Nikki Chapple

Enhance Your Data Security Strategies – IRMS Conference 2025

Posted on 31 May 2025Updated on 31 May 2025by Nikki Chapple

I’m deeply honoured to have delivered the closing keynote with Ryan John Murphy from Microsoft at the IRMS Conference 2025 – The Peaky Path to Progress | 18th – 20th May 2025 | Birmingham, UK an event that continues to be the beating heart of the information management community. With over 400 professionals from across sectors, this year’s theme, “The Peaky Path to Progress,” couldn’t have been more fitting.

As we navigate an era where data is both an asset and a liability, my session—“Protecting Your Sensitive Data with Microsoft Purview: Practical Information Protection and DLP Strategies”—focused on equipping organizations with the tools and mindset to climb their own digital mountains.

Measuring Copilot and Gen AI Success and Risks with Viva Insights and Purview – ECS 2025

Posted on 30 May 2025Updated on 31 May 2025by Nikki Chapple

Measure Copilot and Gen AI Success and Risks Using Viva Insights, Microsoft Purview, and the Microsoft 365 Admin Center reports

Earlier this month, I had the pleasure of speaking at the European Collaboration Summit 2025 in Düsseldorf, Germany. It was an incredible opportunity to connect with fellow Microsoft 365 professionals and explore a timely, strategic question:

How do we measure the success—and manage the risks—of Microsoft Copilot and Generative AI?

In my session, “Measuring Copilot and Gen AI Success and Risks with Viva Insights and Purview,” I shared practical, real-world strategies for going beyond basic usage statistics to understand the full picture: adoption, impact, sentiment, and security posture.

Guide to the New SC-401 Information Security Administrator Associate

Posted on 26 March 2025Updated on 30 May 2025by Nikki Chapple

🚨 Big News for IT, Data Security, Compliance and Purview Professionals! 🚨

Microsoft has announced the retirement of the SC-400: Microsoft Information Protection Administrator certification, effective May 31, 2025. This change impacts both current SC-400 certification holders and those preparing for the exam. As the IT landscape evolves, Microsoft is shifting its focus towards more comprehensive security administration, leading to the introduction of the new SC-401 certification. 🔒

Wondering how this change will affect your certification journey? This transition may seem daunting, but with the right information and preparation, you can navigate it effectively and continue to advance your career in information security. ✨ The new SC-401 certification offers a more robust focus on security administration, aligning with the latest industry trends. 🌟

In this post and the associate All Things M365 Compliance podcast episode , we’ll cover everything you need to know about the retirement of the SC-400 certification, the introduction of the SC-401 certification, and how to make the most of this change. 🌟

Mastering Microsoft Purview Exact Data Match: All Things M365 Compliance Podcast

Posted on 22 February 2025Updated on 14 March 2025by Nikki Chapple

What are the benefits of Microsoft Purview’s Exact Data Match (EDM)? This question is explored in the latest episode of the All Things M365 Compliance Podcast: Mastering Microsoft Purview Exact Data Match. In today’s world, where data breaches are becoming increasingly common, protecting your organization’s sensitive information is critical. However, traditional data classification methods often rely on patterns and keywords, which can lead to false positives and inefficiencies, complicating efforts to protect data. The advantage of EDM is that it provides a precise solution, enabling you to classify and secure your data using exact values from your structured sources, such as an employee list.

In this latest episode of the All Things M365 Compliance Podcast/Vodcast, Ewelina Paczkowska joins hosts Nikki Chapple and Ryan John Murphy to explore mastering Microsoft Purview’s Exact Data Match and discuss its benefits and practical functionality.

Speaking at Teams Nation 2024 | February 2024

Posted on 11 August 2024Updated on 13 August 2024by Nikki Chapple

I had the opportunity to present a session at Teams Nation 2024 on 21 February 2024. Teams Nation is a free, community-driven online conference dedicated to Microsoft Teams, its underlying technologies, and extensibility options. It featured over 70 sessions across multiple tracks covering topics like Adoption & Governance, Security & Compliance, Productivity, Meetings & Calling, Education & Community, Build & Extend, Devices & Spaces, and The Power Platform.

How to add sensitivity labels to your existing Microsoft 365 Groups, Teams and SharePoint sites

Posted on 23 April 2023Updated on 11 August 2024by Nikki Chapple

How to add sensitivity labels to my existing groups, teams and sites? This was a question I was asked after one of my previous blogs on how to protect your groups, Teams and sites. If you only have a small number of groups, teams and sites, then it is easy to manually add the container sensitivity label to each group team or site. But what happens when you have thousands of groups, couples and sites?

Fortunately, there is a way to automate this task using PnP PowerShell. In this blog post, I will walk you through the steps needed first to analyze your existing groups, teams and site and then to programmatically apply container sensitivity labels to your existing Teams, Groups, and Sites in Microsoft 365 to help you protect your important data from unauthorized access and accidental sharing.

Do you know you can now upload your improvements actions into the Microsoft Purview Compliance Manager

Posted on 11 August 2022Updated on 11 August 2024by Nikki Chapple

📢It’s good news for Microsoft Purview Compliance Manager.

You can now bulk import your updated improvement actions directly into Microsoft Purview Compliance Manager using the Improvement actions export report. With no APIs or programmatic interfaces, bulk import is a significant improvement.

Having the ability to work on your improvement actions outside of the Microsoft Purview Admin Center is extremely helpful. You can work on the improvement actions with multiple businesses and IT stakeholders without giving them admin rights. In the past, any changes to improvement actions had to be manually updated in Compliance Manager. Organisations often only focus on the initial export of data, so they miss out on automatic testing notifications, reporting and updates.

By using the Excel export file to bulk upload your changes into Compliance Manager, there is no need to rekey any information, which is a significant time-saving improvement.

Additionally, keeping the Compliance Manager updated lets you see the impact of changes to regulations or configuration changes via automated testing.

Read on to find out more.

How to apply just-in-time access to Security & Compliance roles

Posted on 4 April 2022Updated on 11 August 2024by Nikki Chapple

I am often asked by clients how they can provide additional levels of controls to their Security and Compliance privileged roles to mitigate the risks of excessive, unnecessary, or misused access permissions to important resources.

Microsoft recommends the following best practice for managing privileged accounts:

Use least privileged access
Turn on multi-factor authentication for all your administrator accounts
Use Privileged Identity Management to grant just-in-time access with optional approvals
Configure recurring access reviews to revoke unneeded permissions over time

If you have Azure AD Premium 2 licensing you can use Azure AD Privilege Identity Management (PIM) to provide just-in-time access to privileged admin accounts. PIM only provides just-in-time access to Azure AD and Azure privileged roles. The issue with Security and Compliance roles is that they are managed in Security and Compliance admin Centers and not in Azure AD.

So how can we protect Security and Compliance roles with just-in-time access to mitigate the risks of excessive, unnecessary, or misused access permissions to important resources?

Read on to discover how to use Privileged Access Groups in PIM to indirectly provide just-in-time access to your Security & Compliance roles. In addition, this process will work with other non-Azure AD roles such as roles from Exchange or SharePoint.