Blog Post

Microsoft SharePoint Blog
6 MIN READ

SharePoint Showcase: Governance and Security Essentials for Admins in the AI Era

John_Mighell's avatar
John_Mighell
Icon for Microsoft rankMicrosoft
Sep 30, 2025

This month’s SharePoint Showcase comes at a pivotal time following our recent announcement of the new Knowledge Agent in SharePoint. We encourage you to opt-in for our public preview and share your feedback.

As the knowledge platform for Copilot and agents, SharePoint continues to evolve. Knowledge Agent empowers admins to maintain content hygiene and readiness for AI-driven innovation, directly supporting the strategic priorities highlighted in this month’s installment. This is particularly important as safeguarding content with trust and intelligence grows as the role of SharePoint Admins evolves in the AI Era.

Microsoft runs on trust, and content

Every day, organizations generate billions of documents in Microsoft 365: proposals, contracts, designs, training videos, and more. In the AI era, Microsoft 365 Copilot is helping companies turn that content into impact.

The content governance updates highlighted below are intended to help organizations scale with confidence.

These new capabilities span four specific areas:

  1. Agent governance/insights
  2. Copilot for SharePoint Admins
  3. Permissions management
  4. Storage management – Microsoft 365 Backup & Archive

To support admins in this evolving landscape, we have introduced a range of new tools and policies. These innovations are designed to help manage content hygiene and prepare for AI-powered productivity.

 

Restricted access control (RAC) policy for all sites using Entra security groups and Microsoft 365 groups

Managing permission sprawl from site oversharing is challenging. After identifying overshared sites via Data Access Governance reports, an Admin can immediately mitigate their oversharing concerns by limiting access to specific users using this new Restricted Access Control (RAC) policy. The Restricted Access Control (RAC) policy now applies to all SharePoint sites—including those connected to M365 groups and Teams—using Microsoft 365 and Entra security groups.

Access is restricted with two layers of authorization, i.e. to users who are members of those RAC control groups and are permissioned for items. This policy enables you to control access on any SharePoint or OneDrive site and instantly mitigate oversharing.

Status: Generally available

Documentation link: Restricted Access Control (RAC) policy

Controlling oversharing of a Teams-connected site with Entra security groups as restricted access policy (RAC) control group.

 

Restricted Content Discovery (RCD) for SharePoint sites

A key issue is the risk of unintentionally exposing content in Microsoft 365 Copilot due to outdated or excessive site permissions. After identifying overshared sites with a Data Access Governance report or for business-critical sites that are not yet ready to be exposed to Copilot, the next step is to restrict their discovery in Copilot.

The Restricted Content Discovery (RCD) policy is now available to help prevent accidental content discovery within Copilot and search and even custom Agents. Applying RCD to a SharePoint site blocks users from finding its content through Copilot or organization-wide search, supporting secure Copilot deployment.

Status: Generally available

Documentation link: Restricted Content Discovery (RCD) policy

Preventing accidental discovery of content with restricted content discovery (RCD) policy.

 

AI-driven Site Matching for SharePoint sites and OneDrive accounts

SharePoint admins should apply uniform security policies to similar sites, grouping them by department, location, or content type. For example, legal contract sites require strict measures like blocking external sharing, conditional access, group restrictions, and blocking downloads. Managing these settings across thousands of sites is difficult. However, with this feature, you can use reference sites to automatically compare up to 10,000 target sites, allowing the AI to find semantically similar content and flag any policy differences.

Status: Generally available

Documentation link: Restrict OneDrive and SharePoint site creation - SharePoint in Microsoft 365 | Microsoft Learn

Create an AI-driven content policy comparison report.

 

Agent Insights and Governance for SharePoint Admins

Each SharePoint site now has agents that are either prebuilt from site content or user created. Administrators can use agent insights to track sites with newly created SharePoint agents and the number of agents in a site. Admins can also take actions like enabling Restricted Access Control (RAC) or Restricted Content Discovery (RCD) to improve security.

Status: Generally available.

