Manual Sharepoint
Manual Sharepoint
SharePoint
Get started
Overview
Intro to file collaboration
Plan secure file collaboration
Add featured links to SharePoint start page
Branding
Permissions and sharing
Classic to modern
Publishing
Customization options
Lists and libraries
Automatic modernization of classic home pages
Enable the communication site experience on classic team sites
Classic and modern search differences
The admin center
SharePoint admin role
Overview
What's new in admin center
Manage sites in new admin center
Find classic site collection features
Find classic sharing settings
Find classic geo locations settings
Find classic access control settings
Performance
Performance
Creating and launching a healthy SharePoint portal
Guide to the intelligent intranet
Intelligent intranet overview
How to think about your intelligent intranet
Intranet roadmap
Plan your intranet
Considerations when planning for a global intranet
Intranet governance
Workplace communication
Governance
Governance overview
Create guidelines for site usage
Navigation
Introduction
Principles
Models and examples
Plan navigation design
Implement site navigation
Hubs
Planning
Create a hub site
Remove hub site
Set up site design
Viva Connections
Enable and set up global navigation
Add Viva Connections
Lists
Control Microsoft Lists
Sample sites
Add a sample site to your tenant
Add New Employee Onboarding sites
Add the SharePoint Success Site
Overview
Provision
Customize
Add the Workplace transformation site
Publishing
How page recommendations work
Site administration
Root site
Create sites
Delete sites
Restore deleted sites
Manage site admins
Manage site creation
Manage site storage limits
Change site addresses
Manage site redirects
Lock and unlock sites
Set up a home site
Enable and set up global navigation
Create an organization assets library
Create an organization news site
Retirement of site mailboxes
Sync
File sync overview
OneDrive guide for enterprises
Recommended sync app configuration
Transition from previous sync app
Per-machine installation
Use silent account configuration
Use Group Policy
Sharing, security, and compliance
Plan secure file collaboration
External sharing overview
Integration with Azure AD B2B
Manage sharing settings
Change external sharing for a site
Block guest access to newly added files
Change default sharing link
Default SharePoint groups
SharePoint and OneDrive error messages
Report on sharing
Restricted domains sharing
Create a B2B extranet
Advanced permissions customization
Customize site permissions
What is permissions inheritance?
Understanding permission levels
Create a permission level
Control access from unmanaged devices
Control access based on network location
Authentication
Safeguarding your data
Control notifications
Use information barriers
Sign out inactive users
Content services
Term store
Introduction
Open the term store
Set up new group for term sets
Create and manage terms
Set up new term set
Assign roles and permissions to manage term sets
Content types
Create a content type
Add columns
Remove columns
Publish
Search
Search
Overview
Manage search: the admin center
Make sure content can be found
Overview
Make site content searchable
Crawl site content
Remove search results
Make search results look great
Overview
Manage Search Center
Specify default Search Center
Override default Search Center
Search Box Web Part
Search Navigation Web Part
Refinement Web Part
Use result types and display templates
About display templates
Make pages load faster
Switch from an Enterprise Search Center to Basic
Show relevant search results
Overview
Manage search schema
Manage query rules
Manage query suggestions
Manage result sources
Manage result types
Manage search dictionaries
Manage authoritative pages
Export and import search settings
Check logs, limits and reports
Overview
View search usage reports
Set crawl log permissions
Query throttling
Search limits
View Popularity Trends and Most Popular Items
Advanced
User profiles
Manage user profiles
Add and edit user profile properties
About user profile synchronization
Remove users from SharePoint
BCS connections
Manage BCS applications
Create or edit Secure Store Target Application
Make External List
Customizations and apps
Manage app licenses
Monitor apps
Request app installation permissions
Use App Catalog
Manage API access
Allow or prevent custom script
Security considerations of allowing custom script
Configure SharePoint Store settings
Settings
Configure InfoPath Forms Services
Hide app tiles on app launcher
Change version and upgrade settings
Allow users to create modern pages
Let users connect classic sites to groups
Hybrid
SharePoint Migration Tool
Multi-Geo
Introduction to SharePoint in Microsoft 365
4/6/2021 • 4 minutes to read • Edit Online
Microsoft SharePoint is a cloud-based service that helps organizations share and manage content, knowledge,
and applications to:
Empower teamwork
Quickly find information
Seamlessly collaborate across the organization
The resources on this page are designed to get you started. Depending on the needs of your organization, you
may want to read about migration and governance options before you start rolling SharePoint out to your
users. If you're ready to get started with SharePoint, read about collaboration options and how to create a
modern intelligent intranet. As you roll out SharePoint to your organization, remember to train your users to
help them get the most out of these tools.
If you're just starting out with SharePoint, learn about the FastTrack onboarding and adoption services, find a
SharePoint certified partner, or visit the SharePoint community.
Once you're using SharePoint, get the OneDrive sync app and the mobile app. You can also suggest a feature.
Migration
If you have files on-premises that you need to move to SharePoint in Microsoft 365, or if you're still using
SharePoint Server, the resources in this section can help you get started.
How to migrate content from file shares, SharePoint Server, Migrate content to OneDrive
or other cloud providers to OneDrive in Microsoft 365
How to migrate from on-premises file shares to Microsoft
365
How to connect your existing on-premises SharePoint sites Hybrid for SharePoint Server
to SharePoint in Microsoft 365
Governance
If your organization has legal or other requirements that govern the handling of data, or if you have sensitive or
confidential information that you want to protect, these references can help you configure SharePoint for your
governance standards and policies.
How to ensure that you retain files for a specified period of Overview of retention policies
time, or delete them on a specified schedule
OneDrive retention and deletion
IF Y O U'RE LO O K IN G F O R T H IS IN F O RM AT IO N : GO TO T H IS RESO URC E:
How to classify documents based on the sensitivity of the Overview of sensitivity labels
information
Enable sensitivity labels for Office files in SharePoint and
OneDrive
How to prevent the loss or exfiltration of important data in Overview of data loss prevention
documents emails
Search for in-place items such as email, documents, and Content Search in Microsoft 365
instant messaging conversations
If you use OneDrive in your organization and you want to protect important files by saving them to the cloud,
govern how much storage space users get, or govern how users sync file, these references will help you
configure your policies.
Protect important files on users' desktops or in their Redirect and move Windows known folders to OneDrive
Documents folder
Control how users sync files to their devices Use Group Policy to control OneDrive sync settings
Configure the amount of storage space users have in Set the default storage space for OneDrive users
OneDrive
Collaboration
SharePoint provides a rich collaboration environment where people inside and outside your organization can
work together, coauthoring document. Microsoft 365 provides a variety of options to help you create a secure
and productive file collaboration environment that meets the needs of your organization. Use these resources to
get started.
Learn about secure collaboration in Microsoft 365 Set up secure collaboration with Microsoft 365
Learn about file collaboration and how to plan your Intro to file collaboration in Microsoft 365
implementation
File collaboration in SharePoint with Microsoft 365
Learn about collaborating with people outside your External sharing overview
organization
Collaborate with guests
Use the security and compliance features in Microsoft 365 to Create a secure guest sharing environment
help secure your guest sharing environment
Modern intranet
SharePoint provides a rich set of tools to help you create and maintain your organization's intranet. Use these
resources to get started.
IF Y O U'RE LO O K IN G F O R T H IS IN F O RM AT IO N : GO TO T H IS RESO URC E:
Learn about the different types of SharePoint sites Plan your SharePoint site
Select whether to allow users to create their own sites Manage site creation
Learn how to plan an intelligent intranet for your Plan an intelligent SharePoint intranet
organization
Planning your SharePoint hub sites
Training
Administrators are often called upon to teach others in the organization how to use new technologies. Use these
resources to help your users be successful with SharePoint in Microsoft 365.
Set up a customizable training portal with Microsoft training Microsoft 365 learning pathways
content for your organization
Customization
SharePoint provides a wide range of options for customization. We recommend using the out-of-box features
and functionality as much as possible to meet your organization's needs. If you do need to customize
SharePoint, see these references.
Related topics
SharePoint Limits
Getting started with the SharePoint Online Management Shell
Microsoft Partner Center
Tips and tricks for navigating Microsoft 365 technical documentation
Guide to the modern experience in SharePoint
3/23/2021 • 5 minutes to read • Edit Online
The modern experience in Microsoft SharePoint is designed to be compelling, flexible, and more performant. The
modern experience makes it easier for anyone to create beautiful, dynamic sites and pages that are mobile-
ready. But what are the differences between the classic and modern experiences, and how do you go about
creating a modern experience for your organization? This guide is a starting point for people familiar with the
classic experiences in SharePoint to help you learn about the modern experience and how you can begin to take
advantage of it.
Navigation
The most effective SharePoint sites (and web sites in general) help visitors find what they need quickly so that
they can use the information they find to make decisions, learn about what is going on, access the tools they
need, or engage with colleagues to help solve a problem. The fundamental principles and good practices for site
and page navigation are equally applicable to both classic and modern SharePoint architectures. However, your
options for implementing navigation differs based on the framework for your sites and intranet. For example,
the “inherited” navigation experiences available in classic SharePoint site hierarchies (sites with subsites) are not
available in the modern experience, but hubs provide a great way to achieve the cross-site navigation features
previously available in managed navigation and site hierarchies in classic SharePoint.
No matter which framework you are using, you can use the guidance in Plan navigation in the modern
experience to help make good decisions for navigation.
Branding
In the classic SharePoint experience, there are a set of default themes and site designs that can require a
considerable amount of customization to get them to match your organization’s brand. Also, they aren’t very
responsive, making the experience on different devices inconsistent. Most site branding requires the use of
custom master pages or alternate CSS configurations. SharePoint includes an updated set of default site themes
and site designs (or templates) that are responsive and look great on any device. With site themes, you can
customize your site’s logo and colors to match your brand. You can also align the mobile SharePoint app for
your users to match your company branding. Site designs provide specific layouts and other functionality for
your site. Additional branding can be achieved using custom themes or site designs without worrying about
something breaking when SharePoint is updated. To learn more about modern branding options, see Branding
SharePoint sites in the modern experience.
Publishing
If you’ve implemented publishing sites or publishing-enabled sites in your organization, you know how
important it is to create attractive and performant pages to distribute communication to a large number of
people. In the modern experience, communication sites make it easy to create beautiful, dynamic, and
performant sites and pages that are mobile-ready. There are differences from classic publishing, though, and
things you’ll want to think about planning your move to the modern experience. For more info, see Moving
from Publishing sites to Communication sites.
Search
Search is an important part of any site – you want people to be able to find what they are looking for quickly
and easily. SharePoint has both a classic and a modern search experience. Microsoft Search in SharePoint is the
modern experience. The most visible difference is that the Microsoft Search box is placed at the top of
SharePoint, in the header bar. Another difference is that Microsoft Search is personal and contextual. The results
you see are different from what other people see, even when you search for the same words. You will also see
different results based on where you are when you search. For example, searching at the root of your tenant
looks across all of SharePoint. Searching from a hub finds content in all sites associated to the hub. Searching
from an individual site finds content on that site. Searching from a list or library finds content in the list or
library. You will also see results before you start typing in the search box, based on your previous activity and
trending content in Microsoft 365, and the results update as you type. To learn more about the Microsoft Search
experience for users, see Find what you need with Microsoft Search. There are other differences, especially
around customization. To decide which experience your organization should use, see When to use which search
experience.
Performance
The modern experience in SharePoint is designed to be compelling, flexible and – importantly - more
performant. Both SharePoint performance as a whole and the performance of individual SharePoint components
such as search, lists, and document libraries are affected by many factors, all of which contribute to the decisive
performance metric: perceived end user latency, or the speed with which pages are rendered in the client
browser. For more info, see Performance in the modern SharePoint experience.
Multilingual
Classic SharePoint publishing sites can use a feature called variations to create a site that supports multiple
languages. Modern communication sites leverage a multilingual experience to make content in your intranet
sites available in multiple languages. User interface elements like site navigation, site title, and site description
can be shown in the user's preferred language. Additionally, you can provide pages and news posts on
communication sites that you translate and that are shown in the user's preferred language. One of the most
important differences in the modern experience is that, unlike the variations feature, which creates a separate
sub-site for each language, the modern multilingual experience creates a corresponding page in the same site,
but in a language-specific folder in the Site Pages library. To learn more, see Create modern multilingual
communication sites, pages, and news.
Intro to file collaboration in Microsoft 365, powered
by SharePoint
3/31/2021 • 14 minutes to read • Edit Online
Are you getting the most out of file collaboration in Microsoft 365, or are your users still storing files locally or
on network file shares and sending them around in email? Maybe you're paying for another cloud storage
service and not taking advantage of the space you get with your Microsoft 365 subscription. This article
describes the benefits and key features of file collaboration in Microsoft 365. It also covers the steps to plan for
and adopt Microsoft 365 file collaboration in your organization.
The file collaboration capabilities in Microsoft 365 are available to you whatever the size of your organization. If
you have a small organization, each user can store their files in their individual library in OneDrive and you
might want only a single team in Microsoft Teams for everyone in the organization.
Enterprise-grade security
NOTE
If you're concerned about users signing in from kiosks or other shared, unmanaged devices, you might want to enable
idle session sign-out.
Enterprise -grade security
Files stored in SharePoint-powered storage locations in Microsoft 365 are encrypted in transit and in rest. (You
can encrypt files by using your own key if you want.) Files are also scanned for viruses. As an admin, you can
use tools in Microsoft 365 to further secure and monitor files in the Microsoft cloud:
Data loss prevention policies . Warn or prevent users from sharing files that have specific labels
outside the organization. See Overview of data loss prevention
Retention labels . Classify files to be retained, permanently deleted, or marked as a record. See
Overview of retention labels
Sensitivity labels . Classify and protect highly confidential files with encryption and permissions. See
Learn about sensitivity labels
Repor ts . Monitor activity and usage in SharePoint and OneDrive. See Which activity reports are available
in the admin center
Microsoft 365 Advanced Threat Protection (ATP) . Protect against sharing malicious files. More info
Files Restore . If a location is affected by malicious software, or someone deletes important files, you can
restore a document library to an earlier point in time.
Plan for these features
Secure sharing outside the organization
SharePoint powers secure file sharing in Microsoft 365. You can specify if you want people outside the
organization to be able to access files without authenticating (by signing in or providing a verification code). You
can even block external sharing altogether. We recommend using the most permissive sharing option that you
can for each set of content. If you heavily restrict sharing and it blocks user productivity, users will typically find
other ways to collaborate that provide you less oversight and control. For more info, see Control sharing.
Real-time collaboration and version management
When users store Office files in the Microsoft 365 cloud, they can avoid the hassle of managing changes in
different copies of files. Instead, they can collaborate on a single version by using either the desktop apps or the
web versions of Office. People don't even need to have the Office desktop apps installed to edit Office files.
Learn more about document collaboration and coauthoring. When multiple users edit an Office file at the same
time, a notification will show them that other people are working in the file and they can see where in the file
others are working.
Version history is also on by default, so users can view earlier changes and roll back as necessary. Learn more
about working with version history.
NOTE
When a user attaches a file to a chat, it's automatically uploaded to the user's individual library in OneDrive. When a user
attaches a file to a Teams channel, it's automatically uploaded to the library for that team. Files shared with Yammer
groups are now also saved in SharePoint.
Access to all files in OneDrive
When your users use OneDrive, they can access their SharePoint or Microsoft Teams files on the web or in the
mobile app without leaving OneDrive. Learn more
Because individual libraries in OneDrive are powered by SharePoint, users can easily move files between
locations. For example, if a user drafts a file in their individual library in OneDrive, and later wants a team to own
the file, the user can simply move the file to the team's library.
Migration tools
You can choose one or more of the following options, depending on the number and location of files that you
want to migrate.
SharePoint Migration Tool . To migrate files from file shares or on-premises SharePoint, you can use
the SharePoint Migration Tool. For info, see How the SharePoint Migration Tool works.
Known Folder Move . If your users save most of their files to their Desktop, Documents, and Pictures
folders, you can seamlessly move them to OneDrive using Known Folder Move so users can continue
working in the locations they're used to.
FastTrack migration benefit . FastTrack provides you with a set of best practices, tools, resources, and
experts. Guidance includes migrating content from file shares, Box, or Google Drive source environments,
and introducing capabilities at the pace that works for you. The FastTrack data migration benefit will also
perform specific data migration activities on your behalf if you have 500 or more licenses. See more
details in the FastTrack Center Benefit Overview. To get started, go to FastTrack.Microsoft.Com, review
resources, and submit a request for assistance.
Hybrid
If your organization uses SharePoint Server, setting up a hybrid environment can help you move to the cloud at
your own pace. Hybrid features let you tie the two environments together in a variety of ways to make a more
seamless user experience. You can consolidate search results between SharePoint Server and Microsoft 365,
consolidate user profiles in Microsoft 365, and migrate your users' individual storage to OneDrive. Get started
exploring hybrid.
Auditing and reporting
In the new SharePoint admin center, you can see SharePoint activity and usage reports, and go to the Microsoft
365 admin center for details.
Multi-geo
If you're a multinational organization with data residency requirements, you can use Multi-Geo in Microsoft 365
to specify where files are stored. For info, see Multi-Geo Capabilities in OneDrive and SharePoint in
Microsoft 365.
Unified search
Microsoft Search helps users find files within modern SharePoint sites and from the SharePoint start page,
Office.com, Bing, and more. Learn more about the modern search experience in SharePoint.
Management options
As a global or SharePoint admin for your organization, you have a couple of options for managing SharePoint
sites and settings:
New SharePoint admin center . In the new SharePoint admin center, you can create and delete sites,
manage site settings, and manage organization-level settings for SharePoint and OneDrive. The Active
sites page of the SharePoint admin center lets you view the SharePoint sites in your organization,
including communication sites and sites that belong to Microsoft 365 Groups. It also lets you sort and
filter sites, search for a site, and create new sites. Get started with the new SharePoint admin center.
Microsoft PowerShell . The SharePoint Online Management Shell is a PowerShell module that lets you
run command-line operations. It makes performing batch operations more efficient, and is the only way
to perform some management tasks in SharePoint and OneDrive. Get started with the SharePoint Online
Management Shell.
Prerequisites
Purchase and assign licenses . SharePoint comes with Microsoft 365 plans and Office 365 plans. It also
comes as a standalone plan. For more info about the features available in each plan, see the SharePoint service
description. Some security features, such as Azure Information Protection, require an E3 or E5 plan. Cloud App
Security, Advanced Threat Protection, Customer Lockbox, Customer Key, Advanced eDiscovery. For info, see
Office 365 platform service description.
Assign the SharePoint admin role . Users assigned this role will have access to the SharePoint admin center
and can change organization-level SharePoint and OneDrive settings, create and delete sites, and change site
owners and other site settings. Learn more about the SharePoint admin role.
Estimate and test your network bandwidth . Before you roll out Microsoft 365 in your organization, make
sure that your network is set up for optimum performance. Network planning and performance tuning. Before
you deploy the sync app, make sure you also estimate the bandwidth users will need for syncing.
Limitations
For info about SharePoint limits, see the SharePoint service description.
For info about file name, size, and type limits when using the OneDrive sync app, see Invalid file names
and file types.
Manage feature changes
To learn about features coming soon, see the Microsoft 365 Roadmap.
To keep on top of the latest SharePoint features rolling out, refer to the Message Center.
To vote on feature requests or submit your own idea, visit the SharePoint UserVoice.
Configure settings
To prepare for file collaboration in Microsoft 365, configure the following settings.
Create sites
When a Microsoft 365 group is created from anywhere within Microsoft 365, a SharePoint site is automatically
created. You can let all users create groups, only some users, or you can block group creation and manage it
centrally in your IT department. For info, see Manage who can create Office groups. You can also use a naming
policy for groups and set an expiration period so that groups that are no longer being used will be deleted. For
more info, see Plan for governance in Microsoft 365 Groups. If you allow users to create groups, you can also
allow them to create team sites from the SharePoint start page and from OneDrive and manage default site
settings. For info, see Manage site creation.
Sharing
To set up external sharing in your organization, you need to make sure that settings across multiple admin
centers are set the way you want. Sharing with people outside your organization is enabled by default in
SharePoint and OneDrive, but disabled for Microsoft Teams. Configure Microsoft 365 to enable guest
collaboration for Teams. Set the external sharing level and the default sharing link type.
Security
Design and deploy retention labels and DLP policies to protect sensitive and highly confidential files.
Learn how.
Block or limit access from unmanaged devices, sign out inactive users on unmanaged devices, or allow
access from only specific IP address ranges. For info about setting up identity and device-access policies
to protect content, see Policy recommendations for securing SharePoint sites and files.
Storage
By default, file storage for team sites is managed automatically. If you prefer to control storage manually, see
Manage site storage limits. For info about setting the default storage space for individual libraries in OneDrive,
see Set the default storage space for OneDrive users. For information about the amount of storage that comes
with your plan, see SharePoint limits.
With Microsoft 365 services, you can create a secure and productive file collaboration environment for your
users. SharePoint powers much of this, but the capabilities of file collaboration in Microsoft 365 reach far
beyond the traditional SharePoint site. Teams, OneDrive, and a variety of governance and security options all
play a role in creating a rich environment where users can collaborate easily and where your organization's
sensitive content remains secure.
In the sections below, we call out the options and decisions that you as an administrator should consider when
setting up a collaboration environment:
How SharePoint relates to other collaboration services in Microsoft 365, including OneDrive, Microsoft
365 Groups, and Teams.
How you can create an intuitive and productive collaboration environment for your users.
How you can protect your organization's data by managing access through permissions, data
classifications, governance rules, and monitoring.
This is part of the broader Microsoft 365 collaboration story:
Secure collaboration with Microsoft 365
Collaboration governance
Meetings and conferencing in Microsoft Teams
We recommend that you download the Microsoft Teams and related productivity services in Microsoft 365 for IT
architects poster and refer to it while you read this article. This poster provides detailed illustrations of how the
collaboration services in Microsoft 365 relate to each other and interact.
Also see the File Protection Solutions in Microsoft 365 diagram for an overview of recommended solutions to
protect your data.
OneDrive libraries
While SharePoint provides shared libraries for shared files that teams can collaborate on, users also have an
individual library in OneDrive where they can store files that they own.
When a user adds a file to their individual library, that file is not shared with anyone else. Users' individual
libraries do, however, provide the same sharing capabilities as SharePoint, so users can share files in their
individual libraries as needed.
A user's individual library can be accessed from Teams, as well as from the OneDrive web interface and mobile
application.
On devices running Windows or macOS, users can install the OneDrive sync app to sync files from both
OneDrive and SharePoint to their local disk. This allows them to work on files offline and also provides the
convenience of opening files in their native application (such as Word or Excel) without the need of going to the
web interface.
The two main decisions to consider for using OneDrive in collaboration scenarios are:
Do you want to allow Microsoft 365 users to share files in their own library with people outside your
organization?
Do you want to restrict file sync in any way – such as only to managed devices?
These settings are available in the OneDrive admin center.
OneDrive is an important part of the Microsoft 365 collaboration story. For information about how to deploy
OneDrive in your organization, see OneDrive guide for enterprises.
An anyone link is a transferrable, revocable secret key. It's transferrable because it can be forwarded to
others. It's revocable because by deleting the link, you can revoke the access of everyone who got it
through the link. It's secret because it can't be guessed or derived. The only way to get access is to get the
link, and the only way to get the link is for somebody to give it to you.
People in your organization links work for only people inside your Microsoft 365 organization. (They do
not work for guests in the directory, only members).
Like an anyone link, a people in my organization link is a transferrable, revocable secret key. Unlike an
anyone link, these links only work for people inside your Microsoft 365 organization. When somebody
opens a people in my organization link, they need to be authenticated as a member in your directory. If
they're not currently signed-in, they'll be prompted to sign-in.
Specific people links only work for the people that users specify when they share the item.
A specific people link is a non-transferable, revocable secret key. Unlike anyone and people in my
organization links, a specific people link will not work if it's opened by anybody except for the person
specified by the sender.
Specific people links can be used to share with users in the organization and people outside the
organization. In both cases, the recipient will need to authenticate as the user specified in the link.
It's important to educate your users in how these sharing links work and which they should use to best maintain
the security of your data. Send your users links to Share OneDrive files and folders and Share SharePoint files or
folders, and include information about your organization's policies for sharing information.
Unauthenticated access with Anyone links
Anyone links are a great way to easily share files and folders with people outside your organization. However, if
you're sharing sensitive information, this may not be the best option.
If you require people outside your organization to authenticate, Anyone links will not be available to users and
you'll be able to audit guest activity on shared files and folders.
Though Anyone links do not require people outside your organization to authenticate, you can track the usage
of Anyone links and revoke access if needed. If people in your organization frequently email documents to
people outside your organization, Anyone links may be a better option than emailing an attachment.
If you want to allow Anyone links, there are several options for a more secure sharing experience.
You can restrict Anyone links to read-only. You can also set an expiration time limit, after which the link will stop
working.
Another option is to configure a different link type to be displayed to the user by default. This can help minimize
the chances of inappropriate sharing. For example, if you want to allow Anyone links but are concerned that they
only be used for specific purposes, you can set the default link type to Specific people links or People in your
organization links instead of Anyone links. Users would then have to explicitly select Anyone links when they
share a file or folder.
You can also use data loss prevention to restrict Anyone link access to files that contain sensitive information.
People in your organization links
People in your organization links are a great way to share information within your organization. People in your
organization links work for anyone in your organization, so users can share files and folders with people who
aren't part of a team or members of a site. The link gives them access to the particular file or folder and can be
passed around inside the organization. This allows for easy collaboration with stakeholders from groups that
may have separate teams or sites – such as design, marketing, and support groups.
Creating a People in your organization link does not cause the file or folder to show up in search or give
everyone direct access to the file or folder. Users must have the link in order to access the file or folder. The link
does not work for guests or other people outside your organization.
Specific people links
Specific people links are best for circumstances where users want to limit access to a file or folder. The link only
works for the person specified and they must authenticate in order to use it. These links can be internal or
external (if you've enabled guest sharing).
Classify and protect information
Data loss prevention in Microsoft 365 provides a way to classify your teams, groups, sites, and documents, and
to create a series of conditions, actions, and exceptions to govern how they're used and shared.
By classifying your information and creating governance rules around them, you can create a collaboration
environment where users can easily work with each other without accidentally or intentionally sharing sensitive
information inappropriately.
With data loss prevention policies in place, you can be relatively liberal with your sharing settings for a given
site and rely on data loss prevention to enforce your governance requirements. This provides a friendlier user
experience and avoids unnecessary restrictions that users might try to work around.
For detailed information about data loss prevention, see Overview of data loss prevention.
Sensitivity labels
Sensitivity labels provide a way to classify teams, groups, sites, and documents with descriptive labels that can
then be used to enforce a governance workflow.
Using sensitivity labels helps your users to share information safely and to maintain your governance policies
without the need for users to become experts in those policies.
For example, you could configure a policy that requires Microsoft 365 groups classified as confidential to be
private rather than public. In such a case, a user creating a group, team, or SharePoint site would only see the
"private" option when they choose a classification of confidential. For information about using sensitivity labels
with teams, groups, and sites, see Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365
groups, and SharePoint sites
Conditions and actions
With data loss protection conditions and actions, you can enforce a governance workflow when a given
condition is met.
Examples include:
If customer information is detected in a document, then users cannot share that document with guests.
If a document contains the name of a confidential project, then guests cannot open the document even if
it has been shared with them.
Microsoft Cloud App Security offers additional granular conditions, actions, and alerts to help you secure your
content. These include the ability to remove a user's permissions or quarantine the user when the specified
condition is met.
User notifications
User notifications provide a way to communicate to your users – via email or policy tips – that data loss
prevention has detected something that they should be aware of. The user can then decide the best course of
action depending on the situation. For example, if a user unknowingly attempts to share a document that
contains a credit card number, the user is prompted that a credit card number has been found and advised of
your organization's policy regarding this.
Manage access
Microsoft 365 provides a variety of governance features to help you create an intuitive but secure collaboration
environment for your users.
Use device management to ensure your organization's information is accessed only by compliant devices.
Use conditional access to ensure your confidential data is accessed only from locations and apps that you
trust.
Monitor information sharing in real time and through reports to ensure your governance requirements
are met and sensitive information is being kept secure.
Additionally, you can use Azure Active Directory access reviews to automate a periodic review of group and
team ownership and membership.
Device Management
Through device management, you can take additional steps to secure your organization's information. You can
manage pretty much any device that your users might have – PCs, Macs, mobile devices, and Linux computers.
Examples include:
Ensure devices have the latest updates before allowing access to Microsoft 365
Prevent copy and paste of confidential data to personal or unmanaged apps
Erase company data from managed devices
As you consider your options governing access to information through device management, keep in mind that
guests are likely to have unmanaged devices. For sites where you've enabled guest sharing, be sure to provide
the needed access to unmanaged devices, even if that's just web access via a PC or Mac. Azure Active Directory
conditional access (discussed below) offers some options to reduce the risk of guests with unmanaged devices.
Some settings can be configured directly from SharePoint.
Intune in Microsoft 365 provides detailed device profiling options and can also deploy and manage individual
apps such as Office apps and OneDrive. For detailed information about Intune and device management, see
What is Microsoft Intune?.
You can configure device management from the Microsoft 365 Device Management admin center.
Conditional access
Azure Active Directory conditional access provides additional controls to prevent users from accessing your
organization's resources in risky situations, such as from untrusted location or from devices that aren't up to
date.
Examples include:
Block guests from signing in from risky locations
Require multi-factor authentication for mobile devices
You can create access policies that are specifically for guests, allowing risk mitigation for people who most likely
have unmanaged devices.
For detailed information, see What is Conditional Access?.
Real-time monitoring with aler ts
Microsoft Cloud App Security provides an extensive policy infrastructure that you can use to monitor activity
that you consider to be risky for your organization's data.
Examples include:
Raise an alert when a confidential file is shared externally.
Raise an alert when there's a mass download by a single user.
Raise an alert when an externally shared file hasn't been updated for a specified period of time.
Cloud App Security can also watch for anomalous behavior such as unusually large uploads or downloads,
access from unusual locations, or unusual admin activity.
By configuring alerts in Cloud App Security, you can be more confident in allowing an open sharing experience
for your users.
You can see the alerts on the Cloud App Security alerts page.
For detailed information about Cloud App Security, see Microsoft Cloud App Security overview.
Monitoring with repor ts
A variety of reports are available in Microsoft 365 to help you monitor site usage, document sharing,
governance compliance, and a host of other events.
For info about how to view reports on SharePoint site usage, see Microsoft 365 Reports in the Admin Center -
SharePoint site usage.
For info about how to view data loss prevention reports, see View the reports for data loss prevention.
For info about how to view Cloud App Security reports, see Generate data management reports.
Manage threats
You can use ATP Safe Attachments (part of Microsoft 365 Advanced Threat Protection) to protect against users
uploading malicious files to OneDrive, SharePoint, or Teams.
When ATP discovers a malicious file, that file is locked so that users cannot open, move, or copy the file.
The locked file is included in a list of quarantined items that you can monitor. You can then delete or release the
file as appropriate.
For detailed info, see Microsoft 365 ATP for SharePoint, OneDrive, and Microsoft Teams.
Related topics
Create a secure guest sharing environment
Best practices for sharing files and folders with unauthenticated users
Understanding how Microsoft Information Protection capabilities work together
How to deal with external sharing in Microsoft 365
Tutorial: Automatically apply Azure Information Protection classification labels
What's new in external sharing and collaboration with OneDrive and SharePoint
Protect and collaborate on files in the cloud with OneDrive, SharePoint, and Microsoft Teams
Add featured links to the SharePoint start page
3/31/2021 • 2 minutes to read • Edit Online
As a global or SharePoint admin in Microsoft 365, you can feature the sites and content you want on the
SharePoint start page by changing the Featured links list in the left pane. To add links to a SharePoint Server
page, see Video: Add a link to a page.
NOTE
To learn more about the SharePoint start page, see Find news, sites, and portals in Microsoft 365.
If you don't see the list of apps, select the app launcher icon in the top-left corner of the page, and
then select SharePoint .
Can't find the app you're looking for? From the app launcher, to see an alphabetical list of all the available
Microsoft 365 apps, select All apps . From there, search for a specific app.
On the left side of the page, a Featured links list appears.
Add a link
1. Select Edit .
NOTE
If you don't see Edit , you don't have permission to change the Featured links list. Contact your administrator.
Edit a link
1. Select Edit at the top of the list.
NOTE
If you don't see Edit , you don't have permission to change the Featured links list. Contact your administrator.
NOTE
If you do not see Edit , you don't have permissions to change the Featured links list. Contact your administrator.
2. Drag each link to the place you want within the list.
3. To leave edit mode, select Done when you're finished.
Delete a link
1. Select Edit at the top of the list.
NOTE
If you don't see Edit , you don't have permission to change the Featured links list. Contact your administrator.
2. Select X .
NOTE
If you had custom promoted sites in classic view of the SharePoint Sites page, the Featured links section of the SharePoint
start page is pre-populated with those sites. The pre-population of promoted sites in the Featured links list happens only
once when the first user visits the new SharePoint start page. If you go back to classic view and change the promoted
sites, the changes will not be reflected in the Featured links list on the SharePoint start page.
Branding your SharePoint site
3/9/2021 • 3 minutes to read • Edit Online
In the modern SharePoint experience, you can easily change the look and feel of your site to match your
company or organizational brand. You can customize the logo, colors, and navigation – often without writing a
single line of code. Branding can be applied at the site level, to a group of sites, or to all sites within your
organization.
NOTE
Branding your SharePoint site will not change the overall look of your Microsoft 365 service. For more info about
branding Microsoft 365, see Customize the Microsoft 365 theme for your organization.
Unresponsive, OOB themes that you can customize Responsive themes that look great on any device and can be
customized to match your brand
Use custom master pages and CSS that are ignored in the Use the SharePoint Framework to add header and footer,
modern experience customize theme colors, etc.
Traditionally, SharePoint permissions have been managed through a set of permissions groups within a site
(Owners, Members, Visitors, etc.). In SharePoint in Microsoft 365, this remains true for some types of sites, but
additional options are available and SharePoint is part of a much broader set of capabilities for secure
collaboration with Microsoft 365.
The three main types of sites in SharePoint are:
Team sites - Team sites provide a collaboration environment for your teams and projects. Each team site, by
default, is part of a Microsoft 365 group, which includes a mailbox, shared calendar, and other collaboration
tools. Team sites may also be part of a team in Microsoft Teams. Permissions for team sites are best managed
through the associated Microsoft 365 group or Teams team.
Communication sites - Communication sites are for broadcasting news and status across the organization.
Communication site permissions are managed by using the SharePoint Owners, Members, and Visitors
groups for the site.
Hub sites - Hub sites are team sites or communication sites that the administrator has configured as the
center of a hub. They're designed to provide connection between related sites through shared navigation.
Permissions for hub sites can be managed through the Owners, Members, and Visitors groups, or through
the associated Microsoft 365 group if there is one. Special permissions are needed to associate sites to a hub.
Shareable links
Giving people permissions to a site, group, or team gives them access to all site content. If you want to share an
individual file or folder, you can do so with shareable links. There are three primary link types:
Anyone links give access to the item to anyone who has the link, including people outside your organization.
People using an Anyone link don't have to authenticate, and their access can't be audited.
People in your organization links work for only people inside your Microsoft 365 organization. (They don't
work for guests in the directory, only members).
Specific people links only work for the people that users specify when they share the item.
You can change the type of link that is presented to users by default for each site.
For more about the different types of sharing links, see Securing your data.
