Purview Lightning Talks – Microsoft Security Community

Posted on 31 May 2026Updated on 1 June 2026by Nikki Chapple

Event details

Event: Purview Lightning Talks – Microsoft Security Community
Location: Virtual (Microsoft Community Event)
Format: Live Lightning Talk (Recorded and published on YouTube)
Date: 30 April 2026
Sessions:

The Day Offboarding Exposed Infinite Retention
The Purview Hack No One Talks About: Container Sensitivity Labels That Fix Oversharing Fast

About the event

The Purview Lightning Talks is a community-led Microsoft Security event designed to share real-world Microsoft Purview insights in short, focused sessions.

Each talk is deliberately concise, cutting straight to practical use cases, lessons learned, and actionable recommendations.

The event brings together Microsoft MVPs, customers, and practitioners to share hands-on experience with data security, compliance, and governance in Microsoft 365.

How To Apply Container Sensitivity Labels at Scale in Microsoft 365

Posted on 16 May 2026Updated on 31 May 2026by Nikki Chapple

Introduction: Oversharing Does Not Start With Files

How to apply sensitivity labels at scale to existing Microsoft 365 Groups, Microsoft Teams and SharePoint sites is one of the most common follow-up questions I receive when discussing container sensitivity labels.

If your environment only contains a small number of workspaces, applying labels manually is manageable.

However, most organisations operate at scale. Hundreds or even thousands of Microsoft 365 Groups, Microsoft Teams and SharePoint sites already exist.

This is where governance becomes inconsistent and risky.

In this post, I show how to:

✅ Analyse your existing environment
✅ Identify oversharing risk
✅ Apply container sensitivity labels at scale using PowerShell

The goal is not just automation.

It is to apply consistent, risk-based governance and reduce oversharing in Microsoft 365 and Copilot environments.

This approach ensures you can apply container sensitivity labels at scale across existing Microsoft 365 environments in a consistent and controlled way.

How to Deploy Microsoft Purview DLP for Copilot and Generative AI

Posted on 16 May 2026Updated on 20 May 2026by Nikki Chapple

Organisations adopting Microsoft 365 Copilot and generative AI are facing a common challenge. Data is no longer static. It is constantly moving, reused, and now being surfaced and generated by AI.

This changes the risk profile.

The questions I hear most often are:

What are the real data security risks with AI?
Which controls actually make a difference?
How do we deploy them effectively in Microsoft Purview?

This guide builds on my ECS 2026 session and focuses on the controls that provide the greatest practical value. It cuts through the noise and shows how to use Microsoft Purview DLP for Copilot and generative AI, with a practical approach to reducing real-world data leakage risk across both internal and external AI tools.

Container Sensitivity Labels: The Purview “Hack” That Fixes Copilot Oversharing Fast

Posted on 16 May 2026Updated on 31 May 2026by Nikki Chapple

Introduction: Oversharing Starts Before a Single File Exists

Copilot oversharing is one of the most misunderstood risks in Microsoft 365. In reality, it often starts before a single file is uploaded.

It begins when Microsoft Teams, SharePoint sites, and Microsoft 365 Groups are created using generic tenant-wide defaults.

In an AI-enabled world, those overly permissive defaults become significantly more dangerous because Microsoft 365 Copilot operates within existing permissions.

Copilot does not create access.

It reveals it.

How to Configure Container Sensitivity Labels in Microsoft Purview (Step-by-Step)

Posted on 15 May 2026Updated on 16 May 2026by Nikki Chapple

Microsoft Purview container sensitivity labels allow organisations to apply consistent, risk-based collaboration and access controls across Microsoft Teams, Microsoft 365 Groups, and SharePoint sites without relying on manual decisions at the point of creation.

Instead of users or administrators deciding security settings each time a workspace is created, container sensitivity labels enforce governance automatically based on collaboration risk.

This is one of the most effective ways to reduce Microsoft 365 Copilot oversharing risk because Copilot surfaces only what users already have access to.

If access controls are overly broad, AI exposure becomes overly broad.

This guide focuses specifically on implementation:

✅ How to configure Microsoft Purview container sensitivity labels
✅ How to apply risk-based collaboration controls
✅ How to govern guest access and sharing consistently
✅ How to integrate with Microsoft Entra Conditional Access
✅ How to operationalise secure-by-default collaboration governance

Governing AI Shadow IT with the Microsoft Purview Browser Extension

Posted on 20 August 2025Updated on 16 May 2026by Nikki Chapple

AI tools like ChatGPT, Bard, and Claude are transforming the workplace. From customer service to content creation, employees are increasingly turning to them as productivity boosters. But with this innovation comes a challenge:

⚠️ How do you protect sensitive company data from being unintentionally exposed, while still enabling the benefits of AI?

