Microsoft runs on trust. Microsoft 365 content governance is paramount to safeguarding your business-critical content on a cloud scale.

Organizations run on content – proposals, contracts, invoices, designs, plans, training videos, and more. Every workday, customers add over 2 billion new documents to Microsoft 365.

In the AI era, most Fortune 500 companies use Microsoft 365 Copilot to boost business results and empower teams. Lumen Technologies projects up to $50 million in annual savings with Copilot, while Finastra cuts creative production time from seven months to seven weeks.

What makes Microsoft 365 Copilot so powerful lies in its capability to leverage organizational data stored in SharePoint and OneDrive, widely regarded as the most versatile content management platform.

Today we are thrilled to announce innovations in content governance that empower you to manage your content in Microsoft 365, SharePoint, OneDrive, and Teams.

Let’s look at these new capabilities under the following five areas:

1. SharePoint permission and policy controls to help you prepare for Copilot deployment

• Permission State Report for a given user/group – Private preview


• Restricted Content Discovery (RCD) for sites – General Availability


• Restricted access control (RAC) policy for all sites using Entra security groups and Microsoft 365 groups – General Availability


• AI-driven Site Matching for SharePoint sites and OneDrive accounts – Private Preview

2. SharePoint site lifecycle policies to make Copilot responses relevant and recent

• Inactive sites policy v2 – General Availability


• Site Ownership policy – General Availability


• Site Attestation Policy – Private Preview


• Restricted sites creation (RSC) – General Availability

3. Agent insights and governance for SharePoint Admins

• Agent Insights v1 – General Availability


• Enterprise Application Insights (third-party) at SharePoint site level – Public Preview


• Restrict app provisioning – Private Preview

4. Copilot for SharePoint Admins – General Availability.


5. Organization lifecycle management and business solutions

• Agreements Solution – Limited General Availability


• SharePoint eSignature for Microsoft Word – General Availability


• SharePoint cross-tenant sites content migration – General Availability

SharePoint permission and policy controls to help you prepare for Copilot deployment

Permission State Report for a given user/group – Private preview

In preparation for your Copilot deployment, it is essential to ensure that content permissions are properly managed. Identify any sites with excessive sharing or permissions, and take appropriate measures to address these issues.

When a site is active, users frequently add and share content, sometimes with a wider audience than intended, leading to potential data exposure via Copilot. SharePoint admins can now use the DAG insights dashboard in the SharePoint admin center to identify and address overshared content.

Previously, we released the Oversharing baseline report, helping you understand which sites were accessible to many users within the tenant and take remedial actions.

We are now excited to announce a private preview of a new report that identifies all sites permissioned to a specific user or group. SharePoint admins can trigger a site access review, providing a detailed overview of all permissions at various levels (site/lib/folder/file) to the site owner for appropriate action. PowerShell cmdlets in the SharePoint Online module are also available to run this report.

Figure: Understanding the extent of permissions of a given user/group in the tenant.

To learn more about all DAG insights, check out the product article here: SharePoint Data access governance (DAG) insights.

Request to enroll in the preview: https://aka.ms/ContentGovernancePreviews

Restricted Content Discovery (RCD) for sites – General Availability

One primary concern today is the unintentional discovery of content in Microsoft 365 Copilot due to outdated permissions resulting from site permission sprawl or oversharing. Consequently, after identifying overshared sites through a Data Access Governance report, the next step is to restrict the accidental discovery of these sites within Microsoft 365 Copilot. Furthermore, there may be a requirement to exclude certain sites from Copilot’s visibility, irrespective of their oversharing status, particularly those tracking potential mergers with two direct competitors.

We are pleased to announce the general availability of the Restricted Content Discovery (RCD) policy. This policy assists in preventing the unintentional discovery of content within Copilot and search experiences. When an RCD policy is applied to a SharePoint site, it ensures that users are unable to discover its content through Microsoft Copilot experiences or organization-wide search functionalities.

This tool assists in preparing for a secure Copilot deployment within an organization. The RCD policy is used to manage access to Copilot agents in SharePoint sites.

Figure: Preventing accidental discovery of content with restricted content discovery (RCD) policy.

To learn more, check out the product article here: RCD Policy for SharePoint sites

Restricted access control (RAC) policy for all sites using Entra security groups and Microsoft 365 groups – General Availability

A common challenge today is managing permission sprawl due to site oversharing. After identifying overshared sites in a Data Access Governance report, the next step is to restrict access to only the necessary users. The Restricted Access Control (RAC) policy is being extended for all types of SharePoint sites, including M365 group connected and Teams connected sites using Microsoft 365 groups and Entra security groups. Once the RAC policy is applied, users will be able to access content only if they have content access permissions and are members of the restricted access control groups.

With this advanced policy, you can now restrict access to any SharePoint site, or OneDrive site.

Figure: Controlling oversharing of a Teams-connected site with Entra security groups as Restricted access control group. 

To learn more about this feature, check out the article here: RAC Policy for SharePoint Sites.