Guest sharing
The external sharing features of SharePoint let users in your organization share content with people outside the
organization (such as partners, vendors, clients, or customers). You can also use external sharing to share
between licensed users on multiple Microsoft 365 subscriptions if your organization has more than one
subscription. Planning for external sharing should be included as part of your overall permissions planning for
SharePoint.
SharePoint has external sharing settings at both the organization level and the site level (previously called the
"site collection" level). To allow external sharing on any site, you must allow it at the organization level. You can
then restrict external sharing for other sites.
Whichever option you choose at the organization or site level, the more restrictive functionality is still available.
For example, if you choose to allow sharing using Anyone links, users can still share with guests, who sign in,
and with internal users.
External sharing is turned on by default for your organization. Default settings for individual sites vary
depending on the type of site. See Site level settings for more information.
To set up guest sharing for a site, see Collaborate with guests in a site.
Security and privacy
If you have confidential information that should never be shared externally, we recommend storing the
information in a site that has external sharing turned off. Create additional sites as needed to use for external
sharing. This helps you to manage security risk by preventing external access to sensitive information.
SharePoint and OneDrive integration with Azure AD B2B (Preview)
Azure AD B2B provides authentication and management of guests. Authentication happens via one-time
passcode when they don't already have a work or school account or a Microsoft account (MSA).
With SharePoint and OneDrive integration, the Azure B2B one-time passcode feature is used for external sharing
of files, folders, list items, document libraries and sites.
With Azure B2B integration, all guests are added to the directory and can be managed using Microsoft 365
security and compliance tools. We encourage you to try the SharePoint and OneDrive integration with Azure AD
B2B.
See also
External sharing overview
Turn external sharing on or off for SharePoint
Collaborating with people outside your organization
Share SharePoint files or folders
Limit sharing in Microsoft 365
Moving from publishing sites to communication
sites
3/23/2021 • 18 minutes to read • Edit Online
Being able to communicate broadly using attractive sites and pages is a key feature of organization intranets.
For example, you might have an HR department home page that serves up important communication to
hundreds or thousands of employees.
In the modern SharePoint experience, communication sites fulfill the same purpose as traditional publishing
sites: to communicate broadly to a large audience while maintaining a level of control on the creation side.
Communication sites support most of the same scenarios as publishing sites, and more capabilities are coming
soon. Best of all, communication sites are easier to build and maintain and include new features such as a
modern authoring canvas. They allow you to share news, reports, statuses, and other information in a visually
compelling format. To sum up: you can quickly create beautiful pages that look great on mobile devices and that
are accessible by default - all without heavy developer investment. You can get inspired with some great
examples in the SharePoint look book.
Traditionally, sites and pages like this have been designed and built using the publishing features of Microsoft
SharePoint – either team sites with publishing enabled or fully structured publishing sites. You could specify
page layouts, design pages, and set up content approval workflows. Publishing features allowed for a tight level
of control by a small number of people while allowing broad communication to many people. But with
traditional design and deployment of publishing sites, developer involvement is usually required for
customization of site functionality, navigation elements, and included investment in master pages, CSS,
JavaScript, and web parts. Additionally, traditional site types designed for a PC browser may not work well or
look attractive on mobile devices, and design and development efforts are needed to provide proper interaction
with tools like screen readers or high-contrast color schemes. With all this, it commonly takes more time and
resourcing to build, test, and deploy when using the classic publishing infrastructure.
This structure is no longer hierarchical in the technical sense. Instead, it is a flat structure where each site is
connected because they are part of the Human Resources hub. In this scenario, each site can be a
communication site. But you can also include team sites for collaboration within the hub, while limiting their
availability to the entire organization. With a hub, you can:
Apply common navigation and branding across associated sites.
Search across all associated sites.
Easily aggregate news and other types of content across all sites.
The best part about hubs is that they are so flexible. As your organization changes, your intranet organization
can change just as quickly, just by associating or disassociating a site.
To learn more about planning hubs, see Planning your SharePoint hubs. To create a hub, see Create a hub site. To
learn more about navigation options and planning, see Planning navigation for modern SharePoint.
If you want more customized branding and theming applied to each new site, you can use site designs
with site scripts to provide custom configurations to apply when new sites are created. They can be used
each time a new site is created to apply a consistent set of actions. Common site design actions typically
affect the site itself, such as setting the theme or logo, creating lists, or configuring navigation. You can
find more information on how to use site designs and scripts at SharePoint site design and site script
overview.
Pages
Master pages and page layouts are components of a publishing site. Page layouts and master pages work
together to create the layout for a traditional SharePoint web page. Modern communication sites do not utilize
master pages or page layouts, but do provide a greater level of flexibility for site owners and page authors.
In the classic experience, you may have created web part pages based on page layouts. Page layouts can be
locked down to control what is authored on a page. However, they are inflexible in that pages based on page
layouts are confined to the layout and options provided by the page layout.
Modern pages provide a fast, easy way to build responsive pages using the functionality of modern web parts.
Pages are similar to classic web part pages and publishing pages, but are less structured and easier to create.
And, each page’s layout is flexible in that it can be changed anytime to align to the content for the page and the
experience you are trying to create for your readers.
Classic web part page:
Modern web part page:
Pages are made up of a title area and sections. Sections can include a full-width column for full-bleed images or
hero web parts or up to three regular columns. You can add a variety of web parts to the page, and easily move
them around on the page to get the look you want. Check out this short video to see how to create, layout, and
publish a page:
Publishing : On a classic publishing site, commands for Publish and Check in/Check out are available on the
ribbon. In the modern experience, it is even easier for authors to discover how to edit and make their content
visible with buttons to Edit, Save, and Publish right on the page. When a modern page is in edit mode, it is
automatically checked out to the person who is editing. When a page is saved or published, it is automatically
checked in. If someone has a page open for editing but hasn’t made any changes to it for at least 5 minutes, it is
automatically saved and taken out of Edit mode so that others can access and edit the page.
To learn more about how to create and edit pages, see Add a page to a site.
Content approval for pages
Content approval ensures that edits to pages meet company policies or standards. Classic publishing allows for
content approval on pages using out-of-the-box workflows. Modern pages also provide for content approval
and once it is enabled, users need only to press a Submit button on the page to start the approval flow. The
recommended way to do this is to use the built-in Power Automate commands. Learn more at Page approval
flow.
Scheduling
Scheduling content to “go live” at specific times is a feature of classic publishing sites and now a feature of
modern pages. To learn more about modern page scheduling, see Schedule a SharePoint page or news post to
go live at a specific time.
Moving from classic to modern pages : At this time, there is not a way to change a classic page into a
modern page without using a multi-step code solution, which may work well for IT Admins and developers. If
you are neither of those, we recommend you gradually start planning for and creating modern pages, as
needed.
If you are using a classic publishing site, you should know that it is possible to create modern pages in a classic
publishing site, but there is not an automated way to move from a publishing site to a communication site. To
move to a communication site, we recommend you begin creating modern pages in a new communication site
rather than in a classic publishing site.
There are several important advantages to moving to a new communication site. One of the most important
advantages is that you can use the upgrade as an opportunity to re-think the “story” of your site and validate
that the content is needed, up-to-date, and relevant to users. In addition, you can use the move as a time to look
at the content that is no longer needed it and remove it. Cleaning up your unused content improves both user
experiences and search outcomes – so consider the move as an opportunity to clean up legacy content and
establish new governance practices to make sure that your content is kept up-to-date going forward.
Wiki pages
Wiki pages are a content type available in publishing sites, but they are not available in communication sites.
However, you can create modern pages using either a Text web part or Markdown web part to cover many of
the same scenarios as Wiki pages. Note that Wiki syntax is not available in a Text web part, with the exception of
adding a hyperlink with the use of brackets “[[”.
Web parts
Modern pages use modern web parts. Modern web parts are designed to be easier to use, faster, and look great
on all devices. It is important to note that for security reasons, modern out-of-the-box web parts do not allow for
the insertion of custom code including JavaScript.
IMPORTANT
Classic web parts cannot be used on modern pages and modern out-of-the-box web parts cannot be used on classic
pages. Developers may create custom modern web parts that may work on both classic and modern pages. Additionally,
there is not a 1:1 mapping of classic to modern web parts, but there are web parts that have similar purposes.
To learn about all of the modern web parts, see Using web parts on SharePoint pages. To learn about modern
web parts that have similar purposes to classic web parts, see Classic and modern web part experiences.
For developers, the SharePoint Framework allows for the building of custom modern web parts that appear
alongside out-of-the-box web parts in the web part toolbox. The SharePoint Framework also allows for custom
extensions, the use of the Microsoft Graph API, as well as secure access to third-party solutions and APIs secured
by Azure Active Directory. Developers are encouraged to consult the SharePoint starter kit, where you'll find a
fully built sample solution that includes numerous web parts, extensions, and other components that you can
use as an example and inspiration for your own customizations. Additionally, find design guidance and
standards for web parts at Designing great SharePoint experiences.
Web parts unique to publishing sites
Publishing sites include a variety of web parts that enable authors to insert video, rich text, forms, and dynamic
content onto a site page. Three web parts that have been unique to publishing sites are the Content query web
part to show dynamic content, the Summary links web part, and the Table of contents web part to display links
to important content. The following are a selection of modern web parts that help fulfill the same purposes as
these web parts.
Content quer y : The Highlighted content web part serves a similar purpose as the Content Query web part. It
dynamically displays content from a document library, a site, a site collection, or multiple sites. With the
Highlighted content web part, many of the advanced and confusing search/query options of the Content Query
web part have been replaced with streamlined query options. However, unlike its classic counterparts, custom
display templates are not allowed.
Summar y links, Table of contents : There is not a 1:1 mapping of these web parts to modern web parts.
However, there are several modern web parts that can fulfill the same purpose, which is to help your users
navigate from a page level to important content. These are:
Quick links
With Quick links, you can add links to a page and set display options like a carousel format called filmstrip,
list, or a smaller compact format. Each of the links in the compact format can be arranged and displayed
with or without images. It is currently not possible to populate Quick links based on a SharePoint list.
Link
The Link web part shows one complete URL link and adds the ability to show or hide a preview pane with
the link target.
Hero
The Hero web part is, by default, included on both the Topic and Showcase communication site templates. It
is an attractive way to bring focus and visual interest to your page. You can display up to five items in the
Hero web part and use compelling images, text, and links to draw attention to each. You can use the Hero
web part at the top of a page or anywhere in the page as well. In general, you don’t want to use more than
one hero web part on the same page. And, if you have more than 5 critical items to emphasize, consider
using a different method to feature this content, such as the Quick links web part in a grid view.
Text
In the Text web part, you can add links within your content using the toolbar. Additionally, with the Text web
part you can create a link that opens in a new tab.
To learn more about modern web parts that have similar purposes to classic web parts, see Classic and modern
web part experiences.
Sharing news
The News feature is an effective distribution system created to deliver relevant content across your organization.
Built on modern pages and web parts, you can tell stories with rich, attractive content that can be dynamically
shown on the SharePoint start page, on team sites, communication sites, hubs, and even on the SharePoint
mobile app. You can also choose to show News in a Teams channel.
Where news can be distributed
News posts can be created from the SharePoint start page, from a team site or communication site, and from
pages that have the News web part on them already. You can customize sources and layouts of news, and you
can also organize and order news posts as well as target specific audiences for news. To learn more about how
to create and share News, see Create and share news on your SharePoint sites.
Audience targeting
In the classic experience, many types of content can be targeted to appear only to people who are members of a
particular group or audience. This capability is available in the modern experience with modern Pages and
documents, the News web part, the Highlighted content web parts, and navigation. For example, if you have two
departments within your organization that have different policies, you can choose to show a News post about a
policy to just the people in the department that the policy applies to. To learn how to enable audience targeting,
see Target content to specific audiences.
NOTE
At this time, the multilingual feature is available for communication sites only.
Customizing SharePoint
3/23/2021 • 6 minutes to read • Edit Online
In earlier versions of SharePoint, it was possible to make changes to a SharePoint environment by deploying
custom code that would run in the physical SharePoint server environment. Changes made to SharePoint that
didn't require the deployment of custom code were referred to as "customizations", because the changes were
not fundamentally changing the product's functioning but were rather configuring the existing product in a
unique way. Examples of customizing SharePoint Server have included deploying custom branding elements
such as master pages and style sheets to a site collection; deploying pre-configured web parts to a web part
gallery; creating custom workflows in SharePoint Designer; changing the look and feel of list forms using
InfoPath; and more. Because of the shared nature of the SharePoint infrastructure, Microsoft does not allow the
deployment of custom code to its environment. As a result, the concept of customizing SharePoint as opposed
to deploying custom code is no longer a relevant paradigm. However, it's still helpful to think of ways that
SharePoint can be customized, or configured uniquely, in a broader sense of the word.
The purpose of this document is to help you understand how you can customize your SharePoint environment
using modern tools and techniques.
Branding
Modern SharePoint sites allow you to change the look of the site by modifying elements such as the site logo
and the colors used throughout the site. Branding your SharePoint site can help you match a site to a brand as
well as help users differentiate between multiple SharePoint sites. While several themes options are available by
default, it's also possible to specify unique theme colors by supplying SharePoint with a custom configuration
file. Older, "classic" SharePoint sites allow administrators to apply custom branding and page layouts to a
SharePoint site by applying a custom master page, applying a custom theme to a site, deploying custom page
layouts, and more. Because classic sites are not as fast and mobile-friendly as modern sites, Microsoft
recommends using modern sites going forward.
Navigation
Navigation helps users find the information they need quickly by providing links to pertinent information in a
persistent manner. Planning your navigational strategy in modern sites is a critical element in the usability of
your SharePoint environment. Modern SharePoint sites provide a streamlined model for adding navigational
elements using the browser. The position of the navigation is determined by the kind of site being viewed, the
size of a user's screen, and whether the megamenu option has been enabled for the site. Additionally, modern
sites can take advantage of hub site navigation.
Note that legacy versions of SharePoint allowed navigational elements to be dynamically generated using the
structured navigation and managed metadata navigation providers. These options are no longer available in
modern sites. However, if you are using a classic site with modern pages, you can still use these providers and
the modern pages will reflect the correct navigational links. In terms of layout, because modern sites do not
allow you to customize the site's master page or style sheet, it's not possible to move the position of the
navigation elements on the page as could be done in classic SharePoint sites.
Page content
Nearly every version of SharePoint has had a way of creating custom layouts for web pages, whether that was
by selecting a web part page, a wiki page layout, or a publishing page layout. Modern sites also provide a similar
functionality. However, rather than providing a static layout that provides a set number of editable regions on
the page, modern pages provide the ability for page editors to "stack" column layouts on a row-by-row basis.
Page editors can also choose various options related to how the title region of the page is displayed. Finally, the
most fundamentally way to customize a modern page is to place custom content on the page. This can be done
by adding modern web parts to the page. Note that web parts used in classic web sites will not work in modern
sites. However, it is possible to create and deploy custom ("client-side") web parts that were created using the
SharePoint Framework.
Workflows
Microsoft recommends using Power Automate for configuring and executing all workflows in your Microsoft
365 environment, including SharePoint. For example, it's possible to create unique approval workflows for
content stored in SharePoint. Additionally, it's possible to use Power Automate as the default workflow engine
for approving SharePoint page content, directly from the SharePoint user interface. Flows can be triggered by
SharePoint actions (such as when an item is created in a list), or perform actions within SharePoint (such as
update a list item). While SharePoint Designer workflows are still supported, new workflows should be created
using Power Automate.
Forms
Power Apps can be used to create custom forms for use in modern SharePoint sites. There are several ways in
which these Power Apps forms can be used in your SharePoint site:
As a custom SharePoint list form
As a custom SharePoint list view
As a stand-alone app that uses a SharePoint as its data source
You can embed a Power App form in a modern page using the Power Apps web part.
Forms that were previously created using InfoPath and hosted in SharePoint using InfoPath Forms Services
should be converted to Power Apps forms, as Microsoft has announced the deprecation of InfoPath.
Microsoft Forms can also be used for easily creating light-weight forms. Like Power Apps, it's possible to embed
a Microsoft Form in a page using the Microsoft Forms web part.
L EGA C Y M O DERN
Implement branding using custom master pages, page Use the "apply a look" option to customize branding
layouts, and themes elements like logo, header, footer and colors
Use custom navigation providers such as structured Manually specify navigational links
navigation or managed metadata navigation to dynamically
generate navigational elements
Create a wiki page and choose a text layout option to Create a modern page and add section layouts to the page
modify the layout of the page to arrange web parts on the page.
Create a workflow using SharePoint Designer Create a workflow using Power Automate
Customize a SharePoint form using InfoPath Customize a SharePoint form using a Power App
Deploy a web part to a site using a sandbox solution Use the SharePoint App Catalog to deploy a client-side web
part to a site
Change the default list and library experience
3/23/2021 • 2 minutes to read • Edit Online
The new SharePoint list and library experience is faster, simpler, and responsive on mobile devices. It also
supports many new capabilities that are not available in the classic experience, including Power Apps and Power
Automate integration, the Filters pane, and column formatting. Many sites that have features or customizations
that don't work in the new experience will automatically switch back to the classic experience. For more
information about this behavior, see Differences between the new and classic experiences for lists and libraries.
To detect lists that won't work well with the new experience, run the SharePoint Modernization scanner.
It's no longer possible to select the classic experience as the default for all sites in your organization. Instead, we
recommend setting it for only the specific sites that need it. To learn how to turn off the new list and library
experience for a site collection, see Enable or disable site collection features. For info about changing this setting
using PowerShell, see Opting out of the modern list and library experience.)
NOTE
Users can select the default experience for an individual list or library, overriding what you set. For info, see Switch the
default experience for lists or document libraries from new or classic.
Classic home page modernization
3/23/2021 • 4 minutes to read • Edit Online
Modernizing the home page of a classic SharePoint team site makes the page look great on any device and
makes it easier for users to customize the layout and see news and activity. This article covers all the details on
how automatic modernization works and the controls you have as an administrator.
How it works
If a classic team site meets the following criteria for being updated, the home page will automatically modernize
the next time a user visits. When users first experience the change, they’ll see a walkthrough that highlights the
new capabilities and includes a link to a help article with more details.
We encourage users to adopt the change in order to benefit from the power of modernized pages. However, if
site admins or site owners want to revert to the classic home page, they can. Instructions are available in the
support article.
Update criteria
Classic team site (STS#0) only.
Home page name in any language is ‘Home.aspx’.
Contains default web parts only: getting started (GettingStartedWebPart), Newsfeed (SiteFeedWebPart),
and document library (XsltListViewWebPart).
No text is present (wiki HTML is not customized).
DisplayFormTemplateName = "WikiEditForm".
ModernizeHomepageOptOut feature is not activated.
No custom master pages are detected.
The classic publishing feature is turned off.
NOTE
All update criteria must be met for a team site home page to qualify for the automatic upgrade.
Option 2 : Don’t know what sites will be impacted by this change? You can use the SharePoint Modernization
Scanner and run the scanner in “HomePageOnly” mode. The output of the modernization scanner run contains a
file called SitesWithUncustomizedHomePages.csv. Use this file to get a list of sites and sub sites that will get a
modern homepage. This tool will enable you to message users impacted if desired. If needed, use the
PowerShell cmdlet above, or the following sample script to opt multiple sites out of the update:
https://github.com/SharePoint/sp-dev-modernization/tree/dev/Scripts/HomePageModernizationOptOut
Option 3 : Add an out-of-the-box SharePoint web part, a custom web part, or text to your team site home page.
NOTE
It's highly recommended that you modernize home pages to benefit from the latest SharePoint features and to improve
the viewing experience for users on desktop and mobile. Another option for modernizing classic sites is to enable the
communication site experience on a specific classic site. For info, see Enable the communication site experience on classic
team sites.
What about new classic team sites STS#0 created after this change?
Classic team sites (STS#0) created after May 1, 2020 will not get updated.
A SharePoint communication site is a great tool for sharing information with others in your organization. Your
users can share news, reports, statuses, and other information in a visually compelling format. Now, any classic
team site can have this capability too. By running a PowerShell cmdlet, you can bring modern communication
site features to your classic team sites.
Requirements
The site must be a classic team site that's not connected to a Microsoft 365 group (the STS #0 site
template).
The site must be the top-level site in the site collection. It can't be a subsite.
The user who runs the PowerShell cmdlet must have full owner permission on the target site.
The site must not have SharePoint Server Publishing Infrastructure enabled at the site collection level or
SharePoint Server Publishing enabled at the site level. Learn how to enable and disable publishing features. If
these features were previously enabled but have been deactivated, go to the site contents page and make
sure it doesn't still contain a Pages library. Learn more about features enabled on a publishing site
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command:
Install-Module SharePointPnPPowerShellOnline
Connect-PnPOnline –Url <Url of Targetsite> –Credentials (Get-Credential)
Enable-PnPCommSite
$adminUrl = Read-Host "Enter the Admin URL of 0365 (eg. https://<Tenant Name>-admin.sharepoint.com)"
$userName = Read-Host "Enter the username of 0365 (eg. admin@<tenantName>.onmicrosoft.com)"
$password = Read-Host "Please enter the password for $($userName)" -AsSecureString
# set credentials
$credentials = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $userName,
$password
$SPOCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userName,
$password)
try{
catch{
}
get-siteCollections
}
function get-siteCollections{
write-host "----- List of classic sites with comm site feature enabled -------" -foregroundcolor green
function Get-SPOIsCommSiteEnabled($url){
try{
$context.ExecuteQuery()
$isCommSiteEnabled = $web.Features | Where {$_.DefinitionID -eq $featureID}
$webTemplate = $web.WebTemplate
if($webTemplate -ne "SITEPAGEPUBLISHING" -AND $isCommSiteEnabled){
write-host "Found $($web.url)" -foregroundcolor green
return "Enabled"
}
}
catch{
return ""
}
Get-CommsiteEnabledSites
See also
For info about automatically modernizing the home page on classic sites, see Classic home page modernization.
Differences between the classic and modern search
experiences in SharePoint
3/23/2021 • 2 minutes to read • Edit Online
SharePoint in Microsoft 365 has both a classic and a modern search experience. Microsoft Search in SharePoint
is the modern search experience. Both search experiences use the same search index to find results.
As a search admin, you can’t enable or disable either search experience, both are enabled by default. Users get
the classic search experience on publishing sites, classic team sites, and in the Search Center. Users get the
Microsoft Search experience on the SharePoint start page, hub sites, communication sites, and modern team
sites. Learn about classic and modern sites
The most visible difference is that the Microsoft Search box is placed at the top of the SharePoint, in the header
bar. Another difference is that Microsoft Search is personal. The results you see are different from what other
people see, even when you search for the same words. You'll see results before you start typing in the search
box, based on your previous activity and trending content in Microsoft 365, and the results update as you type.
Learn more about the Microsoft Search experience for users.
Search admin can customize the classic search experience, but not the Microsoft Search experience. As a search
admin you can tailor Microsoft Search to your organization so it's easy for your users to find often needed
content in your organization.
You use the SharePoint admin center to manage classic search and the Microsoft 365 admin center to manage
Microsoft Search. Certain aspects of the classic search settings also impact the modern search experience:
The search schema determines how content is collected in and retrieved from the search index. Because
both search experiences use the same search index to find search results, any changes you make to the
search schema, apply to both experiences. The Microsoft Search experience doesn't support changing the
sort order of results or building refiners based on metadata. Therefore, the following search schema
settings don’t affect the Microsoft Search experience:
Sortable
Refinable
Company name extraction (to be deprecated as of November 15th, 2019)
The modern search experience only shows results from the default result source. If you change the
default result source, both search experiences are impacted.
Depending on the search scenario, some Microsoft Search features might not work if the classic global
Search Center URL is not set to point to the URL of the default classic Search Center. Depending on your
tenant, this URL is "yourcompanyname.sharepoint.com/search" or
"yourcompanyname.sharepoint.com/search/pages". Furthermore, ensure that the Search Center site
collection exists and that all users have read access to it.
If you temporarily remove a search result, the result is removed in both search experiences.
The classic search experience lets admins define promoted results to help users find important content,
while the Microsoft Search experience uses bookmarks to achieve the same. When you create a
promoted result at the organization level, users might also see it on the All tab on the Microsoft Search
results page if they searched across the whole organization. For example, when users search from the
search box on a hub site, they're only searching in the sites associated with the hub and therefore they
don't see any promoted results even if they are on the All tab. But when users search from the SharePoint
start page, they might see promoted results on the All tab. If you have defined both a promoted result
and a bookmark for the same content (same URL), only the bookmark will appear on the All tab.
About the SharePoint admin role in Microsoft 365
3/9/2021 • 2 minutes to read • Edit Online
Global admins in Microsoft 365 can assign users the SharePoint admin role for help with administering
Microsoft SharePoint. The global admin role already has all the permissions of the SharePoint admin role. For
info about assigning a user the SharePoint admin role, see Assign admin roles in Microsoft 365 for business.
Users assigned the SharePoint admin role have access to the SharePoint admin center and can create and
manage sites (previously called "site collections"), designate site admins, manage sharing settings, and more.
IMPORTANT
SharePoint admins can now manage Microsoft 365 groups, including creating, deleting, and restoring groups, and
changing group owners.
Global admins and SharePoint admins don't have automatic access to all sites and each user's OneDrive, but
they can give themselves access to any site or OneDrive. They can also use Microsoft PowerShell to manage
SharePoint and OneDrive. See more about this role's Key tasks of the SharePoint admin below.
Site admins are users that have permission to manage sites, including any subsites. They don't need to have an
admin role in Microsoft 365, and aren't given access to the SharePoint admin center.
NOTE
Global admins, SharePoint admins, and site admins all need to be assigned a SharePoint license.
There is a separate role within SharePoint called the Term Store Administrator . Users assigned this role can add or
change terms in the term store (a directory of common terms you want to use across your organization). To learn more,
see Assign roles and permissions to manage term sets.
Related topics
About Microsoft 365 admin roles
Getting started with SharePoint Online Management Shell
Get started with the new SharePoint admin center
3/23/2021 • 4 minutes to read • Edit Online
To go to the new SharePoint admin center, you need to sign in with an account that has admin permissions for
your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center.
Report data is not available for Office 365 Germany customers and US Government GCC High and DoD customers.
NOTE
Microsoft Partners can't access the new SharePoint admin center.
Some functionality is introduced gradually to organizations that have opted in to the Targeted release option in Microsoft
365. This means that you might not yet see some features described in this article, or they might look different.
Help us improve the new SharePoint admin center! Tell us what you like or don't like, send a suggestion, or file a
bug. To send us feedback, in the lower-right corner, select Feedback .
View reports
On the home page, at a glance, you can see:
The number of files that have specific types of activity each day for the past 30 days. (If an activity occurs
multiple times in one day on the same file, the file is counted only once for that day.)
The number of total and active sites each day for the past 30 days. ("Active" sites are any where users
view a page or view, modify, upload, download, share, or sync a file.)
TIP
To filter a report, select an item in the legend. For example, on the Files by activity type chart, select Viewed or
edited .
To see values for a specific day, point to that day on the report.
To see more details about a report, open the report in the Microsoft 365 admin center by selecting Details . Here, you
can see tables of activity by site or users, change the reporting period, pivot the report, export the report data into a .csv
file that you can open in Excel, and more. For more info about the SharePoint reports in the Microsoft 365 admin center,
see Microsoft 365 Reports in the Admin Center - SharePoint activity and Microsoft 365 Reports in the Admin Center -
SharePoint site usage.
NOTE
Reports typically don't include activity from the last 24 to 48 hours.
Service health
In the Ser vice health section of the home page, you can see whether the SharePoint service is healthy, or if it's
experiencing an active advisory or incident. For more info about an advisory or incident, select it to open the
Ser vice health page of the Microsoft 365 admin center.
TIP
To minimize the nav pane, at the top of the nav pane, select the Collapse navigation menu icon.
site collections page Active sites page The new SharePoint admin center
refers to site collections as "sites."
On the site collections page, select Active sites page > Create In the new SharePoint admin center,
New > Private Site Collection . you can create Microsoft 365 group-
connected team sites and
communication sites, as well as classic
sites.
On the site collections page, select On the Active sites page, select
site collections > Delete . sites , and then select Delete .
On the site collections page, select a On the Active sites page, to open In the new SharePoint admin center,
site collection > Proper ties . the details pane, select the site's you can edit site details.
name.
On the site collections page, select a On the Active sites page, select a The new experience also lets you view
site collection > Owners > Manage site, and then select Owners . and edit Microsoft 365 Group owners.
Administrators .
On the site collections page, select a On the Active sites page, select a
site collection > Sharing . site, and then select Sharing (or select
multiple sites, and then select Bulk
edit > Sharing ).
On the site collections page, select Buy a file storage add-on from the
Buy Storage . Microsoft 365 admin center
Sharing page Sharing page The new page includes the most
common settings, and others are
coming soon.
Settings page Settings page The new page includes the most
common settings, and others are
coming soon. At the bottom of the
new Settings page, to access all the
classic settings, select classic settings
page .
Access control page Access control page The new SharePoint admin center
contains all the classic settings and
more.
See also
Manage sites in the new SharePoint admin center
What's new in the SharePoint admin center
4/26/2021 • 4 minutes to read • Edit Online
We're continuously adding new features to the new SharePoint admin center and fixing issues we learn about.
Here's a summary of what's included. You can help us improve the admin center by sending us your suggestions
and reporting bugs you encounter. In the lower-right corner of the admin center, click the Feedback button.
NOTE
The new SharePoint admin center is supported in Microsoft Edge, Internet Explorer, Chrome, Firefox, and Safari.
Some functionality is introduced gradually to organizations that have opted in to the Targeted release option in Microsoft
365. This means that you might not yet see some features described in this article.
For info about new features in the Microsoft 365 admin center, see What's new in the Microsoft 365 admin center. For
info about new features in Migration Manager, see What's new in Migration Manager.
IMPORTANT
Microsoft 365 apps and services will not support Internet Explorer 11 starting August 17, 2021 (Microsoft Teams will not
support Internet Explorer 11 earlier, starting November 30, 2020). Learn more. Please note that Internet Explorer 11 will
remain a supported browser. Internet Explorer 11 is a component of the Windows operating system and follows the
Lifecycle Policy for the product on which it is installed.
March 2021
OneDrive settings . On the Settings page, you can now manage OneDrive settings. The OneDrive
Notifications setting lets you control whether users can receive notifications about file activity. The
Retention setting lets you specify the days to retain a deleted user's OneDrive. The Storage limit setting
lets you set the default OneDrive storage space. The Sync setting lets you show or hide the Sync button on
the OneDrive website, allow syncing only on computers joined to specific domains, and block upload of
specific file types.
June 2020
Improvements to the Expor t feature . On the Active sites page, you can export your customized view as a
.csv file.
April 2020
Suppor t for the Global reader role . Users assigned this role can view all info in the admin center, but
can't save any changes. Learn more about this role.
December 2019
Customizable navigation pane . You can customize the navigation pane to show or hide items.
Root site replacement . On the Active sites page, you can select and replace the root site.
People cards . On the Active sites page, you can point to a name in the Primary admin column or on the
Permissions tab of the details panel and see info about the person.
Redesigned details panel . On the Active sites page, the details panel that appears when you select a
site has been redesigned to divide the information among multiple tabs. Learn more about managing
sites.
Additional site-level sharing settings . On the Active sites page, when you select a site and then select
Sharing , you can change the default sharing link type and default link permissions for the site.
Site permission details . On the Active sites page, a new experience lets you manage all site admins in
one panel, view site members and visitors, and add site admins to sites that belong to Microsoft 365
groups. Learn more about managing site permissions
Redesigned Settings page . The Settings page has been redesigned to let you see the value for each
setting without selecting each one for more info.
Updated More features page . Classic features can now be found on the More features page. Learn
where to find features in the new SharePoint admin center.
November 2019
If you're using the new sensitivity labels, you can view and edit them from the Active sites page.
October 2019
From the Active sites page, you can change site addresses.
June 2019
The new SharePoint admin center is set as the default experience unless you select to open the classic
SharePoint admin center by default (on the Settings page).
On the Active sites page, you can select multiple sites and bulk edit sharing and hub association settings.
Classic SharePoint admin features such as Term Store, User Profiles, Search, Apps, and more are available
from the More features page so you can access them directly from the new SharePoint admin center.
The Active sites page of the new SharePoint admin center lets you view the SharePoint sites in your organization
(including the new communication sites and sites that belong to Microsoft 365 groups). It also lets you sort and
filter sites, search for a site, and create new sites.
NOTE
The Active sites page lists the root website for each site collection. Subsites, redirect sites (REDIRECTSITE#0) created by
changing a site address or replacing the root site, and Microsoft Teams private channel sites (TEAMCHANNEL#0) aren't
included in the list.
Some functionality is introduced gradually to organizations that have opted in to the Targeted release option in Microsoft
365. This means that you might not yet see some features described in this article, or they might look different.
NOTE
The options that are available depend on the organization-wide setting you've selected. The setting for a site can
be more restrictive, but not more permissive.
To view site activity including the number of files stored and storage usage, select the Activity tab. Activity
information is not available for Office 365 Germany customers and US Government GCC High and DoD
customers.
To view site admins, owners, members, and visitors, select the Permissions tab.
For info about the roles in this panel, see About site permissions.
NOTE
To set the view as default, in the View box, select Set current view as default .
NOTE
Search doesn't look in hub site display names for the keywords you enter.
All characters you enter are treated as part of the query. Search doesn't recognize operators or wildcards (*).
Export to CSV
To export the site list you're viewing as a .csv file that you can work with in Excel, select Expor t .
NOTE
The .csv file lists the hub as a GUID and the template as an ID (for example, STS#0).
Find site collection features in the new SharePoint
admin center
3/23/2021 • 7 minutes to read • Edit Online
This article covers all the features on the classic site collections page and where you can find them in the new
SharePoint admin center.
IMPORTANT
The classic site collections page has been removed. This article shows the features that were present on the classic site
collections page and where to find them in the new SharePoint admin center.
C L A SSIC N EW
C L A SSIC N EW
Change the URL path to /sites/ or /teams/ Site address boxes appear after you begin entering a site
name.
Web Site Address Site address boxes appear after you begin entering a site
name. The name is entered by default as the address. To
change it, select the Edit icon.
Select a template: In the Choose a template box, you can select Document
Community : Team site (classic experience), Blog, Developer Center , Enterprise Wiki, or Publishing Por tal. To select
site, Project Site, Community Site the others, select More templates . This opens the classic
Enterprise : Document Center, eDiscovery Center, Records Create Site Collection window.
Center, Team Site – SharePoint Online configuration, Business
Intelligence Center, Compliance Policy Center, My Site Host,
Community Portal, Basic Search Center, Visio Process
Repository
Publishing : Publishing Portal, Enterprise Wiki, Product
Catalog
Custom : <Select template later…>
Server Resource Quota This setting has had no effect for more than a year.
Private Site Collection with Project Web App Create a site and then use the PowerShell cmdlet Set-
SPOSite -EnablePWA to add or remove Project Web App.
Delete
On the Active sites page, select the site, and on the command bar, select Delete . As with the classic SharePoint
admin center, you can’t delete the root (top-level) site. To swap this site with a different site, see Replace your
root site.
Properties
The columns on the Active sites page show most of this information, so you don't even need to select a site to
see details. To see the properties for an individual site, select anywhere in the site row, except in the URL column.
C L A SSIC N EW
C L A SSIC N EW
Complete Web Site Address link URL column shows the path after the domain. You can copy
the link to save the full URL to the Clipboard.
