Microsoft SharePoint Blog

15 MIN READ

Copilot readiness and resiliency with Microsoft 365: Ignite 2025 Edition

Microsoft

Nov 18, 2025

Microsoft runs on trust. In today’s agentic era, Microsoft 365 content governance is more critical than ever for safeguarding business-critical content at cloud scale.

Content underpins the modern workplace - proposals, contracts, invoices, designs, plans, training videos, documents, decks, and more. Every workday, customers add over 3 billion new documents to Microsoft 365. And many Fortune 500 companies now leverage Microsoft 365 Copilot to accelerate outcomes and empower teams.

What makes Microsoft 365 Copilot so transformative is its ability to securely leverage organizational data stored in SharePoint and OneDrive, the most widely used content management platform with over 400M monthly active users.

At Microsoft Ignite 2025 today, we’re excited to announce innovations that empower customers to get ready to deploy Copilot with SharePoint Advanced Management (SAM) capabilities natively in Microsoft 365 Copilot and bring resiliency with Microsoft 365 Backup & Archive. And as customers generate more data than ever, the role of backup and archive becomes increasingly important – enabling resilient recovery at terabyte scale to keep organizations safe, compliant, and operational. This blog covers:

Microsoft 365 SharePoint Admin agentic skills
Copilot readiness with SharePoint permissions and policies
Copilot resiliency with Microsoft 365 Backup and Microsoft 365 Archive
Organization lifecycle management
Microsoft Baseline security mode

To learn more, keep reading – and watch our Ignite session on Thurs, Nov 20 at 4:45pm PST: BRK300 – Copilot readiness & resiliency for your Microsoft 365 content. If you’re attending Ignite, join us in person at our session or at the Microsoft 365 booth.

SharePoint Admin agentic skills

We are taking SharePoint management and Microsoft 365 content governance to a whole new level with new advanced and cloud-scale agentic skills, available right within SharePoint Admin center. Keep reading for the details.

Permissions skill – Public preview

We’re thrilled to introduce scalable permissions management, all with natural language. Using Copilot in the SharePoint admin center, you can now invoke ‘which sites in my tenant are overshared?’, and Copilot will provide you with a concise answer.

Use permissions skill to generate insights on site permissions reports

The permissions skill empowers the SharePoint admin by analyzing the site permissions for your organization report and identifying sites at high risk of oversharing along with potential root causes.

To learn more, check out the Permissions skill page on Learn.

Lifecycle skill – Public preview

Lifecycle skill empowers SharePoint admins to easily manage site lifecycle policies using natural language prompts. Simply ask Copilot to identify inactive or high-risk sites, and it will quickly surface actionable insights, top results, and an option to export detailed analyses. This streamlines the process of site clean-up and helps maintain a healthy tenant environment without navigating complex menus.

When you use the starter prompt, such as "List my high-storage inactive sites", Copilot delivers a clear summary of the top sites that require attention, along with recommendations for next steps. This helps administrators prioritize clean-up and ensures compliance with organizational policies.

Use Lifecycle skill to generate insights on site lifecycle policies

To learn more, check out the Lifecycle skill page on Learn.

Storage skill – Public preview

The Storage skill in Copilot now makes SharePoint storage management simple and smart. Just ask Copilot to help clean up storage, review tenant settings, identify sites using the most space, or guide you on expanding your storage. With actionable insights and easy prompts, you can optimize your SharePoint environment in seconds.

Copilot recommends ways to clean up SharePoint storage and identifies sites with the most storage usage.

To learn more, check out the Storage skill page on Learn.

Catalog management – Public preview

Catalog management in SharePoint organizes sites into clusters using site properties & metadata and user attributes. Site properties and metadata include system and custom properties like department owning the site. User attributes span roles and information segments. This gives admins a panoramic view of their Microsoft 365 content estate across locales and roles and business groups.

