Announcing SharePoint advanced management innovations for the AI and Copilot era

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Organizations are seeing massive growth in their digital estate as they continue their digitization journey. Businesses run on content – proposals, contracts, invoices, designs, plans, training videos, and more. Every workday, customers add over 2 billion new documents to Microsoft 365.


SharePoint brings advanced AI from the Microsoft Cloud to your Microsoft 365 content, simplifying your everyday business processes at cloud scale.


Content solutions – Agreements solution – Expanded Preview


Every organization manages high value content, such as non-disclosure agreements, statement of work, purchase agreements, proposals, and other agreements. These agreements are the foundation of every business transaction.

But it is challenging and time consuming to draft, review, negotiate and sign these documents. Organizations often struggle with having consistent language across all their agreements because they do not have consistent templates. Once the agreement is signed, businesses do not know where they are stored or when they expire.

The Agreements solution is a new Microsoft Teams app, which will be the central place to manage your agreements. You can view all your agreements, create new agreements from templates, and get reports on your agreements. You can bring your existing executed agreements, and the app will automatically extract key information using AI so that these agreements are now easily searchable.

Today at the Microsoft 365 Community Conference in Orlando, Florida, we are expanding the preview of the Agreements solution, an end-to-end solution to manage the entire life cycle of your agreements.


If you're here with us at the conference in Orlando this week, attend our session: "SharePoint: Transform your content experiences in the era of AI", on Wednesday, May 1, 2024, 8:00-9:00AM Eastern Time.


If you are interested in previewing this solution, please sign up here:





New content management and data access control capabilities

For many organizations – no matter the size or geographic distribution – content oversharing, permissions, and sprawl are real challenges. Especially as organizations look to implement Copilot or other AI technologies, these challenges surface to the top. Content oversharing is when content is shared beyond the needed audience either intentionally or accidentally. Content sprawl happens when many SharePoint sites are created in an ungoverned ways in your organization either through first party applications like Teams or third-party applications.


Today, we are thrilled to announce new content management and data access control capabilities to address these problems.

Let’s look at these new capabilities under the following four areas:

Content oversharing controls – Advanced access policies to help you prepare for Copilot

Advanced sites lifecycle management

Content sprawl controls

Organization lifecycle management


Content oversharing controls - advanced access policies helping you prepare for Copilot


SharePoint data access governance (DAG) enhancements – Permission state report, Everyone Except External Users (EEEU) report, and Site access reviews – Preview


As you prepare for your Copilot deployment, one of the key steps is to ensure your content permissions are in order. Identify the overshared and/or over permissioned sites and take needed actions on them.


When a site is in an active state, users add content and collaborate with other users actively. They may intentionally or unintentionally share their content with a broader audience than needed, leading to data exposure through Copilot. Now, SharePoint admins can use the data access governance (DAG) insights dashboard in SharePoint admin center to discover such overshared content and remediate. We announced the general availability of DAG v1 in 2023 as part of the

SharePoint Advanced Management (SAM) launch.


Today, we are happy to announce several enhancements that are coming to SharePoint Data Access Governance (DAG) reports as DAG V2:


Permission state report – Using the new permission state report, SharePoint admins can get details on sites that are permissioned for greater than X users, say >5000 users. This report includes files and folders that broke inheritance from site permission. This report can be run for OneDrive and SharePoint sites.


Perms Report.png

Figure. SharePoint admin views Permissions state report in SharePoint data access governance

EEEU (Everyone except external users) report – One of the common sources for overshared sites is users mistakenly share content with EEEU group, which will allow all users in the organization except external users. Now with the EEEU report, you can view the list of all sites that were shared with EEEU group. This report can be run for OneDrive and SharePoint sites.

EEEU Report.png

Figure. SharePoint admin views EEEU report-based on activity data in SharePoint data access governance (DAG)

Site access reviews – With the new site access reviews capability, SharePoint admins initiate access review with the owners of sites that are noted in Permission state and EEEU reports. This requests site owners to review and attest that the access pattern seen in their sites is expected or requires action.



Figure. SharePoint admin views Permissions state report in SharePoint data access governance (DAG) insights and triggers site access reviews to site owners

Exciting improvements like the ability to auto run reports after intervals, running reports via PowerShell and many more are coming soon. So, stay tuned.

To learn more about all DAG insights, check out the product article here: SharePoint Data access governance (DAG) insights.


