Nikki Chapple

Ultimate Guide to Microsoft 365 Data Storage Locations (Exchange, OneDrive, SharePoint, Teams & More)

Posted on 3 September 2025Updated on 3 September 2025by Nikki Chapple

Update (September 2025): This post has been updated to include the latest changes to private channel message storage and compliance.

If you’re managing Microsoft 365, you already know it stores data across Exchange, SharePoint, Teams, OneDrive, and more. But do you know exactly where each type of data lives—and which Microsoft Purview tools can help protect it?

In today’s fast-paced digital world, data is the lifeblood of any organization. It is the foundation upon which decisions are made, strategies are formulated, and success is measured. As a user or admin of Microsoft 365, you have access to a powerful suite of tools that enable you to create, store, and manage your data with ease. But with so many applications and features, it can be challenging to know where your data is stored and how to access it. Understanding these Microsoft 365 data storage locations is crucial for effective data management and regulatory compliance.

This comprehensive guide will help you answer the question: Where does Microsoft 365 store your data?

Microsoft Purview DLP: Best Practices for Successful Implementation

Posted on 22 August 2025Updated on 22 August 2025by Nikki Chapple

Microsoft Purview Data Loss Prevention (DLP) is often misunderstood. Many organizations treat it as a quick fix, something that can be switched on in the portal. In reality, DLP is a strategic capability that requires planning, thoughtful policy design, and continuous improvement to be effective.

In a recent episode of the All Things M365 Compliance Podcast, Ryan John Murphy and I were joined by guest Ewelina Paczkowska, Solution Architect at Threatscape and author of the excellent Welkas World blog, to explore how organizations can maximize the value of Purview DLP.

This blog shares some of the best practices and lessons learned from our discussion.

Governing AI Shadow IT with the Microsoft Purview Browser Extension

Posted on 20 August 2025Updated on 16 May 2026by Nikki Chapple

AI tools like ChatGPT, Bard, and Claude are transforming the workplace. From customer service to content creation, employees are increasingly turning to them as productivity boosters. But with this innovation comes a challenge:

⚠️ How do you protect sensitive company data from being unintentionally exposed, while still enabling the benefits of AI?

The answer: the Microsoft Purview Browser Extension — a lightweight, privacy-first tool that gives organizations visibility and control over browser activity without becoming intrusive. When combined with Endpoint DLP, Insider Risk Management (IRM), and Data Security Posture Management (DSPM) for AI, it provides a powerful way to govern risky behavior, including shadow AI.

A four‑step guide to using DSPM for AI to monitor and manage risky behaviour — without compromising privacy
What the Purview Browser Extension is and why it matters
How it works alongside Endpoint DLP and Insider Risk Management (IRM)

How AI Is Reshaping Microsoft 365 Compliance: Insights from Rafah Knight

Posted on 9 August 2025Updated on 9 August 2025by Nikki Chapple

Microsoft 365 AI compliance is fast becoming a critical priority as artificial intelligence transforms how businesses operate. Tools like Microsoft 365 Copilot are reshaping productivity—but they also introduce new challenges for data governance, security, and regulatory alignment.

In a recent episode of the All Things M365 Compliance podcast, I joined Ryan John Murphy and Rafah Knight, founder of Secure AI, to explore how organisations can adopt AI responsibly within Microsoft 365. From mitigating shadow AI risks to aligning with the EU AI Act, we unpacked what legal, IT, and compliance teams need to know.

Here are the key takeaways for managing AI governance and compliance in the Microsoft 365 environment.

Enhance Your Data Security Strategies – IRMS Conference 2025

Posted on 31 May 2025Updated on 31 May 2025by Nikki Chapple

I’m deeply honoured to have delivered the closing keynote with Ryan John Murphy from Microsoft at the IRMS Conference 2025 – The Peaky Path to Progress | 18th – 20th May 2025 | Birmingham, UK an event that continues to be the beating heart of the information management community. With over 400 professionals from across sectors, this year’s theme, “The Peaky Path to Progress,” couldn’t have been more fitting.