Other Administrators For any sites that aren’t connected to a Microsoft 365
group, select the site, and on the command bar, select
Permissions , and then select Manage admins . (For
group-connected sites, you have options for managing
group owners and additional admins.)
Resource Usage, Server Resource Quota, Resource Usage These settings have had no effect for more than a year.
Warning Level
Owners
To change the owners for any site that isn't connected to a Microsoft 365 group, go to the Active sites page,
select the site, select Permissions on the command bar, and then select Manage admins .
C L A SSIC N EW
C L A SSIC N EW
Primary Site Collection Administrator Switch the role of an existing admin to Primary Admin, or
add an admin and then switch them to Primary admin.
Site Collection Administrators Use the Add an admin box to add an admin and the Remove
button to remove an admin.
Add Support Partner This option is available in PowerShell only. Go to the Site
Permissions page for a site where you’ve added the support
partner.Copy the encoded string for the partner, and to add
it to other sites, use the PowerShell cmdlet Set-SPOUser.
C L A SSIC N EW
Default link permission “Respect default organization setting” is the same as “Same
as organization-level setting.” Both the classic and new
admin centers have View and Edit options.
Limit external sharing by domain Under Advanced settings for external sharing , select
Limit sharing by domain .
Turn off sharing for all non-owners on all sites in the site This option is available in PowerShell only. Use the cmdlet
collection Set-SPOSite -DisableSharingForNonOwners
Storage quota
These options appear if you use manual site storage limits in your organization. To change the storage limit for a
site, go to the Active sites page, select the site, and select Storage on the command bar.
C L A SSIC N EW
C L A SSIC N EW
Limit storage quota for each selected site collection to a Maximum storage for this site
maximum of
Buy storage
In the Microsoft 365 admin center, go to the Purchase services page. For more information, please see Add
storage space for your subscription.
Add or remove These commands are available in PowerShell only. Use the
cmdlet Set-SPOSite -EnablePWA
Settings (SharePoint Permission Mode or Project Permission To change the permission mode, go to the site as the Project
Mode) and Project Web App Size Web App Administrator and follow the steps in Change
permission management in Project Online. You can review
the size of the Project Web App site using the above
instructions where it is located on the same page under the
section "Project Web App Usage".
Recycle bin
To view your deleted sites, go to the new SharePoint admin center, go to the Deleted sites page.
C L A SSIC N EW
C L A SSIC N EW
Restore Deleted Items Select the site, and on the command bar, select Restore .
Days remaining This info is incorrect in the classic admin center. To calculate
this value in the new SharePoint admin center, use the Time
deleted column.
Search by URL
On the Active sites page, use the Search box. As with the classic SharePoint admin center, you can also sort by
URL.
Site list
Most of the sites that were listed in the classic SharePoint admin center are included on the Active sites page. A
few are hidden because they're system sites that you shouldn’t need to change. The Active sites page contains all
the new team sites and communication sites that didn’t appear in the classic SharePoint admin center. To see the
site list as it appeared in the classic SharePoint admin center, from the Built-in views menu, select Classic
sites .
In both the classic and new admin centers, you can select multiple sites and bulk edit the sharing or storage
settings, or delete the sites.
In the classic site list, locked sites appeared with an icon. In the new SharePoint admin center, to see if a site is
locked, select the site to open the details panel. This site is locked appears at the top of the panel.
If you use manual storage limits, the Storage limit and Percent used columns appear. In the new SharePoint
admin center, on the Active sites page, the Storage limit and Storage used columns appear. The Storage used
column isn’t color coded. The Storage limit column can be sorted by size.
Find sharing settings in the new SharePoint admin
center
3/9/2021 • 2 minutes to read • Edit Online
This article covers all the features on the sharing page in the classic SharePoint admin center and where you can
find them on the Sharing page in the new SharePoint admin center.
C L A SSIC N EW
A. Don't allow sharing outside your organization Under External sharing , drag the SharePoint slider to the
B. Allow sharing only with the external users that already corresponding option:
exist in your organization's directory A. Only people in your organization
C. Allow users to invite and share with authenticated B. Existing guests
external users C. New and existing guests
D. Allow sharing to authenticated external users and using D. Anyone
anonymous access links
Anonymous access links expire in this many days In File and folder links , under Choose expiration and
permissions options for Anyone links , select These
links must expire within this many days .
Anonymous access links allow recipients to In File and folder links , under Choose expiration and
permissions options for Anyone links , select These
links can give these permissions .
C L A SSIC N EW
Let only users in selected security groups share with Expand More external sharing settings and select Allow
authenticated external users only users in specific security groups to share
Let only users in selected security groups share with externally . In the Manage security groups panel, under
authenticated external users and using anonymous links Can share with , select Anyone or Authenticated
guests only .
Default links
C L A SSIC N EW
C L A SSIC N EW
Default link type In File and folder links , under Choose the type of link
A. Direct - specific people that's selected by default when users share files and
C. Internal - only people in your organization folders in SharePoint and OneDrive , select the
C. Anonymous Access - anyone with the link corresponding option:
A. Specific people (only the people the user specifies)
B. Only people in your organization
C. Anyone with the link
Use shorter links when sharing files and folders Under Other settings , select Use shor t links for
sharing files and folders .
Default link permission In File and folder links , under Choose the permission
View that's selected by default for sharing links , select an
Edit option.
View
Edit
Additional settings
C L A SSIC N EW
C L A SSIC N EW
Limit external sharing using domains Under External sharing , expand More external sharing
settings , and then select Limit external sharing by
domain .
Prevent external users from sharing files, folders, and sites Under External sharing , expand More external sharing
that they don't own settings , and then select Allow guests to share items
they don't own .
External users must accept sharing invitations using the Under External sharing , expand More external sharing
same account that the invitations were sent to settings , and then select Guests must sign in using the
same account to which sharing invitations are sent .
Require recipients to continually prove account ownership Under External sharing , expand More external sharing
when they access shared items settings , and then select People who use a verification
code must reauthenticate after this many days .
This article covers all the features on the geo locations page in the classic SharePoint admin center and where
you can find them on the Geo locations page in the new SharePoint admin center. In the new SharePoint admin
center, you can also add and delete satellite locations.
C L A SSIC N EW
Switch between locations Select a different location on the map or from the list at the
top of the navigation pane.
Identify the central location Look for the pin on the map.
See list of satellite locations Expand the list at the top of the navigation pane.
Find access control features in the new SharePoint
admin center
3/9/2021 • 2 minutes to read • Edit Online
This article covers all the features on the control access page in the classic SharePoint admin center and where
to find them on the Access control page in the new SharePoint admin center. In the new SharePoint admin
center, you can also sign out inactive users. Learn more
Control access
C L A SSIC N EW
C L A SSIC N EW
Apps that don't use modern authentication Apps that don't use modern authentication
The modern experience in Microsoft SharePoint is designed to be compelling, flexible and – importantly - more
performant. Both SharePoint performance as a whole and the performance of individual SharePoint components
such as search, lists and document libraries are affected by many factors, all of which contribute to the decisive
performance metric: perceived end user latency, or the speed with which pages are rendered in the client
browser. The SharePoint modern experience incorporates key performance improvements that help to minimize
latency and improve SharePoint page responsiveness:
Client-side processing and data requests
Microsoft 365 Content Delivery Network (CDN)
More powerful computers and modern advancements in network architectures and web browsers have made it
possible to improve the overall SharePoint user experience by shifting much of the data caching and processing
from the server to the client machine. In this article, you will learn about how the SharePoint modern experience
leverages client-side processing and the Microsoft 365 CDN to improve performance.
Related topics
Performance guidance for SharePoint portals
Tune SharePoint performance
Content Delivery Networks
Use the Microsoft 365 Content Delivery Network (CDN) with SharePoint
Creating and launching a healthy SharePoint portal
3/23/2021 • 2 minutes to read • Edit Online
A portal is a Microsoft SharePoint site on your intranet that has a large number of site viewers who consume
content on the site. In large organizations there could be several of these; for example, a company portal and an
HR portal. Typically portals have relatively few people who create and author the site and its content. Most
visitors to the portal only read and consume the content.
Guidance
This set of guidance will walk you through best practices and recommendations before you launch your portal
and how to keep your portal healthy.
IC O N W H AT TO DO F O L LO W T H IS
Follow guidance to
Improve performance for remediate common issues
slow web parts
Keep employees informed and engaged by providing a shared place to securely view and collaborate on
content, and to connect and communicate with colleagues. Build community and culture within your
organization by bringing people together through events, networking opportunities, and strategic
communication channels. Personalize, share, and manage organizational news and shared content to drive
organizational efficiencies securely on any device.
In this solution
DESIGN P RO C ESS L EA RN M O RE
Plan sites - Help site owners understand how to plan to Plan your SharePoint communication site
create high impact sites that meet objectives. Get inspired with the SharePoint look book
Guided Walkthroughs: Creating sites for your organization
Build sites - Learn how to create and customize sites that Create and use modern pages on a SharePoint site
align with your organization. Customize your SharePoint site
Customize the navigation on your SharePoint site
Using web parts on SharePoint pages
Manage sites - Show site owners how to maintain site Management and life cycle of a SharePoint modern page
content and use site analytics to engage viewers. Manage your SharePoint site settings
View usage data for your SharePoint site
Learn more about forming a site owner or intranet champions community to ensure that site owners stay up to
date of new capabilities and guidance. Learn more about how to improve SharePoint adoption.
Files and content OneDrive helps you work on a file and M365 E5
save it directly to OneDrive or M365 E3
SharePoint and changes are updated
across synced devices. Stream lets you
easily create engaging video content.
Access and sync files on PC or Mac
and mobile devices. Share files with
external contacts by providing access
or guest links.
These days, there's an abundance of discussions about best practices to modernize your intranet - designing an
intranet the new way, in the “modern” way, in the intelligent way - and so on. There aren't many discussions
about what modern means as a concept, how modern thinking relates to technology, and how to apply modern
principals to your organization's intranet.
Use this guide to understand how to leverage SharePoint to meet your organization's needs through integrating
modern concepts into the design of your intranet, portals, and sites.
Deployed solely by IT Relies on a collaborative approach with Instead of assigning intranet tasks to a
several stakeholders across few IT members, assemble a team that
departments of the organization represents the needs of your viewers
and business to create intranet
solutions.
Learn more about modern intranet
teams
Manually governed by IT Uses governance models that provide Instead of asking for permission to
flexibility for users in a compliant way create a site from IT, site owners can
based of the organization's goals - create their own sites using
sharing, provisioning, risk mitigation SharePoint's out-of-the-box responsive
designs and custom theming.
Learn more about managing site
creation
Resources can only be accessed in the Work anytime, anywhere, any place, on Instead of limiting access to content,
office or on a computer any device use SharePoint security and
compliance features to make sure
viewers have access to the right
information on any device.
SharePoint works by default on mobile
devices.
Communication primarily through Communicate primarily through Instead of sharing a project update in
email SharePoint news, community portals, a newsletter, announce your update on
and Yammer your project's site and in the Yammer
feed to start an engaging
conversation.
Learn more about using the Yammer
web part
Outdated news is shared in a SharePoint news posts transform news Instead of communicating big
corporate news feed or newsletter into a visually engaging experience announcements through an org-wide
that can be created quickly and email, create a news post that will
distributed to specific audiences in dynamically display to your relevant
real-time audience.
Learn more about creating a news site
Disjointed experience for international Multi-lingual and audience targeting Instead of creating separate
organizations features ensure users relate to relevant experiences for unique viewers, target
information navigational links to specific audiences.
Learn more about targeting content to
specific audiences
Intranet structure is based on Role and task-based portals house Instead of separating content by
organization structure community initiative-driven projects organizational structure, use hubs to
organize content based on business
initiatives.
Learn more about planning hubs
In-person gatherings to build team Frequent engagement through online Instead of semi-annual gatherings,
and organizational culture events that showcase people, celebrate record online events and embed the
milestones, and maintain consistent event recording using Microsoft
conversation using Yammer and stream in a news post.
Microsoft Stream Learn more about using the Stream
web part
Infrequent interaction between the Aligns organizations with leadership Instead of formal engagements with
organization and leadership through live events, dynamic content leadership, create accessible outlets in
like news, and social connection the form of live events in Yammer.
Learn more about organizing a live
event in Yammer
Static information like FAQ Dynamic information that's community Instead of creating a FAQ page, embed
generated in Yammer a Yammer web part that connects
viewers to subject matter experts and
provides insights into previous
conversations.
Learn more about using the Yammer
web part
Browse to find Search and browse to find Instead of limiting viewers access to
content, use SharePoint modern search
features that protect sensitive content
while increasing search success.
Learn more about search in SharePoint
Limited number and access to subject Find subject matter experts and Instead of relying on finding subject
matter experts communities of expertise matter experts in siloed organizations,
surface expertise in social communities
like Yammer and Teams.
Learn more about organizing a live
event in Yammer
Your intranet might include your organization's main landing page, portals for corporate communications, and
individual sites for departments or divisions (like IT or HR). In this article we look at the high-level tasks needed
to create and maintain a successful intranet with SharePoint in Microsoft 365.
Whether you're the organization intranet owners, an IT Professional or administrator, a site owner, or a content
creator you're in the right place. Use this article as a guide to help you find the resources that you need for your
role and the goals that you have for your intranet. As you read the sections below, follow the links for more
detailed information on the areas that you're working on.
Roadmap contents :
Introduction to roles, tasks, and timelines
Key tasks for the organization intranet owners
Key tasks for IT pros and admins
Key tasks for business owners and site owners
Key tasks for content authors
How to get started
Who should use this roadmap?
Organization intranet owners — This is the person managing the overall direction and coordination of your
organization's intranet.
IT pros and admins — One or more IT and SharePoint administrators who will be responsible for managing
the backend configuration and implementation for your organization's intranet.
Business owners and site owners — The various stakeholders who will be responsible for creating and
maintaining portions of the intranet.
Content authors — The people creating and managing content on sites and pages.
What you'll learn :
Understand, at a high level, the various roles and responsibilities of creating an intelligent intranet.
See what you can do with SharePoint out-of-the-box sites and web parts.
Framework for planning and aligning your intranet around strategic business outcomes.
Known success factors for creating engaging intranet experiences.
Keep in mind :
Intranets are a constant work in progress and are never really considered done. Make sure you have a plan to
keep your content relevant, otherwise your intranet will start losing value on the day that you launch. Celebrate
your initial launch, plan to monitor and maintain your intranet and its content over time as the organization
changes and business goals evolve.
How to think about an intelligent vs traditional intranet design
The new, modern experience in SharePoint is designed to be compelling, flexible, and more performant. The
modern experience makes it easier for anyone to create beautiful, dynamic sites and pages that are accessible
and mobile-ready. Modern SharePoint supports intelligent workplaces — those that leverage the collective
knowledge of current users, share and collaborate easily, and engage audiences with targeted content and news.
T RA DIT IO N A L IN T RA N ET IN T EL L IGEN T IN T RA N ET
Communication primarily through email Communication primarily through SharePoint sites and
community portals
Static information like FAQ Dynamic information that's community generated in Yammer
Corporate news dominates the newsfeed Personalized news and content is targeted to specific
audiences
Business owners / site Business objectives, Site creation, navigation, Site management,
owners permissions, content audit, branding, audience scheduled content audits
and migration targeting
Content authors Content best practices, Create and maintain Update existing content,
content, and site design content, content publish new content
collaboration
Content authors
Content authors are the people who create content on sites. Content authors can take on many responsibilities
such as creating and publishing news, creating topic-specific pages, or serving as subject matter experts and
thought leaders for special projects and initiatives. Content authors should get familiar with SharePoint design
fundamentals.
As you create and manage content for your intranet, keep in mind these key success factors:
Consider whether content is best presented as a page or a document. Use pages when your content is
dynamic and most easily communicated with engaging web parts such as images, video, or links. Use
documents when your content is designed to be downloaded or printed.
Summarize up front — place the information readers must have for your communication to be successful at
the top of the page before you focus on the design.
Use sections and heading styles to visually separate topics and concepts to make your pages more readable
and accessible.
Create custom page templates to drive consistency and simplify page creation.
Ensure you follow image and video guidelines to keep page performance high.
Key tasks:
Inform and engage
Collect and manage content using SharePoint pages. Use lists for information you might collect in Excel. Lists
enable you and your audience to gather, track, and share information. Improve the display of lists with column
and list view formatting using the List web part. Use libraries to store documents. Easily add, reorder, sort, filter,
and create custom views of libraries using the Document library web part.
Dynamically display content from a document library, a site, a site collection, or all sites using the Highlighted
content web part.
Create and curate news relevant to your audience using the News web part. Quickly create eye-catching posts
like announcements, people news, status updates, and more that can include graphics and rich formatting.
Customize the way your users view content and news by using audience targeting. Audience targeting enables
specific content to be prioritized to specific audiences on the SharePoint start page, news on the mobile app, and
in News web part when audience targeting is enabled.
Enable users to work on any device. When users keep files on their local device or on a network share, they're
out of luck when they don't have the device with them or don't have a connection to your network. If something
happens to a user's device, the data might not be recoverable. Get the SharePoint mobile app.
Start by — Organizing content into topics, creating pages for each topic. Determine whether the page content
should include text, links, list, or libraries. Align the content to the story to ensure that the reader can get the
information that they need efficiently by quickly scanning or skimming the page.
You'll know you're done when — You can confirm users have access to the right information at the right time by
using site usage and analytics, and asking users for feedback.
Build culture and community
Help work groups connect and engage across your organization using Yammer. Learn more about the Yammer
Highlights and Yammer Conversations web parts. Sometimes content needs to be delivered through video - like
when organization-wide announcements are made or when senior leaders host a live event or when you want
to provide examples on pages that provide instructions. Microsoft Stream is your organization's own video site.
To display video content, use the Stream web part on your site.
Start by — Finding news, announcements, and events to amplify on your site.
You'll know you're done when — You are regularly promoting news and events that start conversations and
engage and connect wide audiences.
Get started
Explore
Identify your key sponsors and stakeholders and review key organizational priorities. Document a vision that
will help provide direction and help you prioritize opportunities.
Align key outcome goals with SharePoint capabilities to identify where you may need to invest in
customization. Consider whether an “intranet in a box” solution might be appropriate for your organization.
Think about governance. What processes will you need to create to provision, manage, and maintain sites
and content? Do you have security, retention, or compliance goals that need to be considered?
Think about branding and architecture — do you want all sites to share a common look and feel?
Analyze possible opportunities to identify priorities.
RO L E EXP LO RAT IO N TA SK S
Organization intranet owners Identify your key sponsors and stakeholders and review key
organizational priorities. Document a vision that will help
provide direction and help you prioritize opportunities.
IT pros / Admins Organize a core team to plan governance — make sure you
align your governance decisions to business goals.
Business owners / site owners Help identify key organizational opportunities and priorities.
Align
Work with business owners and IT to prioritize the intranet projects in your portfolio for the greatest
business benefit in the shortest time.
Start by developing an understanding about what you need your intranet to accomplish and start organizing
content assets and business outcomes. Organize depending on the needs of the business — by region,
department, or function — and by the topics that your users care about.
As you prioritize your intranet projects, consider how to get the best performance and scalability from the
portals that you build.
RO L E A L IGN IN G TA SK S
Organization intranet owners Communicate goals and progress from project start to
finish. Director of the branding direction, governance
strategy, information architecture, change management, and
product adoption.
Business owners / site owners Develop and plan solutions to business objectives.
Responsible for site permissions, content audit, and content
migration.
Implement
RO L E IM P L EM EN TAT IO N TA SK S
Organization intranet owners Get user feedback along the way. Use findings from user
feedback to learn and pivot your intranet plan.
RO L E IM P L EM EN TAT IO N TA SK S
Business owners / site owners Use business objectives to drive decisions around site
creation, navigation, branding, and audience targeting.
RO L E M A N A GEM EN T TA SK S
Organization intranet owners Celebrate the launch of your new intranet. Communicate
goals and progress regularly after the launch.
Business owners / site owners Schedule content audits and use site usage metrics to
measure progress.
Content authors Refresh existing content, publish new content and participate
in scheduled content audits to keep content up-to-date and
compliant.
Related topics
SharePoint adoption resources
Ways to work with SharePoint
Guide to the Modern experience in SharePoint
Intelligent Intranet Envisioning Workshop PowerPoint deck
Plan your intranet
Plan your communication site — get started
Plan an intelligent SharePoint intranet
3/23/2021 • 12 minutes to read • Edit Online
Microsoft SharePoint offers a wide variety of options and tools to create intranet sites for your organization.
Moving your intranet to SharePoint in Microsoft 365 might take a while, particularly if you already have
extensive intranet content. In this article, we'll look at how to plan a new SharePoint intranet with a focus on
quickly bringing sites online and getting a return on your investment.
We'll cover how to:
Understand your key organizational priorities
Understand your audience
Plan for governance
Review your current intranet
Identify and prioritize your business initiatives
Identify one key scenario to prototype and pilot
Launch the pilot and engage with your users
Identify initiatives
Using the information you gathered during your research, work with your key intranet stakeholders to identify
initiatives that reflect your organizational priorities – as well as any barriers that might exist when you are
implementing them.
While you may ultimately implement solutions to address all of the identified initiatives, prioritizing which
project to do first will help you achieve early success and user engagement as efficiently as possible.
Review each initiative you have identified for the following criteria:
Does it solve a real problem?
How many people will use it?
Can it be built in a reasonable time frame?
What's the return on investment?
Analyze each initiative for its positive impact on your users with respect to the ease of implementation. A high
impact initiative that can be built with a minimum of customization can be an ideal first project.
Consider plotting your business initiatives on a grid, like the following, and review with your intranet
stakeholders and IT department to choose the best option to start with.
To help decide which initiative to address first, work with the business leaders for that area to work out the
objectives for the solution, who will be responsible for driving success in this area, and the metrics that you'll
use to measure success. Don’t just focus on system metrics. Think about actual business impact. For example:
Weekly news post by - Streaming events Engineering - Training content Training completed
a senior leader - Formal training produced for all successfully by x% of
aspects of coding engineering staff
excellence
- Monthly streaming
events
I K N O W T H IS IS
AS AN... I N EED TO. . . SO T H AT. . . SUC C ESSF UL W H EN . . .
Employee Understand and be able to I can take advantage of a Help requests are reduced
update my benefits key lifecycle benefit
Employee Learn about how to use the Make updates on my own THelp requests are reduced
self-service benefits portal
HR employee Promote the use of the self- I can spend more time All of my employee
service benefits portal working with employees on interactions are about
unique benefits questions individual critical scenarios
and scenarios
From the high priority scenarios, identify which ones meet these three key criteria:
Can you build a prototype quickly (a few days)?
Is there a committed sponsor?
Is there enough up-to-date content to demonstrate key capabilities?
Is there a specific audience for a pilot?
After you have compiled this information, create a design brief to help map out the user journey about how you
want the site to operate. For example:
Related topics
SharePoint look book
Intelligent Intranet Envisioning Workshop PowerPoint deck
Considerations when planning for a global intranet
3/23/2021 • 4 minutes to read • Edit Online
If your organization has team members in multiple locations around the world, you have additional
considerations and options as you plan for your SharePoint intelligent intranet. For example, you may want
different branding for individual regions. You may want to target content to team members in certain regions or
countries. You may want to provide sites in multiple languages. Or you may need to comply with data residency
requirements in certain countries. Here are options to consider which can be used independently or in
combination to meet the needs of your global intranet and create the best experience for your users.
Hub sites
Multilingual sites and pages
Regional settings
Audience targeting
Multi-Geo for data residency requirements
Hub sites
The advantage to using hub sites is that they provide a flat architecture that is flexible and carries branding and
navigation across multiple sites connected to the hub.
If you have subsidiaries in different regions that have their own branding and navigation, an option for you is to
create a hub site for each region.
Learn how to plan for hub sites
Note User interface elements and pages are not translated automatically. Each page created in your default
language can have a corresponding page in a chosen target language that you, or someone you assign,
manually translates. After you translate such a page and publish it, it will automatically be displayed to users
who have set a preferred language in their Office personal profile.
Audience targeting
Audience targeting helps the most relevant content get to the right audiences. By enabling audience targeting,
specific content will be prioritized to specific audiences through SharePoint web parts, page libraries, and
navigational links.
For example, you might want to prominently display news about a sales meeting in Asia to users in that region
rather than display it prominently to all regions.
Next steps for audience targeting
Learn how to set up audience targeting
Learn more about creating groups for audience targeting
A differentiated service called Microsoft Cloud Germany is being migrated to Office 365 services in the new
German datacenter. For more information see Migration from Microsoft Cloud Deutschland to Office 365
services in the new German datacenter regions.
As you plan your new intranet project, think about how you’ll govern the site architecture and the content. Your
intranet governance plan should be created in the context of the overall governance plan for Microsoft 365. As a
key business solution in your digital workplace, your intranet will have its own unique governance requirements
and expectations, especially because of its organization-wide focus and impact.
Planning intranet governance should happen during the envisioning process - to ensure that all stakeholders
have shared vision and goals. Envisioning is only the beginning. Your intranet governance plan will evolve as
your organization evolves and as new capabilities are added to SharePoint and Microsoft 365.
A good governance plan helps define the priorities for the intranet and helps to prevent content sprawl. It also
ensures that roles and responsibilities are clearly defined and communicated – and ideally, incorporated into job
descriptions or performance goals. One aspect that often separates your intranet from other solutions is the
number of people who are involved in creating and maintaining content. To ensure ongoing success, it is
important to make sure that each of your intranet stakeholders and users understand their roles and
responsibilities.
Intranet governance also includes policies and procedures but it is so much more than that. Intranet
governances should include a plan for user training, monitoring usage, user behavior, and communicating
expectations to all of the diverse stakeholders involved. This is what makes creating a governance plan
document is challenging. It is difficult to create a single document that addresses these multiple audiences and
can be communicated in a way that encourages adherence and adoption.
Instead of creating a document or series of documents, consider creating a resource site that incorporates
training and governance in a single place. Think about how you can combine “how to” (training) with “how
should” (governance) so that when your intranet users visit your user resource destination, they understand
both “why” and “how” your intranet is designed and governed the way you have implemented.
You can consider using the Microsoft 365 Learning Pathways site as a possible starting point or create your own
user resource center that integrates with or complements the Learning Pathways content.
Having an effective governance plan in place enables the decision-making process for the intranet. By reviewing
and revising the governance plan regularly, you can help ensure that your intranet remains a critical asset for
your organization.
Governance Team
As a key business asset, intranet governance needs to reflect the goals of business stakeholders and the legal
and regulatory environment for your organization – not just the expectations of your IT department. Create a
governance team that includes core members from key business stakeholder groups in your organization in
addition to IT.
There is no magic size for the governance team, but it should be small enough to make it easy to make decisions
and representative enough to incorporate the “voice of the business” and IT. When you have specific topics to
review that extend beyond the expertise of the team, you can bring in outside members (such as Legal or
Records Management) to ensure that your decisions are aligned with organizational constraints.
Your governance team may meet on a frequent basis during intranet planning and then less frequently over
time. The goal is to establish a rhythm that works for your intranet and team members. Since governance has an
ongoing role for your intranet success, the governance team should not be disbanded when you launch.
Governance Plan Elements
There is no “one size fits all” model when it comes to intranet governance. In fact, your intranet governance plan
may be different for different types of content. For example, you may want to have more formal policies and
stricter governance guidelines for sites that face the entire organization and less strict policies for content that is
more targeted, such as content for an individual department or a one-time event (see Figure 1). The best
approach is to look at the different elements and think about what is critical or necessary for your organization.
Consider your audience and the culture of your organization to guide your decisions and approach, as well as
your overall Microsoft 365 governance expectations.
Figure 1. Your governance decisions may be different (and stricter) based on the "reach" of your content.
At a minimum, consider each of these elements as part of your intranet governance planning effort.
Vision
Policies and guidelines
Site provisioning and decommissioning
Information architecture and search
Branding
Content management
Security and information management
Roles and responsibilities
Feedback
Training and support
Measurement
Vision
The vision statement describes, at a high level, what you want to want to achieve with your intranet - essentially
how the solution delivers value to the organization and to each individual employee. Use the intranet vision
statement to guide your governance plan. Be sure that the vision is clear because the degree of formality and
the depth to which you need to document the governance plan should align with the outcomes you want to
achieve.
A clear vision statement provides critical guidance to the inevitable decision tradeoffs you will need to make for
your governance plan. For example, you probably do not want a completely uncontrolled environment with
unstructured and “unfindable” content if your intranet vision is to provide a key source of organizational
knowledge and information. In this case, the unstructured environment with no controls is unpredictable and
will likely misalign with desired business outcomes. In a different scenario, some users may have a goal to
create an experimental place where new site owners can create “practice” sites to try out new skills or test
alternative approaches to solve specific business problems. For this use case, an overly restrictive governance
plan may not make a lot of sense. You may determine that you don’t want to support an unlimited number of
“practice” sites, so you may want a governance policy that says that all “test” sites are deleted after a specific
period of time. But, for these practice or test sites, the unstructured environment is fine. You can only know what
is level of governance is ideal because you have a clear vision. The vision provides a framework for both the
context and your investment in governance. Once you are clear about your intranet vision, your governance
team can use that vision to guide the governance decisions.
Your intranet vision includes defining ownership. There is no right answer about which organizational entity
should “own” the intranet – and often, intranet ownership is shared by more than one organizational unit.
However, most intranet professionals agree that there is one organization that should not be the exclusive
intranet owner – IT. IT cannot build an intranet for the business. IT can only build an intranet with the business
and with a commitment from the business. Successful intranets have a champion and owner from the business,
ideally at an executive level.
Policies and guidelines
Policies define the rules and guidelines for your intranet. From a governance perspective, policies are usually
driven by statutory, regulatory, or organizational requirements. Users are expected to meet policies without
deviation. If your organization is subject to regulatory oversight, be sure you can enforce your policies as a
failure to do so may target your organization as being “non-compliant.” Guidelines are usually established to
encourage consistent practices. In many cases, guidelines are more recommendations, but policies are
requirements.
For example, consider the topic of site ownership. A policy might state, “All SharePoint sites will have a primary
and secondary contact responsible for the site and its content.” A related guideline might state, “The site contact
is listed in a web part in the lower left-hand corner of the site home page.” The guideline might become a policy
for major functional sites but remain a guideline or recommendation for topic-specific microsites. Another
example of a policy is whether external users can have access to the intranet as a whole or only to individual
sites. The policy might have a default value of no external access but there could be a process that allows for
exceptions to allow specific partner users to have access to some intranet sites.
Each organization will have its own set of policies and guidelines. General topics should include content
oversight, site design, branding and user experience, site management, and security.
Steps to ensure success:
Verify that your intranet policies and guidelines do not conflict with broader organizational polices and your
overall governance decisions for Microsoft 365.
Publish policies and guidelines where users can easily find and follow them. Some policies may need to be
published for “all users,” while others may need to be secured to protect the integrity of the application.
Consider creating a governance site rather than a document to facilitate publishing and “consuming”
governance policies and guidelines.
Leverage capabilities to automatically apply policies and guidelines wherever you can. For example, you can
enforce content management and retention policies with information protection capabilities in Microsoft
365. You can encourage following design guidelines by using site designs to embed best practices in sites as
they are created. The best way to ensure that your policies are followed is to ensure that site owners and
authors don’t have to think about them. Try to automate as much as you can and where you can’t automate,
plan to provide training to ensure that site owners and content authors clearly understand governance
expectations.
Regularly review and revise policies and guidelines to keep them aligned to organizational needs.
Consider these topics for your intranet policies and guidelines:
External sharing – can external users access intranet sites?
Default sharing links for intranet documents - consider setting the default for all intranet sites to be “People
with existing access” to ensure that site owners don’t accidentally create links that allow visitors to edit key
intranet documents.
Site navigation – for individual sites and the intranet as a whole.
Site designs - including guidance for items like the positions of key web parts on departmental home pages.
Do you want all sites to follow a similar pattern so that users can easily find key content as they move from
site to site? If so, then you may want to apply site designs to ensure that it is easy for site owners to follow
your design patterns.
Metadata architecture and content types - for example, policies for enterprise content types and
organization-wide metadata).
Guidelines for Teams chat and Yammer conversations - including more than just messaging policies for
Teams and how to participate in a Yammer conversation, but also conversation guidelines (such as using
@mentions sparingly and organization-specific “do’s and don’ts”).
User profiles – including expectations for the About me statement and expectations for skills and expertise
(for example, how well do you have to know a topic to list it in the skills and expertise area of your profile?).
Organizational policies and guidelines for intranet site names, file names, Microsoft 365 Group names, etc.
Learn more about Microsoft 365 intranet governance decisions.
Site provisioning and decommissioning
A key intranet governance decision involves determining who can create a new intranet site. Your modern
intranet architecture will be “flat” which means that your intranet will contain many sites. Do you want to
provide a self-service model for new intranet sites or do you want to manage site creation through a form
submission and workflow? There is no right answer to this question – but no matter which approach you
choose, you need to think about governance. There are two popular solutions to governing new site creation:
Implement a site request process for intranet sites
You can easily hide the option to create a new site in the SharePoint admin center. If you do so, you will want to
create a process for users to request a new intranet site. Having a request process makes it easy to review and
track site requests and ensures that your environment remains “tidy,” but if your review and approval process
takes too long, it could be frustrating for your users. Your provisioning process can leverage a site design to
ensure consistency or you can manually create sites to follow your design patterns. A key part of your
provisioning process will be to ensure that new site owners have the appropriate guidance and training that
they need to be successful when you fulfill their site requests.
Allow self-service site creation
If you enable self-service site provisioning, you will want to consider providing site designs that embed your
best practices so that new site owners start with a “template” that aligns to your governance guidelines. You will
also want to track new sites in the Admin Center so that you can follow up with new site owners to provide the
information that they need to be successful after the site has been created.
In addition to providing a process to provision new sites, you will also want to think about a process to provision
new hubs and associated hubs. Hubs must be provisioned by the Global or SharePoint Admin so you will need
to think about how you will plan and govern the creation of new hubs.
When an intranet site is no longer needed, there may be cases where your records management process
prohibits deletion of the site and/or content. Another key governance decision is planning how you will delete or
decommission intranet sites in the context of both legal holds and records management requirements. Learn
more about Microsoft 365 compliance, including records management and advanced eDiscovery.
Information architecture and search
Well-planned information architecture is a prerequisite for a successful and well-performing intranet. It is
difficult to separate planning your intranet information architecture from planning your intranet governance.
These two planning tasks go together and you will likely find that you are thinking about the two aspects of your
intranet iteratively and simultaneously. Intranet governance should cover several key aspects of your
information architecture:
Navigation architecture – how your sites and hubs will be associated to support users who navigate or
browse for content.
Page architecture – guidelines for pages, especially site home pages, to help create consistent experiences
across all intranet sites.
Metadata architecture – columns and content type planning to support consistent approaches for
organizing content and pages.
Search experiences – understanding how users will find content when they don’t know where it might be
in the architecture and how they will discover content. You can help users discover content and improve
search outcomes by leveraging several features in search, including acronyms, bookmarks, Q&A, floor plans,
and locations. For more information, learn how to make content easy to find and how search experiences
work in SharePoint. Your governance plan should include how you will support and manage the creation of
the search discovery attributes.
Branding
Brand standards help to define the look and feel of your intranet. These standards are reflected in site and page
designs. Your brand standards can include standards for the use of imagery, including requirements to use only
brand-compliant images or icons from an organization assets library on intranet pages, as well as requirements
to leverage only brand-compliant custom themes for sites. Your standards might prescribe a specific theme for
different types of sites or sites with different access levels. Your standards might also include content authoring
standards such as tone of voice, spelling conventions, accessibility standards, and other guidelines that support
your organizational brand. Learn more about branding in SharePoint.