Restricted access control (RAC) policy with security groups for sites and Policy insights - Private Preview

A common challenge today is managing the permission sprawl which occurs due to site oversharing. Hence, after overshared sites are identified in a Data Access Governance report, the next action is to restrict the site’s access to only the users who need it.

Today, we are excited to announce that the Restricted Access Control (RAC) policy can be applied to SharePoint and OneDrive sites with security groups. Also introducing new Content Policy Analytics for RAC sites.

With this advanced policy, leveraging Entra security groups, you can now restrict access to a non-group connected site, or OneDrive sites. To access the site content, users must be a member of the RAC control security groups and have the required permissions to the content. Users who are not members of the security group will be denied access per policy, even if the site or its content was previously shared with them by breaking inheritance from the site permission.



Figure: Controlling oversharing of a non-group connected site with restricted access control (RAC) policy

To learn more about this feature, check out the article here: RAC Policy for SharePoint Sites.


Content Policy Analytics for RAC sites


Once you have applied RAC policy to your sites, you can generate rich content policy analytics, in SharePoint Admin Center or PowerShell, to gain insights on the sites and users who were denied access due to the policy.



Figure. Content policy analytics for RAC policy in SharePoint Admin Center



Figure. Content policy analytics for RAC policy in PowerShell


Back to top


AI-driven Content Policy Recommendations for SharePoint sites and OneDrive accounts – Private Preview

DAG (Data Access Governance) insights provide you with the top list of overshared and over-permissioned sites that need your attention. You can select specific sites and apply the RAC (Restricted Access Control) policy to those. But, what about the rest of the sites in your organization – do you have the right policies configured?

As your organization’s digital estate grows, managing access and other content policies becomes complicated. Especially, in this Copilot era wherein users have instant access to information. So the “security through obscurity” model does not work. But now AI can help.

Today we are excited to announce the private preview of AI-driven content policy recommendations for SharePoint and OneDrive. You can simply provide a list of few properly policy configured sites with similar content, and then use the power of AI to scan through a target set of sites. This engine will semantically match sites from the input sites. Then it recommends policies, across external sharing, block download, restricted access control, and device policy, for those identified sites.

AI driven content policy recommendation.gif


Back to top


Advanced sites lifecycle management


Sites lifecycle policies – Inactive sites policy – General Availability


A site in an active state may enter an inactive state perhaps after a few years. This is a concern for a few reasons. Copilot users could get stale results that are generated from inactive site content. Additionally, standing access to inactive SharePoint sites, especially by external vendors and third-party applications, is one of the sources of data leakage and security incidents.

Today, we are thrilled to announce the SharePoint inactive sites policy is generally available. With this feature, SharePoint admins can create custom inactive site policies that target specific SharePoint sites, such as Teams-created sites or sites labeled as “Public” or with an information segment of Research and are untouched for specified periods of time (e.g., one year). Once these policies are in place, site owners of inactive sites will receive automated alerts and can choose to keep, delete, or archive using the Microsoft 365 Archive product as needed.

As a SharePoint admin, you'll also have the option to apply policies to inactive sites to protect their content and remove any unauthorized access. And for sites connected to Teams, the inactivity status will be determined by evaluating user actions in both Teams and the SharePoint site. This means that Teams owners, as well as site owners, will be notified of any inactivity.



Figure. SharePoint admin creates an inactive site policy in SharePoint admin center and site owner responds to the policy notification

To learn more, check out the product article here: Manage site lifecycle policies - SharePoint in Microsoft 365 | Microsoft Learn.


Back to top


Sites lifecycle policies – Ownership management policy – Private Preview


As employees leave or join the organization, managing the SharePoint sites that they own is a critical step for business continuity. Ownerless sites are a source of unauthorized data exposure through Copilot as there is no accountable owner for managing permissions and content for the site.

To address this need, we are excited to announce private preview of SharePoint sites’ ownership management policy. With this policy, SharePoint administrators can configure a minimum number of owners, e.g. two, required per site. This policy is for all sites, including both Groups-connected and non-Groups connected sites.



Figure. Set policy for sites without owner


Back to top

SharePoint Change History – General Availability

As SharePoint admins, often you are tasked with troubleshooting inaccessible, over-quota, or customizations sites. And to effectively manage a site’s lifecycle, admins need to know all the activities carried out by site owners. The new change history capability in SharePoint admin center aims to address these needs.

Today, we are thrilled to announce that SharePoint change history is generally available. This feature enables you to view all changes made to a site's properties by other admins and site owners, for faster investigation and resolution of helpdesk tickets. With this historical view, you can quickly identify and resolve issues in a matter of hours, instead of days or weeks.