AI-driven Site Matching for SharePoint sites and OneDrive accounts – Private Preview

DAG (Data Access Governance) insights provide a comprehensive list of overshared and over-permissioned sites that require your attention. You have the option to select specific sites and apply the RAC (Restricted Access Control) policy accordingly. However, it is essential to consider the rest of the sites within your organization – are the appropriate policies configured?

As the digital estate of your organization expands, managing access and content policies becomes increasingly complex. This is particularly relevant in the current era, where users have immediate access to information. The traditional “security through obscurity” model is no longer effective. However, AI can now assist in addressing these challenges.

We are pleased to announce the private preview of AI-driven content policy recommendations for SharePoint and OneDrive. Users can provide a list of correctly configured sites with similar content, and leverage the power of AI to scan through a target set of sites. This engine will semantically match sites from the input list and recommend policies related to external sharing, block download, restricted access control, and device policy for those identified sites.

Figure: Create an AI-driven content policy recommendations report. 
Request to enroll in the preview: https://aka.ms/ContentGovernancePreviews

SharePoint site lifecycle policies to make Copilot responses relevant and recent

Inactive sites policy v2 – General Availability

A site that is currently active may transition to an inactive state after a certain period. This situation is concerning for several reasons. Users of Copilot may receive outdated results generated from content on inactive sites. Furthermore, sustained access to inactive SharePoint sites by external vendors and third-party applications can be a source of data leakage and security incidents.

To address this issue, SharePoint administrators have the ability to implement custom policies targeting specific SharePoint sites, such as those created through Teams or labeled as “Public” or containing research-related information, which have not been active for specified periods. With these policies, site owners or administrators of inactive sites will receive automated notifications and can decide whether to retain or delete the sites.

Additionally, as a SharePoint administrator, you have the option to automatically enforce actions such as rendering the site read-only or archiving it if there is no response from the notification recipients. Site activity is evaluated across multiple workloads including Teams, Exchange, SharePoint, and Viva Engage.

Figure. Create an inactive site policy in the SharePoint admin center to manage inactive sites.

To enhance the experience further, we are thrilled to announce

• Private preview of email customization within the inactive sites policy. Now administrators will be able to customize content and configure the “from email address” of the site owner notifications.


• Custom Site Inclusion via CSV – General Availability in June 2025. Beginning June 2025, admins can use a CSV file to include and target policies to up to 10,000 specific SharePoint sites. This capability is especially valuable for piloting policies on a controlled subset of sites or managing high-priority sites independently.

To learn more, check out the product article here: Manage site lifecycle policies – SharePoint in Microsoft 365 | Microsoft Learn.
Request to enroll in the preview: https://aka.ms/ContentGovernancePreviews

Site Ownership policy – General Availability 

As employees leave or join the organization, managing the SharePoint sites they own is important for business continuity. Ownerless sites pose a risk of unauthorized data exposure through Copilot as there is no accountable owner for managing permissions and content for the site.

With the site ownership policy, SharePoint administrators can configure a minimum number of owners, such as two, required per site. This policy applies to all sites, including both Groups-connected and non-Groups connected sites.

To ensure the minimum owner count of two is met, admins can notify the most recent active site members or managers of previous owners, along with existing site owners or admins, if any, to find relevant and accountable owners. If the site remains ownerless even after three notifications, automated enforcement actions can be implemented.

The general availability of archival as an enforcement action for site ownership policy will be available from June 2025. Admins can automate the archival of sites that continue to remain ownerless even after three attempts to identify an owner through the policy.

Figure. Site ownership policy to maintain minimum site owner count.

To learn more, check out the product article here: Create SharePoint site ownership policy – SharePoint in Microsoft 365 | Microsoft Learn

Site Attestation Policy – Private Preview

Ensuring that SharePoint sites are regularly reviewed by their respective owners and admins is important for maintaining governance across permissions, access, and site information. Regular reviews by accountable owners help mitigate risks associated with outdated content, oversharing, and unmanaged sites.

The Site Attestation Policy, currently in private preview, is a new addition to the site lifecycle management toolkit. This policy assigns responsibility for site reviews to site owners, helping prevent sites from becoming inactive or ownerless. It requires owners or admins to regularly verify key details—such as site purpose, ownership, membership, permissions, and sharing settings—at configurable intervals. If no action is taken within three months of a review notification, automated enforcement measures like site archival or setting the site to read-only may be applied. The policy also supports excluding specific users from notifications, providing organizations with flexibility in managing and enforcing reviews.

Request to enroll in the preview: https://aka.ms/ContentGovernancePreviews

Restricted sites creation (RSC) – General Availability

Managing data organization can be challenging, given the increasing volume of information being generated and shared. The new Restricted Site Creation feature allows you to control which groups of users in your organization are permitted to create various types of sites.

We are pleased to announce the general availability of the Restricted Site Creation feature. With this policy, SharePoint administrators have the capability to configure groups with restricted site creation privileges or assign site creation rights to specific groups within an organization. This policy can be applied granularly to Team sites, Communication sites, OneDrive for Business, or all types of sites.