Documentation link: SharePoint Agent management

Use SharePoint agents report to view agent distribution across sites and restrict content discoverability by agents.

 

Enterprise Application Insights (third-party) at SharePoint site level

Enterprise Application Insights reports SharePoint and OneDrive sites that allow third-party app access in your tenant. It lists number of applications accessing the site, each application's permission scope (such as Files.Read.All), and request count, helping you strengthen application security for your Microsoft 365 tenancy.

Status: Public preview

Documentation link: Enterprise Application Insights

 

 

Copilot for SharePoint admins 

Launched in May 2025,  Copilot for the SharePoint admin center provides features to simplify administration. Admins can use natural language to complete tasks and search for info efficiently. Key features:

  • Contextual Q&A: Ask any SharePoint management questions and get real-time answers based on product articles published in Microsoft Learn.
  • Multi-variable site search: Find sites easily by describing sites using any combination of attributes (name, URL, storage used, Primary admin, activity, etc)
  • Recap: Quickly catch up with everything that has changed since your last activity in SharePoint admin center.
  • Contextual conversations: Copilot will now be able to reference your chat and maintain your conversation context.

Upcoming capabilities include bulk actions, consolidated settings review (modern, classic, PowerShell, graph, etc.), and deeper integration with existing reports and tools. These enhancements aim to modernize governance and streamline admin workflows.

Status: Generally available

Documentation link: Copilot for SharePoint admin center

 

SharePoint cross-tenant site content migration

Mergers, acquisitions, and divestitures often involve integrating organizations using Microsoft 365. Migrating OneDrive’s, Mailboxes, and now SharePoint sites between tenants is supported, with cross-tenant SharePoint migration. Sites can be moved quickly and securely, and sharing links stay active via cross-tenant redirects that point old URLs to their new locations.

Status: Generally available

To learn more about cross-tenant migration, see the following articles:


Cross-tenant content migration is now available for Microsoft 365 Multi-Geo customers too, enabling direct content transfer between regional locations.

 

Stronger resiliency with Microsoft 365 Backup

Microsoft 365 Backup delivers secure, high-speed data protection and recovery to ensure business continuity—all within the trusted Microsoft 365 network. From new dynamic rules for automated user protection, and more ways for admins to keep their content protected and easily restorable.

  • Dynamic rules in backup policies: Automatically add/remove/update users in backup policies using distribution lists or security groups. Policies are re-evaluated daily for ongoing protection

Status: Generally available

Documentation link: Dynamic rules in backup policies

 

  • Multi-admin email notifications: Keeps select admins informed of key actions like user offboarding or changes to protection policies, adding accountability and defense against attacks

Status: Generally available

Documentation link: Multi-admin email notifications

 

For organizations seeking even broader coverage and faster restore speeds, the Veeam Data Cloud for Microsoft 365 Premium offering builds on Microsoft 365 Backup’s fast recovery foundation, with added capabilities and an offline copy. Veeam is currently offering a 30% discount on this enhanced Premium solution.

Leverage M365 Archive for a low-cost solution that helps optimize Copilot grounding by removing less, inactive content in your Microsoft 365 tenancy using Inactive Site Policy in SharePoint.

Site archiving is generally available and FREE (if you’re under your SharePoint storage quota). If you are over quota, moving content to the archive tier can save you up to 75% on extra storage costs.

 

SharePoint admin’s strategic role

With these tools, SharePoint Admins are no longer just system custodians. They’re strategic enablers of secure collaboration and AI readiness. Their responsibilities now include auditing overshared content, applying AI-driven policy recommendations, managing third-party access, and supporting complex scenarios like cross-tenant migrations.

By maintaining high standards of content hygiene, Admins help ensure that Microsoft 365 remains a trusted platform for innovation and productivity across their organization.

 

Get started

If you are new to Microsoft 365, learn how to try or buy a Microsoft 365 subscription.

Want to try out Microsoft 365 Copilot, check out here

Catch up on the latest content

Additional resources:

Updated Sep 30, 2025
Version 4.0
No CommentsBe the first to comment