Tag:AI Governance

AI governance in Microsoft 365 focuses on managing data exposure risks across AI tools such as Microsoft 365 Copilot and third-party generative AI services. Using Microsoft controls including Microsoft Purview, Microsoft Entra and Defender, organisations can control access, reduce oversharing, monitor usage and protect sensitive data across both Microsoft and external AI environments.

What 35 Years in Tech Taught Me About Data Security and AI Governance

Posted on Updated on by Nikki Chapple

Event: Journals of the Information Entrepreneur Podcast
Host: Jacqueline Stockwell
Speaking engagement: Podcast (Guest Appearance)
Date: 26 May 2026
Topic: Women in Tech, Data Security, and AI Governance

I recently joined Jacqueline Stockwell on her podcast ahead of our upcoming session at Experts Live London.

Not just to talk about technology.
But what really sits behind it.

From building a long-term career in tech, to navigating environments where you are often the only woman in the room, through to how data security and AI governance are now exposing organisational challenges in new ways.

👉 Listen to Episode 057: 35 Years of Tech – Resilience and Security with Nikki Chapple


Read More

Workplace Ninjas Norway 2026: My Sessions on Shadow AI and Data Security

Posted on Updated on by Nikki Chapple

Event: Workplace Ninjas Norway 2026
Location: Oslo, Norway
Format: Conference Sessions
Date: 27 May 2026
Sessions:

  1. Evaluating AI Risk with Microsoft’s Security Dashboard for AI
  2. Preventing Data Leaks to Shadow AI: Managing Generative AI Apps in Your Organisation

At Workplace Ninjas Norway 2026, I delivered two sessions focused on a challenge that many organisations are only just starting to fully understand: the impact of Shadow AI on data security.

These sessions were designed to reflect the reality organisations are facing today.

AI adoption is already happening.
Often without visibility.
Often without governance.

The question is no longer whether people are using AI.

It is whether you understand what is happening to your data when they do.


Read More

Shadow AI Governance: You Can’t Stop AI. But You Can Control the Risk

Posted on Updated on by Nikki Chapple

Shadow AI governance is now a critical challenge for organisations.

Shadow AI is already inside your organisation.

Employees are using AI tools every day to summarise documents, improve emails, analyse spreadsheets, generate presentations, and draft proposals. Most are not trying to break policy. They are trying to work faster and smarter.

That is exactly what makes Shadow AI such a serious governance risk.

This is no longer a question of whether AI is being used at work. It is a question of whether your organisation has visibility into which AI tools are in use, what data is being shared, and which controls are in place to reduce risk.

The urgency is real. Microsoft’s 2026 Data Security Index report says that 32% of surveyed organisations’ data security incidents involve the use of generative AI tools, while only 47% of surveyed organisations are implementing controls focused on generative AI workloads. More than 80% of surveyed organisations are implementing or developing Data Security Posture Management strategies to improve visibility and governance.

AI adoption is accelerating.

Governance is still catching up.

This article explains the practical control model I use with organisations to understand Shadow AI risk, improve visibility, and apply effective governance at scale.


Read More

How to Govern Shadow AI with Microsoft Purview, Defender and DSPM

Posted on Updated on by Nikki Chapple

Most organisations are already dealing with Shadow AI, whether they realise it or not.

Employees are using ChatGPT, Claude, Gemini, AI-powered browser extensions, meeting assistants, coding tools, and countless other generative AI services to work faster.

The challenge is not stopping people from using AI.

The challenge is governing where organisational data goes.

In my previous article, Shadow AI Governance: Why You Must Control AI Data Risk In Microsoft 365 I explained why Shadow AI has become one of the fastest-growing data security challenges facing IT and security teams.

This article focuses on the next question:

How do you actually govern it?

Microsoft recently published a deployment model called Prevent Data Leak To Shadow AI, which combines Microsoft Purview, Microsoft Defender for Cloud Apps, Microsoft Entra, and Microsoft Intune into a unified approach for managing AI risk.

Microsoft’s guidance is excellent.
But in practice, I simplify it into two control layers:

  • Control the Apps
  • Control the Data

Everything else supports these two decisions.

Because successful AI governance is not about blocking AI.
It is about enabling AI safely.

You cannot stop users using AI.
But you can control what happens to your data.


Read More

How to Deploy Microsoft Purview DLP for Copilot and Generative AI

Posted on Updated on by Nikki Chapple

Organisations adopting Microsoft 365 Copilot and generative AI are facing a common challenge. Data is no longer static. It is constantly moving, reused, and now being surfaced and generated by AI.

This changes the risk profile.

The questions I hear most often are:

  1. What are the real data security risks with AI?
  2. Which controls actually make a difference?
  3. How do we deploy them effectively in Microsoft Purview?

This guide builds on my ECS 2026 session and focuses on the controls that provide the greatest practical value. It cuts through the noise and shows how to use Microsoft Purview DLP for Copilot and generative AI, with a practical approach to reducing real-world data leakage risk across both internal and external AI tools.


Read More

Why Microsoft 365 Copilot Data Readiness Matters

Posted on Updated on by Nikki Chapple

Microsoft 365 Copilot Data Readiness is essential for secure and effective AI adoption. Copilot is transforming the way we work by boosting productivity, creativity, and efficiency across Microsoft 365. But here is the challenge: Copilot surfaces what users already have access to. If your data governance is not in order, sensitive information could be exposed.

So, the big question is:
Is your data ready for Microsoft 365 Copilot?

I recently joined Mark Thompson from The Inform Team for a webinar on this topic. We explored how Copilot interacts with your Microsoft 365 environment, the risks of oversharing, and how to build a secure, governed foundation for responsible AI adoption.

🎥 Watch the full webinar: YouTube Recording


Read More

Governing AI Shadow IT with the Microsoft Purview Browser Extension

Posted on Updated on by Nikki Chapple

AI tools like ChatGPT, Bard, and Claude are transforming the workplace. From customer service to content creation, employees are increasingly turning to them as productivity boosters. But with this innovation comes a challenge:

⚠️ How do you protect sensitive company data from being unintentionally exposed, while still enabling the benefits of AI?

The answer: the Microsoft Purview Browser Extension — a lightweight, privacy-first tool that gives organizations visibility and control over browser activity without becoming intrusive. When combined with Endpoint DLP, Insider Risk Management (IRM), and Data Security Posture Management (DSPM) for AI, it provides a powerful way to govern risky behavior, including shadow AI.

  • A four‑step guide to using DSPM for AI to monitor and manage risky behaviour — without compromising privacy
  • What the Purview Browser Extension is and why it matters
  • How it works alongside Endpoint DLP and Insider Risk Management (IRM)

Read More

Measuring Copilot and Gen AI Success and Risks with Viva Insights and Purview – ECS 2025

Posted on Updated on by Nikki Chapple

Measure Copilot and Gen AI Success and Risks Using Viva Insights, Microsoft Purview, and the Microsoft 365 Admin Center reports

Earlier this month, I had the pleasure of speaking at the European Collaboration Summit 2025 in DĂĽsseldorf, Germany. It was an incredible opportunity to connect with fellow Microsoft 365 professionals and explore a timely, strategic question:

How do we measure the success—and manage the risks—of Microsoft Copilot and Generative AI?

In my session, “Measuring Copilot and Gen AI Success and Risks with Viva Insights and Purview,” I shared practical, real-world strategies for going beyond basic usage statistics to understand the full picture: adoption, impact, sentiment, and security posture.


Read More