The answer: the Microsoft Purview Browser Extension — a lightweight, privacy-first tool that gives organizations visibility and control over browser activity without becoming intrusive. When combined with Endpoint DLP, Insider Risk Management (IRM), and Data Security Posture Management (DSPM) for AI, it provides a powerful way to govern risky behavior, including shadow AI.

A four‑step guide to using DSPM for AI to monitor and manage risky behaviour — without compromising privacy
What the Purview Browser Extension is and why it matters
How it works alongside Endpoint DLP and Insider Risk Management (IRM)

Enhance Your Data Security Strategies – IRMS Conference 2025

Posted on 31 May 2025Updated on 31 May 2025by Nikki Chapple

I’m deeply honoured to have delivered the closing keynote with Ryan John Murphy from Microsoft at the IRMS Conference 2025 – The Peaky Path to Progress | 18th – 20th May 2025 | Birmingham, UK an event that continues to be the beating heart of the information management community. With over 400 professionals from across sectors, this year’s theme, “The Peaky Path to Progress,” couldn’t have been more fitting.

As we navigate an era where data is both an asset and a liability, my session—“Protecting Your Sensitive Data with Microsoft Purview: Practical Information Protection and DLP Strategies”—focused on equipping organizations with the tools and mindset to climb their own digital mountains.

Measuring Copilot and Gen AI Success and Risks with Viva Insights and Purview – ECS 2025

Posted on 30 May 2025Updated on 31 May 2025by Nikki Chapple

Measure Copilot and Gen AI Success and Risks Using Viva Insights, Microsoft Purview, and the Microsoft 365 Admin Center reports

Earlier this month, I had the pleasure of speaking at the European Collaboration Summit 2025 in Düsseldorf, Germany. It was an incredible opportunity to connect with fellow Microsoft 365 professionals and explore a timely, strategic question:

How do we measure the success—and manage the risks—of Microsoft Copilot and Generative AI?

In my session, “Measuring Copilot and Gen AI Success and Risks with Viva Insights and Purview,” I shared practical, real-world strategies for going beyond basic usage statistics to understand the full picture: adoption, impact, sentiment, and security posture.

Guide to the New SC-401 Information Security Administrator Associate

Posted on 26 March 2025Updated on 30 May 2025by Nikki Chapple

🚨 Big News for IT, Data Security, Compliance and Purview Professionals! 🚨

Microsoft has announced the retirement of the SC-400: Microsoft Information Protection Administrator certification, effective May 31, 2025. This change impacts both current SC-400 certification holders and those preparing for the exam. As the IT landscape evolves, Microsoft is shifting its focus towards more comprehensive security administration, leading to the introduction of the new SC-401 certification. 🔒

Wondering how this change will affect your certification journey? This transition may seem daunting, but with the right information and preparation, you can navigate it effectively and continue to advance your career in information security. ✨ The new SC-401 certification offers a more robust focus on security administration, aligning with the latest industry trends. 🌟

In this post and the associate All Things M365 Compliance podcast episode , we’ll cover everything you need to know about the retirement of the SC-400 certification, the introduction of the SC-401 certification, and how to make the most of this change. 🌟

Mastering Microsoft Purview Exact Data Match: All Things M365 Compliance Podcast

Posted on 22 February 2025Updated on 14 March 2025by Nikki Chapple

What are the benefits of Microsoft Purview’s Exact Data Match (EDM)? This question is explored in the latest episode of the All Things M365 Compliance Podcast: Mastering Microsoft Purview Exact Data Match. In today’s world, where data breaches are becoming increasingly common, protecting your organization’s sensitive information is critical. However, traditional data classification methods often rely on patterns and keywords, which can lead to false positives and inefficiencies, complicating efforts to protect data. The advantage of EDM is that it provides a precise solution, enabling you to classify and secure your data using exact values from your structured sources, such as an employee list.

In this latest episode of the All Things M365 Compliance Podcast/Vodcast, Ewelina Paczkowska joins hosts Nikki Chapple and Ryan John Murphy to explore mastering Microsoft Purview’s Exact Data Match and discuss its benefits and practical functionality.