By aligning content structure with organizational ownership, Catalog management makes it easier to apply SAM’s (SharePoint Advanced Management) lifecycle policies, access reviews, and Copilot access at scale – without manual per site work. It improves governance consistency, reduces overhead, and accelerates readiness for agentic automation.

Today, we’re thrilled to introduce Catalog management in SharePoint admin center for public preview.

Catalog management options in the SharePoint admin center

Agent Insights v2 – General availability

With the exponential growth of agents within organizations, the question of what these Agents do with Microsoft 365 content is top of mind for admins. Look no further. Today, we’re introducing Agent Insights v2 for SharePoint admins to monitor sites that are accessed by all types of agents within the organization.

Simply navigate to the agent access insight report under Agent insights tab in SharePoint Admin center, it will provide you with insights on all agents accessing content in SharePoint sites and OneDrive. Furthermore, with this report admins can analyze the agent access patterns, agent type (declarative, custom) and track their call volume. Admins can also view the distribution of access patterns across various site templates and the top 20 agents that are accessing the sites.

Use Agent access insights to view sites that are accessed by all agents.

To learn more, check out the product article: Insights on Agent Access - SharePoint in Microsoft 365 | Microsoft Learn

Because each site can also have SharePoint agents, we’re enhancing SharePoint agent insights report by giving admins the ability to view the detailed list of SharePoint agents recently created in the site.

Use SharePoint agents insights to apply restricted content discovery policy by agents.

To learn more, check out the product article: Manage access to SharePoint agents - SharePoint in Microsoft 365 | Microsoft Learn

Copilot for SharePoint Admins additional skills – General availability

Back in May, we introduced Copilot to the SharePoint admin center with a foundational set of skills.

These features include the following:

In-context bulk actions – to help admins make updates across multiple sites directly within their workflow—without needing to switch tools.
Natural language processing - to allow admins to use everyday language without the need to navigate complex menus.
Context-aware guardrails - to help prevent mistakes by flagging risky actions, such as unintended site deletions.
Review settings - to provide a consolidated view of tenant settings and their impact, enabling smarter, data-driven decisions.
Deep integration into existing reports/tools - including SharePoint Advanced Management (SAM) reports that deliver a seamless, intelligent layer of advanced capabilities across Microsoft 365.

This marks a major shift—not just in efficiency, but also in how scalable and intelligent content governance can be.

Copilot assisting SharePoint admins to optimize their tasks.

To learn more, check out the Get ready for Microsoft 365 Copilot with SharePoint Advanced Management article on Microsoft Learn.

SharePoint permissions and policies

Permission state report for a given user – General availability

As organizations prepare to deploy Microsoft 365 Copilot, it's essential to ensure that content permissions are properly configured. Copilot adheres to existing permissions, so understanding who has access to what content is a critical step for a secure and successful Copilot rollout.

Sites with many users can pose a higher risk of unintended data exposure through Copilot interactions. To help address this, at Microsoft 365 Conference this May we introduced site permissions for organization report. It scans through all sites in your tenancy, be it thousands or millions of them, and creates an insightful report showing sites with the highest number of permissioned users, policies configured, and enabling admins to mitigate the oversharing with RAC (restricted access control) policy or initiate access reviews with site owners.

Today, we’re excited to announce that we are taking permission management to a whole new level, introducing the site permissions for a user report. As the name implies, for a given set of users, be it they are your pilot user for Copilot or for business reasons you need to understand their permissions graph, you can now get detailed permissions state across all sites in your tenancy. Such a powerful insight.

Understanding the extent of permissions of a given user in the tenant.

To learn more about all data access governance (DAG) insights, check out the SharePoint DAG insights article on Microsoft Learn.

Delegated management of Restricted Access Control (RAC) Policy – Public preview

We launched Restricted Access Control (RAC) policy last year to empower admins mitigate overshared sites. This is a powerful SharePoint Authorization policy and requires users to be in the RAC control group and have content ACL permissions to access content.