Content management
Content management is one of the most important parts of your intranet governance plan. Many intranet users
complain about intranet search – that they can’t find what they are looking for. Most often, the problem is not
with search; the problem is that there is no content management in the governance plan!
Some common content issues include: Files are often duplicated rather than linked – so search finds multiple
copies of the same document and the searcher doesn’t know which one is the correct version. File names often
include version numbers instead of allowing SharePoint to manage versions – so search finds all the various
versions of a document and not just the most recent, making it harder for the searcher to find the current
version of a file.
Your governance plan should include these key content management concepts:
Content creation
Where should content be published? For example, if I am not the “owner” of a document, should I publish it
to my intranet site? Or instead, should I find the owner and ask them to publish it so that I can add a link?
Are there guidelines for creating intranet content? For example, what is the appropriate tone of voice and are
there specific guidelines organizing content on pages? When should content authors create documents for
the intranet and when should they create pages?
Are there accessibility standards that content authors need to follow? Consider these 8 tips to create
accessible SharePoint pages (from the Humans of IT Blog on the Microsoft Tech Community).
How should files be named? Should your governance content include file naming recommendations such as
not including version numbers in file names?
Information protection
Does your organization have a requirement to protect certain types of sensitive information? If so, can your
governance plan (and deployment) leverage Microsoft 365 information protection capabilities such as
sensitivity labels and retention policies?
Content review
Do you want to set up flows using Power Automate to trigger intranet content review at a specific time
interval?
Who is accountable to review content and at what frequency? Is it the site owner or the content author or
another role? Is the expectation different for different types of sites or different types of content?
Content disposition
Do you have requirements to implement records retention policies on some or all content to prevent
accidental deletion?
Security and information management
Your governance plan should not only include what should be posted on the intranet – but it should also include
guidelines for content that should not be posted on the intranet. You may be able to enforce some policies using
automated information protection capabilities, but you will want to provide training and guidance for site
owners and content authors to ensure that they understand their responsibilities when it comes to security and
information management for both sites and content.
Roles and responsibilities
Roles and responsibilities describe how each employee as an individual or in a role (such as Site Owner) is
responsible for ensuring success of the intranet. Documenting roles and responsibilities is a critical aspect of
your intranet governance plan. To ensure that intranet responsibilities are treated seriously, it is helpful to
partner with your human resources organization to ensure that intranet responsibilities are part of job
descriptions or performance goals.
It “takes a village” to successfully support an intranet in any organization. You will need a team - and the team
may include specialized roles that you leverage on an occasional basis, such as developers to create a custom
web part, permanent roles such as site owners for whom intranet site management is a small part of their job,
and other permanent roles for people whose entire job responsibilities involve intranet management. Some
organizations find it helpful to organize their intranet resources in a center of excellence, which may include full
time members of the IT staff supplemented with virtual members who work in different business groups around
the organization. Others extend their centralized staff to include “intranet champions,” who extend the support
team into various departments and geographic locations by volunteering to help ensure intranet success.
No matter who is in your “village,” it is critically important that everyone understands their role and for which
aspects of the intranet they are responsible. Figure 2 shows an example of a role and responsibilities description
for an intranet Site Owner.
Some of the key roles to consider for your intranet governance plan include:
Intranet Steering Committee
Intranet Business Owner
Intranet Technology Owner
Corporate Communications
Training
Intranet Governance Team
Site Owners
Hub Owners
Site Members/Editors
Site Visitors
Yammer Community Owners
Yammer Community Members
Team Owners
Team Members
Intranet/SharePoint/Microsoft 365 Champions
Feedback channel
Your intranet governance plan should incorporate a mechanism to collect feedback from intranet users. This
includes a vehicle to collect feedback – for example, a Microsoft Form linked from the footer of your home site –
but also mechanisms to gather and process the feedback and take actions based on the feedback. It is a good
idea to acknowledge all feedback, even if you don’t plan to take an immediate action.
Training and support
Your intranet will not be successful if you don’t incorporate a way to provide training and support for all users,
but most especially, Site Owners. The best way to reinforce your governance policies and guidelines is to build
them in to your training. In other words, don’t provide training that only shows “how to” – make sure that your
training also includes your policies and guidelines – the “how should” aspect of your governance plan.
It is helpful to provide a dedicated site where Site Owners and other intranet users can find training and
governance information. You can create your own “user resource center” as described earlier or leverage a
third-party or Microsoft-provided training environment. To ensure that your training content is always current,
you can link to content in Microsoft’s training platforms such as support.office.com and docs.microsoft.com. You
can also embed the support.office.com training into your own environment by deploying Microsoft 365
Learning Pathways in your tenant and adapting the content to include your governance policies and guidelines.
You can help your intranet users find your training content by adding a custom tile to your Organization Profile
or adding a custom help link directly in Microsoft 365.
Measurement
Your intranet measurement plan should be aligned to the criteria for success defined for the intranet vision. It
should define the metrics and analytics used to track success, any associated KPIs, and processes for evaluating
metrics and taking action to make improvements.
Look for metrics that are more than just page views. Just because a page is viewed does not mean it is adding
value to users. Instead, look at metrics that measure business value. For example, are you seeing fewer support
tickets related to expense processing because your intranet was updated to include better and more up-to-date
content about expense reports? Are you seeing fewer help desk calls regarding how to upload documents
because you have updated your training content and made it more accessible? Are HR representatives spending
more time on unique issues because the HR content is organized more effectively?
If your initial design plan identified key business outcomes or surveyed users to ensure they had easy access to
the information they need for their job, repeat the process after you have deployed or updated your intranet to
identify the business impact of your intranet update or investment. Supplement this data with qualitative
feedback from site owners and users to create a comprehensive assessment of the effectiveness of your intranet
and your governance plan. Don't be afraid to decommission content or sites that are no longer relevant. You can
optimize your intranet value by using metrics to identify duplicate, out-dated, and irrelevant content and sites.
Additional intranet governance resources:
SharePoint governance overview
How to think about your modern intranet
Engage audiences with workplace communication
3/31/2021 • 8 minutes to read • Edit Online
Learn how to keep everyone informed and engaged using SharePoint, Microsoft Teams, Yammer, and Stream for
live events and other workplace communication methods across your Microsoft 365 environment. Learn more
about the powerful strategies and communication tools available to you that help drive engagement in your
organization.
Leadership connection
Bring the organization together by combining communication channels with M365 live event features across
Stream, Yammer, and Teams. Then, see how you can leverage SharePoint using the leadership connection guided
walkthrough example to create sites that help connect viewers with leadership by creating new communication
channels and a video archive library of recorded events for later viewing.
Company-wide events
Large events that include all employees like “town halls” or “all hands meetings” are one of the ideal scenarios
for leveraging a live event. When planning for a live event, start by ensuring your Microsoft 365 environment is
set up and configured following guidance for each app in the admin section. The admin role is responsible for all
the work behind the scenes work that makes the event possible and ensures the live event follows your
organization’s security and compliance policies. Then, learn about live event planning and production in the
section for the producers and presenters.
T EA M S YA M M ER ST REA M
1. Admin quick start - get ready for 1. Review the Yammer live events 1. Get started with live events in
Microsoft Teams live events overview Microsoft Stream
2. Set up and configure settings in 2. Understand there are some changes 2. Create a live event
Teams live events for your tenant between the new Yammer and classic 3. Use Microsoft Stream in Teams
3. Start planning a live event in Teams Yammer
1. Get started with Teams live events 1. Organize and event in Yammer Use the Stream web part to add a
2. Learn how to produce an event 2. Review Step-by-step playbook of video to a SharePoint page
3. Plan and schedule a live event hosting an event in Yammer
4. Use the Teams live event organizer 3. Learn how to drive engagement for
checklist your Yammer event
5. Manage recordings and reports
Create a leadership site in SharePoint
Use SharePoint to create a place for your organization to share news from leadership and recordings from
company-wide events. Get inspiration from a step-by-step example of how to create a leadership site for your
organization.
In this example, you’ll see a great way to leverage recordings of live events on a SharePoint page. Showcase
recordings on a page using the Stream web part. Then, create a list of links to previous recordings using the
Quick links web part. Consider adding the Events web part to your leadership site to share upcoming company-
wide events with all employees.
Governance is the set of policies, roles, responsibilities, and processes that control how your organization's
business divisions and IT teams work together to achieve its goals. We recommend that you consider
governance first as you start working with SharePoint. Having a governance plan in place early can help your
organization stay compliant with your business processes and regulations.
Two of the primary ways SharePoint is used in an organization are intranet sites and collaboration. See Planning
intranet governance and Overview of collaboration governance in Microsoft 365 for a look at governance in
these two areas.
Resources
Use these resources to further explore governance in Microsoft SharePoint and related services.
SharePoint
Manage site creation for SharePoint in Microsoft 365
SharePoint site designs & site script overview
Learn about retention policies
Managing sites in the new SharePoint admin center
Related services
SharePoint is tightly integrated with other Microsoft 365 services, including Microsoft 365 Groups, Teams, and
Yammer. It's important to think about SharePoint governance in a way that's inclusive of these other services.
Microsoft 365 includes a variety of options to enable your governance policies across SharePoint and related
services, including Teams, Planner, Stream, Outlook, Yammer and Microsoft 365 Groups.
To see how SharePoint governance capabilities overlap with other Microsoft 365 services, see:
Settings interactions between Microsoft 365 Groups and SharePoint
Settings interactions between Microsoft 365 Groups, Teams and SharePoint
For lifecycle guidance for SharePoint sites together with related Microsoft 365 services, see:
Plan organization and lifecycle governance for Microsoft 365 groups and Microsoft Teams
End of lifecycle options for groups, teams, and Yammer
Related topics
Manage who can create Microsoft 365 Groups
Microsoft 365 reports in the admin center – Microsoft 365 Groups
Create a secure guest sharing environment
Limit accidental exposure to files when sharing with people outside your organization
Create guidelines for site usage
3/31/2021 • 4 minutes to read • Edit Online
Using the steps below as a template, create your own custom guidance for SharePoint site owners on how sites
are set up and managed in your organization. Each section provides guidance about what to include, sample text
to help you get started, and links to resources to learn more about each area.
Download the PDF
Introduction
Guidance:
Provide a short introduction to frame your guidelines. If you have broader business or digital resource use
policy, link to it if it applies to SharePoint sites as well.
Sample text:
A SharePoint site is designed to be a powerful tool for team collaboration and communication. [enter your
IT/productivity service org] administers the Microsoft 365 service your site is built on. The goal is to make it
easy to accomplish your business goals.
General guidelines
Guidance:
Provide general policy statements that you want your users to follow. These may include key business uses
you have defined for sites, internal communication policies, or security and privacy guidelines.
Resources:
Plan your SharePoint site
Guide to the modern experience in SharePoint
Sample text:
Here are some things to keep in mind as you work with your SharePoint sites. Refer to [inser t your
organization's name ] business resource use policy. These policies apply to all SharePoint site usage.
Sharing guidelines
Guidance:
Provide information on the way your organization has set up sharing. If you have modified the settings from
the defaults, you can tell your site owners what the sharing settings are for your organization, including for
external sharing.
Resources:
Plan your permissions strategy
Sample text:
Your site and its contents can be shared internally within our organization or externally with your customers or
partners.
As site owner, you will receive access requests when someone shares your site. You can approve or decline any
requests sent to you.
Capacity guidelines
Guidance:
Provide information on the site storage guidelines or limits (if you manage them manually). Tell site owners if
you have a process and policy for requesting more.
Resources:
Manage site storage limits
Sample text:
Your site allows for _____ MB/GB of storage. You're encouraged to remove files and content you don't need
anymore.
Managing access
Guidance:
Provide detailed information on site access. What are your processes and policies for managing site access?
What level of control do your site owners have? If you manage access on behalf of your site owners, let them
know that you will be reviewing site permissions regularly to keep them in line with your organization's
policies. Explain how you will communicate changes to permissions to them.
Resources:
Secure SharePoint Sites and Files
Sample text:
Plan to review your site's permissions on a regular basis and set the level of access appropriately.
Well-planned and executed information architecture is a prerequisite for an intelligent and high-performing
intranet, hub, or site. The most important first step in planning an effective information architecture is
understanding your users and helping them find what they need to complete tasks in a way that makes the
most sense to them.
Information architecture also helps improve user adoption, satisfaction, and productivity while reducing IT costs,
information overload, and minimize compliance and security risks.
In this ar ticle:
Learn the main elements of information architecture
Review the different roles involved in implementing information architecture
Understand the different levels of information architecture – global, hub, and local
Explore SharePoint information architecture building blocks
Levels of navigation
There are three levels of navigation to think about for modern SharePoint experiences:
Global navigation for the entire collection of sites that comprise your intranet
Hub navigation for groups of related sites
Local navigation of an individual site
Global navigation
Many intranets include top navigation that persists on every site. Global navigation allows you to create an
overall navigation story for your intranet that visually connects all the sites, content, and tools your viewers
need to get work done. Every organization has a different requirement for what goes in global navigation, but
some of the category labels often used include concepts such as:
Home
About Us
News
Working Here/Work Resources/Administrative Services/Administration
Operations/Operations Services
Pay & Benefits
Life & Career
Locations
Policies & Procedures/Tools & Resources/Safety & Security
The goal of global navigation is to support browsing to content, but since there is limited real estate available
for global navigation links, global links generally point to major category navigation pages, sub-links, or a mega
menu experience to provide enough "information scent" to help viewers navigate their way to the content they
need. Because the context for global navigation must be broad, it is challenging to make the labels both
comprehensive and useful. If you plan to implement global navigation, you will want to test your proposed
navigation to make sure that it resonates with users.
Global navigation is enabled with the SharePoint app bar on your home site. You will need to have a home site
to enable global navigation. Global navigation appears on the left side of every site and page.
Hub navigation
SharePoint hubs help organize related sites based on project, department, division, region, or concept. Hubs
make it easier to discover related content such as news and other site activities, apply common navigation,
branding, site structure across associated sites and search across all associated sites. One of the important
planning decisions for hubs is planning the hub navigation.
Hub navigation appears above the local navigation on each site, just below the suite bar, as shown in the image
earlier in this article. Hub navigation is established in the site that is declared to be the hub. It is defined by the
hub owner and is shared by all the associated sites.
Each site can belong to only one hub at a time, but you can associate hubs together in a combination of
navigation links and associated hubs as part of your navigation experience. For more information, see Planning
your SharePoint hubs.
Local navigation
Local navigation is the static navigation that viewers see on every page of your site. For team sites, local
navigation shows up on the left side of the page in the area referred to as the "quick launch". For
communication sites, local navigation shows up at the top of the page. Local navigation is on every page in your
site. It creates a persistent experience to allow site visitors to move back and forth among the pages and content
on each site. Think about how viewers might explore your content and use local navigation to support that
exploration.
Example: A travel site might have the following local navigation links that support viewers who are exploring the
travel site from the perspective of "what am I allowed to do?" as well as viewers who are exploring the travel site
from the perspective of the travel process – before, during, and after their trip.
Travel guidelines
Air
Car
Ground transportation
Hotel
Train
Before you go
Travel approval
Booking service
During your trip
Travel safety
Itinerary changes
After you return
Expense reporting
Trip reports
Where you’ll see local navigation elements:
Team site navigation
Communication site navigation
Sites
Your intranet and portals will be comprised of team sites and communication sites that provide further access
into the site’s pages, lists, and libraries.
One component to modern SharePoint team sites that makes information architecture easier to implement and
maintain are Microsoft 365 groups. Microsoft 365 groups provide a membership service that allows for easy
hub and site permissions as well as additional functionality for SharePoint team sites and Microsoft Teams. With
Microsoft 365 groups, you can give a group of people access to a collection of collaboration resources like
Planner, OneNote, SharePoint team sites, and more. M365 groups can only be used on SharePoint team sites.
Pages
Pages within team or communication sites provide an opportunity to use dynamic web parts that automatically
update content from other sites and pages like News, Highlighted content, or Sites web parts. Every page in
each site tells a story for the reader.
Your sites will generally include three types of pages:
The home page where you will provide an overview of your content and introduce the reader to what they
will find on the site.
Navigation pages that provide options or summary information for the reader and help them get to a
decision point about where they want to go next.
Destination pages that are the end point of the reader’s journey. This is where you will present information
to read, print, or download. If you have a lot of information on your destination page or you want to provide
supplemental explanations for detailed topics, you can create an ancillary page.
Since we know that most readers do not read every word on a web page or even scroll to the bottom, you need
to pay attention to how you present information on each page. Make sure that you put the most important
information – the information that your readers must have for your communication to be successful – at the top
of the page. As the page continues, you can add additional information that is helpful, but not crucial. Think of
this as writing with your summary or conclusion up front, instead of at the end. Use sections, headings, and
bullets to make your pages easier to read. For more info, see Add sections and columns on SharePoint modern
page.
Navigational elements
Navigational elements are menu styles like the mega menu, cascade menu, and footer menus. Secondary
navigational elements include inline links and buttons.
Personalization elements
Audience targeting - Audience targeting helps the most relevant content get to the right audiences. By enabling
audience targeting, specific content will be prioritized to specific audiences through SharePoint web parts, page
libraries, and navigational links.
Information barriers - Information barriers are policies in Microsoft 365 that a compliance admin can configure
to prevent users from communicating and collaborating with each other. This is useful if, for example, one
division is handling information that shouldn't be shared with specific other divisions, or a division needs to be
prevented, or isolated, from collaborating with all users outside of the division. Information barriers are often
used in highly regulated industries and those with compliance requirements, such as finance, legal, and
government.
Multilingual considerations - If your organization spans a diverse population, you may want to make content in
your intranet sites available in multiple languages. User interface elements like site navigation, site title, and site
description can be shown in the user's preferred language. Additionally, you can provide pages and news posts
on communication sites that you translate and that are shown in the user's preferred language.
To show the site name, navigation, and footer of your site in the different languages you've made available, each
must be translated manually. For example, let's say you've created a communication site with an English default
language, and you've enabled the site for Spanish and German languages. When you create a site, you set up
the site name and description in the default language (in this case, English). You can also update the site name
and description after site creation. Then you create the navigation nodes and footer content in English.
After the site is set up in English, a user with Spanish as their preferred personal language manually edits and
translates the title, description, navigation and footer content into Spanish. A user with German as their
preferred personal language does the same for German. Once the content is translated, it will display for all
users of those preferred languages.
Metadata architecture
Columns and content types are the two most important metadata elements that you can use to organize
documents and pages in your SharePoint site. Metadata helps your users filter and sort content within a list or
library – but also helps with search. Use columns in your Site Pages library as well so that you can use
highlighted content web parts to dynamically connect related pages based on shared metadata.
Folders are another way to organize document content, but folders are a physical construct with limited
flexibility. Folders are not necessarily bad – they can help you manage performance and security in your
document libraries – but folder structures with more than one or two levels of nesting create a significant
discoverability burden for users and should be avoided. Every site comes with one document library – but you
are not limited to just one library. Instead of using the one default Documents library on your intranet sites,
consider adding topic-specific libraries and add site columns to organize your content within the libraries to
avoid creating multiple levels of nested folders.
Search experiences
Search leverages your information architecture investments to help users find content when they don’t know
where it might be in your architecture. It also helps users discover content that they may not have known about.
You can help users discover content and improve search outcomes by leveraging several features in search,
including acronyms, bookmarks, Q&A, floor plans, and locations. For more info, see Make content easy to find
and Search experiences in SharePoint.
Next: learn about SharePoint information architecture principles
Information architecture in modern SharePoint
3/15/2021 • 8 minutes to read • Edit Online
The most effective SharePoint sites help viewers find what they need quickly so that they can use the
information they need to make decisions, learn about what is going on, access frequently used tools, and
engage with colleagues to help solve specific problems.
Even when search is available, most viewers start their web experiences by browsing. That pattern persists on
internal web sites as well. Good navigation experiences present viewers with a complete picture of what is
available, and combined with the home page, provide a comprehensive "story."
In this ar ticle:
Understand basic information architecture principals
Learn more about how to write effective labels and links
See how to ensure frequently used tools and content are findable
Get organized
There is no one right way to organize your navigation links. You will make different choices based on the type of
site you are creating and your viewers. Organizing concepts might include:
Services
Products
Activities
Audiences (if your viewers can clearly identify the audience to which they belong – such as student or
teacher)
Expertise areas or functions
As you organize user needs and business needs, consider the following:
How can information architecture reduce the cognitive load for your viewers? - Cognitive load is
the amount of information that a person can process at any given time. Managing the user’s cognitive load
helps prevent information overload and time wasted finding resources. Ensure you understand your viewers
needs prior to implementing information architecture.
What is the current mental model of your users? - Mental models are the existing models people use
while interacting with a website or application. Information is easier to discover when it is in a place that
matches the user’s mental model of where it should be.
How can information architecture help users make better and more efficient decisions? -
Decision making can be incredibly taxing. Information architects can help us make decisions by providing
certain information at key moments.
The default navigation for all SharePoint sites primarily includes type of content. For communication sites, the
default navigation includes Documents, Pages, and Site Contents. These categories are helpful as you are
building your site, but they are not typically going to add value to your viewers once your site is ready to launch.
This is because the consumer of a communication site typically doesn't care about the type of content – they
care about the purpose or subject of the content. For communication sites, plan to delete the "out of the box"
navigation when you are ready to launch and replace it with something that aligns with the guidance provided
in the local navigation section of this guide.
The default navigation for team sites includes links to the related services provided by Microsoft 365 for
modern teams – including a link to the shared team notebook and the conversations for the team in Outlook.
These represent the typical features that teams need to effectively collaborate and might be hard for people to
find without the experience provided by the navigation. You may choose to supplement or refine these links for
your team sites, but you will also likely find that the default navigation experience is a good starting point. You
may be more likely to keep most of these links than you would with a communication site.
Navigation design accounts for the visual way of finding components (menus, links, sites, and pages) that help
users understand how to interact with SharePoint sites and portals and what types of information is available.
Options for implementing navigation differ based on the framework for your sites and intranet.
In this ar ticle:
Learn about information architecture elements
Explore common information architecture models and scenarios
Use the models and scenarios as a starting point for navigational design
Benefits - Most users already have a well-established mental model for navigation broken down by
department. This model scales many sizes and types of organizations and is a common method for organizing
and planning hubs.
Governance considerations - For large organizations, especially with international offices, it can be
challenging to make sure the right people have access to the right content for security and compliance
purposes. Consider using personalization elements like information barriers and audience targeting to help
surface content the specific audiences.
Maintenance considerations - As the business grows and departments and team move, you will need to
update global, hub, and local navigation to reflect organizational changes.
By geographic location
Benefits - Organizing by geographic location is an effective way to bring people of similar disciplines together
to collaborate and build community. For large or organizations, and international organizations, location can be
an important decision-making factor for users. Organizing by region may be important when certain topics
have different laws and mandates depending on the region. For example, crisis management sites or human
resource guidelines.
Governance considerations - Many governance details may very among region, for example site creation
policy, data retention, and data storage policies too. Learn more about the multi-geo user experience and multi-
geo configuration.
Maintenance considerations - When the organization moves locations, navigation will need to be updated to
reflect those changes. There are other multi-geo considerations to plan when enabling SharePoint, Microsoft
365 groups, and other Microsoft 365 apps globally. Multi-geo enables global businesses to control the country
or region where shared resources like SharePoint Team Sites, Office 365 Groups content (associated SharePoint
Sites and shared mailboxes) are stored and managed.
By task or scenario
Benefits - Organizing by scenario within navigation helps users learn about a general concept, for example
“about us” pages. Organizing by common and frequently used tasks is helpful in the same way, for example
tasks like “get reimbursed” or “pick a healthcare plan.”
Governance considerations - This style of navigation could attract a broad and high-volume audience
depending on the rest of your navigation design. High volume sites should take extra care in ensuring page
performance is managed by optimizing image sizes and other details. Consider using tactics like creating hubs
to organize tasks by departmental needs, which will make it easier to manage page access and organization.
Maintenance considerations - When organizational information (leadership, locations, etc.) becomes
outdated, navigation will need to be updated.
By portfolio
Benefits - Sometimes content is best organized by type, or portfolio, to display content in natural groupings or
for specific audiences. Organizing your navigation by portfolio offers flexibility as your business scales and
grows.
Governance considerations - For large organizations, especially with international offices, it can be
challenging to make sure the right people have access to the right content for security and compliance
purposes. Consider using personalization elements like information barriers and audience targeting to help
surface content the specific audiences.
Maintenance considerations - As the business and portfolios grow, the navigation needs to reflect
organizational changes.
Scenarios
Scenario 1: Move to modern navigation from classic navigation
Modern navigation
Classic navigation
Your intranet is an ever-evolving component of your business that will need to grow and scale alongside your
organization. Modern intranet navigation differs from classic navigation in the sense that it is “flat” -- in the
modern SharePoint experience, sub-sites are not recommended. In the new “flat” world of modern SharePoint,
plan to create one site for each discrete topic or unit of work. Classic SharePoint architecture is typically built
using a hierarchical system of site collections and sub-sites, with inherited navigation, permissions, and site
designs. Once built, this structure can be inflexible and difficult to maintain.
Focus on incorporating modern changes that will have the greatest impact to your business first. Plan and
schedule when changes will be incorporated and how you will track progress. Use site analytics to understand
user behavior and collect feedback from users along the way. How to get started
Moving to modern navigation from classic SharePoint navigation is a process that depends on the size of your
organization and the complexity of your tenant’s configuration. Below are general guidelines and tools you can
use to get started:
Define new intranet business objectives and choose pilot scenarios
Learn about user needs and find methods to test potential designs
Take an inventory of your current sites and subsites
Start planning hubs and your home site by grouping high priority tasks and content
Release hubs and associated sites in phases
Regularly review hub and site analytics to track page traffic and popular content
Make navigation changes based on your learning from user testing and analytics
Scenario 2: Consider modern hub navigation configuration
These are special considerations for planning hub navigation. A site can be:
In the hub navigation and be associated to the hub
Associated to a hub and not be in the hub navigation
In the hub navigation and not associated to the hub
Example 1 - Site is in the hub navigation and associated to the hub
Showcasing sites associated to the hub allows viewers to discover the sites within the hub family and easily
navigate among and across the “family members.” Adding an associated site to the hub navigation displays the
organizational framework for the collection of sites in the hub navigation. All sites in the hub share a common
theme and navigation helps to establish the identity of the hub family both visually and via viewer interaction.
Your hub links can go to sites or content pages or a combination of both – but use the practices described for
link labeling to ensure that you are providing clear and consistent experiences.
When you choose to show all associated sites (and associate hubs) in the hub navigation, think about whether
all the people who have access to the hub will also have access to each of the sites associated to the hub. For
example, if you add links to private sites in the navigation, you are increasing their "discoverability," which can
be a good thing – if the site owners for those private sites are prepared to get access requests. However, you
may not want to show restricted sites in the navigation if the site owner does not want the site or the content to
be discovered.
To ensure that your hub navigation links keep their promises, consider the following options:
For links that should not be discoverable to all viewers, target the link so that it only shows up for
audiences who have access to the content.
For "discoverable" but restricted links, consider adding the word restricted, or request access, or private to
the label. Have a conversation with those site owners to make sure that they are prepared for potentially
more frequent access requests. In addition, you could consider adding the “lock” emoji to your private or
restricted sites.
Example 2 - Site is associated to the hub and not shown in the hub navigation
If the use case for your hub is primarily about sharing a common theme or for rolling up content for people who
are members of private sites, you may want to associate a site to a hub but not showcase the site in the shared
hub navigation. One reason that this might be OK is that the members of the private sites already know about
the sites and don't need the hub to provide links to the site. However, these same site members would find it
useful to see the news and activity rolled up from their private sites on the hub (via the Highlighted Content and
News web parts.
Another reason not to show associated sites is that the owners of one or more private sites do not want the sites
to be discovered in the hub navigation or they are not prepared to manage unexpected access requests.
Example 3 - Site is added to hub navigation but not associated to the hub
One of the nice features of hub navigation is that it allows you to plan a shared navigation experience for all the
sites associated to the hub – including links to frequently needed sites that are not part of the hub.
If a site is associated to a hub, it is reflected in the hub navigation. You may not want all sites that are related to
the hub "family" to be associated to the hub. For example, consider a scenario when you are collaborating with
external partners on a team site. You may not want to associate external sites to your hub because you may not
want to display the shared navigation for the hub to external partners. But, you may want to add links to the
external sites to the hub navigation to make it easier for internal viewers to discover these related external sites.
This presents a convenient way to showcase links to all the external sites managed by the business group
without having to worry about exposing navigation links to external viewers. When internal viewers navigate to
the external sites, they will no longer see the hub context and theme – but this is the desired outcome.
A site can only be associated to one hub. However, you can increase discovery by adding navigational links to
other hubs or other sites in your hub navigation.
Next: learn how to get star ted planning and implementing SharePoint navigational design
Get started planning and implementing SharePoint
navigation design
3/23/2021 • 3 minutes to read • Edit Online
To begin, understand that no two organizations will build identical architecture structures in SharePoint. This is
because your architecture design stems from the unique needs of your organization and users. Also, remember
that architectural structure will change over time as you learn more about user needs and as the business scales
and grows.
Similar to SharePoint intranet content, SharePoint architecture should be reviewed and revised as often as
needed to ensure users have easy access to relevant content and resources.
In this ar ticle:
Explore how to understand users' needs, content requirements, and scope
Learn how to think about planning, implementing, and managing global, hub, and local navigation
NOTE
To edit site navigation, you must be a site owner.
PLAN B UIL D M A N A GE
1. Ensure you understand your users 1. Customize the navigation of your 1. Use site analytics to understand
needs and the site goals site how users are engaging with your site
2. Learn about designing for local 2. Consider joining a hub site to 2. Review site navigation as needed to
navigation increase viewership ensure all links are active, relevant, and
3. Target navigational links to specific up to date
audiences
NOTE
To edit hub navigation, you must be the hub owner or tenant administrator.
PLAN B UIL D M A N A GE
1. Ensure you understand your users 1. Decide on a menu style 1. Use hub analytics to understand
needs and the site goals 2. Customize the navigation for how users are engaging with your site
2. Learn about designing for global individual sites 2. Review site navigation as needed to
navigation 3. Set up associations and permissions ensure all links are active, relevant, and
3. Consider using a hub site to group for hub sites up to date
similar sites together
4. Learn about multi-lingual
considerations
NOTE
To edit intranet site navigation, you must be the hub owner or tenant administrator.
PLAN B UIL D M A N A GE
1. Define new intranet business 1. Start planning hubs and your home 1. Establish an intranet review team
objectives and choose pilot scenarios site by grouping high priority tasks that ensures navigation and content
2. Learn about user needs and find and content are up to date and aligned with your
methods to test potential designs 2. Set up associations and permissions organization
3. Take an inventory of your current for hub sites 2. Regularly review hub and site
sites and subsites 3. Release hubs and associated sites in analytics to track page traffic and
4. Plan the home site phases popular content
3. Make navigation changes based on
your learning from user testing and
analytics
Next: learn how to get star ted planning and implementing SharePoint site navigation
Plan and implement SharePoint site navigation
3/15/2021 • 9 minutes to read • Edit Online
The fundamental principles and practices for site and page navigation apply to classic and modern SharePoint
architectures. However, your options for implementing navigation differs based on the framework for your sites
and intranet. For example, the default navigation experiences available in classic SharePoint site hierarchies -
sites with subsites - are not available in the modern experience.
Instead, hubs provide a great way to achieve the cross-site navigation features previously available in managed
navigation and site hierarchies in classic SharePoint. No matter which framework you are using, you can use the
guidance in this document to help you create the right navigation for your organization.
In this ar ticle:
Explore considerations and best practices for site and page navigation design
Learn about site navigation best practices
Learn about menu styles and experiences
"When we're observing customers carrying out tasks on websites we notice certain common patterns. For
example, we find that when people arrive at a particular site they start by navigating about 70% of the time .
When people get stuck navigating they may resort to using site search." -- Gerry McGovern
Menu links
There are two types of navigation links: a label and a link. A label is simply a category link – it lets you group
related links but is not a link itself. A link requires a hyperlink and presents a “clickable” experience for the user. A
label should always have at least one link below.
Both cascading and mega menus support up to three levels of navigation in your menu. The first level
represents the tabs you see across the top. The second level is the next level below the tab and the third level is
indented or below the second level. Mega menus work best when you are using all three levels of navigation
experiences. If you use a mega menu, the second level of links will appear in bold . If you only need two levels in
your menu, consider using the cascading style.
Menu experiences
There are two types navigation experiences – targeted and not targeted. With targeted navigation, you can
choose who sees navigation links to create more personal navigation experiences. With non-targeted links, all
users see the link, even if they don’t have access to the target location. Learn about how to target navigation
links in menus.
Menu symbols
All types of menu links support some decoration with emojis. Emojis can be used at the beginning or end of a
link label to add some visual interest to your links.
Choose an emoji that relates to the label topic. You can search for emojis at emojipedia.org, or use the Windows
key plus a period (.). Copy the emoji and add it to the label when you are editing your navigation.
Link to pages, not individual documents
Document links open in a new window, which is helpful if someone wants to close the document after reading,
but document links take viewers to a new context. In some cases, this may be the experience you want. But when
navigation points to a page with an embedded document instead of directly to a document, you have an
opportunity to provide context for the document and retain the navigational context for the site. Think about the
following alternatives if you want to use a navigation link to open to a single document:
Can you re-create the document content as a page instead of a document? Pages are easier to read online
and provide opportunities to create rich, dynamic experiences for your viewers. Modern pages are easier to
read on mobile devices. Documents are great when viewers need to download or print – but when all they
need to do is read, a short, well-crafted page is a better way to present and maintain information.
Embed the document or a link to the document on a page. When a visitor clicks the link to a page, the site
navigation remains visible. The page allows you to provide context for the document and it also keeps the
viewer in the context of your site.
Practice progressive disclosure
Navigation should answer the question, "What can I do on this site or from this location?" But, limited real estate
on the navigation bar or quick launch means you need to apply the principle of progressive disclosure. This
approach suggests that you group your content into logical categories and provide a limited set of choices for
your viewers to allow them to explore each content category to learn more.
Progressive disclosure applies to all types of navigation and not just top or site navigation. It also applies to
page content. You don't need to have a link to every bit of content on your site or in your portal in the
navigation – but your viewers should be able to get a sense of the entire site by exploring your navigation
options. Great navigation experiences help viewers understand:
Where am I?
What can I do here?
Where can I go next?
Plan to optimize the navigation experiences for your viewers by combining navigation and page links to answer
these three questions.
Hub sites help you organize your intranet. Getting the most value from hub sites requires some up-front
planning. Read on to find out more about hub sites and how you can plan for them.
Content authors All members are Small number of Hub site owner defines
content authors who content authors and a the shared experiences for
jointly create and edit much larger number of hub navigation and theme.
content. content readers or Hub site members create
consumers. content on the hub site as
with any other SharePoint
site. Owners and members
of the sites associated with
the parent hub create
content on individual sites.
T EA M SIT E C O M M UN IC AT IO N SIT E H UB SIT E
Permissions Microsoft 365 group, plus SharePoint group Same as original site type.
SharePoint groups and Hub sites do not alter an
permission levels associated site's
permissions.
