Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Site ownership policies help you identify sites that don't meet your organization's ownership requirements. Use these policies to define ownership criteria, notify responsible users when sites become noncompliant, and take enforcement actions when ownership issues aren't resolved.
For an overview of SharePoint site lifecycle management policies and how site ownership policies work alongside inactive site and site attestation policies, see Overview of SharePoint site lifecycle management.
This article describes how site ownership policies evaluate ownership requirements, how to create and configure a policy, and how to monitor policy execution.
Prerequisites
See SharePoint Advanced Management prerequisites.
Create a site ownership policy
To create a site ownership policy, follow these steps:
As a SharePoint administrator, go to the SharePoint admin center and sign in.
In the navigation pane, expand Policies, and then select Site lifecycle management.
Under Site ownership policies, select Open. Then, select + Create policy.
On Manage ownership of sites, review the information, and then select Next.
On Set policy scope, choose your policy scope parameters, and then select Next.
If you select Upload a CSV file with a list of up to 10,000 URLs, you can upload a list of site URLs of select sites for the policy.
Tip
- You can export the site list from the SharePoint active sites page.
- Ensure the CSV file uses the same format of the sample CSV file, that it has no duplicate URLs, and that the URLs are valid and complete.
- Ensure the URLs listed in CSV file belong to your tenant's domain.
On Configure policy, specify criteria for your policy, and then select Next.
If you plan to exclude users or groups, see important information in the section, Excluding users or groups (in this article).
On Finish, specify a name and description for your policy, select a policy mode, and then select Finish.
If you select Active mode, your policy runs monthly, generates a report, and notifies site owners or site administrator about potential issues, depending on policy configuration.
After your policy is created, select Done.
You can view and manage your policy by selecting Site ownership policies in the Site lifecycle management dashboard.
Define ownership criteria
When you create a site ownership policy, define the ownership criteria that sites must meet. You can determine:
- Whether ownership is determined by site owners, site administrators, or both.
- The minimum number of owners or administrators required for a site.
For example, setting the minimum owner count to 2 identifies sites that have only a single owner and require remediation.
When the policy runs, it identifies sites that don't meet the configured ownership requirements and generates a report. Active policies can also notify selected recipients.
Policy modes
Site ownership policies support two operating modes:
- Simulation mode – Runs the policy once and generates a report without ongoing enforcement.
- Active mode – Runs monthly, generates reports, sends notifications, and can apply enforcement actions based on policy configuration.
Note
Site lifecycle policies in simulation mode are now available in GCCH and DoD environments as of November 17, 2025.
For more information about policy modes across site lifecycle management policies, see Overview of SharePoint site lifecycle management.
Policy scope
You can create different site ownership policies for different groups of sites across your organization. When configuring scope, select sites based on:
- Site templates
- Site creation sources
- Sensitivity labels
- Retention policies
- Retention holds
You can also exclude up to 100 specific site URLs.
Note
The following sites are excluded from site ownership policies:
- OneDrive sites
- Sites created by system users
- App catalog sites
- Root sites
- Home sites
- Tenant admin sites
Resolve user ID mismatches before running a policy
Before you run a site ownership policy, resolve any user ID mismatches to help ensure accurate ownership evaluation. User ID mismatches can occur when you delete and later recreate a user account, which leaves site ownership references associated with an obsolete identifier.
See Fix site user ID mismatch in SharePoint or OneDrive.
Configure ownership notifications
During policy configuration, choose who should receive notifications when ownership requirements aren't met. You can notify:
Current site owners: If you set the minimum owner or admin count to two and the site has an existing site owner, the owner receives an email notification asking them to add another owner.
Current site admins: If you set the minimum owner or admin count to two and the site has an existing site administrator, the administrator receives an email notification asking them to add another owner.
Managers of previous owners or admins: If an owner or administrator of a site leaves the organization, their managers are informed that the site needs an owner for effective management. If managers are members of a site, they can accept ownership. If they're visitors or don't have access to the site, they can coordinate with SharePoint administrators to find the next best owner.
As a user's details are deleted from the system 30 days after leaving the organization, managers might get only one notification about the site.
If the policy runs after 30 days of a user's leaving the organization, manager information isn't available, and notifications can't be sent.
For a Teams site, the "manager of the previous site owner" notification works only for users added directly to the SharePoint site owner. If the user was added from a Microsoft 365 Group, the notification isn't sent. This limitation exists because of how user information is retained after an account is deleted. To improve the chances of successfully sending notifications, select at least three options.
Active site members: Based on policy configuration, the policy sends emails to the most recent active members of a site to accept ownership.
To ensure relevance and recency, read or write activity performed by a site member on a site in the last 180 days is considered as an activity.
Any user with last activity beyond 180 days isn't considered for these notifications.
External and guest users aren't considered for these notifications to accept ownership.
Note
If a site has no one to notify as per the email recipients provided during policy configuration, the count is provided in the summary. You can triage the sites and determine the next course of action.
Customize email notifications
Administrators can customize the email messages that site lifecycle management policies send when site issues require attention.
Customizing email content helps improve the read-through rate of the emails, which effectively improves response efficiency and contributes to better governance across the tenant.
You can customize emails in the configure step. When you select Customize email to be sent, the customization window opens as shown in the following screenshot:
The following table describes the sections you can customize:
| Customizable section | Description |
|---|---|
| Sender | You must configure a custom domain in the Microsoft 365 admin center before you can use the email customization feature. For more information, see Choose which domain to use for your email. |
| Subject (up to 100 characters) | Use $UserDisplayName to insert the user's name and $SiteName to insert the name of the site. |
| Message (up to 500 characters) | Use $UserDisplayName to insert the user's name, $SiteName to insert the name of the site, and $SiteUrl to insert the URL of the site. |
| Policy guideline URL | Only valid HTTP links are allowed. |
| Policy guideline description text | The default value is the placeholder text. |
To customize emails for existing policies, follow these steps:
Select an existing policy.
Select Edit configuration.
Find the email customization option.
Note
If you don't configure email customization for a policy, the system continues to send default emails from noreply@sharepoint.com.
What to do if you can't customize email messages
You can't customize emails if the custom domain setting isn't configured or is turned off.
You must configure the Send email notifications from your domain setting in the Microsoft 365 admin center before you can customize emails. If you don't configure this setting, you see a warning message at the top of the policy list, as shown in the following image:
You might also see the warning message during the configuration step, as shown in the following screenshot:
If you previously customized emails in one or more policies, but later turn off the Send email notifications from your domain setting in the Microsoft 365 admin center, you see the message bar in the policy list, and a warning message in the email customization window, as shown in the following screenshot:
Note
Only someone who has the Global Administrator role can configure domain settings in the Microsoft 365 admin center.
Review ownership notifications
The active policy sends ownership policy notifications when it detects sites that don't meet ownership requirements. Recipients can take actions directly from the email to help resolve ownership issues.
Important
Site lifecycle management policies use Outlook Actionable Messages to enable recipients to take actions directly from email.
- Ensure required Outlook versions are deployed.
- US Government cloud customers must complete additional actionable message configuration.
- For troubleshooting guidance, see the Outlook Actionable Messages documentation.
Excluding users or groups
You can exclude specific users, Microsoft 365 Groups, or security groups from receiving site lifecycle management requests and notifications, even if they're site owners or site admins for sites that are included in a policy.
Key behaviors:
- Exclusions are used only to determine notification recipients.
- Excluding a user or group doesn't change site permissions or ownership, and doesn't exclude the site from lifecycle policy evaluation
- Sites continue to be evaluated by the policy as usual.
Limits:
- You can add up to 100 entries to the exclusion list.
- Each entry can be an individual user, a Microsoft 365 Group, or a security group
- The 100-entry limit applies to the number of entries, not the number of users within a group. For example, a group with more than 100 members counts as one entry.
Group exclusion behavior (important):
- When a group is added to the exclusion list for a policy, that group is excluded from notifications only when the group is directly added to the site or is a nested group within other groups that are directly added to the site.
- A member of an excluded group might still receive a notification if they're directly added to the site or are part of some other group that is directly added to the site.
Manage overlapping site ownership policies
If multiple site ownership policies cover the same site, the system doesn't send duplicate notifications. If a site receives a notification from another site ownership policy within the previous 30 days and remains noncompliant, the system doesn't send another notification. The policy execution report shows the status Notified by another policy.
To avoid unpredictable notification schedules and enforcement actions, avoid overlapping scopes across site ownership policies.
Enforcement actions
Note
Hard enforcement actions, such as locking a site or setting it to read-only, apply only to ownerless (zero owner) sites, where there's no accountable party and the governance risk is highest. Applying such enforcements to sites with an active owner can be disruptive and could unintentionally impact business workflows. As a result, this policy is designed to nudge rather than disrupt. Single owner sites receive notifications and reports that encourage restoration of the minimum owner count, without blocking access. If the site owner takes no action in such cases (nonownerless, but still in violation sites), after the third notification, there's a three-month cool-off period after which notifications resume.
The following table summarizes how the site ownership policy behaves, based on the selected enforcement action:
| Enforcement action | Policy behavior |
|---|---|
| Do nothing | The specified recipients receive monthly notifications for three months. After this period, the policy sends no notifications for the next three months. If the site remains in violation of ownership criteria after six months, monthly notifications resume. The policy execution report lists sites in violation as unactioned. You can download this report and filter out sites marked as unactioned. |
| Read-only access | The specified recipients receive monthly notifications for three months. - If the notification recipients don't address site ownership during this period and the site continues to be ownerless, it goes into read-only mode. - If the notification recipients don't address site ownership during this period but the site has at least one owner, after the third notification, there's a three-month cool-off period, after which notifications resume. |
| Archive sites after mandatory read-only period | The specified recipients receive monthly notifications for three months. - If the notification recipients don't address site ownership during this period, and the site continues to be ownerless, the site goes into a read-only mode for the configured number of months. After the configured number of months, the site gets archived through Microsoft 365 Archive. Archival must be enabled for the tenant in the Microsoft 365 admin center. - If the notification recipients don't address site ownership during this period but the site has at least one owner, after the third notification, there's a three-month cool-off period, after which notifications resume. |
Read-only mode
A site ownership policy that you configure with the read-only enforcement action sends extra notifications to inform the specified recipients when there's no response.
When a site goes into read-only mode, a notification is sent.
If a site is in read-only mode, the following banner is added to the site:
Important points about read-only or locked sites
For sites that are in a read-only or locked state, the following behaviors are expected.
Unlocked sites: Always included in policy scope
Read-only sites locked by the same policy type:
- Included in scope
- Report indicates the site was previously actioned by this policy
Read-only sites locked by a different policy type:
- Excluded from policy scope
- Another policy already owns and governs this site
Read-only sites externally locked (locked because of reasons other than site lifecycle management):
- Included in scope
- External locks do not prevent the site from being evaluated by the policy
No-access (fully locked) sites:
- Included in scope, but no enforcement action is taken
- The policy skips action because the site is already in a no access locked state
These are default behaviors that can't be modified through policy configurations.
Remove a site from read-only mode
To remove a site from read-only mode in SharePoint admin center, go to the Active sites page, select the site, and then select Unlock from the site page panel.
Site owners can't remove a site from read-only mode and must contact the tenant admin to remove read-only mode.
Unarchive a site
To unarchive a site in SharePoint admin center, expand Sites and select Archived sites. Select the site you want to unarchive and select Reactivate.
Note
Only tenant admins can reactivate an archived site.
Reporting
Each policy run generates a report that shows sites that don't meet the configured ownership requirements. The report summarizes:
- Ownership compliance status
- Notification history
- Enforcement actions
- Ownership configuration details
- Site metadata
Select Download report to download the detailed report in a .csv format. The following table describes the information included in the policy execution report:
| Column | Description |
|---|---|
| Site name | Name of the site |
| URL | URL of the site |
| Template | Template of the site |
| Sensitivity label | Sensitivity label of the site |
| Retention policy | Indicates if any retention policy is applied to the site |
| Site lock state | State of site access before the policy runs (Unlock/Read-Only/No access) |
| Minimum owners or admins configured | Minimum owner or admin count you configured while creating the policy |
| Number of site owners | Total count of site owners for the site |
| Email address of site owners | Email addresses of all site owners |
| Number of site admins | Total count of site administrators for the site |
| Email address of site admins | Email addresses of all site administrators |
| Managers of previous owners or admins | Email addresses of the managers of previous owners or admins (if this option was configured during policy set-up) |
| Active members | Email addresses of the active site members (if this option was configured during policy set-up) |
| Total notifications count | Total notifications sent so far by any policy under the same policy template |
| Action status | Status of the site [First/second/third notification sent, Site in read-only mode, Site archived, Action taken by another policy] |
| Action taken on (UTC) | Date on which the enforcement action was taken (date when site was archived or put in read-only mode) |
| Last activity date (UTC) | Date of last activity detected across SharePoint site and connected workloads |
| Site creation date (UTC) | Date when the site was created |
| Storage used (GB) | Storage consumed by the site |
| Duration in read-only (days) | Number of days the site is in the enforced read-only state |
Set up actionable emails for SLM policies in US Government cloud environments
In US Government Cloud (GCC High and DoD) environments, a tenant administrator must complete an extra, one-time setup for SharePoint site lifecycle management (SLM) policies to use actionable messages. This step helps ensure that policy notification emails display and function correctly. For example, site admins and site owners can take actions directly from email.
Unlike other commercial cloud environments, GCC High and DoD tenants require explicit administrator approval of the actionable message provider before it can send interactive email messages. Without this approval, SLM policy emails are delivered, but action buttons don't function as expected.
Important
You must be a Global Administrator or Exchange Administrator in the tenant to set up actionable messages.
Approve the SLM actionable message provider
Go to the Outlook Actionable Messages – Connectors admin portal for GCCH or DoD and sign in.
In the Provider Status filter, select Approved by Microsoft – Pending Your Approval.
Locate the provider named
InactiveSiteOAMProviderGCCH.Select the provider, and then select Approve.
After you approve the provider, the SLM policy notifications send actionable messages.
Note
This approval applies only to SLM policy notifications. Other applications or services that use actionable messages might require separate approval.
Ensure actionable messages are enabled for the tenant
Site lifecycle management policies use Outlook actionable messages to enable site owners or site administrators to take necessary actions by using links within email messages.
- For notifications to render properly, make sure your organization meets the Outlook version requirements.
- To troubleshoot rendering problems, see frequently asked questions.
Troubleshooting actionable messages
If actionable messages don't work as expected, try these steps:
- Make sure that the
InactiveSiteOAMProviderGCCHprovider is in an approved state. - Allow sufficient time. It can take up to 24 hours for changes to propagate.