We heard your feedback to allow delegation of this policy.

Today, we’re excited to announce that management of RAC policy can be delegated to site owners/admins, enabling oversharing governance at scale while empowering site admins to take corrective governance controls with justification.

Empowering site admins to manage RAC (Restricted Access Control) policy on their site.

To learn more, check out the RAC policy for sites page.

Delegated management of Restricted Content Discovery (RCD) Policy – Public preview

To prepare the content for Copilot and declarative agents, you can utilize RCD policy to prevent certain sites from being discovered. We’re excited to announce that management of RCD policy can be delegated to site admins, thereby empowering the site admins to take corrective governance action for their site.

Empowering site admins to manage RCD (Restricted Content Discovery) policy on their site.

To learn more, check out the RCD policy for sites article.

Application insights (third-party) report at Site level – General availability

The enterprise application insights report identifies all SharePoint and OneDrive sites that are allowing access to third-party applications registered in your tenant. The report includes information on the applications' permission scope (e.g., Files.Read.All), request count and call volume, enabling you to take measures to enhance the security of the site.

Enterprise Application Insights (third-party) report.

To learn more, check out the Generate App insights reports to monitor non-Microsoft applications article.

https://aka.ms/EnterpriseAppInsights

Extended SharePoint Permissions (ESP) – General Availability

Extended SharePoint Permissions (ESP) is a powerful access control designed to simplify and bring the power of site permissions and sensitivity labels together in such a way that SharePoint site permissions travel with the document, even if users download and the document leaves SharePoint!

If you have deployed sensitivity labels, you can configure document libraries so that downloaded files inherit the site’s permissions through a specified label. This ensures that even after leaving SharePoint, files remain protected—users retain only the access they had in SharePoint, and unauthorized users cannot open the file. The protection is dynamic: if permissions change or the site becomes inactive, access to the downloaded file is revoked. Labeled files are also restricted from being copied or moved outside the site, and unlabeled or unencrypted files are automatically labeled. This approach is ideal for organizations starting their labeling journey.

Applying ESP label to a share point library

To learn more, check out the Configure SharePoint with a sensitivity label to extend permissions to downloaded documents page.

Microsoft 365 Copilot supports encrypted and labelled documents – General Availability

Microsoft 365 Copilot now integrates with Microsoft Purview sensitivity labels, combining the power of AI with enterprise-grade security. This means every document, email, and chat generated by Copilot respects your organization’s compliance rules—enforcing encryption, permissions, and label inheritance automatically. Teams can collaborate confidently on sensitive projects without compromising data protection. Businesses can unlock productivity while staying fully compliant. Copilot isn’t just smart—it’s secure.

To learn more, check out the Apply sensitivity labels with Microsoft 365 Copilot for secure collaboration - Training page.

Microsoft 365 Additional Storage

Understanding your SharePoint storage needs can be complex, especially as employees generate content with AI and agents joining the workforce but also use retention policies and archiving to manage their storage. Coming soon, we’re adding flexibility for admins to pay-as-you-go – making it easy to set budgets and control costs. This feature also seamlessly integrates with Microsoft 365 Archive to simplify your data lifecycle.

Microsoft 365 Additional Storage PAYGO ensures you only pay for what you need.

To learn more, check out the Microsoft 365 Additional Storage page.

Copilot resiliency with Microsoft 365 Backup

Microsoft 365 Backup provides business continuity and recovery peace of mind. It offers fast backups, low recovery times and frequencies, and helps keep your data secure within the trusted Microsoft 365 network boundary while providing strong access controls.

Departmental billing – Private preview

Departmental billing allows you to connect more than one billing policy to the Microsoft 365 Backup offering in the pay-as-you-go billing setup experience in the Microsoft 365 admin center and then connect those billing policies to specific Backup policies. That way, each department in your company can use their own Azure subscription to pay for their backup consumption independently. We plan to offer this for Microsoft 365 Archive in the first half of 2026.