Created by Site owner (unless this has Site owner (unless this has Global admin or
been disabled in your been disabled in your SharePoint admin in
organization) or admin . organization) Microsoft 365
Examples Project team working Travel team publishing HR hub that provides a
together to complete guidelines about corporate connection and roll-up for
deliverables and manage travel all HR functions, such as
tasks Policies and procedures benefits, compensation,
Holiday party planning Micro-site for a new performance management,
committee planning the corporate initiative talent acquisition, and a
annual get-together Resources for the sales manager portal
HR performance team for a product or Sales hub providing
management team service enterprise resources for the
Executive committee— Sales organization and
different leadership groups connecting regional sales
within the organization team and communication
Extranet site to work with sites
Partner A Location-specific hub that
groups the communication
and team sites for a specific
location (the New York
office)
In the classic intranet model, you might have created an HR site and used subsites to support each HR function.
In the new flat world of modern SharePoint sites, the HR family is connected using the HR hub to provide that
connective tissue for navigation within the family and to provide an opportunity to serendipitously discover
content on a related member of the family when users navigate to the HR home. For example, if you're on the
HR hub reading a news announcement about open enrollment because you're in the process of onboarding a
new employee, you might be happy to know that a new version of the "Welcome to the Company" onboarding
toolkit was just released on the Talent Acquisition site. Likewise, if you're trying to find the HR team's office
sharing policy, you'll appreciate being able to limit your search to only the HR-affiliated sites, rather than the
entire organization.
You don't have to have a hub site for every function. However, when a function provides multiple logically
different services (as in the HR example), it's a good practice to create a hub site to provide a single starting
place for your users. Often, intranet users start their exploration with browsing. Hub sites help combine the
benefits of browsing ("I know this is an HR topic") with the benefits of a more narrowly scoped search ("I want to
find information about vision benefits, not the company's strategic vision."). Even if the users don't know which
sub-function provides a service, they can navigate to the HR hub and then, using the search scope provided by
the hub, search (or navigate) within the HR hub to quickly find what they need.
Some organizational functions have an enterprise-wide scope but a regional or product execution. For example,
think about a Sales department that may have sites for sales regions and sites for location-based offices. This
type of function has always presented a challenge to hierarchical intranet content organization using subsites.
Do we make the Southeast Sales site a subsite of the Southeast Region site or the Sales site? And, what happens
when a state within the southeast region moves; for example, from the southeast region to the northeast
region? This type of dynamic organizational movement creates a nightmare for intranet organization if you use
subsites, but not with hub sites. Picking a hub may create some angst because an individual site can be
associated with only one hub, but keep in mind that content from a site can appear on multiple hubs. You can
customize sources for the following web parts on a hub:
News
Highlighted content
Sites
Events
NOTE
An organization can have up to 2,000 hub sites. You might not need a hub site for every function and it's important to do
some planning before you create hubs.
There is no "one size fits all" way to determine how to align sites to a hub in this scenario. Always start by
answering these questions:
Who is your audience and what do they need to accomplish?
How do the people who need the information get their work done?
Align your hub to create experiences that enable the user first. You may want to think about how people in each
work group think about the work they do by aligning regional sites with the function, since sales content for the
northeast is more likely to be organized similarly to sales content for the southeast than it will be for the
southeast regional office. But this is very much an "it depends" situation. In some organizations, it will make
much more sense to organize all functions around a regional hub than a functional hub. With hub sites multi-
geo capabilities, you can create a better user experience associating Austria Sales with the Austria hub and not
the global Sales hub. In this type of scenario, you can use a link on the Austria sales site to connect it to the
global Sales hub and add each regional sales site to the Hub navigation for global sales.
NOTE
A site can only associate with a hub family. However, hub families can be connected to one another using links either on
the page or in hub navigation.
A good practice is to start with a consistent approach for all functions that have a pattern, such as Sales. If you
align region-specific functions to the regional hub, do that for all functions. Either approach is valid, but from a
usability perspective, it helps to be consistent.
NOTE
Association with a hub does not change the permissions on a site. If you associate a site that has restricted access with a
hub, only users who have access to the restricted site will see content rolled up on the hub. Information surfaced on the
hub site is security trimmed: if you don't have access to the content, you won't see it. Something you may want to
consider is adjusting permissions on the associated sites after you have assembled your hub family.
Navigation
The hub site owner determines which sites are reflected in the shared navigation, and can also include links to
other resources. This navigation appears at the top, below the suite bar. Most of the time, you will want to add
associated sites to your hub navigation. That's one of the benefits of the experiences that you can enable with a
hub. Your hub navigation can have up to three levels, which lets you organize your hub family in a way that
helps users discover and find relevant content.
However, you may not want to add every associated site to your navigation and you may want to consider
adding sites that aren't associated to the navigation. Consider the following as you plan your hub navigation.
Do you want to add private or restricted access sites to the navigation? Maybe. For example,
HR may want to associate their private team site with the HR hub to make it more convenient for HR
team members. But, the HR hub owner may not want to add the private HR team site to the shared
navigation for the HR hub because this would make the private HR site more discoverable by everyone in
the organization, who will get an access challenge when they click the link to the HR team site. Unless the
owner of the HR team site wants to spend a lot of time denying access requests, it might be a good idea
to leave the private team site off the navigation for the HR hub. On the other hand, there may be a site
that is "semi-private" that you want interested people to discover. For example, you might have a
community that wants to restrict membership to people with a specific expertise, but also wants to
discover experts across the organization. In this scenario, users might get an access denied/request
access message, but the site owner is prepared and wants to grant access to interested people.
TIP
If you add links to private sites in your hub navigation, add (restricted) or (private) or (external) to the link name to
help users understand that they may not have access to the navigation link.
Do you want to add sites that are not associated with the hub to the navigation? Maybe. Since
an individual site can only be associated with one hub, adding sites that aren't associated with your hub
helps provide a way to connect your hub to related sites. For example, if you choose to associate
functions within a region with a regional hub instead of the global function hub, you could add
navigation links from the function hub to each of the region sites. For example, if you have a function hub
for HR, you could add the regional HR sites (Northeast HR, Southeast HR, and so on) to the navigation of
the HR hub to create a comprehensive HR experience. Note that when you do this, the news and activity
in the regional HR sites will not show up on the HR hub (but they will show up on the regional hub). And,
when you navigate from the HR hub to the regional HR site, you will be on a site that has the regional
hub navigation and theme, not the HR navigation and theme. There is nothing inherently wrong or bad
about this scenario, but you should be aware of the implications when you plan your hub navigation
experiences
TIP
Don't associate extranet sites with the hub if you don't want extranet users to see the shared navigation. Consider
just adding the external sites to the hub navigation so that internal users have quick access to relevant extranet
sites.
If you're a global or SharePoint admin in Microsoft 365, you can convert any existing site to a hub site.
NOTE
We recommend selecting a communication site, or a team site that uses the new template. If you use a classic team site,
the hub navigation will appear only on modern pages, and hub site settings will only appear on modern pages.
Sites that are already associated with another hub can't be converted to a hub site.
You can create up to 2,000 hub sites for an organization. There is no limit on the number of sites that can be associated
with a hub site.
When users associate their sites with a hub, it doesn't impact the permissions of either the hub site or the associated sites.
It's important to make sure all users you allow to associate sites to the hub have permission to the hub.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Active sites page.
2. Select the site, select Hub , and then select Register as hub site .
TIP
Using the Hub site menu, you can also associate a site with the hub site, change a site's association to a different
hub site, or disassociate a site from a hub site.
3. Enter a display name for the hub site, and specify the individual users or security groups you want to
allow to associate sites with the hub.
IMPORTANT
If you leave the People who can associate sites with this hub box empty, any user can associate their site
with the hub.
If you later want to change the hub site display name or the list of people who can associate sites with the hub,
you need to use PowerShell or go to hub site settings on the hub site.
4. Select Save .
Related topics
For info about using a site design that gets applied when sites join the hub, see Set up a site design for
your hub site. For more info about site designs and site scripts, see SharePoint site design and site script
overview.
To learn how to use Microsoft PowerShell to create and manage hub sites, see Manage SharePoint hub
sites.
For info about how site owners can customize hub sites, see Set up your SharePoint hub site.
For info about removing a hub site, see Remove a hub site.
Unregister a site as a hub site
3/23/2021 • 2 minutes to read • Edit Online
If you're a global or SharePoint admin in Microsoft 365, you can make a hub site no longer a hub site (unregister
it as a hub site). Make sure you do this before you delete the hub site. When you unregister a hub site, any sites
still associated with the hub will be disassociated the next time a user accesses them. Disassociating a site will
remove the hub site navigation bar from the top of the site. The look that the site inherited from the hub site will
stay the same and features such as additional navigation links, applications, or custom lists with specific
columns that were added as part of the inherited hub site design will remain. Any hub-site-related web parts
added to the home page will only show information from the site instead of from sites associated with the hub.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Active sites page.
2. Select the site, select Hub , and then select Unregister as hub site .
3. Select OK .
NOTE
If a hub site has associated sites when you unregister it, it might take a while for the sites to be disassociated. If you re-
register the hub site, the sites may remain associated.
Related topics
To learn how to use Microsoft PowerShell to manage and delete hub sites, see Manage SharePoint hub sites.
Set up a site design for your hub site
3/9/2021 • 2 minutes to read • Edit Online
A site design is one or more site scripts that Microsoft SharePoint runs when a site is associated with a hub site.
Actions describe changes to apply to the new site, such as creating a new list or adding nodes to the site
navigation. Site designs provide reusable lists and custom actions so your users can quickly get started with the
features they need.
NOTE
For organizations using Multi-Geo Capabilities in Microsoft 365, hub site designs work only when sites are in the same
geo location as the hub site.
NOTE
These instructions require the SharePoint admin or Global Admin role in Microsoft 365.
1. Create a JSON script, add it, and create the site design
Follow the steps in Get started creating site designs and site scripts. For the full list of supported actions, see Site
design JSON schema. Note that when you create the site design, the site template you provide ("64" for team
site or "68" for communication site) doesn't matter.
Grant-SPOSiteDesignRights
-Identity <ID>
-Principals ("[email protected]")
-Rights View
Replace with the site design ID from when you added the site script.
Set-SPOHubSite https://contoso.sharepoint.com/sites/Marketing
-Title "Marketing Hub"
-LogoUrl https://contoso.sharepoint.com/sites/Marketing/SiteAssets/hublogo.png
-Description "Hub for the Marketing division"
-SiteDesignId "<ID>"
Replace with the site script ID from when you added the site script.
You can also let hub site owners set the hub site design by using a new option available in the UI. For info about
the hub site settings available to site owners, see Set up your SharePoint hub site.
Introduction to the SharePoint app bar
4/14/2021 • 9 minutes to read • Edit Online
Help users find important content and resources no matter where they are in SharePoint. The SharePoint app
bar is designed to improve the global way finding experience while dynamically displaying personalized sites,
news, and files. The app bar can be accessed on the left-hand side anywhere in SharePoint.
The SharePoint app bar is a significant change to the user experience and your organization's intranet
information architecture. To ensure a seamless experience, we've created specific guidance on how to design
current navigation to compliment the new global navigation feature. We have also created end-user guidance to
help onboard the rest of your organization.
NOTE
When global navigation is disabled, the home icon will link to the SharePoint start page.
Customizing global navigation requires a home site.
Site owner permissions (or higher) to the home site are required to enable global navigation.
Users need read access (or higher) to the home site to view the global navigation links.
Audience targeting can be applied to menu links in global navigation.
Implementing global navigation may take up to 24 hours for the changes to take effect for users.
5. Next, add the Logo for global navigation that will be recognizable to users to replace the home icon in
the app bar. No action is needed if you choose to keep the default home icon.
Global navigation logo specifications:
The logo size should be 20x20 pixels
PNG file type
Transparent background recommended
6. Then, enter a Title that will be displayed at the top of the global navigation pane.
7. Finally, determine the Navigation source . Learn more about selecting a source in the next step.
8. Make edits to the selected global navigation source if needed by selecting Edit global navigation .
Select Save when you are done. Updates to global navigation may take several minutes before they
appear.
NOTE
The global navigation source can be edited at any time by site owners or admins of the home site.
The site and global navigation links and labels can be edited at any time by editors of the home site.
Implementing global navigation may take up to 24 hours for the changes to take effect.
Determine the global navigation source depending on your home site’s configuration:
If you haven’t set up your home site, do that first and if you are setting up a home site specifically to implement
global navigation, review this guidance.
For home sites that are a hub, you have two source options:
Select the site navigation source to display the home site’s navigation.
Select the Hub or global navigation source to display the home site’s hub navigation.
NOTE
When you apply the extended header layout to the site, you will no longer see the hub navigation.
For home sites that are not a hub, you have two source options:
Select the site navigation source to display the home site navigation.
Create a secondary set of navigation nodes specifically for the global navigation panel by selecting Hub
or global navigation . Then, select Edit global navigation to create the new global navigation menu.
Select Save when you are done.
NOTE
For home sites that are not a hub site and choose to create a secondary set of navigational nodes for the global
navigation pane - if you decide to make your home site a hub in the future, the new hub site navigation will
inherit the current navigational nodes for global navigation and can be edited at any time.
See all the different ways you can set up global navigation
Depending on the content you want to make available in the global navigation, you can configure your home
site navigation and global navigation in three different ways.
NOTE
Only one communication site can be set as the home site.
The first time you set up a home site, it might take up to several minutes for the changes to take effect.
Global admin credentials are required to use the SharePoint Online Management Shell tool that is required to
transform a communication site into a home site.
Set-SPOTemporarilyDisableAppBar $true
3. If you need to confirm if the app bar has been disabled or enabled, check the app bar status by running
the following command:
Get-SPOTemporarilyDisableAppBar
NOTE
It can take up to an hour for the app bar to be removed on a tenant where the app bar is already showing up.
Running the command without the $false or $true value will cause it to fail.
You must be using the latest version of PowerShell.
If you are using previous versions, uninstall the previous version and then install the most up to date version. Previous
versions of PowerShell can't coexist with the most up-to-date version of PowerShell.
Set-SPOTemporarilyDisableAppBar $false
NOTE
It can take up to an hour for the app bar to show up on a tenant where the app bar was disabled previously.
2. If you need to confirm if the app bar has been disabled or enabled, check the app bar status by running
the following command:
Get-SPOTemporarilyDisableAppBar
Resources
Learn more about home sites
Learn more about planning and creating hub sites
Learn more about navigation and information architecture in SharePoint
Learn more about sharing and permissions in SharePoint
Add Viva Connections for Microsoft Teams desktop
4/12/2021 • 9 minutes to read • Edit Online
Microsoft Viva Connections - one of the four Viva modules - is your gateway to a modern employee experience.
The Viva Connections for desktop experience, formerly known as the Home site app, combines the power of
your intelligent SharePoint intranet with chat and collaboration tools in Microsoft Teams. Viva Connections
enables users to discover and search relevant content, sites, and news from across the organization right from
the Team’s app bar. Viva Connections also allows you to incorporate your organization’s brand and identity
directly in Teams.
1. Highlight specific resources: Viva Connections uses the company-curated global navigation links
along with personalized content like sites and news, which are powered by Microsoft Graph. Global
navigation is configured in SharePoint and can be accessed by selecting the icon in Teams app bar.
2. Navigate intranet resources in Teams: Navigate to all modern SharePoint sites, pages, and news
within Teams without losing context. All files will open in the Teams file preview window.
3. Search for intranet content in Teams: On the home page, you can search for intranet content in
SharePoint by searching in the Teams search bar. Search results will be displayed on a SharePoint site in
the browser.
4. Share content easily: Features in the SharePoint site header will dynamically display tools that help users
collaborate depending on the type of content being viewed. Tasks such as sharing a link to a SharePoint page
in a Teams chat are much easier.
IMPORTANT
You need SharePoint admin permissions (or higher) to create the Viva Connections for Teams desktop app in
PowerShell, and you need Teams admin permissions (or higher) to apply the app in the Teams Admin Center.
Viva Connections for desktop is not yet supported in the Teams mobile app.
Only modern SharePoint sites and pages can be viewed in Teams and all other content will open in a browser.
Global navigation menu links can be audience targeted so that specific content is surfaced to certain groups of people.
Audience targeting settings in the SharePoint global navigation menu will carry over to global navigation in Teams.
Search customizations applied to SharePoint sites will apply to search results in Teams when on the home site. All
SharePoint out-of-the-box site headers are compatible with Viva Connections desktop. However, if you modify your
SharePoint site to remove, or significantly change the site header, then these contextual actions may not be available
to the user.
Viva Connections was originally announced as the Home site app.
Viva Connections for mobile will become available in Summer 2021 and will include enhancements to the overall
configuration and deployment experience.
The Viva Connections for desktop PowerShell script is available now in the Microsoft download center.
Watch how to create the app package and then upload it to Teams
IMPORTANT
The Viva Connections for desktop PowerShell script is available now.
SharePoint admin credentials are required to use SharePoint PowerShell.
The SharePoint admin who creates the Viva Connections desktop package needs site owner permissions (or higher) to
the home site in SharePoint.
If your tenant is using an older version of PowerShell, uninstall the older version and replace it with the most up to
date version.
Icons need to be PNG files
4. Provide tenant and site information to create the package: Download the Viva Connections for
desktop PowerShell script and provide the information below.
When you create a new package in PowerShell, you will be required to complete the following
fields:
URL of your tenant’s home site: Provide the tenant's home site URL starting with "https://". This site
will become the default landing experience for Viva Connections.
Provide the following details when requested:
Name: The name of your Viva Connections desktop package, as it should appear in Teams app bar.
App shor t description (80 characters): A short description for your app, which will appear in
Teams app catalog.
App long description (4000 characters): A long description for your app, which will appear in
Teams app catalog.
Privacy policy: The privacy policy for custom Teams apps in your organization (needs to start with
https://). If you do not have a separate privacy policy, press Enter and the script will use the default
SharePoint privacy policy from Microsoft.
Terms of use: The terms of use for custom Teams apps in your organization (needs to start with
https://). If you do not have separate terms of use, press Enter and the script will use the default
SharePoint terms of use from Microsoft.
Company name: Your organization name that will be visible on the app page in Teams app catalog in
“Created By” section.
Company website: Your company’s public website (needs to start with https://) that will be linked to
your company’s app name on the app page in Teams app catalog in “Created By” section.
Icons: You are required to provided two PNG icons, which will be used to represent your Viva
Connections desktop app in Teams; a 192X192 pixel colored icon for Teams app catalog and a 32X32
pixel monochrome icon for Teams app bar. Learn more about Teams icon guidelines.
NOTE
Microsoft does not have access to any information provided by you while running this script.
5. Upload the Viva Connections desktop package in the Teams Admin Center : Once you
successfully provide the details, a Teams app manifest, which is a .zip file, will be created and saved on
your device. The Teams administrator of your tenant will then need to upload this app manifest to Teams
admin center > Manage apps .
Learn more about how to upload custom apps in Teams admin center.
6. Manage and pin the app by default for your users: Once the Viva Connections desktop package is
successfully uploaded in the Teams admin center, it can be managed like any other app. You can configure
user permissions to make this app available to the right set of users. Permitted users can then find this
app in Teams app catalog.
We highly recommend that you pin this app by default for users in your tenant so that they can easily
access their company’s intranet resources without having to discover the app in Teams app catalog. Use
Teams app setup policies to pin this app by default in Teams app bar and then apply this policy to a batch
of users.
Then, onboard end users for Viva Connections
Help end users understand how to use Viva Connections to improve workplace communication and
collaboration.
FAQs
Q: Can any site be pinned as default landing experience in Teams?
A: Modern SharePoint communication sites are eligible for pinning in Teams via Viva Connections. However, we
highly recommend that you nominate a home site in SharePoint and pin that as the default landing
experience for your users in Teams.
Q: What happens if I don’t configure global navigation links before setting up Viva Connections?
A: The user will still be able to access followed sites and recommended news by selecting the global navigation
icon in Teams but will not have direct access to intranet navigational items.
Q: What is the difference between using Viva Connections and adding a SharePoint page as a tab
in Microsoft Teams?
A: Viva Connections allows organizations to pin an organization-branded entry point to their intranet that
creates an immersive experience, complete with navigation, megamenus, and support for tenant-wide search.
Viva Connections also provides quick access to organization curated resources, followed sites, and news like
those provided by the SharePoint app. SharePoint pages can be pinned as tabs in Teams channels provide ways
to bring content directly into Team collaboration workspace, and these pages do not feature navigation and
search elements.
Q: Is this the same feature that was announced in fall 2020 as the Home site app?
A: Viva Connections was originally announced as the Home site app but will be called Viva Connections moving
forward.
More resources
Set up a home site for your organization
Enable and set up global navigation in the SharePoint app bar
Introduction to SharePoint Online Management Shell
Learn more about Microsoft Viva
Learn more about Viva Connections
Control settings for Microsoft Lists
3/23/2021 • 2 minutes to read • Edit Online
As a global or SharePoint admin in Microsoft 365, you can control settings for Microsoft Lists. You can:
Disable the creation of personal lists (prevent users from saving new lists to "My lists").
Disable built-in list templates that aren't relevant for your organization.
You control both of these settings by using Microsoft PowerShell.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command:
Set-SPOTenant -DisablePersonalListCreation $true
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command:
Discover the modern experiences you can build with Microsoft SharePoint. Use the SharePoint look book and
integrated provisioning service to find inspiring samples of communication sites and team sites that look great
on the web and on mobile devices. Then, add one or more sample sites to your tenant. You can customize the
sample to use for your own site or use the site for learning or showing to your colleagues. You can do this all
with the SharePoint look book and the integrated SharePoint provisioning service.
Get started
Select a sample you like
Browse the samples in the online SharePoint look book.
Select a sample to learn more about it. You’ll see the site features, web parts used, and content included. To show
you how to use these features, links are provided to a help topic for each feature and its web part(s) in the list.
After you've decided on the sample you want to use in your tenant, near the bottom of the page, select Add to
your tenant . To use this service, you'll need to be signed in as a global or SharePoint admin in Microsoft 365.
Enter your information
Next, enter your email address (for a notification of when your site is ready to use), the title you want to use for
your site, and the site URL you want to use.
Start provisioning
Select Provision , and in a short time your site will be ready for you to use. How will you know? You’ll get an
email (sent to the email address you provided on the form above) like this:
Open and explore your site
Select Open site , and you’ll see your sample site and content in your tenant!
From here, you can explore the site and edit the pages and content.
Additional resources
Create a communication site
Create a team site
Using web parts
Create and use modern pages
SharePoint Design Guidance
Overview of the Microsoft New Employee
Onboarding sites
4/22/2021 • 20 minutes to read • Edit Online
There are three (3) new templates for New Employee Onboarding (NEO) to help organizations improve their
onboarding process. The NEO sites are designed to deliver a flexible and consistent experience. The NEO sites
can be used on their own, or together.
The NEO site(s) helps organizations by:
Providing new employees a place to get started
Connecting new employees to people and culture
Helping stakeholders easily contribute to new employee onboarding
Generating data and usage reports that help measure NEO content effectiveness
Why invest in new employee onboarding sites?
New employee onboarding (NEO) should be a strategic process that integrates new employees into an
organization and its culture while providing the knowledge and tools needed to become fully contributing team
members. NEO processes often fall short for both the new hires and the organization. Only 12% of employees
strongly agree their organization does a great job of onboarding new employees. An engaging and well-
organized NEO process can make all the difference in helping a new hire navigate through an exciting – but
stressful - career journey, and it can have major organizational benefits.
A strategically planned NEO experience can:
Improve new hire performance and time to productivity - Organizations with a standard onboarding
process report 50% greater new-hire productivity.*
Improve new employee retention - Based on our research, 69% of employees are more likely to stay with a
company for three years if they had a great onboarding experience. Employees who have a negative onboarding
experience are twice as likely to look for new opportunities.**
The NEO experience process:
H EL P STA K EH O L DERS
EA SILY C O N T RIB UT E TO M EA SURE EF F EC T IVEN ESS
P RO VIDE N EW EM P LO Y EES C O N N EC T N EW EM P LO Y EES N EW EM P LO Y EE O F N EW EM P LO Y EE
A P L A C E TO GET STA RT ED TO P EO P L E A N D C ULT URE O N B O A RDIN G O N B O A RDIN G
Onboarding journey Social connections and live Easy to create and maintain Example model for KPIs
events compelling content
experiences
Share the Pre-onboarding site with Share the Corporate onboarding site Managers and onboarding buddies
new hires as soon as the job offer has with new hires on their first day should share their respective
been accepted Departmental onboarding site
1. New employee pre-onboarding site: A site for new hires, who have yet to officially join the company, to
learn more about the company they have joined and to get ready for their official start date. External guest
access can be used for providing pre-start hires, with no corporate credentials, access to the Pre-onboarding
site only.
2. New employee corporate onboarding site: A place for new hires to visit to get the information and
connections they need to successfully onboard to the organization.
3. New employee depar tmental onboarding site: A place for new hires to visit to learn more about the
department they are joining, its people, culture, and priorities. The Departmental onboarding site can be
associated to an existing departmental hub.
NOTE
To deliver a flexible and consistent new hire onboarding experience the NEO sites consists of three different
SharePoint site templates , that are designed to work alone or as one cohesive and familiar experience for new hires.
Sites must be provisioned individually, and then can be configured to create a hub or add a site to an existing hub. You
must have site collection administrator permissions or higher to provision the New employee on baording sites.
IMPORTANT
To deliverThe provisioning service requires these permissions to provision the site template. There is no overall
impact on your tenant and these permissions are explicitly used for the purpose of the solution installation. You
must accept these permissions to proceed with the installation.
4. Complete the fields on the provisioning information page as appropriate for your installation. At a
minimum, enter the email address where you wish to get notifications about the provisioning process
and the URL prefix for your site to be provisioned to.
5. Select Provision when ready to install the NEO sites into your tenant environment. The provisioning
process will take up to 20 minutes for each site. You will be notified via email (to the notification email
address you entered on the Provisioning page) when the site is ready for access.
NOTE
Have provisioning questions? Need to report an issue? Post your questions and comments about the provisioning of the
NEO sites to the SharePoint provisioning service forum.
Share the Pre-onboarding site with Share the Corporate onboarding site Managers and onboarding buddies
new hires as soon as the job offer has with new hires on their first day should share their respective
been accepted Departmental onboarding site
NOTE
There are three NEO site templates that can be used alone or all together. Check with your site collection administrator to
confirm which NEO sites were provisioned and are available for customizations.
1. New employee pre-Onboarding site: A site for new hires, who have yet to officially join the company, to
learn more about the company they have joined and to get ready for their official start date. External guest
access can be used for pre-start hires who don't already have corporate credentials to give them access to
the Pre-onboarding site only.
IMPORTANT
Enable external sharing for the Pre-onboarding site. The Pre-onboarding site is intended to be shared with new hires as
soon as they sign their offer letter, but before they start their first day at work. Therefore, this site needs to be shared
with external users. External sharing is off by default for SharePoint communication sites. In order for site owners to share
externally, turn on external sharing for the Pre-onboarding site.
2. New employee corporate onboarding site: A place for new hires to visit to get the information and
connections they need to successfully onboard to the organization.
3. New employee depar tmental onboarding site: A place for new hires to visit to learn more about the
department they are joining, its people, culture, and priorities. Consider associating departmental
onboarding sites with existing department portals if you have them.
Get started - Sign into your Microsoft 365 account
NOTE
You need to be a site owner to customize and share the NEO sites. Work with your SharePoint administrator if you don’t
already have access.
1. Open your web browser and navigate to office.com or your organization’s sign-in location.
2. Sign in with your username and password.
3. Navigate to the location of the site using the URL supplied by your site collection admin, or select
SharePoint from the Microsoft 365 home page, and then select the site.
Explore and review pre -populated content
To deliver a flexible and consistent new hire onboarding experience the NEO sites consists of three different
SharePoint site templates, that are designed to work alone or as one cohesive and familiar experience for new
hires. Check with your site collection administrator to confirm which NEO sites were provisioned and are
available for customizations.
Review content in the Pre-onboarding site
Review content in the Corporate onboarding site
Review content in the Department onboarding site
NOTE
The NEO sites comes with many pre-built pages that can be identified in the site navigation with this symbol ">>."
Determine which pages and content to keep, edit, or delete based on the needs of your organization.
Home page – The home page is the first site your user will see after they agree to accept the job. Use
this landing page as an opportunity to highlight significant concepts and get new employees excited
about starting their new job. Provide content for topics like organization leaders, values, communities of
interest, benefits, and career planning resources.
IMPORTANT
Plan to connect social media accounts to the Hero web part and the Twitter web part.
Welcome – Give new hires a warm welcome and place to start understanding onboarding tasks and
how to prepare for their first day. This is a good opportunity to include a video message from leadership.
Use the YouTube web part, or Embed web part to display the video.
Contoso 101 – Provide high-level information about the organization that engages and excites. Share
more about leadership and values in Our leadership team and Our values pages.
Prepare for your first day – Ensure new hires feel prepared and supported on their first day by
providing details on what to bring and where to go.
Help & Suppor t – Highlight where to go for support and customize questions and answers for the FAQ
page.
New employee corporate onboarding site:
The corporate onboarding site is the landing place for the new employee onboarding experience and is
designed to provide a high-level view of organizational goals, leadership, team structure, and resources. In this
phase, users are looking for guidance, support, and clarity. Use this site to outline onboarding details and
expectations during the first months of onboarding. Ensure users have access to support channels like Yammer,
write FAQs relevant to your organization, and customize the onboarding checklist to include the activities you
want all new hires to do in their first 30, 60, 90 days.
P r e - p o p u l a t e d si t e c o n t e n t s:
Home page – Provide a high-level view of significant concepts that will be relevant to new users. This page
is a great location to help new employees build their network and learn from more experienced and
knowledgeable employees with Microsoft Teams live events
Star t here – Specify what new hires should do in their first 30, 60, and 90 days of onboarding by creating an
onboarding process in on the Start your journey here page. The new hire checklist found in this section
comes pre-populated with a set of generic onboarding activities. Customize list content to meet your needs.
Learn more about working with SharePoint lists.
Who we are – Introduce users to more detail about the organization in the Our story, Our leadership, Our
teams pages. Customize these pages and the Office locations page for your organization. Or, link to an
existing leadership page instead.
Help & Suppor t - Highlight where to go for support and customize questions and answers for the FAQ
page.
Community – Help new hires start building community right away and make sure new hires are aware of
Employee resource groups and other connection channels.
Depar tmental onboarding – Provide an entry point to departmental-level information from the site
navigation where users can access departmental onboarding sites. Consider provisioning the Department
site template.
New employee departmental onboarding site:
Here, users need to learn about departmental leadership, culture, goals, and resources. Use the departmental
onboarding site to provide access to communication channels, training guides, and events relevant to new hires.
Consider associating departmental onboarding sites with existing department portals if you have them.
P r e - p o p u l a t e d si t e c o n t e n t s:
Home page - Provide a high-level view of significant concepts that will be relevant to new hires.
Getting star ted – Help users quickly understand onboarding tasks, departmental procedures, and anything
else that will help new hires be successful.
Meet the team – Introduce new hires to people, the organization structure and goals on the Leadership, The
organization, and Our priorities pages. Edit the Call to Action web part to include links and images. Or, link to
an existing team page instead.
Help and suppor t - Highlight where to go for support and consider creating a FAQ section.
Next steps: Customize place-holder content, edit the site navigation, add pages as needed, and hook up social
media accounts in web parts.
Customize the content and look of your NEO sites
Now that you’ve reviewed the pre-built pages and pre-populated content, you are ready to customize the NEO
experience for your organization.
Navigation
Site navigation is important because it helps users immediately understand what can be accomplished on a
given site. The most effective SharePoint sites help viewers find what they need quickly so that they can use the
information to make decisions, learn about what is going on, access the tools they need, or engage with
colleagues to help solve a problem. Edit site navigation for all NEO site templates to meet the needs of your
audience and organization. Learn how to edit site navigation.
Web parts
Customize web parts with images, labels, links, and content that aligns with your organization’s mission. Keep
images and descriptions simple and easy to understand for your new-hire audience.
Hero web par t - Bring focus and visual interest to your page with the Hero web part. You can display up to
five items in the Hero web part and use compelling images, text, and links to draw attention to each.
Text web par t - Use the Text web part to add paragraphs to your page. Formatting options like styles,
bullets, indentations, highlighting, and links are available.
Image web par t – Use the Image web part to add an image to a page.
Quick links web par t – Organize and display links to other resources with the Quick links web part.
People web par t – Use the People web part to display profile photos, contact information, and
organizational information for people at work.
Twitter web par t - Use the Twitter web part to highlight topics and conversations on SharePoint pages.
YouTube web par t - Use the YouTube web part to embed YouTube videos right on your page.
Site theme and branding
Edit the look of your SharePoint sites to align with your organization's brand. Customize the site display name,
logo, theme, header layout, navigation style, and more in the Change the look panel.
Hub site settings
SharePoint hub sites help connect and organize sites based on project, department, division, region, etc. making
it easier to:
Discover related content such as news and other site activities
Apply common navigation, branding, and site structure across associated sites
Search across all associated sites.
Considering associating the departmental onboarding site to an existing corporate onboarding site or
departmental hub. Learn how hub site associations work and how to manage hub settings for your
organization. Learn more about SharePoint hub sites.
More customization resources:
Add a page to a SharePoint site
How to use web parts on SharePoint pages
Use the Events web part
Use the News web part
NOTE
If you are unable to add visitors (external users, also referred to as guests) to the pre-boarding site, work with your
SharePoint administrator to turn on external sharing for a SharePoint site.
As a site owner, you can give external people access to the site by adding them as a visitor .
1. Select Share site from the right-hand corner.
2. In the Share site pane, enter the names of people to add them to the site. The permission level will be ready
only.
3. Enter an optional message to send to the person, or clear the Send email box if you don't want to send an
email.
4. Select Share.
Share the Corporate and Departmental onboarding sites
1. Select Share site from the right-hand corner.
2. In the Share site pane, enter the names of people or groups to add them to the site, or enter "Everyone
except external users" to share the site with everyone in your organization.
3. Change the permission level (Read, Edit, or Full control) as needed.
4. Enter an optional message to send to the person or clear the Send email box if you don't want to send an
email.
5. Select Share .
Help onboard Diego Siciliani New Survey data Average score N/A 4.25
new employee of new
employees satisfaction employee
more satisfaction
effectively with NEO
Hub
Help onboard Diego Siciliani NEO hub Site usage Number of N/A 500 unique
new usage report unique viewers/mont
employees viewers and h and 1,500
more visits views/month
effectively
Improve new Diego Siciliani New Survey data Average score 3.75 4.25
employee employee of new
engagement engagement employee
score engagement
question
NOTE
Microsoft will be moving from UserVoice to our own customer feedback solution on a product-by-product basis during
2021. Learn more.
Question : Where can I ask questions or report an issue with the SharePoint provisioning service?
Answer :Post your questions and comments about the provisioning of the NEO sites to the SharePoint
provisioning service forum.
Sources :
Gallup, State of the American Workplace, 2017*
SHRM, Don't Underestimate the Importance of Good Onboarding, 2017**
Source: Digitate, Super CIO: What the CIO sees—that other people don’t, 2018
Introduction to the SharePoint Success Site
3/23/2021 • 4 minutes to read • Edit Online
The SharePoint Success Site is a ready to deploy and customizable SharePoint communication site that helps
your organization maximize the adoption of SharePoint. The SharePoint Success Site is designed to support new
SharePoint Site owners in creating high-impact sites to meet the goals of your organization.
The SharePoint Success Site builds on the power of Microsoft 365 learning pathways which allows you to use
Microsoft-maintained playlists for training purposes. You can also create custom playlists to meet the unique
training requirements of your organization. If you are already using M365 learning pathways and don't want to
provision the SharePoint Success Site, you can enable the SharePoint Success Site playlist into learning
pathways.
Install the SharePoint Success Site in your tenant environment, customize the pre-populated training and site
content, and then make it available to end users.
Ready to get started right away? Next, review the prerequisites and provisioning guidance.
Start the SharePoint Success Site provisioning process by understanding the prerequisites. We recommend
provisioning the SharePoint Success Site from the Microsoft 365 learning pathways administration page by
following the instructions in this article. Global administrator (sometimes called tenant administrator)
credentials are required to start the provisioning process for the SharePoint Success Site.
Before getting started, watch the provisioning instructional video, follow all steps in the process, and make sure
you've met the requirements for provisioning.
A DM IN RO L E T EN A N T REA DY TO
REQ UIREM EN T S + REQ UIREM EN T S = P RO VISIO N
Admin requirements
The person doing the provisioning must be a global admin (sometimes called a tenant admin) where the
SharePoint Success Site will be provisioned and must also be a site admin for the App Catalog.
GLO B A L A DM IN A DM IN O F T H E A P P A DM IN RO L E
RO L E + C ATA LO G = REQ UIREM EN T S M ET
If you aren't sure, you can confirm your role by signing in to office.com. If you're a global admin, you’ll see an
Admin center app icon in the app launcher next to your Microsoft 365 apps.
Are you a site administrator for the App Catalog?
Yes - Next, confirm your tenant has Microsoft 365 learning pathways provisioned.
No - Next, ask your global admin to add you as an App Catalog administrator.
Tenant requirements
The tenant where the site will be provisioned must have the App Catalog installed and have the latest version of
Microsoft 365 learning pathways installed. Your tenant must have version 4.0 or higher of Microsoft 365
learning pathways.
M IC RO SO F T 365
L EA RN IN G
A P P C ATA LO G PAT H WAY S 4. 0 O R T EN A N T
IN STA L L ED + H IGH ER IN STA L L ED = REQ UIREM EN T S M ET
Use this decision tree to determine your tenant’s path to meeting the tenant requirements.
If you are unsure, navigate to the SharePoint admin center, then select Sites > Active sites . The App Catalog
will appear in the list of sites.
IMPORTANT
If you need to create a App Catalog, wait at least 30 minutes after creating before provisioning Microsoft 365 learning
pathways and the SharePoint Success Site.
If you need to, update Microsoft 365 learning pathways from version 3.0 to version 4.0 or higher
IMPORTANT
The person updating Microsoft 365 learning pathways must be a site administrator for the App Catalog. If the person
provisioning Microsoft 365 learning pathways isn't a site administrator for the App Catalog, add an administrator to the
App Catalog and continue.
In this step, you upload the Microsoft 365 learning pathways 4.0 web part to the App Catalog, and then navigate
to the Microsoft 365 learning pathways Administration page to start the update process.
Upload the web par t package:
1. Go to the GitHub custom learning repository, and then download customlearning.sppkg to a local drive on
your PC.
2. If you’re not already signed in, sign into your tenant with a Global admin credentials.
3. Select Admin > Show All > SharePoint > More Features .
4. Under Apps , select Open .
5. Select App Catalog > Distribute Apps for SharePoint .
6. Select Upload > Choose Files .
7. Select the customlearning.sppkg file you downloaded, then select OK > Deploy .
8. From the Learning Pathways site, select Learning pathways administration from the Home menu.
9. You’ll see a prompt asking if you want to update, then select Star t .
10. When the update is complete, select Close .
5. Select the ellipses (…) and then select Add Content Pack .
6. Select SharePoint Success Site to open the SharePoint Success Site provisioning page.
7. Select Add to your tenant .
8. Fill out the email address and URL details and then select Provision .
9. Select Complete .
10. When you see Provisioning completed on the provisioning page, you'll see a new tab appear in your
browser called CustomLearningAdmin . Select the CustomLearningAdmin tab as shown in the
following image:
11. Then, select Complete as shown in the following image to complete the provisioning process:
IMPORTANT
Make sure to select Complete to complete the provisioning process.
12. To confirm the SharePoint Success Site has been successfully provisioned, go to the SharePoint site you
provisioned, select Get Star ted > Plan your site. You should see the web part on the page as shown in
the following image:
Add Site owners
Assign a few Site owners to grant administrative privileges to customize the site and training content. In order to
hide, show, or enable playlists, users will need Site owner or Site member permissions to the Microsoft 365
learning pathways site. In order to edit the look, navigation, and site content, users will need Site owner or Site
member permissions to the SharePoint Success Site.
Add Site owners or members to both sites
1. From the site select Settings , then select Site permissions .
2. Select Advanced Permission Settings .
3. Select Site owners or Site members
4. Select New > Add users to this group , and then add the people you want to be Site owners or Site
members.
5. Include a link to Explore the site in the sharing message, and then select Share .
The SharePoint Success Site is a ready to deploy, up-to-date, and customizable SharePoint communication site
that helps your organization maximize the adoption of SharePoint. The SharePoint Success Site helps end users
improve the quality and impact of the sites they build for internal audiences, while helping ensure they follow
your organization’s site usage guidelines.
The SharePoint Success Site is pre-populated with web parts and content to guide your viewers through the
most up-to-date SharePoint site creation training content. However, there are several opportunities to customize
the experience to better suit your organization’s goals and usage policy. Learn about what's included in a
SharePoint Success Site, and then get started customizing.
IMPORTANT
You must have Site owner or Site member permissions to the SharePoint Success Site and the M365 learning pathways
administrative page in order to make customizations..
1. Open a web browser and navigate to office.com or your organization’s sign-in location.
2. Sign in with your username and password.
3. Navigate to the location of the site using the URL supplied by your tenant administrator or select SharePoint
from the Microsoft 365 home page, and then select the SharePoint Success Site .
Explore and review the pre -populated training content
Review the Plan, Build, Launch and manage, and Advanced playlist sections to see the full suite of
Microsoft curated content available in the SharePoint Success Site.
Select a topic, and navigate through content using controls at the top of the ar ticle
Select content categories and subcategories, and then navigate through the playlist using arrows and bread
crumbs in the control bar to get a sense for how the SharePoint Success Site content is organized and displayed.
Customize playlist content
IMPORTANT
Hiding playlists does not hide the associated page in the SharePoint Success Site, nor will adding custom playlists
automatically create site pages for them. Add or delete pages within the site as needed.
3. Button web par t - Edit the Button web part to link to a Microsoft Form to collect success stories from
Site owners. Consider using the Forms web part to embed a custom form that allows SharePoint Site
owners to easily share their success stories.
If available, add SharePoint success stories to your portal. If there are no ready-to-publish success stories,
consider working with internal partners to create SharePoint successes by building high priority sites that align
with business outcomes. Highlighting these “early wins” will help inspire others in the organization on the
possibilities for using SharePoint themselves to achieve business outcomes.
Here are some sample questions to consider using in your form:
Name of solution
Project team members
Who is the sponsor of the project?
What Microsoft 365 technologies (e.g., SharePoint, Yammer, Stream, Flow) were used as part of the solution?
What were the reasons for building the SharePoint site?
Provide a description of the solution
What impact or results has the SharePoint site generated?
What best practices for planning and implementing your solution would you recommend to other who are
building their own SharePoint site?
Learn more about how to create a form using Microsoft Forms.
Or, delete unwanted pages if you do not want to include this page in your site.
Customize the Site creation guidelines page
To ensure the proper use of SharePoint in your organization it is important to communicate your site usage
guidelines to new and existing site owners. This should include guidelines for how people should create sites in
your tenant, design standards, and how people should share information using SharePoint and Microsoft 365.
The example site creation and usage guidelines are not intended to be a final policy document. Once you have
created your own unique usage guidelines, remove the content from the Site usage guidelines page and replace
it with your organization’s usage guidelines. See how to create and use modern pages on a SharePoint site.
Create site usage guidelines that are appropriate for your organization by reviewing our site usage guidelines
checklist that will help you create guidelines that:
Inspire discussion and consideration amongst your stakeholders on important site usage policies.
Provide links to resources that can help you better understand the options related to key policy decisions.
Provide sample text to get you started in creating your own policies.
Here are some topics to consider as you create your own site creation and usage guidelines:
How to get a new SharePoint site
Guidelines for using site templates
Site design, branding, and customization
Rules for sharing and permissions
Capacity guidelines
Site lifecycle policy
Provide contact information for SharePoint support
If your organization has an intranet team that will be supporting site owners, consider profiling the intranet
team members on the SharePoint Success Site homepage using the People web part. The home page of the
SharePoint Success Site has a People web part you can use to add your own Intranet team. If you will not have a
dedicated team supporting site owners, remove the current People web part.
Help your organization drive and manage change by using the Workplace transformation site template in
SharePoint. The site template helps organizations to successfully manage the people side of their organization
change management initiatives to ensure all impacted employees are informed, have support, and know where
they can learn more about upcoming changes. The Workplace transformation site template is designed help
people in your organization understand and engage in the change management process by providing a landing
place using a SharePoint communication site in combination with Microsoft Lists to help users see the big
picture. The site design is based on change management research that is focused on helping organizations
successfully adopt and sustain change.
1. Awareness and commitment – Start communicating details about upcoming changes with users and
provide various support channels and opportunities to engage through events and Yammer community chats.
2. Learn – Build training content right into the site itself by using Microsoft 365 Learning pathways.
3. Practice and exploration – Use your organization’s champion community in leading hand-on events and
demonstrations in addition to 1:1 help.
4. Use and consult – Use Microsoft Lists to help your organization manage tasks and knowledge checks
associated with training and change management objectives.
5. Sustain – Help users practice and sustain new skillsets and habits by using micro-learning content like quick
tips and publishing regular news posts sharing change management success stories.
Pre -populated content focuses on the hybrid workplace
The workplace transformation site features pre-populated content that revolves around helping organizations
transition to a hybrid workplace. The hybrid workplace is one that is flexible when and where people do their
work. Many organizations plan to allow employees to work from home up to 50% of the time, which means the
organization will need to adopt new ways of working to ensure wellbeing and productivity.
Learn more about the future of work and what we have learned about remote work so far.
1. Start by navigating to the SharePoint look book and selecting the work transformation template. Select Add
to your tenant .
2. Then, select a site name, URL, and email address where an email confirmation will be sent when the site is
successfully created.
3. Select Provision , and in less than 15 minutes you will receive an email confirmation with a link to your new
site.
Learn more about provisioning site templates from the look book.
Share the site with site owners and members to customize
Once the site has been provisioned and you are ready to customize. If other people from your organization will
be making site customizations, make sure you share the site add them as site owners and site members to
ensure they have access and the right permissions to make edits to site content, theme, navigation, settings, and
permissions.
NOTE
You need site member (or higher) permissions to the Workplace transformation site template in order to make
customizations.
Sign in
1. Open your web browser and navigate to office.com or your organization’s sign in location.
2. Sign in with your username and password.
3. Navigate to the location of the site using the URL supplied by your tenant admin, or select SharePoint from
the Microsoft 365 home page, and then select the Workplace transformation site .
Review pre -populated content
The workplace transformation site is full of pre-populated content, web parts, news templates, and a Microsoft
list. Carefully review and customize pre-populated content before sharing broadly with end users.
The workplace transformation site features pre-populated content that helps organizations transition to a hybrid
workplace. However, the workplace transformation site can be customized for any change management project.
Learn more about the workplace transformation site features and contents.
Customize web parts and content
Learn how to customize web parts and content that will appear on certain pages or throughout the site.
Text, labels, and buttons - Edit the labels and links in the Text web parts and Call to Action web parts
throughout the site.
Events- Add, edit, and delete events in the Events web parts on the Home and Get help pages .
News and news post templates - Use pre-populated news templates to create news posts in the News web
part on the Community page . Find the templates by navigating to Setting > Site Content > Site pages >
Templates .
Yammer - Replace the graphic and connect the Yammer conversations web part on the Community page with
an existing Yammer community.
People - Edit People web parts in news post templates and on the Get help page.
Video - Edit the Embed web part on the Message from our CEO page to point to a YouTube video or an
intranet video link. Use the Stream web part to display an existing Stream video.
Use Microsoft Forms to facilitate news post requests
Edit the Button web part on bottom of the Community page to give users an opportunity to engage and
acknowledge others. Connect the Button web part to a Microsoft Form where users can submit nominations.
Then, use the pre-populated news post templates in Settings > Site contents to publish news.
Edit the change management checklist
The Workplace transformation site contains a Microsoft List in Site contents that is displayed in a List web part
on the Get star ted page . This list is intended to give end users a high-level view of what to expect through the
change management journey. Edit the list to meet the need of your change management project.
1. Start by navigating to Setting > Site contents , and then select Hybrid workplace checklist .
2. Then you can edit list items, change columns and labels, the theme and more. Or, you can create a new list
based on an existing Excel spreadsheet or use a list template.
3. Finally, edit the view of your list to make sure users see the most important information in the List web part
on the Get star ted page .
Learn more about M365 lists.
Use Microsoft 365 learning pathways to embed training content on a page
If your tenant admin has set up M365 Learning pathways, you can add pages to the site and use the Learning
pathways web part to display custom training playlists. Then, use Learning pathways reporting capabilities to
measure content impact.
Use tools to help target content to specific audiences or protect content from specific audiences
Consider using audience targeting to surface important content to specific groups or use information barriers to
protect sensitive information that may appear in the Managers section under Resources .
Update the site theme and branding
Edit the look of your site to align with your organization's brand. Customize the site display name, logo, theme,
header layout, navigation style, and more in the Change the look panel.
Customize site navigation
Site navigation is important because it helps users immediately understand what can be accomplished on a
given site. The most effective SharePoint sites help viewers find what they need quickly so that they can use the
information to make decisions, learn about what is going on, access the tools they need, or engage with
colleagues to help solve a problem. Learn how to edit site navigation.
SharePoint recommendations on modern pages help you and your users discover pages and news in your
organization. At the bottom of news posts and pages, you'll see recommendations especially for you or your
users. Recommendations show below the heading You may also be interested in .
NOTE
This feature is in an early release phase, and is not yet available to all users.
Recommendations are shown on all newly-created pages and news posts by default.
When Microsoft SharePoint is set up for an organization, a root (or top-level) site is created. Before April 2019,
the site was created as a classic team site. Now, a communication site is set up as the root site for new
organizations. If your environment was set up before April 2019, you can modernize your root site in three
ways:
If you have a different site that you want to use as your root site (a communication site or modern team site
that isn't connected to an Office 365 group), replace (swap) the root site with the other site.
If you want to keep using the classic team site but add a new modern home page and enable full-width
pages with horizontal navigation, enable the communication site experience on the site.
If you want to continue using the classic team site, enable the modern site pages library experience and set a
modern page as the home page of the root site. This gives users a modern team site experience with the left
navigation.
IMPORTANT
Before you launch an intranet landing page at your root site location, we strongly encourage you to review the guidance
about launching healthy portals.
Some functionality is introduced gradually to organizations that have opted in to the Targeted release option in Microsoft
365. This means that you might not yet see some features described in this article, or they might look different.
WARNING
The root (top-level) site for your organization can't be deleted. If you're a global or SharePoint admin in Microsoft 365,
you can replace the root site with a different site.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Active sites page.
2. In the upper right, make sure the All sites view is selected.
3. In the URL column, select to sort A to Z so the current root site appears at the top of the list.
4. Select the root site (https://contoso.sharepoint.com).
5. Select Replace site .
6. In the URL of the site you want to use box, enter the full or relative URL of the site that you want to
become the new root site.
7. Select Save .
While the root site is being replaced, it might return a "not found" (HTTP 404) error for few minutes.
After you replace the root site, content must be recrawled to update the search index. This might take
some time depending on factors such as the amount of content in these sites. Anything dependent on the
search index might return incomplete results until the sites have been recrawled.
8. If the new root site was an organization news site, update the URL. Get a list of all organizational news
sites
9. If you disabled site redirects, you'll need to update sharing links and any apps or files (like the OneDrive
sync app and OneNote files) to refer to the new URL.
NOTE
For info about using PowerShell to replace (swap) the root site, see Invoke-SPOSiteSwap.
Project Server sites might need to be validated to make sure they're still associated correctly.
Create a site
3/26/2021 • 3 minutes to read • Edit Online
This article describes how global admins and SharePoint admins in Microsoft 365 can create sites (previously
called "site collections").
For info about creating site collections in SharePoint Server, see Create a site collection in SharePoint Server.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Active sites page.
2. Select Create .
3. Select Team site (to create a Microsoft 365 group-connected team site), Communication site , or
Other options (to create a new team site without a Microsoft 365 group, or to create a classic site).
4. Follow the steps to specify a site name, owner, language, and other settings. When you're done, select
Finish .
NOTE
If you enter a site name and another site already exists at the default address for that name, the site address will
automatically be changed to an available address. For example, if you enter "Marketing" as the site name, and you
already have a site at /sites/marketing, you will receive a warning This site address is available with
modification and will be offered a new URL automatically at /sites/marketing2. If you want to re-use the URL
"marketing" for the new site, you need to permanently delete the existing site or delete the redirect at that
address.
In the Template Selection section, under Select a template , select the template that most
closely describes the purpose of your site.
TIP
For more information about the classic templates, see Using templates to create different kinds of
SharePoint sites.
In the Time Zone box, select the time zone that's appropriate for the location of the site.
In the Administrator box, enter the user name of the person you want to be the site
administrator. You can also use the Check Names or Browse button to find a user to make site
administrator.
In the Storage Quota box, enter the number of megabytes (MB) you want to allocate to this site.
Do not exceed the available amount that is displayed next to the box.
In the Ser ver Resource Quota box, accept the resource quota default. This setting no longer
affects the resource amounts available for the site.
6. Select OK .
Delete a site
3/31/2021 • 4 minutes to read • Edit Online
When you, as a global or SharePoint admin in Microsoft 365, delete a site (previously called a "site collection"),
it's retained as a deleted site for 93 days. Deleting a site deletes everything within it, including:
Document libraries and files.
Lists and list data.
Site settings and history.
Any subsites and their contents.
You should notify the site admins and any subsite owners before you delete a site so they can move their data to
another location, and also tell users when the sites will be deleted.
WARNING
We do not recommend deleting the root site for your organization. If you do, all your SharePoint sites will be inaccessible
until you restore the site or create a new root site. Instead of deleting the root site, we recommend replacing it. Learn
more about the root site and how to replace it
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Active sites page.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Deleted sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Deleted sites page.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command:
Summary of options
SIT E T Y P E H O W TO DEL ET E H O W TO P ERM A N EN T LY DEL ET E
Root site Not recommended. Replace the root From the Deleted sites page of the
site with a different site. When the site new SharePoint admin center or by
is no longer a root site, its URL will be using PowerShell
/sites/archive-datetime, and you can
delete it from the Active sites page of
the new SharePoint admin center or by
using PowerShell
Communication sites Delete them from the Active sites page From the Deleted sites page of the
of the new SharePoint admin center or new SharePoint admin center or by
by using PowerShell using PowerShell
Microsoft 365 group-connected team Delete Microsoft 365 groups and all From PowerShell only
sites their resources from the Microsoft 365
admin center, the Active sites page of
the new SharePoint admin center, or
by using PowerShell
Hub sites (those designated with " Unregister them as hub sites from the Based on their site type
(Hub site)" in the Hub column) Active sites page of the new
SharePoint admin center, or by using
PowerShell, and then delete them
based on their site type
Classic sites Delete them from the Active sites page From the Deleted sites page of the
of the new SharePoint admin center or new SharePoint admin center or by
by using PowerShell using PowerShell
NOTE
Sites associated with a hub can be deleted like any other site based on their template.
See also
User instructions for deleting sites and subsites
Restore deleted sites
3/23/2021 • 2 minutes to read • Edit Online
Deleted SharePoint sites are retained for 93 days. After 93 days, sites and all their content and settings are
permanently deleted, including lists, libraries, pages, and any subsites.
NOTE
If you need to retain content for a minimum period of time to comply with industry regulations or internal policies, you
can create a retention policy to keep a copy of it in the Preservation Hold library. For info, see Overview of retention
policies.
For info about restoring items within a site, see Restore items in the Recycle Bin of a SharePoint site.
For info about restoring deleted sites in SharePoint Server, see Restore deleted site collections using Microsoft Powershell.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Deleted sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Deleted sites page.
NOTE
You can sort and filter deleted sites the same way you sort and filter sites on the Active sites page. You can also sort and
filter deleted sites by Time deleted.
2. Select the site you want to restore.
3. Select Restore . (If you don't see the Restore button, make sure only one site is selected. The button
won't appear if multiple sites are selected.)
NOTE
Restoring a site that belongs to a Microsoft 365 group restores the Microsoft 365 group and all its resources. Note that
the other group resources are retained for only 30 days, whereas the site is retained for 93. If the other group resources
have been deleted, you can use the PowerShell command Remove-SPODeletedSite to permanently delete the site.
For info about permanently deleting sites from the Deleted sites page, see Permanently delete a deleted site.
Related topics
Restore deleted items from the site collection recycle bin
Manage site admins
3/23/2021 • 2 minutes to read • Edit Online
This article describes how global admins and SharePoint admins in Microsoft 365 can add and remove site
admins (previously called "site collection admins"). If you're an owner of a communication site, or a site that
belongs to a Microsoft 365 group, see Manage your SharePoint site settings for info about giving people access
to your site. If you're an admin for a classic site, see Manage your SharePoint site settings.
NOTE
If you're a global admin and want info about assigning other users the SharePoint admin role in Microsoft 365, see
Assigning admin permissions.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Active sites page.
As a global or SharePoint admin in Microsoft 365, you can let your users create and administer their own
SharePoint sites, determine what kind of sites they can create, and specify the location of the sites. By default,
users can create communication sites and Microsoft 365 group-connected team sites.
NOTE
Disabling site creation for users does not remove their ability to create Microsoft 365 groups or resources, such as
Microsoft Teams, which rely on a group. When a Microsoft 365 group is created, a SharePoint site is also created. To
restrict creation of Microsoft 365 groups and the resources that rely on groups see Manage who can create Microsoft
365 Groups.
Some functionality is introduced gradually to organizations that have opted in to the Targeted release option in Microsoft
365. This means that you might not yet see some features described in this article, or they might look different.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Settings page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Settings page.
3. If you want users to be able to create sites from these services, select Let users create sites from the
SharePoint star t page and OneDrive .
NOTE
Even if you clear this check box, users may be able to create Microsoft 365 groups from other places in Microsoft
365. Each group always comes with a team site. Learn how to manage who can create Microsoft 365 groups
4. Under /sites or /teams, select to create Microsoft 365 group-connected team sites, and then select the
default time zone and storage limit for new sites.
5. Select Save .
A new team site or communication site : Select to create the group-connected team sites
under (/sites or /teams) and whether a secondary contact is required. To let users create sites from
a custom form you've created, enter its URL in the Use the form at this URL box. When users
select which type of site they want to create, they'll be able to access the form by clicking "See
other options."
A classic team subsite : Use this option to let users create only default classic sites or sites from
your custom form. Specify where sites are created, and whether a site classification or secondary
contact is required. To specify a custom form, enter the URL for the custom form in the Use the
form at this URL box.
NOTE
For info about classifying Microsoft 365 groups, see Manage Microsoft 365 Groups with PowerShell.
4. Under Subsite creation , on the Site contents page, to create a new subsite, specify whether users can
select New > Subsite .
5. Select OK .
Manage site storage limits
3/26/2021 • 7 minutes to read • Edit Online
The amount of Microsoft SharePoint space your organization has is based on your number of licenses (see
SharePoint Limits). If you're a global admin in Microsoft 365, you can Add storage space for your subscription if
you run out.
View the total and available storage space for your organization
1. Go to the Active sites page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Active sites page.
2. In the upper right of the page, see the amount of storage used across all sites, and the total storage for
your subscription. (If your organization has configured Multi-Geo in Microsoft 365, the bar also shows
the amount of storage used across all geo locations.)
NOTE
The storage used doesn't include changes made within the last 24-48 hours.
NOTE
Some functionality is introduced gradually to organizations that have opted in to the Targeted release option in Microsoft
365. This means that you might not yet see some features described in this article, or they might look different.
1. Go to the Settings page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Settings page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Settings page.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Active sites page.
NOTE
The max value you can enter is 25600 GB, although this may be more space than your organization has. To learn
how your total storage is calculated, see SharePoint Limits.
If you set site storage limits in PowerShell, you enter them in MB. The values are converted and rounded down to
the nearest integer to appear in GB in both the SharePoint admin center. So a value of 5000 MB becomes 4 GB.
The minimum storage limit is 1 GB, so if you set a value of less than 1024 MB by using PowerShell, it will be
rounded up to 1 GB.
4. Make sure Notifications is turned on to send an email to site admins when the site approaches the
storage limit. Then, enter a value as a percent for how full you want the storage to be when the email is
sent.
5. Select Save .
If a site runs out of storage, site admins can request more by following these steps:
1. Go to the Site Settings page.
2. Under Site Collection Administration , select Storage Metrics .
3. Select Request more quota in the upper right.
This sends a storage request email to the global and SharePoint admins in the organization.
Monitor site storage limits by using PowerShell
If you manage storage limits manually, you need to regularly monitor them to make sure they aren't affecting
site performance. We recommend that you also set up your own alert emails to notify site admins before a site
reaches the limit. The built-in storage quota warning emails are typically sent weekly for sites that have reached
the specified warning level. So site admins often receive the storage quota warning email too late. For example,
if the Disk Quota Warning timer job (which triggers the warning email) is scheduled weekly and sends the email
warning every Sunday, but a site reaches the quota warning limit on Monday, the site admin doesn't receive the
alert email for 6 days. This site could reach the maximum storage limit and be set to read-only before the site
admin receives the alert email.
You can use the following Microsoft PowerShell script to monitor your sites. This script pulls the data, composes,
and then sends a storage warning alerts to the site admin.
1. Download the latest SharePoint Online Management Shell.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Copy the following text with the variable declarations, and paste it into a text editor, such as Notepad. You
must set all of the input values to be specific to your organization. Save the file, and then rename it
"GetEmailWarning.ps1".
NOTE
You can use a different file name, but you must save the file as an ANSI-encoded text file with the extension .ps1.
#Connect to SharePoint admin center using an admin account
#Specify the URL to your SharePoint admin center site, e.g. https://contoso-admin.sharepoint.com
$url = 'https://contoso-admin.sharepoint.com'
#SMTP details
$Smtp = '<SmtpServer>'
$From = '<SenderEmailAddress>'
$To = '<RecipientEmailAddress>'
$Subject = 'Site Storage Warning'
$Body = 'Storage Usage Details'
$results += $siteStorage
$siteStorage = $null
}
4. Where:
$url is the URL of your SharePoint admin center. If the $url variable is left empty, you will be
prompted to enter the URL of your admin center site.
$path is the file system path you want the CSV file to output to.
<SmtpSer ver> is the name of your SharePoint Migration Tool mail server.
<SenderEmailAddress> is the global admin or SharePoint admin account that appears in the
From line in the warning email.
<RecipientEmailAddress> is the admin account that will receive the email warning.
5. In SharePoint Online Management Shell, change to the local directory where you saved the script file.
./GetEmailWarning.ps1
After the script successfully completes, a text file is created in the location that you specified in the $path
variable in the script.
NOTE
If you get an error message about being unable to run scripts, you might need to change your execution policies. For info,
see About Execution Policies.
Change a site address
3/23/2021 • 7 minutes to read • Edit Online
NOTE
This feature is not available for Microsoft 365 Government GCC High customers.
As a global or SharePoint admin in your organization, you can change the URL for the following types of
SharePoint sites (previously called "site collections"):
Microsoft 365 group-connected team sites
Modern team sites that don't belong to a Microsoft 365 group
Communication sites
Classic team sites
NOTE
If the Publishing feature is currently activated or was previously activated for the site, then changing the site address is
unsupported.
You can change only the address of the site within the URL, for example:
https://contoso.sharepoint.com/sites/projectx
to https://contoso.sharepoint.com/sites/projecty
You can't change the domain ("contoso" in the previous example) or any other part of the path. For example, you
can't move the site from "/sites" to "/teams."
It can take about 10 minutes to change the site address (depending on the size of the site), and the site will be
read-only during this time. We recommend changing addresses during times when site usage is low.
You can change the address of up to 100 sites at a time. To change an additional site address, wait for another
change to finish.
NOTE
You can't change the address of hub sites, sites that are locked or on hold, Project Web App (PWA) sites, or sites
that have BCS connections.
When you change a site address, we create a redirect at the previous address. If you want to reuse the previous
address, you need to delete the redirect. Learn how
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running? After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command to verify that the site address can be changed:
F UN C T IO N A L IT Y L IM ITAT IO N
Files tab in channels The Files tab will need to be refreshed once after the address
change.
Viewing files in Teams Files shared in channels before the address was changed can
be viewed in the Teams app on the channel's Files tab. They
can also be viewed in Office apps for the web from the
channel's Files tab or the conversation. To view Word, Excel,
and PowerPoint files in the desktop apps:
Select the “Open in Desktop” option from the channel's Files
tab.
Open the file in the Office app for the web, and then select
“Open in Desktop”.
File search Search in Teams will show files only from sites whose
addresses have not been changed.
File app – Microsoft Teams page The Microsoft Teams page in the Teams File app will work
after a user has visited the Files tab for any channel in the
site.
Teams mobile app Open and download will continue to work. To edit a Word,
Excel, or PowerPoint file in the site, use the Office app for the
web or the desktop app. Files shared after the site address
was changed can be edited in the Office mobile apps.
Manage site redirects
3/23/2021 • 2 minutes to read • Edit Online
As part of changing a SharePoint site address, moving a site to a different geo location, or swapping a site, we
automatically create redirects to ensure that links pointing to the prior URL continue to work. These redirects are
sites that use a special site template at the prior site URL.
For example, if you changed a site address from https://contoso.sharepoint.com/sites/OldSiteName to https://
contoso.sharepoint.com/sites/NewSiteName or moved a site from https://contoso.sharepoint.
com/sites/SiteName to https://contosoEUR .sharepoint.com/sites/SiteName, we'll place a redirect (Template type
REDIRECTSITE#0) at the old URL, which contains special headers and logic to redirect your browser requests to
the new site.
In some cases, you might want to free up the old URL to use it for a new site. To do this, you need to delete the
redirect.
NOTE
After you delete a redirect, any request to that URL won't get redirected. This means that any bookmarks, links, or Shared
With Me references will not be routed to the new URL.
To remove a redirect
1. Download the latest SharePoint Online Management Shell.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command:
As a global or SharePoint admin in Microsoft 365, you can block access to a site or make a site read-only by
using Microsoft PowerShell to change the lock state of the site.
NOTE
You can't set the lock state on the root site.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. At the PowerShell command prompt, type the following command, and then press ENTER.
Where: SiteURL is the URL of the site that you want to lock or unlock and State is one of the following values:
Unlock to unlock the site and make it available to users.
ReadOnly to prevent users from adding, updating, or deleting content. A message will appear on the site
stating that the site is under maintenance and is read-only.
NoAccess to prevent users from accessing the site and its content. If you've provided a NoAccessRedirectUrl
value for your organization (below), traffic will be redirected to the URL you specified. If you haven't set this
URL, a 403 error will be displayed.
For more info about the LockState parameter, see Set-SPOSite. For more info about the NoAccessRedirectUrl
parameter, see Set-SPOTenant.
Set up a home site for your organization
3/23/2021 • 4 minutes to read • Edit Online
A home site is a SharePoint communication site that you create and set as the top landing page for all users in
your intranet. It brings together news, events, embedded video and conversations, and other resources to
deliver an engaging experience that reflects your organization's voice, priorities, and brand.
Search for the site is scoped to all sites within the organization. Having a great search experience is
critical for the success of the home site. Learn more about Microsoft Search
The site is automatically set up as an organization news site. (Although you can have only one home site,
you can have multiple organization news sites.)
The site is enabled for configuring the global navigation in the SharePoint app bar.
NOTE
Integration between the home site and SharePoint start page (where the branding, theming, header, navigation, and
footer elements from the home site are applied to the start page and users can easily navigate between the pages) is not
available at this time. Please watch for updates in the Microsoft 365 roadmap.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run Set-SPOHomeSite -HomeSiteUrl <siteUrl> .
(Where siteUrl is the site you want to use)
NOTE
You can set only one site in your organization as a home site. The site can be registered as a hub site, but can't be
associated with a hub. The first time you set up a home site, it might take up to several minutes for the changes to take
effect. If you run the command again to switch your home site to a different site, it might take up to 2 hours.
Introduction to the SharePoint app bar
4/14/2021 • 9 minutes to read • Edit Online
Help users find important content and resources no matter where they are in SharePoint. The SharePoint app
bar is designed to improve the global way finding experience while dynamically displaying personalized sites,
news, and files. The app bar can be accessed on the left-hand side anywhere in SharePoint.
The SharePoint app bar is a significant change to the user experience and your organization's intranet
information architecture. To ensure a seamless experience, we've created specific guidance on how to design
current navigation to compliment the new global navigation feature. We have also created end-user guidance to
help onboard the rest of your organization.
NOTE
When global navigation is disabled, the home icon will link to the SharePoint start page.
Customizing global navigation requires a home site.
Site owner permissions (or higher) to the home site are required to enable global navigation.
Users need read access (or higher) to the home site to view the global navigation links.
Audience targeting can be applied to menu links in global navigation.
Implementing global navigation may take up to 24 hours for the changes to take effect for users.
5. Next, add the Logo for global navigation that will be recognizable to users to replace the home icon in
the app bar. No action is needed if you choose to keep the default home icon.
Global navigation logo specifications:
The logo size should be 20x20 pixels
PNG file type
Transparent background recommended
6. Then, enter a Title that will be displayed at the top of the global navigation pane.
7. Finally, determine the Navigation source . Learn more about selecting a source in the next step.
8. Make edits to the selected global navigation source if needed by selecting Edit global navigation .
Select Save when you are done. Updates to global navigation may take several minutes before they
appear.
NOTE
The global navigation source can be edited at any time by site owners or admins of the home site.
The site and global navigation links and labels can be edited at any time by editors of the home site.
Implementing global navigation may take up to 24 hours for the changes to take effect.
Determine the global navigation source depending on your home site’s configuration:
If you haven’t set up your home site, do that first and if you are setting up a home site specifically to implement
global navigation, review this guidance.
For home sites that are a hub, you have two source options:
Select the site navigation source to display the home site’s navigation.
Select the Hub or global navigation source to display the home site’s hub navigation.
NOTE
When you apply the extended header layout to the site, you will no longer see the hub navigation.
For home sites that are not a hub, you have two source options:
Select the site navigation source to display the home site navigation.
Create a secondary set of navigation nodes specifically for the global navigation panel by selecting Hub
or global navigation . Then, select Edit global navigation to create the new global navigation menu.
Select Save when you are done.
NOTE
For home sites that are not a hub site and choose to create a secondary set of navigational nodes for the global
navigation pane - if you decide to make your home site a hub in the future, the new hub site navigation will
inherit the current navigational nodes for global navigation and can be edited at any time.
See all the different ways you can set up global navigation
Depending on the content you want to make available in the global navigation, you can configure your home
site navigation and global navigation in three different ways.
NOTE
Only one communication site can be set as the home site.
The first time you set up a home site, it might take up to several minutes for the changes to take effect.
Global admin credentials are required to use the SharePoint Online Management Shell tool that is required to
transform a communication site into a home site.
