SharePoint Site Ownership Policies comes with SharePoint Advanced management or Copilot and is part of Site Lifecycle Management. In a nutshell, it does 1) Identify sites that don’t meet organization’s ownership criteria, 2) send notifications to find new site owners or admins and 3) automatically mark sites in read-only (or just report). Below is my deep dive in this policy.
I will not retell what is already documented by Microsoft, but you can find some gotchas below.
Notification emails start coming in a few minutes after you activate the policy. From email address is
SharePoint Online <no-reply@sharepointonline.com> .
Here is how a notification email looks like (in case site has one owner and need another one):
Site Name (title) is mentioned 4 times. There are 3 links in the email (SharePoint logo, site title and “Go to site” button) – all lead you to the root of the site that needs an owner.
The email template is not customizable at the moment (June 2025) and might mislead a little, as it says “Site Name” needs a site owner. but site does have an owner. Policy want an existing single owner to assign as second owner, which is said further in smaller font and not much people are able to force themselves to read. (Update: we expect Microsoft released Site lifecycle management policies v 2 before Sep 2025).
What I really do not like here is that even for group-based sites (e.g. teams) the policy asks to add a “site owner“, though it should be “team owner”. The only difference is if the site is a teams-connected site – there is a subtitle “Connected to Teams”:
I’d also assume that some users will need additional instructions – how to add a second owner to the site. There might be a confusion in terminology – who is the site owner, like “there are plenty people in ‘My Site Owners’ group – why am I asked to add one more?”
In case the site does not have owners and the policy is configured to send messages to site members and/or manager, here is an example of the email notification:
Basically, the difference is it says “Would you like to be a site owner?” vs “Identify an additional site owner to ensure compliance.” and the button says “Become a site owner” vs “Go to site“.
You cannot forward this email to other users (you can, but content will not be the same). Here is the example:
There are other cases an email comes as “This email contains actionable items that aren’t supported by this client. Use a supported client to view the full email.”
Policy scope
Sites regulated by policy
Configuring the policy, we can choose site template – e.g. Classic sites, Communication sites, Group connected sites without teams, Team sites without Microsoft 365 group and Teams-connected sites to scope down the policy with the kind of sites the policy will be applied to.
We know, that template site was created with does not actually guarantee the kind of site in it’s current state. E.g. we can convert classic site to a group-based site or we can create site with no team and later create a team for the site.
With that said,
Question: what Microsoft means by “Sites regulated by policy” – template site was created with or current site category?
Policy configuration
Owners vs Admins
Another moment I’d like to clarify is what Microsoft means by owner and admin, as configuring the policy
- Under the “Who should be responsible for each site?” we can specify “Site owners” and/or “Site admins”
- Under the “Who should be notified (via email) to assign or claim site responsibility?” we can not only specify “Current site owners” and/or “Current site admins”, but also “Manager of previous site owner and admin” and “Active members”, which is really nice.
We know that for group-based sites “Group owners” of the Microsoft 365 group associated with site is actually goes to site collection administrators and nobody is added to SharePoint “site Owners” group by default. At the same time at the SharePoint site you can add users to site collection admins and/or to the default SharePoint “site Owners” group (the one with “Full Control” permissions. Moreover, nothing prevents us to create a SharePoint group “Site Business Owners” with e.g. read-only permissions to the site or e.g. create a SharePoint group “Board Members” with “Full Control” permissions to the site.
So, question: who according to Microsoft’s policy implementation are considered as site owners and site admins? Does it change for different types of sites?
Here is what I got from experience
“Who should be responsible for each site?”
If “Site owners” selected – the policy will count members of the default site owners associated group for standalone (non group-based sites) towards the “Minimum owners or admins required for each site”.
Also (NB!) – when a user who received a notification clicks “Become a site owner” – a user will be added to the default site owners group (not to site collection admins).
When “Site admins” selected – the policy will count site collection admins for standalone (non group-based sites) towards the “Minimum owners or admins required for each site”.
When a user clicks “Become a site owner” – a user will be added to the site collection admins (not to default site owners group).
Does the policy count groups or disabled accounts? – TBC.
What if we select both – “Site owners” and “Site admins” under “Who should be responsible for each site”? Would that mean the policy would count both? I.e. one admin and one owner make the policy happy? Or there should be two admins and two owners? If a user accepts “Would you like to be a site owner – would the policy add user to admins ow owners? – TBC.
For the group-based sites this policy overlaps with the “Ownerless groups” policy (included in m365 subscription, configured under m365 admin -> Settings -> Org Settings -> Microsoft 365 Groups). What I noticed is in the case of two policies configured – this policy says “Message was already sent by another policy”.
“Who should be notified (via email) to assign or claim site responsibility?”
If this is a group-based site – “active site members” are only Microsoft 365 group members. If there are users in the SharePoint site members group – they’d be ignored.
Microsoft Ownerless Groups policy vs Site Ownership policy
tbp…