To learn more and request to enroll in the Backup departmental billing preview by filling in and submitting the private preview sign-up form.

Administrator connecting an additional billing policy for Sales department.

Granular restore with Microsoft 365 Backup – Public preview

Granular restore enables admins to browse and restore individual files and folders within Microsoft 365 Backup. This feature provides:

Enhanced control with selective search and restore options.
Precision recovery, allowing you to recover individual files or folders without rolling back entire workloads—minimizing disruption and saving time.

This capability is especially valuable for accidental deletions and targeted recovery scenarios.

Admin browsing site for individual folders and files to restore

To learn more, check out the Granular Restore page.

Microsoft 365 Backup GCC availability – Public preview

Today, we’re thrilled to announce that Microsoft 365 Backup is now available in the Government Community Cloud (GCC) to customers that require that environment. Microsoft 365 in GCC is designed to meet the unique compliance, security, and operational needs of U.S. government organizations. It is tailored for federal, state, local, and tribal governments, as well as contractors handling government-regulated data. This environment ensures compliance with strict U.S. government standards, such as FedRAMP High Impact accreditation.

Other Microsoft 365 Backup features are now generally available

Backup discovery in SharePoint Admin Center

Now it’s even easier for you to discover back up opportunities for your tenant’s SharePoint sites and OneDrive accounts right from the SharePoint admin center Home page, linked to the Microsoft 365 Admin Center control experience. You can also discover the Microsoft 365 Backup solution from the Microsoft 365 Admin Center Home recommendations panel – not shown here.

SharePoint admin discovers gap in backup coverage and learns how to enable it on SharePoint Admin center home page.

Here's an example of Backup discovery within the Active Sites page, one of the most frequented page by SharePoint admins.

SharePoint admin discovers gap in backup coverage and learns how to enable in SharePoint Admin center active sites page.

Dynamic Rules

Dynamic Rules are generally available today to automatically add/remove user OneDrive accounts and Exchange mailboxes. The benefit of this feature is ease of administration and fuller coverage. You can selectively include distribution lists and/or security groups for OneDrive or Exchange Online. Our service will re-evaluate memberships of those lists/groups daily to modify which users are added or removed from the backup policy.

Administrator configures a dynamic rule to automatically define a user’s OneDrive account and mailbox backup policy.

To learn more, check out Dynamic Rules.

Multi-admin notification

Multi-admin notification is generally available today via opt-in email to inform you when a potentially dangerous or routine event has occurred within the Backup tool. We recommend enabling this feature to provide better defense in depth against insider attacks.

If an admin with access to the Backup tool performs a potentially dangerous or malicious action, such as triggering an offboarding event or removing a site or user from the protection policy, all admins on the notification list will be notified of that action. Because the Backup tool has an offboarding grace period, another admin can resolve the malicious act before it impacts business operations. Backups, including “air-gapped” ones are often the first target of a sophisticated attacker. The multi-admin notification feature provides additional checks and balances to keep an organization safe and healthy.

Administrator enables email notifications to multiple people.

To learn more, check out Multi admin notifications.

Featured Microsoft 365 Backup Storage partner promotion – Veeam Data Cloud Premium

If you’re looking for a solution that leverages the power and restore speeds delivered by the Microsoft 365 Backup Storage platform, but also want additional coverage, consider the Veeam Data Cloud Premium offering. Veeam is currently running a 30% discount promotion (through December 31, 2025) on this offering.

To learn more about Microsoft 365 Backup, check out the product page or find a recognized Microsoft 365 Backup Storage partner solution.