Figure: Restricting site creation. 
To learn more, check out the product article here: Restrict OneDrive and SharePoint site creation – SharePoint in Microsoft 365 | Microsoft Learn

Agent insights and governance for SharePoint Admins

Agent Insights v1 – General Availability

Each SharePoint site now includes agents that are either prebuilt based on the site’s content or created by users based on the selected content.

To manage the usage of SharePoint agents across various sites within a tenant, agent insights for SharePoint administrators have been introduced. This report allows administrators to identify sites with high usage of SharePoint agents and take appropriate actions to enhance site security using features such as Restricted Access Control (RAC) or Restricted Content Discovery (RCD).

To learn more, check out the product article: Manage access to SharePoint agents – SharePoint in Microsoft 365 | Microsoft Learn

Enterprise Application Insights (third-party) at SharePoint site level – Public Preview 

Enterprise Application Insights is a report that identifies all SharePoint sites allowing access to third-party applications registered in your tenant. The report includes information on the applications’ permission scope (e.g., Files.Read.All) and request count, enabling you to take measures to enhance the security of the site.

Figure: Enterprise Application Insights (third-party) report.

To learn more, check out the product article: https://aka.ms/EnterpriseAppInsights  

Copilot for SharePoint Admins – General Availability.

We are excited to announce that Copilot is coming to the SharePoint admin center in May 2025, bringing powerful new capabilities to simplify and streamline administration. Copilot is designed to reduce time spent on routine tasks, minimize complexity, and help admins get more value from both existing and emerging tools.

Key features include natural language interaction, allowing admins to use everyday language to perform tasks and retrieve information without navigating complex menus.

• Contextual Q&A – Admins can ask “how-to” questions about their environment and receive accurate, real-time answers based on Microsoft Learn content.


• Multi-variable site search – Makes admins life easy to find specific sites using filters like owner, creation date, storage usage — saving time and improving efficiency.

Soon, Copilot will offer even more advanced capabilities to support safe and efficient administration.

• In-context bulk actions – will let admins make updates across multiple sites directly within their workflow—no need to switch tools.


• Context-aware guardrails – will help prevent mistakes by flagging risky actions, such as unintended site deletions.


• Review settings – will provide a consolidated view of tenant settings and their impact, enabling smarter, data-driven decisions.


• Deep integration into existing reports/tools, including SharePoint Advanced Management (SAM) reports, Copilot will enhance the broader Microsoft 365 experience with a seamless, intelligent layer of advanced capabilities.

This marks a major shift—not just in efficiency, but in how scalable and intelligent content governance can be.

Figure: Copilot assisting SharePoint administrators to optimize their tasks.

Organization lifecycle management and business solutions

SharePoint cross-tenant sites content migration – General Availability

Mergers, acquisitions, and divestitures (M&A) scenarios are a critical part of an organization’s lifecycle. In fact, many organizations expand and/or crystalize their business through M&A. 

Imagine an organization acquires another to expand their global footprint, and both organizations have a presence in Microsoft 365. As part of this M&A transaction, there is a need to move the acquired company’s employees’ OneDrives and Mailboxes and associated SharePoint sites to the parent company’s tenancy. OneDrive and mailboxes cross-tenant content migration launched in 2022, and now we are addressing the need to moving SharePoint sites across tenants.

We are thrilled to announce the general availability of SharePoint site cross-tenant content data migration coming soon in Summer. Using SharePoint PowerShell cmdlets, you can move SharePoint sites across two tenants, all kinds of sites like Communication sites, Modern team sites, Teams-connected or Groups-connected sites, etc.

Another notable capability upon site move is that the sharing links to old URLs will continue to work although the URL of the site has changed! This is made possible by the cross-tenant redirect capability that ensures any hit to old URLs is redirected to new URL. 

Figure. Migrating a SharePoint site across tenants and experiencing the redirect behavior for the site URL.

To learn more about OneDrive cross-tenant migration, check out here: Cross-tenant user data migration for OneDrives.

To learn more about SharePoint sites cross-tenant migration, click here: Cross-tenant SharePoint site migration

Cross-tenant content migration is now available for Microsoft 365 Multi-Geo customers too. For example, if you have satellite location in Australia and recently acquired another organization in Australia then you can move content from that organization to your satellite location.

Cross-tenant migration is available through Web Direct and Partner Resellers. Learn more here: Cross-tenant user data migration for OneDrives.

Get started now!

If you are new to Microsoft 365, learn how to try or buy a Microsoft 365 subscription.

Sign up for any private preview feature mentioned above:  https://aka.ms/ContentGovernancePreviews

To learn more about the features in detail, check out the product capabilities documentations below:

• SharePoint Advanced Management – Overview


• SharePoint data access governance (DAG) insights


• RCD Policy for SharePoint sites


• Restricted access control policies for SharePoint


• Manage site lifecycle policies


• Restrict OneDrive and SharePoint site creation


• Agent Insights


• Agreements solution


• SharePoint eSignature for Microsoft Word


• SharePoint cross-tenant sites content migration


• What’s new in SharePoint Admin Center


• SharePoint and OneDrive Security Cookbook

Thank you!

Sesha Mani
Partner Group Product Manager