Figure. SharePoint admin viewing change history report in SharePoint Admin Center


To learn more, check out the product article here: Create change history reports - SharePoint in Microsoft 365 | Microsoft Learn


Back to top


AI-powered Advanced Insights for all SAM reports – Private Preview

Today, we’re excited to announce the integration of Language Model (LLM) into SharePoint Advanced Management (SAM) reports for AI-powered insights, which aims to streamline analysis and action identification for admins. With this enhancement, admins can swiftly analyze reports, detect patterns, and receive actionable insights with just one click, reducing analysis time and improving efficiency.


AI driven content policy recommendation (1).gif

Figure. AI-powered insights on SharePoint sites


Back to top

Content sprawl controls


Restricted provisioning control (RPC) - Private Preview


It can be difficult to manage how data is organized, given the growing amount of information that is created and shared. With the new Restricted Site Creation feature, you can manage which groups of users in your organization can create various types of sites.

We are excited to announce the private preview of the Restricted Site Creation feature. With this policy, SharePoint administrators can configure groups with restricted site creation or give site creation rights to specific groups in an organization. This policy can be controlled granularly for Team sites, Communication sites, or all sites.




Back to top


Enterprise Application Insights (third-party) at SharePoint site level - Private Preview


Enterprise Application Insights is a powerful report which helps you discover all the SharePoint sites that are allowed access by third-party applications registered in your tenant. The report also provides details on the applications’ permission and requests count to help you take further action to strengthen the security of the site.


Enterprise App Insights Screenshot.png


Back to top


Organization lifecycle management


SharePoint Advanced Tenant Rename – General Availability


As part of a rebranding or organizational change, you may need to change your SharePoint domain name. With advanced tenant rename, now organizations with up to 100,000 total sites can perform renames with greater speed and control. This capability also allows admins to prioritize up to 4,000 sites for renaming. This allows for prioritized business-critical or high-visibility sites to complete renaming first and reduce risk of impact on business operations. This is now generally available, with SharePoint Advanced Management.


AdvancedTenantRename (1).gif


To learn more, check out the product article: Change your SharePoint domain name - SharePoint in Microsoft 365 | Microsoft Learn.


Back to top


SharePoint cross-tenant sites content migration – Public Preview


Mergers, acquisitions, and divestitures (M&A) scenarios are a critical part of an organization’s lifecycle. In fact, many organizations expand their business through M&A.


Imagine an organization acquires another to expand their global footprint, and both organizations have a presence in Microsoft 365. As part of this M&A transaction, there is a need to move the acquired company’s employees’ OneDrives and Mailboxes and associated SharePoint sites to the parent company’s tenancy. OneDrive and mailboxes cross-tenant content migration launched in 2022, and now we are addressing the need to moving SharePoint sites across tenants.


Today, we are thrilled to announce the public preview of SharePoint site cross-tenant content data migration. With this capability you can now move SharePoint sites across two tenants using a simple set of SharePoint PowerShell cmdlets. This includes all kinds of sites like Communication sites, Modern team sites, Teams-connected or Groups-connected sites, etc.


One another notable capability upon site move is that the sharing links to old URLs will continue to work although the URL of the site has changed! This is made possible by the cross-tenant redirect capability that ensures any hit to old URLs is redirected to new URL.


To learn more about OneDrive cross-tenant migration, check out here: Cross-tenant user data migration for OneDrives.


To learn more about SharePoint sites cross-tenant migration, click here: Cross-tenant SharePoint site migration


SharePoint cross-tenant sites content migration.gif

Figure. Migrating a SharePoint site across tenants and experiencing the redirect behavior for the site URL


Back to top


If you're attending the Microsoft 365 Community Conference this week, join our session, "Prepare Your Content for Microsoft Copilot with SharePoint Content Governance" on Thursday, May 2, 2024, 9:15-10:15AM Eastern Time. 


Get started!

If you are new to Microsoft 365, learn how to try or buy a Microsoft 365 subscription.


For the private preview features, you can sign-up here:


For more information about SharePoint Advanced Management and licensing, check out the SAM product articles landing page at:



If you are already a Microsoft 365 customer and have SharePoint licenses, then you can purchase the SAM add-on SKU from your M365 Admin Portal by simply searching for “SharePoint Advanced Management Plan 1” in the purchase services tab. You can also purchase through CSP or volume licensing enrollment.


To learn more about the above features in detail, check out the product capabilities documentations below:

Thank you!

Sesha Mani
Partner Group Product Manager

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.