Organization lifecycle management

Microsoft 365 cross-tenant migration – Teams Chat support – Public preview

We’re excited to announce that M365 Cross Tenant Migration for Teams chat will soon be available in Public Preview, enabling organizations to seamlessly move personal and group chats, as well as meeting conversations. Combined with orchestration for Mailboxes, OneDrive, and SharePoint sites, this feature minimizes disruption and preserves productivity throughout the migration process. This native solution to migrate Teams content across tenants elevates the power of Microsoft 365 cross tenant migration.

Teams chats on the target tenant after a Cross Tenant Migration has been completed.

SharePoint cross-tenant sites content migration – General availability

Mergers, acquisitions, and divestiture (M&A) scenarios are a critical part of an organization’s lifecycle - expanding and/or crystalizing its business goals. It often require moving the acquired company’s employees’ OneDrive, Mailboxes, and associated SharePoint sites to the acquiree company’s tenancy.

At Microsoft 365 Conference in May’25, we announced the general availability of SharePoint site cross-tenant content data migration. Using PowerShell cmdlets, you can move any site type - Communication sites, Modern team sites, Teams-connected or Groups-connected sites.

Plus, sharing links keep working after migration thanks to cross-tenant redirect, which automatically redirects requests to old URLs to the new ones. Check out the demo below.

Today, we’re excited to announce cross-tenant migration is available through Web Direct and Partner Resellers. Learn more here: Cross-tenant user data migration for OneDrive.

Migrating a SharePoint site across tenants and experiencing the redirect behavior for the site URL.

To learn more about OneDrive cross-tenant migration, check out here: Cross-tenant user data migration for OneDrive.

To learn more about SharePoint sites cross-tenant migration, click here: Cross-tenant SharePoint site migration

Advanced Tenant Rename at Planet Scale – General availability

When organizations go through a rebranding, merger, acquisition, divestiture, or tenant consolidation, they often need their SharePoint domain name to reflect the new identity. SharePoint Tenant Rename enables customers to update their domain name in site URLs to align with these business changes.

Advanced Tenant Rename currently supports rename for tenants with less than 100K sites. We heard your feedback.

Today, we’re excited to announce that Advanced Tenant Rename now scales beyond 100K sites, with no upper limit. In addition, it allows prioritizing up to 4K sites for early execution to reduce business disruption.

To learn more, check out here: Change your SharePoint domain name - SharePoint in Microsoft 365 | Microsoft Learn

Restricted site provisioning for Apps – Public preview

Restricted site creation (RSC) for Apps, a new capability in SharePoint Advanced Management (SAM), gives admins precise control over which apps can create sites. You can set policies in allow mode (only approved apps can create sites) or deny mode (block selected apps).

This reduces security risks and enforces app governance by preventing unauthorized apps from provisioning sites. Public Preview is coming soon. You can enable it with cmdlet: Set-SPORestrictedSiteCreationForApps –Enabled $true

To learn more, check out here: Restricted Sites for Apps - SharePoint in Microsoft 365 | Microsoft Learn

Microsoft Baseline security mode (BSM)

The above suite of content governance innovations gets you Copilot ready across your full workforce while safeguarding business continuity and resiliency. In addition, we are elevating security baseline guidance, starting with Microsoft 365 and Entra and expanding soon to all Microsoft services.

Customers often ask:
What is Microsoft’s secure-by-default benchmark for Microsoft 365?
How do the learnings from the Secure Future Initiative (SFI) translate into customer value?
Is my Microsoft 365 tenant security hardened enough?

Today, at Microsoft Ignite 2025, we are excited to announce Microsoft Baseline security mode (BSM) now generally available and rolling out globally. With BSM, we have an answer for those questions.

BSM is the first product born from decades of experience operating secure cloud services, responding to incidents, and learnings from the Secure Future Initiative (SFI). By simply opting in, your Microsoft cloud environment—starting with Microsoft 365, and Entra adopts strong secure-by-default settings and eliminates vulnerabilities caused by legacy configurations.

Available in the Microsoft 365 admin center, BSM is simple to use yet offers advanced capabilities enabling you to easily: