Tag:Data Loss Prevention (DLP)

Data Loss Prevention (DLP) in Microsoft 365 helps organisations identify, monitor and protect sensitive data across services such as Exchange Online, SharePoint Online, OneDrive and Microsoft Teams. Using Microsoft Purview DLP policies, organisations can prevent accidental or unauthorised sharing of sensitive information and reduce data exposure risk.

How to Govern Shadow AI with Microsoft Purview, Defender and DSPM

Posted on Updated on by Nikki Chapple

Most organisations are already dealing with Shadow AI, whether they realise it or not.

Employees are using ChatGPT, Claude, Gemini, AI-powered browser extensions, meeting assistants, coding tools, and countless other generative AI services to work faster.

The challenge is not stopping people from using AI.

The challenge is governing where organisational data goes.

In my previous article, Shadow AI Governance: Why You Must Control AI Data Risk In Microsoft 365 I explained why Shadow AI has become one of the fastest-growing data security challenges facing IT and security teams.

This article focuses on the next question:

How do you actually govern it?

Microsoft recently published a deployment model called Prevent Data Leak To Shadow AI, which combines Microsoft Purview, Microsoft Defender for Cloud Apps, Microsoft Entra, and Microsoft Intune into a unified approach for managing AI risk.

Microsoft’s guidance is excellent.
But in practice, I simplify it into two control layers:

  • Control the Apps
  • Control the Data

Everything else supports these two decisions.

Because successful AI governance is not about blocking AI.
It is about enabling AI safely.

You cannot stop users using AI.
But you can control what happens to your data.


Read More

How to Deploy Microsoft Purview DLP for Copilot and Generative AI

Posted on Updated on by Nikki Chapple

Organisations adopting Microsoft 365 Copilot and generative AI are facing a common challenge. Data is no longer static. It is constantly moving, reused, and now being surfaced and generated by AI.

This changes the risk profile.

The questions I hear most often are:

  1. What are the real data security risks with AI?
  2. Which controls actually make a difference?
  3. How do we deploy them effectively in Microsoft Purview?

This guide builds on my ECS 2026 session and focuses on the controls that provide the greatest practical value. It cuts through the noise and shows how to use Microsoft Purview DLP for Copilot and generative AI, with a practical approach to reducing real-world data leakage risk across both internal and external AI tools.


Read More

Teams Private Channel Messages: Compliance Action Required by Sept 20, 2025

Posted on Updated on by Nikki Chapple

Teams private channel messages are moving to group mailboxes, and compliance managers must act before September 20, 2025, to avoid data loss and compliance gaps.

Microsoft is reengineering private channels to improve scalability and simplify governance. This change impacts Microsoft Purview eDiscovery, retention, and DLP policies.

This update was announced in the Microsoft Teams Blog and flagged in the Microsoft 365 Message Center (MC1134737).

📺 Prefer video? Watch the full episode on YouTube and subscribe for more updates!


Read More

Microsoft Purview DLP: Best Practices for Successful Implementation

Posted on Updated on by Nikki Chapple

Microsoft Purview Data Loss Prevention (DLP) is often misunderstood. Many organizations treat it as a quick fix, something that can be switched on in the portal. In reality, DLP is a strategic capability that requires planning, thoughtful policy design, and continuous improvement to be effective.

In a recent episode of the All Things M365 Compliance Podcast, Ryan John Murphy and I were joined by guest Ewelina Paczkowska, Solution Architect at Threatscape and author of the excellent Welkas World blog, to explore how organizations can maximize the value of Purview DLP.

This blog shares some of the best practices and lessons learned from our discussion.


Read More

Enhance Your Data Security Strategies – IRMS Conference 2025

Posted on Updated on by Nikki Chapple

I’m deeply honoured to have delivered the closing keynote with Ryan John Murphy from Microsoft at the IRMS Conference 2025 – The Peaky Path to Progress | 18th – 20th May 2025 | Birmingham, UK an event that continues to be the beating heart of the information management community. With over 400 professionals from across sectors, this year’s theme, “The Peaky Path to Progress,” couldn’t have been more fitting.

As we navigate an era where data is both an asset and a liability, my session—“Protecting Your Sensitive Data with Microsoft Purview: Practical Information Protection and DLP Strategies”—focused on equipping organizations with the tools and mindset to climb their own digital mountains.


Read More

All Things M365 Compliance podcast EP15: DLP Part 2

Posted on Updated on by Nikki Chapple

In part two of our “All Things M365 Compliance” Data Loss prevention (DLP) mini-series, Ryan John Murphy and Nikki Chapple show you how to use the Conditions Builder to create advanced policies and rules. Safeguard confidential information, prevent sensitive data from leaving your organisation, and establish a robust data loss prevention defence system for your organization.

Tune in to learn more.


Read More

All Things M365 Compliance podcast EP14: Data Loss Prevention (DLP) Part 1

Posted on Updated on by Nikki Chapple

In episode 14 of the “All Things M365 Compliance” podcast, Ryan John Murphy and Nikki Chapple demonstrate how to create Microsoft Purview Data Loss Prevention (DLP) policies and rules. The episode covers important topics like the structure of DLP policies and rules, why they are a crucial part of the design process, and what outcomes to expect.

Tune in to learn more.


Read More