As we navigate an era where data is both an asset and a liability, my session—“Protecting Your Sensitive Data with Microsoft Purview: Practical Information Protection and DLP Strategies”—focused on equipping organizations with the tools and mindset to climb their own digital mountains.

Measuring Copilot and Gen AI Success and Risks with Viva Insights and Purview – ECS 2025

Posted on 30 May 2025Updated on 31 May 2025by Nikki Chapple

Measure Copilot and Gen AI Success and Risks Using Viva Insights, Microsoft Purview, and the Microsoft 365 Admin Center reports

Earlier this month, I had the pleasure of speaking at the European Collaboration Summit 2025 in Düsseldorf, Germany. It was an incredible opportunity to connect with fellow Microsoft 365 professionals and explore a timely, strategic question:

How do we measure the success—and manage the risks—of Microsoft Copilot and Generative AI?

In my session, “Measuring Copilot and Gen AI Success and Risks with Viva Insights and Purview,” I shared practical, real-world strategies for going beyond basic usage statistics to understand the full picture: adoption, impact, sentiment, and security posture.

Guide to the New SC-401 Information Security Administrator Associate

Posted on 26 March 2025Updated on 30 May 2025by Nikki Chapple

🚨 Big News for IT, Data Security, Compliance and Purview Professionals! 🚨

Microsoft has announced the retirement of the SC-400: Microsoft Information Protection Administrator certification, effective May 31, 2025. This change impacts both current SC-400 certification holders and those preparing for the exam. As the IT landscape evolves, Microsoft is shifting its focus towards more comprehensive security administration, leading to the introduction of the new SC-401 certification. 🔒

Wondering how this change will affect your certification journey? This transition may seem daunting, but with the right information and preparation, you can navigate it effectively and continue to advance your career in information security. ✨ The new SC-401 certification offers a more robust focus on security administration, aligning with the latest industry trends. 🌟

In this post and the associate All Things M365 Compliance podcast episode , we’ll cover everything you need to know about the retirement of the SC-400 certification, the introduction of the SC-401 certification, and how to make the most of this change. 🌟

Microsoft Information Protection – In the Centre of It All! – Insights from the ‘All Things M365 Compliance’ Podcast

Posted on 14 March 2025Updated on 14 March 2025by Nikki Chapple

In today’s digital landscape, data security is critical, and Microsoft Information Protection sits at the centre of safeguarding sensitive information. By enabling organizations to classify, protect, and govern their data, Microsoft Purview Information Protection (MPIP) empowers businesses to apply sensitivity labels, encryption, and access controls across Microsoft 365 and beyond. This ensures consistent security and compliance in an increasingly complex regulatory environment.

In a recent All Things M365 Compliance podcast, Nikki Chapple, Ryan John Murphy, and Microsoft MVP Victor Wingsing explored the importance of data classification and sensitivity labels in Microsoft Purview. This blog captures their valuable insights and offers practical strategies for organizations looking to strengthen their data protection practices and mitigate security risks.

Microsoft 365 Offboarding: Secure OneDrive & Mailbox Data

Posted on 2 March 2025Updated on 16 May 2026by Nikki Chapple

When an employee leaves, proper Microsoft 365 offboarding is crucial to protect data. Failure to follow the correct procedure may result in the loss or exposure of OneDrive and mailbox data. This manual outlines the best ways to limit access, enforce retention policies, transfer files, and supervise mailboxes and OneDrive accounts to ensure compliance and continuous functionality.

How to Investigate Microsoft 365 Copilot Interactions

Posted on 2 March 2025Updated on 2 March 2025by Nikki Chapple

Ever wondered how to investigate Microsoft 365 Copilot Interactions? You’re in the right place! This blog post will guide you through the process of using Microsoft 365 tools, specifically the unified audit log eDiscovery and Communications Compliance, to uncover specific Microsoft 365 Copilot interactions.