Set-SPOTemporarilyDisableAppBar $true
3. If you need to confirm if the app bar has been disabled or enabled, check the app bar status by running
the following command:
Get-SPOTemporarilyDisableAppBar
NOTE
It can take up to an hour for the app bar to be removed on a tenant where the app bar is already showing up.
Running the command without the $false or $true value will cause it to fail.
You must be using the latest version of PowerShell.
If you are using previous versions, uninstall the previous version and then install the most up to date version. Previous
versions of PowerShell can't coexist with the most up-to-date version of PowerShell.
Set-SPOTemporarilyDisableAppBar $false
NOTE
It can take up to an hour for the app bar to show up on a tenant where the app bar was disabled previously.
2. If you need to confirm if the app bar has been disabled or enabled, check the app bar status by running
the following command:
Get-SPOTemporarilyDisableAppBar
Resources
Learn more about home sites
Learn more about planning and creating hub sites
Learn more about navigation and information architecture in SharePoint
Learn more about sharing and permissions in SharePoint
Create an organization assets library
4/12/2021 • 3 minutes to read • Edit Online
NOTE
This feature is not available for Office 365 Germany, Office 365 operated by 21Vianet (China), or Microsoft 365 US
Government plans.
You can specify up to 30 organization asset libraries for a single organization. All of these libraries (regardless of type)
must be on the same site. Only libraries (not folders) can be set as organization asset libraries.
If your organization needs to store and manage files for all your users to use, you can specify one or more
document libraries on a SharePoint site as an "organization assets library." You can create two types of
organization assets:
Images such as photos and logos . When a user adds a web part to any modern page in SharePoint
and that web part opens the file picker, the user can select "Your organization" in the left pane to browse
the libraries you've specified.
Office templates . When a user selects to create a new PowerPoint presentation (from PowerPoint for
the web or the PowerPoint desktop app), the user can select the tab for your organization to see the
templates. (To use this feature on PowerPoint for the web, users need to be assigned a license to Office
365 E3 or E5. The templates aren't available from the New menu. To create a file from a template, go to
the PowerPoint start page > Office Template Library). Also note that the Office files to be uploaded to the
template libraries must be in a template format, for example, dotx for Word, potx for PowerPoint and xltx
for Excel.
NOTE
All organization asset libraries must be on the same site.
2. Set the permissions on the site . Add the people you want to be able to upload files as members or
owners of the site or Office 365 group. Add "Everyone except external users" as visitors. If necessary,
customize the permissions for the library. You can customize the permissions of up to 100 files and
folders in the library.
3. Upload the images or Office templates to a document library.
4. Download the latest SharePoint Online Management Shell.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
5. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
6. Run the following command to designate the document library as an organization assets library:
LibraryURL is the absolute URL of the library to be designated as a central location for organization assets.
ThumbnailURL is the URL for the image file that you want to appear in the card's background in the file picker;
this image must be on the same site as the library. The name publicly displayed for the library will be the name
of the library on the SharePoint site. OrgAssetType is either ImageDocumentLibrary or OfficeTemplateLibrary. If
you don't specify the OrgAssetType, the library will be designated as an image library by default. If you don't
specify the CdnType, it will enable a private CDN by default. Learn more about the Add-SPOOrgAssetsLibrary
cmdlet.
Example:
Add-SPOOrgAssetsLibrary -LibraryURL https://contoso.sharepoint.com/sites/branding/Assets -ThumbnailURL
https://contoso.sharepoint.com/sites/branding/Assets/contosologo.jpg -OrgAssetType ImageDocumentLibrary
NOTE
Adding an organization assets library will enable a content delivery network (CDN) for your organization to provide fast
and reliable performance for shared assets. You'll be prompted to enable a CDN for each organization asset library you
add. For more information, see Content Delivery Networks (CDNs).
Related commands
See information about all organization asset libraries on the site:
Get-SPOOrgAssetsLibrary
Learn more about this cmdlet.
Remove a library:
Remove-SPOOrgAssetsLibrary -LibraryUrl <String>
Learn more about this cmdlet.
Create an organization news site
3/23/2021 • 2 minutes to read • Edit Online
To specify SharePoint sites as "official" or "authoritative" for news in your organization, mark them as
organization news sites. These posts get special visual treatment (see the "NEWS @ CONTOSO" color block
below), and appear on the SharePoint start page.
SharePoint admins can specify any number of organization news sites. For multi-geo tenants, organization news
sites would have to be set up for each geo location. Each geo location could use the same central organization
news site, and/or have its own unique site that shows organization news specific to that region.
NOTE
When SharePoint home sites are released, they will be automatically configured as organization news sites.
For more info about working with news, see Use the News web part on a SharePoint page and Add news posts.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command to designate the site as an organization news site:
Related commands
View a list of all your organization news sites: Get-SPOOrgNewsSite
Remove a site from the list of organization news sites: Remove-SPOOrgNewsSite
Retirement of site mailboxes
3/23/2021 • 7 minutes to read • Edit Online
The site mailboxes are being retired and will be out of service and/or removed. Please use the following
instructions to identify, backup, and delete site mailboxes.
The 'create' date shows the recently created site mailboxes. The 'ClosedTime' in the output of 'Get-SiteMailbox'
refers to the status of the associated SharePoint site. The companies set a SharePoint policy to close sites after a
period of time or provide users permission to close the sites. Closing the site generally means it is out of service.
Closed site mailboxes are removed from view in the Outlook desktop client, but they are available in the
Outlook Web Access.
For more information see, Use policies for site closure and deletion.
# If you run this more than once, delete/rename the output file first because this command appends to it.
# This is a single, long command line. It could take minutes or hours depending on the number of site
mailboxes; thus, the countdown.
$sms = Get-SiteMailbox -BypassOwnerCheck -ResultSize unlimited;$count = $sms.Count; $sms | %{ $count-- ;
echo "$count";Get-MailboxFolderStatistics $_.Identity -FolderScope Inbox | sort LastModifiedTime -Descending
| ft Identity,LastModifiedTime >> c:\temp\sitemailboxes.txt};Write-Host "Open file c:\temp\sitemailboxes.txt
to check the result"
There are no commands to show if the site mailboxes are still active. The above example lists the number of site
mailboxes that were recently updated. The details of the site mailboxes are stored in a file.
NOTE
The processing time varies based on the number of site mailboxes. You can open the 'sitemailboxes.txt' to view the result
of the command.
i. Enter the URL and check the confirmation box to ensure the URL is added.
j. Click Choose and then click Done .
k. Click Next .
c. In Create quer y tab, click Finish .
NOTE
Leave the Condition card blank to ensure the entire mailbox content is searched. The search will take a
while based on the amount of content.
NOTE
The export wizard takes a few minutes to launch the Export window.
11. In the Expor t window, under the Expor t key section, click Copy to clipboard .
12. Click Download results .
13. In the dialog box, click Open .
NOTE
This will launch the Microsoft Office 365 eDiscovery Export Tool to export the mailbox to PST.
14. Click Install to install the Expor t Tool to export the mailbox to PST.
15. Paste the Expor t key , provide the location to save the PST file locally and then click Star t .
NOTE
The export will take a while based on the size of the PST file.
NOTE
Folders with no email items inside them will not be exported.
The site mailboxes contain a special folder named, "Documents", of type IPF.ShortcutFolder. This contains "links" to files
that are on SP sites. The actual SP files must be exported using eDiscovery for SP sites.
Outlook shows the items inside the Documents folder as unsafe, this is an expected behavior.
The document attachments in the emails of Documents folders are just placeholders, the actual documents are stored
in SharePoint.
NOTE
Ensure you have admin permissions for the following roles:
Compliance Administrator
eDiscovery Manager
Organization Management
NOTE
Use Compliance center dashboard to download PST messages on your screen.
NOTE
Folders with no email items inside them will not be exported.
The site mailboxes contain a special folder named, "Documents", of type IPF.ShortcutFolder. This contains "links" to files
that are on SP sites. The actual SP files must be exported using eDiscovery for SP sites.
Outlook shows the items inside the Documents folder as unsafe, this is an expected behavior.
The document attachments in the emails of Documents folders are just placeholders, the actual documents are stored
in SharePoint.
NOTE
If you remove a mailbox from a site, it won’t be displayed on the site, but it will still be visible in Outlook (if you’re
using Exchange).
NOTE
If you do not see Site information in the Settings panel, work with your SharePoint administrator to get access.
Use Remove-Mailbox to delete a site mailbox. The system removes the site mailbox link from the SharePoint site
when a site mailbox is deleted. In the example, change the 'MDEL' to the name of the site mailbox you want to
delete.
SharePoint file sync
3/9/2021 • 2 minutes to read • Edit Online
When users install the OneDrive sync app for Windows or Mac, and sync the files on a team site, they can work
with the files in File Explorer or Finder. They can also easily save files to the team site from the programs they
use.
When users add, change, and delete files and folders on the site, the files and folders are automatically added,
changed, or deleted on their computer and vice versa.
To upload files to the team site, users can simply copy or move them to the site in File Explorer or Finder. They
can also use File Explorer or Finder to easily organize the document library by creating new folders, and moving
and renaming files and folders. All these changes sync automatically.
Windows10 devices come with the OneDrive sync app installed. Office2016 and later installations also have the
sync app installed.
Read the release notes and install the latest fully released versions
Invalid file names and file types in OneDrive and SharePoint
Fix OneDrive sync problems
File collaboration in SharePoint with Microsoft 365
4/21/2021 • 18 minutes to read • Edit Online
With Microsoft 365 services, you can create a secure and productive file collaboration environment for your
users. SharePoint powers much of this, but the capabilities of file collaboration in Microsoft 365 reach far
beyond the traditional SharePoint site. Teams, OneDrive, and a variety of governance and security options all
play a role in creating a rich environment where users can collaborate easily and where your organization's
sensitive content remains secure.
In the sections below, we call out the options and decisions that you as an administrator should consider when
setting up a collaboration environment:
How SharePoint relates to other collaboration services in Microsoft 365, including OneDrive, Microsoft
365 Groups, and Teams.
How you can create an intuitive and productive collaboration environment for your users.
How you can protect your organization's data by managing access through permissions, data
classifications, governance rules, and monitoring.
This is part of the broader Microsoft 365 collaboration story:
Secure collaboration with Microsoft 365
Collaboration governance
Meetings and conferencing in Microsoft Teams
We recommend that you download the Microsoft Teams and related productivity services in Microsoft 365 for IT
architects poster and refer to it while you read this article. This poster provides detailed illustrations of how the
collaboration services in Microsoft 365 relate to each other and interact.
Also see the File Protection Solutions in Microsoft 365 diagram for an overview of recommended solutions to
protect your data.
OneDrive libraries
While SharePoint provides shared libraries for shared files that teams can collaborate on, users also have an
individual library in OneDrive where they can store files that they own.
When a user adds a file to their individual library, that file is not shared with anyone else. Users' individual
libraries do, however, provide the same sharing capabilities as SharePoint, so users can share files in their
individual libraries as needed.
A user's individual library can be accessed from Teams, as well as from the OneDrive web interface and mobile
application.
On devices running Windows or macOS, users can install the OneDrive sync app to sync files from both
OneDrive and SharePoint to their local disk. This allows them to work on files offline and also provides the
convenience of opening files in their native application (such as Word or Excel) without the need of going to the
web interface.
The two main decisions to consider for using OneDrive in collaboration scenarios are:
Do you want to allow Microsoft 365 users to share files in their own library with people outside your
organization?
Do you want to restrict file sync in any way – such as only to managed devices?
These settings are available in the OneDrive admin center.
OneDrive is an important part of the Microsoft 365 collaboration story. For information about how to deploy
OneDrive in your organization, see OneDrive guide for enterprises.
An anyone link is a transferrable, revocable secret key. It's transferrable because it can be forwarded to
others. It's revocable because by deleting the link, you can revoke the access of everyone who got it
through the link. It's secret because it can't be guessed or derived. The only way to get access is to get the
link, and the only way to get the link is for somebody to give it to you.
People in your organization links work for only people inside your Microsoft 365 organization. (They do
not work for guests in the directory, only members).
Like an anyone link, a people in my organization link is a transferrable, revocable secret key. Unlike an
anyone link, these links only work for people inside your Microsoft 365 organization. When somebody
opens a people in my organization link, they need to be authenticated as a member in your directory. If
they're not currently signed-in, they'll be prompted to sign-in.
Specific people links only work for the people that users specify when they share the item.
A specific people link is a non-transferable, revocable secret key. Unlike anyone and people in my
organization links, a specific people link will not work if it's opened by anybody except for the person
specified by the sender.
Specific people links can be used to share with users in the organization and people outside the
organization. In both cases, the recipient will need to authenticate as the user specified in the link.
It's important to educate your users in how these sharing links work and which they should use to best maintain
the security of your data. Send your users links to Share OneDrive files and folders and Share SharePoint files or
folders, and include information about your organization's policies for sharing information.
Unauthenticated access with Anyone links
Anyone links are a great way to easily share files and folders with people outside your organization. However, if
you're sharing sensitive information, this may not be the best option.
If you require people outside your organization to authenticate, Anyone links will not be available to users and
you'll be able to audit guest activity on shared files and folders.
Though Anyone links do not require people outside your organization to authenticate, you can track the usage
of Anyone links and revoke access if needed. If people in your organization frequently email documents to
people outside your organization, Anyone links may be a better option than emailing an attachment.
If you want to allow Anyone links, there are several options for a more secure sharing experience.
You can restrict Anyone links to read-only. You can also set an expiration time limit, after which the link will stop
working.
Another option is to configure a different link type to be displayed to the user by default. This can help minimize
the chances of inappropriate sharing. For example, if you want to allow Anyone links but are concerned that they
only be used for specific purposes, you can set the default link type to Specific people links or People in your
organization links instead of Anyone links. Users would then have to explicitly select Anyone links when they
share a file or folder.
You can also use data loss prevention to restrict Anyone link access to files that contain sensitive information.
People in your organization links
People in your organization links are a great way to share information within your organization. People in your
organization links work for anyone in your organization, so users can share files and folders with people who
aren't part of a team or members of a site. The link gives them access to the particular file or folder and can be
passed around inside the organization. This allows for easy collaboration with stakeholders from groups that
may have separate teams or sites – such as design, marketing, and support groups.
Creating a People in your organization link does not cause the file or folder to show up in search or give
everyone direct access to the file or folder. Users must have the link in order to access the file or folder. The link
does not work for guests or other people outside your organization.
Specific people links
Specific people links are best for circumstances where users want to limit access to a file or folder. The link only
works for the person specified and they must authenticate in order to use it. These links can be internal or
external (if you've enabled guest sharing).
Classify and protect information
Data loss prevention in Microsoft 365 provides a way to classify your teams, groups, sites, and documents, and
to create a series of conditions, actions, and exceptions to govern how they're used and shared.
By classifying your information and creating governance rules around them, you can create a collaboration
environment where users can easily work with each other without accidentally or intentionally sharing sensitive
information inappropriately.
With data loss prevention policies in place, you can be relatively liberal with your sharing settings for a given
site and rely on data loss prevention to enforce your governance requirements. This provides a friendlier user
experience and avoids unnecessary restrictions that users might try to work around.
For detailed information about data loss prevention, see Overview of data loss prevention.
Sensitivity labels
Sensitivity labels provide a way to classify teams, groups, sites, and documents with descriptive labels that can
then be used to enforce a governance workflow.
Using sensitivity labels helps your users to share information safely and to maintain your governance policies
without the need for users to become experts in those policies.
For example, you could configure a policy that requires Microsoft 365 groups classified as confidential to be
private rather than public. In such a case, a user creating a group, team, or SharePoint site would only see the
"private" option when they choose a classification of confidential. For information about using sensitivity labels
with teams, groups, and sites, see Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365
groups, and SharePoint sites
Conditions and actions
With data loss protection conditions and actions, you can enforce a governance workflow when a given
condition is met.
Examples include:
If customer information is detected in a document, then users cannot share that document with guests.
If a document contains the name of a confidential project, then guests cannot open the document even if
it has been shared with them.
Microsoft Cloud App Security offers additional granular conditions, actions, and alerts to help you secure your
content. These include the ability to remove a user's permissions or quarantine the user when the specified
condition is met.
User notifications
User notifications provide a way to communicate to your users – via email or policy tips – that data loss
prevention has detected something that they should be aware of. The user can then decide the best course of
action depending on the situation. For example, if a user unknowingly attempts to share a document that
contains a credit card number, the user is prompted that a credit card number has been found and advised of
your organization's policy regarding this.
Manage access
Microsoft 365 provides a variety of governance features to help you create an intuitive but secure collaboration
environment for your users.
Use device management to ensure your organization's information is accessed only by compliant devices.
Use conditional access to ensure your confidential data is accessed only from locations and apps that you
trust.
Monitor information sharing in real time and through reports to ensure your governance requirements
are met and sensitive information is being kept secure.
Additionally, you can use Azure Active Directory access reviews to automate a periodic review of group and
team ownership and membership.
Device Management
Through device management, you can take additional steps to secure your organization's information. You can
manage pretty much any device that your users might have – PCs, Macs, mobile devices, and Linux computers.
Examples include:
Ensure devices have the latest updates before allowing access to Microsoft 365
Prevent copy and paste of confidential data to personal or unmanaged apps
Erase company data from managed devices
As you consider your options governing access to information through device management, keep in mind that
guests are likely to have unmanaged devices. For sites where you've enabled guest sharing, be sure to provide
the needed access to unmanaged devices, even if that's just web access via a PC or Mac. Azure Active Directory
conditional access (discussed below) offers some options to reduce the risk of guests with unmanaged devices.
Some settings can be configured directly from SharePoint.
Intune in Microsoft 365 provides detailed device profiling options and can also deploy and manage individual
apps such as Office apps and OneDrive. For detailed information about Intune and device management, see
What is Microsoft Intune?.
You can configure device management from the Microsoft 365 Device Management admin center.
Conditional access
Azure Active Directory conditional access provides additional controls to prevent users from accessing your
organization's resources in risky situations, such as from untrusted location or from devices that aren't up to
date.
Examples include:
Block guests from signing in from risky locations
Require multi-factor authentication for mobile devices
You can create access policies that are specifically for guests, allowing risk mitigation for people who most likely
have unmanaged devices.
For detailed information, see What is Conditional Access?.
Real-time monitoring with aler ts
Microsoft Cloud App Security provides an extensive policy infrastructure that you can use to monitor activity
that you consider to be risky for your organization's data.
Examples include:
Raise an alert when a confidential file is shared externally.
Raise an alert when there's a mass download by a single user.
Raise an alert when an externally shared file hasn't been updated for a specified period of time.
Cloud App Security can also watch for anomalous behavior such as unusually large uploads or downloads,
access from unusual locations, or unusual admin activity.
By configuring alerts in Cloud App Security, you can be more confident in allowing an open sharing experience
for your users.
You can see the alerts on the Cloud App Security alerts page.
For detailed information about Cloud App Security, see Microsoft Cloud App Security overview.
Monitoring with repor ts
A variety of reports are available in Microsoft 365 to help you monitor site usage, document sharing,
governance compliance, and a host of other events.
For info about how to view reports on SharePoint site usage, see Microsoft 365 Reports in the Admin Center -
SharePoint site usage.
For info about how to view data loss prevention reports, see View the reports for data loss prevention.
For info about how to view Cloud App Security reports, see Generate data management reports.
Manage threats
You can use ATP Safe Attachments (part of Microsoft 365 Advanced Threat Protection) to protect against users
uploading malicious files to OneDrive, SharePoint, or Teams.
When ATP discovers a malicious file, that file is locked so that users cannot open, move, or copy the file.
The locked file is included in a list of quarantined items that you can monitor. You can then delete or release the
file as appropriate.
For detailed info, see Microsoft 365 ATP for SharePoint, OneDrive, and Microsoft Teams.
Related topics
Create a secure guest sharing environment
Best practices for sharing files and folders with unauthenticated users
Understanding how Microsoft Information Protection capabilities work together
How to deal with external sharing in Microsoft 365
Tutorial: Automatically apply Azure Information Protection classification labels
What's new in external sharing and collaboration with OneDrive and SharePoint
Protect and collaborate on files in the cloud with OneDrive, SharePoint, and Microsoft Teams
External sharing overview
4/6/2021 • 7 minutes to read • Edit Online
The external sharing features of Microsoft SharePoint let users in your organization share content with people
outside the organization (such as partners, vendors, clients, or customers). You can also use external sharing to
share between licensed users on multiple Microsoft 365 subscriptions if your organization has more than one
subscription. External sharing in SharePoint is part of secure collaboration with Microsoft 365.
Planning for external sharing should be included as part of your overall permissions planning for SharePoint in
Microsoft 365. This article describes what happens when users share, depending on what they're sharing and
with whom.
If you want to get straight to setting up sharing, choose the scenario you want to enable:
Collaborate with guests on a document
Collaborate with guests in a site
Collaborate with guests in a team
(If you're trying to share a file or folder, see Share OneDrive files and folders or Share SharePoint files or folders
in Microsoft 365.)
NOTE
External sharing is turned on by default for your entire SharePoint environment and the sites in it. You may want to turn it
off globally before people start using sites or until you know exactly how you want to use the feature.
IMPORTANT
Even if your organization-level setting allows external sharing, not all new sites allow it by default. The default sharing
setting for Microsoft 365 group-connected team sites is "New and existing guests." The default for communication sites
and classic sites is "Only people in your organization."
IMPORTANT
It's important that all group members have permission to access the team site. If you remove the group's permission,
many collaboration tasks (such as sharing files in Teams chats) won't work. Only add guests to the group if you want
them to be able to access the site. For info about guest access to Microsoft 365 groups, see Manage guest access in
Groups.
NOTE
Sites can't be shared with people unless they have a Microsoft account or a work or school account in Azure AD.
Stopping sharing
You can stop sharing with guests by removing their permissions from the shared item, or by removing them as
a guest in your directory.
You can stop sharing with people who have an "Anyone" link by going to the file or folder that you shared and
deleting the link.
Learn how to stop sharing an item
See also
How Microsoft manages and enables external sharing and collaboration with SharePoint (Microsoft Ignite)
Coaching your guests through the external sharing experience
Set up and manage access requests
Searching for site content shared externally
Configure Teams with three tiers of protection
Create a secure guest sharing environment
Settings interactions between Microsoft 365 Groups, Teams and SharePoint
SharePoint and OneDrive integration with Azure
AD B2B
3/23/2021 • 3 minutes to read • Edit Online
This article describes how to enable Microsoft SharePoint and Microsoft OneDrive integration with Azure AD
B2B.
Azure AD B2B provides authentication and management of guests. Authentication happens via one-time
passcode when they don't already have a work or school account or a Microsoft account.
With SharePoint and OneDrive integration, the Azure B2B one-time passcode feature is used for external sharing
of files, folders, list items, document libraries and sites. This feature provides an upgraded experience from the
existing secure external sharing recipient experience.
Enabling this integration does not change your sharing settings. For example, if you have site collections where
external sharing is turned off, it will remain off.
Once the integration is enabled you and your users do not have to reshare or do any manual migration for
guests previously shared with. Instead, when someone outside your organization clicks on a link that was
created before the preview was enabled, SharePoint will automatically create a B2B guest account. This guest
account is created on behalf of the user who originally created the sharing link. (If the user who created the link
is no longer in the organization or no longer has permission to share, the guest will not be added to the
directory and the file will need to be reshared.)
SharePoint and OneDrive integration with the Azure AD B2B one-time passcode feature is currently not enabled
by default. Later, this feature will replace the ad-hoc external sharing experience used in OneDrive and
SharePoint today.
Advantages of Azure AD B2B include:
Invited people outside your organization are each given an account in the directory and are subject to Azure
AD access policies such as multi-factor authentication.
Invitations to a SharePoint site use Azure AD B2B and no longer require users to have or create a Microsoft
account.
If you have configured Google federation in Azure AD, federated users can now access SharePoint and
OneDrive resources that you have shared with them.
SharePoint and OneDrive sharing is subject to the Azure AD organizational relationships settings, such as
Members can invite and Guests can invite .
This integration is not supported in the following Microsoft 365 services:
Office 365 Germany
Office 365 operated by 21Vianet
GCC High and DoD
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following cmdlets:
See also
Set-SPOTenant
External sharing overview
Manage sharing settings
4/6/2021 • 8 minutes to read • Edit Online
This article describes how global and SharePoint admins in Microsoft 365 can change their organization-level
sharing settings for Microsoft SharePoint and Microsoft OneDrive. (If you want to share a file or folder, read
Share SharePoint files or folders or Share OneDrive files and folders.)
For end-to-end guidance around how to configure guest sharing in Microsoft 365, see:
Set up secure collaboration with Microsoft 365
Collaborate with guests on a document
Collaborate with guests in a site
Collaborate with guests in a team
To change the sharing settings for a site after you've set the organization-level sharing settings, see Turn external
sharing on or off for for a site. To learn how to change the external sharing setting for a user's OneDrive, see
Change the external sharing setting for a user's OneDrive.
Video demonstration
This video shows how the settings on the Sharing page in the SharePoint admin center affect the sharing
options available to users.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Sharing page.
2. Under External sharing , specify your sharing level for SharePoint and OneDrive. The default level for
both is "Anyone."
NOTE
The SharePoint setting applies to all site types, including those connected to Microsoft 365 groups.
The OneDrive setting can be more restrictive than the SharePoint setting, but not more permissive.
The SharePoint external sharing setting on this page is the same as the one in the Microsoft 365 admin center,
under Settings > Ser vices & add-ins > Sites . These settings are also the same as those in the OneDrive
admin center.
This setting is for your organization overall. Each site has its own sharing setting which you can set
independently, though it must be at the same or more restrictive setting as the organization. See Change
the external sharing setting for a site for more information.
Which option to select...
SEL EC T T H IS O P T IO N : IF Y O U WA N T TO :
Anyone Allow users to share files and folders by using links that let
anyone who has the link access the files or folders without
authenticating. This setting also allows users to share sites
with new and existing guests who authenticate. If you select
this setting, you can restrict the Anyone links so that they
must expire within a specific number of days, or so that they
can give only View permission.
New and existing guests Require people who have received invitations to sign in with
their work or school account (if their organization uses
Microsoft 365) or a Microsoft account, or to provide a code
to verify their identity. Users can share with guests already in
your organization's directory, and they can send invitations
to people who will be added to the directory if they sign in.
For more info about verification codes, see Secure external
sharing in SharePoint
Existing guests Allow sharing only with guests who are already in your
directory. These guests may exist in your directory because
they previously accepted sharing invitations or because they
were manually added, such as through Azure B2B
collaboration. (To see the guests in your organization, go to
the Guests page in the Microsoft 365 admin center).
SEL EC T T H IS O P T IO N : IF Y O U WA N T TO :
NOTE
If you turn off external sharing for your organization and later turn it back on, guests who previously had access regain it.
If you know that external sharing was previously turned on and in use for specific sites and you don't want guests to
regain access, first turn off external sharing for those specific sites.
If you restrict or turn off external sharing, guests typically lose access within one hour of the change.
Specific people - This option is most restrictive and impedes broad internal sharing. If you allow
external sharing, this option lets users share with specific people outside the organization.
Only people in your organization - If links are forwarded, they'll work for anyone in the organization.
This option is best if your organization shares broadly internally and rarely shares externally.
Anyone with the link - This option is available only if your external sharing setting is set to "Anyone."
Forwarded links work internally or externally, but you can't track who has access to shared items or who
has accessed shared items. This is best for friction-free sharing if most files and folders in SharePoint and
OneDrive aren't sensitive.
IMPORTANT
If you select "Anyone with the link," but the site or OneDrive is set to allow sharing only with guests who sign in
or provide a verification code, the default link is "Only people in your organization." Users need to change the link
type to "Specific people" to share files and folders in the site or OneDrive externally.
Link expiration - You can require all "Anyone" links to expire, and specify the maximum number of days
allowed
Link permissions - You can restrict "Anyone" links so that they can only provide view permission for files or
folders.
If you are using file requests, the link permissions must be set for View and edit for files and View, edit, and
upload for folders.
Other
Display to owners the names of people who viewed their files
This setting lets you control whether the owner of a shared file can see on the file card the people who only view
(and don't edit) the file in OneDrive. The file card appears when users hover over a file name or thumbnail in
OneDrive. The info includes the number of views on the file, the number of people who viewed it, and the list of
people who viewed it. To learn more about the file card, see See files you shared in OneDrive.
NOTE
This setting is selected by default. If you clear it, file viewer info is still recorded and available to you to audit as an admin.
OneDrive owners can also still see people who have viewed their shared Office files by opening the files from Office.com
or from the Office desktop apps.
Let site owners choose to display the names of people who viewed files or pages in SharePoint
This setting lets you specify whether site owners can allow users who have access to a file, page, or news post to
see on the file card who has viewed the item.
This setting is turned on by default at the organization level and off at the site level for existing sites. Viewer
information is shown only when the setting is on at both the organization and site level. We recommend that
site owners turn on this feature only on team sites that don't have sensitive information. Learn how site owners
can turn on this feature.
NOTE
Historical data is included when this setting is enabled. Likewise, if the setting is turned off and back on at the
organization level or site level, the views during the off period are included in the history.
On the classic Sharing page, you can limit external sharing by security group and shorten sharing links or
change their default permission.
See also
Limit accidental exposure to files when sharing with guests
Create a secure guest sharing environment
Stop sharing files or folders or change permissions
External sharing & collaboration with OneDrive, SharePoint & Teams (Ignite 2020)
Turn external sharing on or off for a site
3/23/2021 • 3 minutes to read • Edit Online
You must be a global or SharePoint admin in Microsoft 365 to change the external sharing setting for a site
(previously called a "site collection"). Site owners are not allowed to change this setting.
Note that this procedure applies to classic sites, communication sites, and new team sites. To learn how to
change the external sharing setting for a user's OneDrive, see Change the external sharing setting for a user's
OneDrive. For info about changing your organization-level settings, see Turn external sharing on or off for
SharePoint. To change the settings for Teams private channel sites, you must use Set-SPOSite.
For detailed information about how to set up guest access for a site, see Collaborate with guests in a site.
To configure external sharing for a site
1. Go to the Active sites page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Active sites page.
5. If you want to limit the sharing of this site by domain, select the Limit sharing by domain check box,
and add the domains that you want to allow or block.
6. If you want to change the default sharing link type, permissions, or expiration setting for this site, clear
the Same as organization-level setting check box and set the value that you want to use for this site.
For more info, see Change the default sharing link for a site.
7. Select Save .
Which option to select...
SEL EC T T H IS O P T IO N : IF Y O U WA N T TO :
Anyone Allow site owners and others with full control permission to
share the site with people who authenticate. Allow site users
to decide when sharing files and folders to require
authentication or allow unauthenticated people to access the
item. Anyone links to files and folders can be freely
forwarded.
New and existing guests Allow site owners and others with full control permission to
share the site with people outside the organization. These
people will need to sign in and will be added to the directory.
Allow site users to share files and folders with people who
aren't in the organization's directory.
Existing guests Allow sharing with only people already in your directory.
These users may exist in your directory because they
previously accepted sharing invitations or because they were
manually added. (You can tell an external user because they
have #EXT# in their user name.)
Only people in your organization Prevent all site users from sharing any site content
externally. (This is the default setting for new classic sites.)
The settings available are dependent on your organization-level setting. If you enable external sharing for a site
and it is later turned off for your organization, external sharing will become unavailable at the site level and any
shared links will stop working. If it is turned back on for the organization, the site sharing setting will return to
what it was before and the shared links will resume working.
NOTE
You might have site content shared with a Microsoft 365 group that has guest members, and the group settings prevent
guest members from accessing group resources. In this case, even if you turn on external sharing for the site, guests of
the group may not be able to access site content. To enable or disable Microsoft 365 Group guest member access, see
Manage guest access in Microsoft 365 Groups.
Related topics
Best practices for sharing files and folders with unauthenticated users
Create a secure guest sharing environment
File collaboration in SharePoint with Microsoft 365
Stop sharing files or folders or change permissions
Mark new files as sensitive by default
3/23/2021 • 2 minutes to read • Edit Online
When new files are added to SharePoint or OneDrive in Microsoft 365, it takes a while for them to be crawled
and indexed. It takes additional time for the Office Data Loss Prevention (DLP) policy to scan the content and
apply rules to help protect sensitive content. If external sharing is turned on, sensitive content could be shared
and accessed by guests before the Office DLP rule finishes processing.
Instead of turning off external sharing entirely, you can address this issue by using a new PowerShell cmdlet. The
cmdlet prevents guests from accessing newly added files until at least one Office DLP policy scans the content of
the file. If the file has no sensitive content based on the DLP policy, then guests can access the file. If the policy
identifies sensitive content, then guests will not be able to access the file. They will receive the following access
denied error message: "This file is being scanned right now. Please try again in a few minutes. If you still don't
have access, contact the file owner."
NOTE
This cmdlet applies to newly added files in all SharePoint sites and OneDrive accounts. It doesn't block sharing if an
existing file is changed.
1. Make sure you have at least one DLP policy turned on for content located in SharePoint. Learn how to
create and turn on a DLP policy
IMPORTANT
The DLP policy must include all SharePoint sites and OneDrive accounts and exclude none.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
3. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
4. Run the following command:
Set-SPOTenant-MarkNewFilesSensitiveByDefault BlockExternalSharing
Users can share files and folders in Microsoft SharePoint by sending a link. They should select a link type based
on the people to whom they want to give permission. The following link types are available:
Anyone with the link (previously called "anonymous access" or "shareable")
People in your organization with the link
People with existing access
Specific people
As a global or SharePoint admin, you may want to enable users to send "Anyone" links, but you may not want
this to the be the default type of link when users select to share files and folders. You can set the default type of
link to something more restrictive, while still allowing users to select other types of links as needed. You can
change this setting at the organization level and at the site (previously called "site collection") level.
NOTE
The default sharing link setting applies only to libraries that use the new experience.
This setting does not affect Outlook Web App, Outlook 2016, or Office clients prior to Office 2016.
For info about the changing this setting at the organization level, see File and folder links.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Active sites page.
Related topics
Turn external sharing on or off for a site
Default SharePoint groups
3/23/2021 • 4 minutes to read • Edit Online
The default SharePoint groups are created automatically when you create a site (previously called a "site
collection"). The default groups use SharePoint's default permission levels - sometimes called SharePoint roles -
to grant users rights and access. The permission levels that these groups have represent common levels of
access that users have to have. They are a good place to start when you add users to a SharePoint site.
Administrators can create additional groups to align more closely with specific business needs. Deciding how to
design and populate your SharePoint security groups is an important decision that affects security for your site
and site content.
Here are links to information on understanding and setting SharePoint permissions.
Understanding permission levels in SharePoint
Edit and manage permissions for a SharePoint list or library
How to create and edit permission levels
Approvers Approve No
Style Resource Readers Restricted Read People in this group have Limited
Access to the Style Library and Master
Page Gallery.
Quick Deploy Users Contribute These users can schedule Quick Deploy
jobs (Content Deployment).
GRO UP N A M E P ERM ISSIO N L EVEL USE T H IS GRO UP F O R
Viewers View Only These users see content, but can't edit
or download it.
Site administrators
DESC RIP T IO N SH A REP O IN T IN M IC RO SO F T 365 SH A REP O IN T SERVER
A site can have several site admins, but must have one and only one primary administrator. Any site admin can
add or remove other admins. Site admins have full control of the site root and any subsites in the site, and can
audit all site content.
In SharePoint Server, you designate a site collection administrator when you create a site.
