by managing file version history, governing site lifecycle, and leveraging Microsoft 365 Archive for inactive content. Keeping your environment lean not only saves money but also improves Microsoft 365 Copilot quality by decreasing ROT (redundant, obsolete, trivial) data that clutters search and AI responses. By applying these measures, you can control costs, enhance compliance, and improve user experience without unnecessary spending.

Why Microsoft 365 Copilot Data Readiness Matters

Posted on 11 September 2025Updated on 11 September 2025by Nikki Chapple

Microsoft 365 Copilot Data Readiness is essential for secure and effective AI adoption. Copilot is transforming the way we work by boosting productivity, creativity, and efficiency across Microsoft 365. But here is the challenge: Copilot surfaces what users already have access to. If your data governance is not in order, sensitive information could be exposed.

So, the big question is:
Is your data ready for Microsoft 365 Copilot?

I recently joined Mark Thompson from The Inform Team for a webinar on this topic. We explored how Copilot interacts with your Microsoft 365 environment, the risks of oversharing, and how to build a secure, governed foundation for responsible AI adoption.

🎥 Watch the full webinar: YouTube Recording

Mastering Records Management in Microsoft Purview: A Practical Guide for AI-Ready Governance

Posted on 9 September 2025Updated on 10 September 2025by Nikki Chapple

Microsoft Purview Records Management has become a critical priority for organizations adopting AI tools like Microsoft 365 Copilot. Because Copilot surfaces everything a user can access, including redundant, obsolete, and trivial (ROT) data, weak governance now directly translates into productivity loss, compliance risks, and potential legal exposure.

In a recent episode of All Things M365 Compliance, I joined Ryan John Murphy and Susan Lamb, Principal Data Governance SME at Infotechtion and former global records management lead at Shell, to explore how Microsoft Purview has evolved and what practical steps organizations must take to clean up their data estate.

Teams Private Channel Messages: Compliance Action Required by Sept 20, 2025

Posted on 3 September 2025Updated on 3 September 2025by Nikki Chapple

Teams private channel messages are moving to group mailboxes, and compliance managers must act before September 20, 2025, to avoid data loss and compliance gaps.

Microsoft is reengineering private channels to improve scalability and simplify governance. This change impacts Microsoft Purview eDiscovery, retention, and DLP policies.

This update was announced in the Microsoft Teams Blog and flagged in the Microsoft 365 Message Center (MC1134737).

📺 Prefer video? Watch the full episode on YouTube and subscribe for more updates!

Ultimate Guide to Microsoft 365 Data Storage Locations (Exchange, OneDrive, SharePoint, Teams & More)

Posted on 3 September 2025Updated on 3 September 2025by Nikki Chapple

Update (September 2025): This post has been updated to include the latest changes to private channel message storage and compliance.

If you’re managing Microsoft 365, you already know it stores data across Exchange, SharePoint, Teams, OneDrive, and more. But do you know exactly where each type of data lives—and which Microsoft Purview tools can help protect it?

In today’s fast-paced digital world, data is the lifeblood of any organization. It is the foundation upon which decisions are made, strategies are formulated, and success is measured. As a user or admin of Microsoft 365, you have access to a powerful suite of tools that enable you to create, store, and manage your data with ease. But with so many applications and features, it can be challenging to know where your data is stored and how to access it. Understanding these Microsoft 365 data storage locations is crucial for effective data management and regulatory compliance.

This comprehensive guide will help you answer the question: Where does Microsoft 365 store your data?

Microsoft Purview DLP: Best Practices for Successful Implementation

Posted on 22 August 2025Updated on 22 August 2025by Nikki Chapple

Microsoft Purview Data Loss Prevention (DLP) is often misunderstood. Many organizations treat it as a quick fix, something that can be switched on in the portal. In reality, DLP is a strategic capability that requires planning, thoughtful policy design, and continuous improvement to be effective.

In a recent episode of the All Things M365 Compliance Podcast, Ryan John Murphy and I were joined by guest Ewelina Paczkowska, Solution Architect at Threatscape and author of the excellent Welkas World blog, to explore how organizations can maximize the value of Purview DLP.

This blog shares some of the best practices and lessons learned from our discussion.