SharePoint admins
DESC RIP T IO N SH A REP O IN T IN M IC RO SO F T 365 SH A REP O IN T SERVER
In SharePoint in Microsoft 365, there is also a SharePoint admin. A SharePoint admin can use the SharePoint
admin center or PowerShell to manage settings for all sites. Any global admin in Microsoft 365 also has the
permissions of a SharePoint admin. For more info about the SharePoint admin role, see About the SharePoint
admin role in Microsoft 365.
If you are using SharePoint Server, you do not have a SharePoint admin or SharePoint admin center.
Sharing errors in SharePoint and OneDrive
3/23/2021 • 11 minutes to read • Edit Online
This article covers the different errors that you might encounter when sharing files or folders from SharePoint
or OneDrive in Microsoft 365. You need to be a global or SharePoint admin in your organization to fix these
errors. If you are not an administrator, contact your help desk and give them your error code.
Note that changing these settings changes the types of external sharing that are allowed in your organization. In
some cases, these settings may have been set by someone in your organization for business reasons.
OSE201
Error OSE201 indicates that external sharing is turned off for all of your SharePoint and OneDrive sites.
First, change the external sharing setting for your organization:
1. Go to the Sharing page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Sharing page.
2. Under External sharing , for both SharePoint and OneDrive, select Anyone or New and existing guests .
3. Select Save .
Next, check the external sharing settings for the site that you want to share from.
If you're sharing from a SharePoint site:
1. In the new SharePoint admin center, in the left pane, select Sites > Active sites .
2. Select the site that you want to share from, and then select Sharing .
3. Make sure that either New and existing guests or Anyone is selected, and if you made changes, select
Save .
Try sharing again.
If you're sharing from OneDrive:
1. In the Microsoft 365 admin center, in the left pane, under Users , select Active users .
2. Select the user, and then select the OneDrive tab.
3. Select Manage external sharing .
4. Make sure Let people outside your organization access your site is turned on, and Allow sharing
with anonymous guest links and authenticated users or Allow sharing to authenticated guest
users with invitations is selected.
Try sharing again.
OSE202
Error OSE202 indicates that you can only share with guests who are already in your directory. You can add
guests directly through Azure Active Directory, or you can change the setting by doing the following:
First, change the external sharing setting for your organization.
1. Go to the Sharing page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Sharing page.
2. Under External sharing , select Anyone or New and existing guests for both SharePoint and OneDrive.
3. Select Save .
Next, check the external sharing settings for the site that you want to share from.
If you're sharing from a SharePoint site:
1. In the left pane of the new SharePoint admin center, select Sites > Active sites .
2. Select the site that you want to share from, and then select Sharing .
3. Make sure that either New and existing guests or Anyone is selected, and if you made changes, select
Save .
Try sharing again.
If you're sharing from OneDrive:
1. In the Microsoft 365 admin center, in the left pane, under Users , select Active users .
2. Select the user, and then select the OneDrive tab.
3. Select Manage external sharing .
4. Make sure Let people outside your organization access your site is turned on, and Allow sharing
with anonymous guest links and authenticated users or Allow sharing to authenticated guest
users with invitations is selected.
Try sharing again.
OSE204
Error OSE204 indicates that sharing is turned off for the site that you're trying to share from. You can change the
setting as follows:
1. Go to the Active sites page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Active sites page.
2. Select the site that you want to share from, and then select Sharing .
3. Make sure that either New and existing guests or Anyone is selected, and then select Save .
Try sharing again.
OSE205
Error OSE205 indicates that you can only share the site with guests who are already in your directory. You can
add guests directly through Azure Active Directory, or you can change the setting by doing the following:
1. Go to the Active sites page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Active sites page.
2. Select the site that you want to share from, and then select Sharing .
3. Make sure that either New and existing guests or Anyone is selected, and then select Save .
OSE207
Error OSE207 indicates that external sharing is turned off for OneDrive. You can change this setting as follows:
1. Go to the Sharing page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Sharing page.
2. Under External sharing , select Anyone or New and existing guests for OneDrive.
3. Select Save .
Try sharing again.
OSE208
Error OSE208 indicates that you can only share OneDrive files and folders with guests who are already in your
directory. You can add guests directly through Azure Active Directory, or you can change the setting by doing
the following:
1. Go to the Sharing page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Sharing page.
2. Under External sharing , change the OneDrive setting to either Anyone or New and existing
external users .
3. Select Save .
Try sharing again.
OSE303
Error OSE303 indicates that the person sharing the file or folder is not a member of the security groups that are
allowed to share with guests and by using Anyone links. To change this setting:
1. Go to the Sharing page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Sharing page.
OSE304
Error OSE304 indicates that the person sharing the file or folder is not a member of the security groups that are
allowed to share with guests. To change this setting:
1. Go to the Sharing page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Sharing page.
OSE401
Error OSE401 indicates that your organization-level setting lets you share with only people on specific domains.
The person you're trying to share with is not on one of the listed domains. To change this setting:
1. Go to the Sharing page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Sharing page.
2. Under Advanced settings for external sharing , select Add domains , add the domain that you want
to share with to the list of allowed domains, and select OK . Alternatively, you can turn off domain filtering
by clearing the Limit external sharing by domain check box.
3. Select Save .
Try sharing again.
OSE402
Error OSE402 indicates that your organization-level setting blocks sharing with people on specific domains. The
person you're trying to share with is on one of the listed domains. To change this setting:
1. Go to the Sharing page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Sharing page.
2. Under Advanced settings for external sharing , select Add domains , remove the domain from the
list of blocked domains, and select OK . Alternatively, you can turn off domain filtering by clearing the
Limit external sharing by domain check box.
3. Select Save .
Try sharing again.
OSE403
Error OSE403 indicates that the site from which you're sharing lets you share with only people on specific
domains. The person you're trying to share with is not on one of the listed domains. To change this setting:
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
OSE404
Error OSE404 indicates that the site from which you're sharing blocks sharing with people on specific domains.
The person you're trying to share with is on one of the listed domains. To change this setting:
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
See also
External sharing overview
Turn external sharing on or off for SharePoint
Stop sharing files or folders or change permissions
Report on file and folder sharing in a SharePoint
site
3/9/2021 • 2 minutes to read • Edit Online
You can create a CSV file of every unique file, user, permission and link on a given SharePoint site or OneDrive.
This can help you understand how sharing is being used and if any files or folders are being shared with guests.
You must be a site admin to run the report.
When you run the report, the CSV file is saved to a location of your choosing on the site.
In Microsoft SharePoint, if you don't want site members to see the report, consider creating a folder with
different permissions where only site owners can access the report.
To run the report (SharePoint)
1. Open the site where you want to run the report
2. On the Settings menu, click Site usage .
3. In the Shared with external users section, click Run repor t .
4. Choose a location to save the report, and then click Save .
To run the report (OneDrive)
1. From the Microsoft 365 app launcher, select the OneDrive tile.
2. On the Settings menu, click OneDrive settings .
3. Click More settings , and then click Run sharing repor t .
4. Choose a location to save the report, and then click Save .
The report may take some time to run depending on the size of the site.
When the report is finished running you will receive an email with a link to the report.
CSV format
For items shared with direct access, the report contains one row for each user / item combination. SharePoint
groups are shown in the report, but not individual users inside them.
For items shared with a link, the report contains a row for each signed-in user who has used the link or has
been sent the link through the sharing dialog. Links emailed directly that haven't been clicked, and Anyone links
are not included in the report.
The report contains the following columns:
C O L UM N DESC RIP T IO N
User Name Friendly name of the user or group that has access to this
item. If this is a sharing link, the user name is SharingLink
User E-mail The email address of the user who has access to this item.
This is blank for SharePoint groups.
User or Group Type The type of user or group: Member (internal), Guest
(external), SharePoint group, Security group or Microsoft 365
group. (Note that Member refers to a member in the
directory, not a member of the site.)
Link ID The GUID of the sharing link if user name is Sharing Link
If you want to restrict sharing with other organizations (either at the organization level or site level), you can
limit sharing by domain.
NOTE
If you have enrolled in the SharePoint and OneDrive integration with Azure AD B2B, invitations in SharePoint are also
subject to any domain restrictions configured in Azure Active Directory.
Limiting domains
You can limit domains by allowing only the domains you specify or by allowing all domains except those you
block.
To limit domains at the organization level
1. Go to the Sharing page of the SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Sharing page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Sharing page.
2. Under Advanced settings for external sharing , select the Limit external sharing by domain
check box, and then select Add domains .
3. To create an allow list (most restrictive), select Allow only specific domains ; to block only the domains
you specify, select Block specific domains .
4. List the domains (maximum of 3000) in the box provided, using the format domain.com. If listing more
than one domain, enter each domain on a new line.
NOTE
Wildcards are not supported for domain entries.
5. Select Save .
You can also configure the organization-wide setting by using the Set-SPOTenant PowerShell cmdlet.
You can also limit domains at the site collection level. Note the following considerations:
In the case of conflicts, the organization-wide configuration takes precedence over the site collection
configuration.
If an organization-wide allow list is configured, then you can only configure an allow list at the site
collection level. The site collection allow list must be a subset of the organization's allow list.
If an organization-wide deny list is configured, then you can configure either an allow list or a deny list at
the site collection level.
For individual OneDrive site collections, you can only configure this setting by using the Set-SPOSite
Windows PowerShell cmdlet.
To limit domains for a site
1. Go to the Active sites page in the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the More features page.
NOTE
Wildcards are not supported for domain entries.
NOTE
To configure the site collection setting for site collections that do not appear in this list (such as Group-connected
sites or individual OneDrive site collections), you must use the Set-SPOSite PowerShell cmdlet.
Sharing experience
After you limit sharing by domain, here's what you'll see when you share a document:
Sharing content with email domains that are not allowed. If you attempt to share content with a
guest whose email address domain isn't allowed, an error message will display and sharing will not be
allowed.
(If the user is already in your directory, you won't see the error, but they will be blocked if they attempt to
access the site.)
Sharing OneDrive files with guests on domains that aren't allowed. If a users tries to share a
OneDrive file with a guest whose email domain isn't allowed, an error message will display and sharing
will not be allowed.
Sharing content with email domains that are allowed. Users will be able to successfully share the
content with the guest. A tooltip will appear to let them know that the guest is outside of their
organization.
See also
External sharing overview
Extranet for Partners with Microsoft 365
Set-SPOTenant
Use SharePoint as a business-to-business (B2B)
extranet solution
3/23/2021 • 3 minutes to read • Edit Online
An extranet site in Microsoft SharePoint is a site that you create to let external partners have access to specific
content, and to collaborate with them. Extranet sites are a way for partners to securely do business with your
organization. The content for your partner is kept in one place and they have only the content and access they
need. They don't need to email the documents back and forth or use tools that are not sanctioned by your IT
department.
Traditionally, deploying a SharePoint on-premises extranet site involves complex configuration to establish
security measures and governance, including granting access inside the corporate firewall, and expensive initial
and on-going cost.
But with Microsoft 365, partners connect directly to a members-only site in SharePoint, without access to your
on-premises environment or any other SharePoint sites. Microsoft 365 extranet sites can be accessed anywhere
there's an Internet connection.
Depending on your collaboration needs, you can include Microsoft 365 groups or Microsoft Teams as part of
your extranet.
Controlling sharing experience for the Part of Microsoft 365 sites Often requires custom solutions/apps
extranet functionality
Get started
To get started setting up a SharePoint extranet site:
1. Read Collaborate with guests in a site if you want to limit your extranet to a site with a Microsoft 365
group, or Collaborate with guests in a team if you want to include a team.
2. Read Create a B2B extranet with managed guests if you want to delegate guest access management to
specific approvers in either your organization or the partner organization.
3. Read Limit accidental exposure to files when sharing with guests and Create a secure guest sharing
environment to learn about options for securing your guest sharing environment.
See also
Microsoft 365 guest sharing settings reference
SharePoint site permissions
3/9/2021 • 6 minutes to read • Edit Online
This article contains advanced scenarios for customizing site permissions. Most organizations won't need these
options. If you just want to share files or folders, see Share SharePoint files or folders. If you want to share a site,
see Share a site.
While SharePoint allows considerable customization of site permissions, we highly recommend using the built-
in SharePoint groups for communication site permissions and managing team site permissions through the
associated Microsoft 365 group. For information about managing permissions in the SharePoint modern
experience, see Sharing and permissions in the SharePoint modern experience.
If you do need to customize SharePoint groups, this article describes how.
NOTE
To do the following steps, you need a permission level that includes permissions to Create Groups and Manage
Permissions. The Full Control level has both. For more information, see Understanding permission levels in SharePoint.
Create a group
1. On your website or team site, click Settings , and click Site permissions .
2. On the Permissions page, click Advanced Permissions Settings .
The permissions page opens.
3. On the Permissions tab, click Create Group .
4. On the Create Group page, in the Name and About me boxes, type a name and description for this
SharePoint group.
5. In the Owner box, specify a single owner of this security group.
6. In the Group Settings section, specify who can view and edit the membership of this group.
7. In the Membership Requests section, select the settings that you want for requests to join or leave the
group. You can specify the email address to which requests should be sent.
8. In the Give Group Permissions to this Site section, choose a permission level for this group.
9. Click Create .
Add users to a group
3. In the Enter names, email addresses, or Ever yone box, enter the name or email address of the user
or group that you want to add. When the name appears in a confirmation box below your entry, select
the name to add it to the text box.
4. If you want to add more names, repeat these steps.
5. (Optional) Enter a personalized message to send to the new users in Include a personal message
with this invitation .
6. Click Share .
Remove users from a group
1. On your website or team site, click Settings , and click Site settings . If you don't see Site settings ,
click Site information , and then click View all site settings . On some pages, you may need to click
Site contents , then click Site settings .
2. On the Site Settings page, under Users and Permissions , click People and Groups .
3. On the People and Groups page, in the Quick Launch, click the name of the group that you want to
remove users from.
4. Select the check boxes next to the users who you want to remove, click Actions , and then click Remove
Users from Group .
5. In the confirmation window, click OK .
Grant site access to a group
1. On your website or team site, click Settings , and click Site settings . If you don't see Site settings ,
click Site information , and then click View all site settings . On some pages, you may need to click
Site contents , then click Site settings .
2. On the Site Settings page, under Users and Permissions , click Site Permissions .
3. On the Permissions tab, click Grant Permissions .
4. In the Share dialog, type the name of the SharePoint group that you want to give access to.
5. By default, the Share dialog displays the message Invite people to Edit or Invite people with Can
edit permissions. This grants permissions in the SharePoint Members group. To choose a different
permission level, click Show options and then choose a different SharePoint group or permission level
under Select a permission level or Select a group or permission level . The drop-down box shows
both groups and individual permission levels, like Edit or View Only .
6. Click Share.
Delete a group
Cau t i on
We recommend that you don't delete any of the default SharePoint groups, because this can make the system
unstable. You should only delete group(s) you have created and no longer want to use.
1. On your website or team site, click Settings , and click Site settings . If you don't see Site settings ,
click Site information , and then click View all site settings . On some pages, you may need to click
Site contents , then click Site settings .
2. On the Site Settings page, under Users and Permissions , click People and Groups .
3. On the People and Groups page, click the name of the SharePoint group that you want to delete.
4. Click Settings , and then click Group Settings .
5. At the bottom of the Change Group Settings page, click Delete .
6. In the confirmation window, click OK .
Assign a new permission level to a group
If you have customized a permission level or created a new permission level, you can assign it to groups or
users.
1. On your website or team site, click Settings , and click Site settings . If you don't see Site settings ,
click Site information , and then click View all site settings . On some pages, you may need to click
Site contents , then click Site settings .
2. On the Site Settings page, under Users and Permissions , click Site Permissions .
3. Select the check box next to the user or group to which you want to assign the new permission level.
4. On the Permissions tab, click Edit User Permissions .
5. On the Edit Permissions page, select the check box next to the name of the new permission level. If you
select multiple permission levels, the permission level assigned to the group is the union of the individual
permissions in the different levels. That is, if one level includes permissions (A, B, C), and the other level
includes permissions (C, D), the new level for the group includes permissions (A, B, C, D).
6. Click OK .
NOTE
Permissions for the default SharePoint groups (Owners, Members, and Visitors) for Team sites that are connected to a
Microsoft 365 group can't be modified.
1. On the site, click Settings , and click Site settings . If you don't see Site settings , click Site
information , and then click View all site settings . On some pages, you may need to click Site
contents , then click Site settings .
2. On the Site Settings page, under Users and Permissions , click Site Collection Administrators .
3. In the Site Collection Administrators box, do one of the following:
To add a site collection administrator, enter the name or user alias of the person who you want to
add.
To change a site collection administrator, click the X next to the name of the person, and then enter
a new name.
To remove a site collection administrator, click the X next to the name of the person.
4. Click OK .
NOTE
To see the Site Collection Administrators link, you must be a site collection administrator, or a global or SharePoint
admin in your organization. This link is not displayed to site owners.
Permissions inheritance in SharePoint
3/31/2021 • 6 minutes to read • Edit Online
While SharePoint allows considerable customization of site permissions, including changing inheritance, we
highly recommend not breaking inheritance. Use the built-in SharePoint groups for communication sites and
manage team site permissions through the associated Microsoft 365 group. Use sharing links to share
individual files and folders with people outside the site. This allows for much easier administration. For
information about managing permissions in the SharePoint modern experience,see Sharing and permissions in
the SharePoint modern experience.
IMPORTANT
We recommend creating a site collection for each unit of work instead of using subsites create a hierarchical structure.
Learn about using hub sites to organize your intranet
By default, permissions are inherited from parent to child. That is, if you do not change the permission structure,
then a list item inherits permissions (through its parent list) from the root site in the collection. However, even if
you break inheritance for a list, that list is still a parent for its own list items. The list items for the list inherit the
permissions that the list has, and if you change the permissions for the list, the list items inherit the changes.
When you first break this chain of inheritance from parent to child, the child starts with a copy of the parent's
permissions. Then, you edit these permissions to make them the way that you want. You can add permissions,
remove permissions, create special groups, and so on. None of the changes affect the original parent. And, if you
decide that breaking inheritance was the wrong decision, you can resume inheriting permissions at any time.
When a user shares or stops sharing an item that contains other items with broken inheritance, a one-time push
down of that permission addition or removal is sent to all child items, even those with broken inheritance. This is
true for both direct permissions and sharing links. When managing permissions for an item with broken
inheritance, users are able to remove any direct permissions on it. If an item with broken inheritance is
accessible by a sharing link that was created on one of its parent folders and a user does not want that link to
grant access to the item, then users can either remove the link entirely or they can move the file outside of the
folder for which sharing link has permissions.
By default, permissions pass directly to subsites. That is, the groups and permission levels that you assigned at
the site collection root pass down automatically to the subsite for reuse.
A scenario that restricts access to a site and its children
Suppose that your company offers special benefits only for executives. In this case, the administrators decide to
separate the "Executive" subsite and break inheritance from the parent site, "Benefits."
The site owners for the "Executive" site change the permissions for the site, removing some groups and creating
others. The subsites of the "Executive" site, "Bonuses" and "Company transportation," now inherit permissions
only from the "Executive" subsite. Only the groups and users for "Executive" can access the lists and libraries that
contain sensitive information.
For ease of maintenance, we recommend that you use a similar method to restrict access. That is, organize your
site so that sensitive material is in the same place. If you organize the site this way, you only have to break
inheritance one time, for that specific site or library. This is much less overhead. It requires much less work than
creating separate permission structures in many locations for individual subsites and libraries.
A scenario that shares access to a folder and its children
Suppose that an employee at Northwind Traders hired consultants and wants to collaborate with them on
documents in SharePoint. The employee doesn't want to give the consultants access to anything else on the
SharePoint site.
When the employee shares the folder with the consultants, SharePoint automatically handles all the details of
permissions and access, by breaking inheritance on the folder itself. The consultants can access all the
documents in the folder but can't view or access any other information on the site. Even though inheritance is
technically broken, if people are later added to the parent site collection, they will automatically be given
permission to the shared folder.
Permission levels in SharePoint
3/23/2021 • 14 minutes to read • Edit Online
While SharePoint offers a variety of permission levels for sites, we highly recommend using the built-in
SharePoint groups for communication sites and managing team site permissions through the associated
Microsoft 365 group. This allows for much easier administration. For information about managing permissions
in the SharePoint modern experience, see Sharing and permissions in the SharePoint modern experience.
NOTE
Want to go straight to the steps for changing or setting permission levels? See How to create and edit Permission Levels.
Inheritance
An important concept to understand is permissions inheritance. By design, all the sites and site content in a
collection inherit the permissions settings of the root or top-level site. When you assign unique permissions to
sites, libraries, and items, those items no longer inherit permissions from their parent site. Here's more
information on how permissions work within the hierarchy:
A site collection administrator configures permissions for the top level site or root site for the whole
collection.
If you are a site owner, you can change permission settings for the site, which stops permission
inheritance for the site.
Lists and libraries inherit permissions from the site to which they belong. If you are a site owner, you can
stop permissions inheritance and change the permission settings for the list or library.
List items and library files inherit permissions from their parent list or library. If you have control of a list
or library, you can stop permissions inheritance and change permissions settings directly on a specific
item.
It is important to know that a user can interrupt the default permission inheritance for a list or library
item by sharing a document or item with someone who does not have access. In that case, SharePoint
automatically stops inheritance on the document.
Design Create lists and document libraries, edit pages and apply
themes, borders, and style sheets on the site. There is no
SharePoint group that is assigned this permission level
automatically.
Edit Add, edit, and delete lists; view, add, update, and delete list
items and documents. By default, this permission level is
assigned to the Members group.
Contribute View, add, update, and delete list items and documents.
Read View pages and items in existing lists and document libraries
and download documents.
P ERM ISSIO N L EVEL DESC RIP T IO N
Web-Only Limited Access Web-Only Limited access is a variant of the ‘Limited Access’
permission level which enables users’ access to the web
object only.
Manage Hierarchy Create sites and edit pages, list items, and documents. By
default, this permission level is assigned to the Hierarchy
Managers group.
Restricted Read View pages and documents, but not historical versions or
user permissions.
View Only View pages, items, and documents. Any document that has
a server-side file handler can be viewed in the browser but
not downloaded. File types that do not have a server-side
file handler (cannot be opened in the browser), such as video
files, .pdf files, and .png files, can still be downloaded.
NOTE
Microsoft 365 subscriptions create a security group called "Everyone except external users" that contains every person
you add into the Microsoft 365 directory (except people who you add explicitly as External Users). This security group
added to the Members group automatically on Modern Team sites with Public privacy settings, so that users in Microsoft
365 can access and edit the SharePoint site. Also, for Modern Team sites created as Private, "Everyone except external
users" cannot be granted any permissions and people must be explicitly granted permissions. In addition, Microsoft 365
subscriptions create a security group called "Company Administrators", which contains Microsoft 365 Admins (such as
Global and Billing Admins). This security group is added to the Site Collection Administrators group. For more info, see
Default SharePoint groups.
By default, site owners and members can add new users to the site.
To learn more about "Everyone except external users" permission, see Special SharePoint Groups
By default, each kind of SharePoint site includes certain SharePoint groups. For example, a Team Site
automatically includes the Owners, Members, and Visitors group. A Publishing Portal site includes those groups
and several more, such as Approvers, Designers, Hierarchy Managers, and so on. When you create a site,
SharePoint automatically creates a pre-defined set of SharePoint groups for that site. In addition, a SharePoint
admin can define custom groups and permission levels.
To learn more about SharePoint groups, see Understanding SharePoint groups.
The SharePoint groups and permission levels that are included by default in your site may differ, depending on:
The template that you choose for the site
Whether a SharePoint admin created a unique permissions set on the site that has a specific purpose,
such as Search
The following table describes the default permission levels and associated permissions for three standard
groups: Visitors, Members, and Owners.
L IM IT E MANA
F UL L D GE REST RI
P ERM I C ONT DESIG C ONT R A C C ES A P P RO H IERA C T ED VIEW
SSIO N RO L N EDIT IB UT E REA D S VE RC H Y REA D O N LY
Manag X X
e
Permis
sions
View X X
Web
Analyti
cs
Data
Create X X
Subsite
s
Manag X X
e Web
Site
Add X X X
and
Custo
mize
Pages
Apply X X
Theme
s and
Border
s
Apply X X
Style
Sheets
Create X
Group
s
Browse X X X X X X
Directo
ries
Use X X X X X X X X
Self-
Service
Site
Creatio
n
L IM IT E MANA
F UL L D GE REST RI
P ERM I C ONT DESIG C ONT R A C C ES A P P RO H IERA C T ED VIEW
SSIO N RO L N EDIT IB UT E REA D S VE RC H Y REA D O N LY
View X X X X X X X X X
Pages
Enume X X
rate
Permis
sions
Browse X X X X X X X X X
User
Inform
ation
Manag X X
e
Alerts
Use X X X X X X X X
Remot
e
Interfa
ces
Use X X X X X X X X X
Client
Integra
tion
Featur
es
Open X X X X X X X X X X
Edit X X X X X X
Person
al User
Inform
ation
L IM IT E MANA
F UL L D GE REST RI
P ERM I C ONT DESIG C ONT R A C C ES A P P RO H IERA C T ED VIEW
SSIO N RO L N EDIT IB UT E REA D S VE RC H Y REA D O N LY
Manag X X X X
e Lists
L IM IT E MANA
F UL L D GE REST RI
P ERM I C ONT DESIG C ONT R A C C ES A P P RO H IERA C T ED VIEW
SSIO N RO L N EDIT IB UT E REA D S VE RC H Y REA D O N LY
Overri X X X X
de
Check-
Out
Add X X X X X X
Items
Edit X X X X X X
Items
Delete X X X X X X
Items
View X X X X X X X X X
Items
Appro X X X
ve
Items
Open X X X X X X X X
Items
View X X X X X X X X
Versio
ns
Delete X X X X X X
Versio
ns
Create X X X X X X X X
Alerts
View X X X X X X X X
Applica
tion
Pages
Manag X X X X X X
e
Person
al
Views
Add/Re X X X X X X
move
Private
Web
Parts
Updat X X X X X X
e
Person
al Web
Parts
TIP
The only SharePoint permission without a dependency is Open. All other SharePoint permissions depend on it. To test a
custom permission level, you can just clear "Open". This automatically clears all other permissions.
The following sections contain tables that describe SharePoint permissions for each permission category. For
each permission, the table shows the dependent permissions.
Site permissions and dependent permissions
List permissions and dependent permissions
Personal permissions and dependent permissions
Site permissions and dependent permissions
The following table describes the permissions that apply to sites, and show the permissions that depend on
them.
Manage Permissions Create and change permission levels Approve Items, Enumerate
on the website and assign permissions Permissions, Open
to users and groups.
P ERM ISSIO N DESC RIP T IO N DEP EN DEN T P ERM ISSIO N S
View Web Analytics Data View reports on website usage. Approve Items, Open
Create Subsites Create subsites such as team sites, View Pages, Open
Meeting Workspace sites, and
Document Workspace sites.
Manage website Perform all administration tasks for the View Pages, Open
website, which includes managing
content.
Add and Customize Pages Add, change, or delete HTML pages or View Items, Browse Directories, View
Web Part pages, and edit the website Pages, Open
by using a Windows SharePoint
Services-compatible editor.
Apply Themes and Borders Apply a theme or borders to the whole View Pages, Open
website.
Apply Style Sheets Apply a style sheet (.css file) to the View Pages, Open
website.
Create Groups Create a group of users who can be View Pages, Open
used anywhere within the site
collection.
Use Self-Service Site Creation Create a website by using Self-Service View Pages, Open
Site Creation.
Enumerate Permissions Enumerate permissions on the website, View Items, Open Items, View
list, folder, document, or list item. Versions, Browse Directories, View
Pages, Open
Manage Alerts Manage alerts for all users of the View Items, Create Alerts, View Pages,
website Open
Edit Personal User Information Allow a user to change personal Browse User Information, Open
information, such as adding a picture.
Manage Lists Create and delete lists, add or remove View Items, View Pages, Open,
columns in a list, and add or remove Manage Personal Views
public views of a list.
Override Check-Out Discard or check in a document that is View Items, View Pages, Open
checked out to another user.
Add Items Add items to lists, add documents to View Items, View Pages, Open
document libraries, and add web
discussion comments.
Edit Items Edit items in lists, edit documents in View Items, View Pages, Open
document libraries, edit web discussion
comments in documents, and
customize Web Part Pages in
document libraries.
Delete Items Delete items from a list, documents View Items, View Pages, Open
from a document library, and web
discussion comments in documents.
Approve Items Approve a minor version of a list item Edit Items, View Items, View Pages,
or document. Open
Open Items View the source of documents that use View Items, View Pages, Open
server-side file handlers.
View Versions View past versions of a list item or View Items, View Pages, Open
document.
Delete Versions Delete past versions of a list item or View Items, View Versions, View Pages,
document. Open
Create Alerts Create e-mail alerts. View Items, View Pages, Open
Manage Personal Views Create, change, and delete personal View Items, View Pages, Open
views of lists.
Add/Remove Private Web Parts Add or remove private Web Parts on a View Items, View Pages, Open, Update
Web Part Page. Personal Web Parts
Update Personal Web Parts Update Web Parts to display View Items, View Pages, Open
personalized information.
Lockdown mode
Limited-access user permission lockdown mode is a site collection feature that you can use to secure published
sites. When lockdown mode is turned on, fine-grain permissions for the limited access permission level are
reduced. The following table details the default permissions of the limited access permission level and the
reduced permissions when the lockdown mode feature is turned on.
Lockdown mode is on by default for all publishing sites, including if a legacy publishing site template was
applied to the site collection. Lockdown mode is the recommended configuration if greater security on your
sites is a requirement.
If you disable the limited-access user permission lockdown mode site collection feature, users in the "limited
access" permissions level (such as Anonymous Users) can gain access to certain areas of your site.
While SharePoint allows considerable customization of site permissions, including custom permission levels, we
highly recommend using the built-in SharePoint groups for communication site permissions and managing
team site permissions through the associated Microsoft 365 group. This allows for much easier administration.
For information about managing permissions in the SharePoint modern experience, see Sharing and
permissions in the SharePoint modern experience.
If you do need to create custom permission levels, this article describes how.
2. On the Edit Permission Level page, choose Copy Permission Level , which is at the bottom of the
page after the Personal Permissions section.
3. On the Copy Permission Level page, type a name and description for the new permission level.
4. Choose which permissions you want to add or remove, and then choose Create
After you create the permission level, assign it to a SharePoint group.
As a SharePoint or global admin in Microsoft 365, you can block or limit access to SharePoint and OneDrive
content from unmanaged devices (those not hybrid AD joined or compliant in Intune). You can block or limit
access for:
All users in the organization or only some users or security groups.
All sites in the organization or only some sites.
Blocking access helps provide security but comes at the cost of usability and productivity. When access is
blocked, users will see the following error.
Limiting access allows users to remain productive while addressing the risk of accidental data loss on
unmanaged devices. When you limit access, users on managed devices will have full access (unless they use one
of the browser and operating system combinations listed below). Users on unmanaged devices will have
browser-only access with no ability to download, print, or sync files. They also won't be able to access content
through apps, including the Microsoft Office desktop apps. When you limit access, you can choose to allow or
block editing files in the browser. When web access is limited, users will see the following message at the top of
sites.
NOTE
Blocking or limiting access on unmanaged devices relies on Azure AD conditional access policies. Learn about Azure AD
licensing For an overview of conditional access in Azure AD, see Conditional access in Azure Active Directory. For info
about recommended SharePoint access policies, see Policy recommendations for securing SharePoint sites and files. If you
limit access on unmanaged devices, users on managed devices must use one of the supported OS and browser
combinations, or they will also have limited access.
Block access
1. Go to the Access control page of the SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Access control page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Access control page.
3. Select Block access , and then select Save . (Selecting this option disables any previous conditional
access policies you created from this page, and creates a new conditional access policy that applies to all
users. Any customizations you made to previous policies will not be carried over.)
NOTE
It can take 5-10 minutes for the policy to take effect. It won't take effect for users who are already signed in from
unmanaged devices.
IMPORTANT
If you block or limit access from unmanaged devices, we recommend also blocking access from apps that don't use
modern authentication. Some third-party apps and versions of Office prior to Office 2013 don't use modern
authentication and can't enforce device-based restrictions. This means they allow users to bypass conditional access
policies that you configure in Azure. In the new SharePoint admin center, on the Access control page, select Apps that
don't use modern authentication , select Block access , and then select Save .
Limit access
1. Go to the Access control page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Active sites page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Active sites page.
IMPORTANT
If you block or limit access from unmanaged devices, we recommend also blocking access from apps that don't use
modern authentication. Some third-party apps and versions of Office prior to Office 2013 don't use modern
authentication and can't enforce device-based restrictions. This means they allow users to bypass conditional access
policies that you configure in Azure. In the new SharePoint admin center, on the Access control page, select Apps that
don't use modern authentication , select Block access , and then select Save .
NOTE
If you limit access and edit a site from an unmanaged device, image web parts won't display images that you upload to
the site assets library or directly to the web part. To work around this issue, you can use this SPList API to exempt the
block download policy on the site assets library. This allows the web part to download images from the site assets library.
NOTE
When Access Control for Unmanaged Devices in SharePoint is set to Allow limited, web-only access , SharePoint files
cannot be downloaded but they can be previewed. The previews of Office files work in SharePoint but the previews do not
work in Microsoft Yammer.
Limit access using PowerShell
1. Download the latest SharePoint Online Management Shell.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs,
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language, and then select Download . You'll be asked to choose
between downloading a x64 and x86 .msi file. If you're running the 64-bit version of Windows, download the x64
file; or, if you're running the 32-bit version, download the x86 file. If you don't know, see Which version of
Windows operating system am I running?. After the file downloads, run it, and follow the steps in the Setup
Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command:
NOTE
By default, this policy allows users to view and edit files in their web browser. To change this, see Advanced configurations.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language, and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. If you're running the 64-bit version of Windows, download
the x64 file; or, if you're running the 32-bit version, download the x86 file. If you don't know, see Which version of
Windows operating system am I running?. After the file downloads, run it, and follow the steps in the Setup
Wizard.
4. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
5. Run one of the following commands.
To block access to a single site:
This example gets the OneDrive for every user and passes it as an array to Set-SPOTenant to limit access.
The initial comma and the parentheses are required for running this cmdlet as a batch request, which is
fastest.
NOTE
By default, a setting that includes web access allows users to view and edit files in their web browser. To change this, see
Advanced configurations.
Advanced configurations
The following parameters can be used with -ConditionalAccessPolicy AllowLimitedAccess for both the
organization-wide setting and the site-level setting:
-AllowEditing $false Prevents users from editing Office files in the browser and copying and pasting Office file
contents out of the browser window.
-LimitedAccessFileType OfficeOnlineFilesOnly Allows users to preview only Office files in the browser. This
option increases security but may be a barrier to user productivity.
-LimitedAccessFileType WebPreviewableFiles (default) Allows users to preview Office files in the browser. This
option optimizes for user productivity but offers less security for files that aren't Office files. Warning: This
option is known to cause problems with PDF and image file types because they can be required to be
downloaded to the end user's machine to render in the browser. Plan the use of this control carefully. Otherwise,
your users could be faced with unexpected "Access Denied" errors.
-LimitedAccessFileType OtherFiles Allows users to download files that can't be previewed, such as .zip and .exe.
This option offers less security.
The AllowDownlownloadingNonWebViewableFiles parameter has been discontinued. Please use
LimitedAccessFileType instead.
External users will be affected when you use conditional access policies to block or limit access from unmanaged
devices. If users have shared items with specific people (who must enter a verification code sent to their email
address), you can exempt them from this policy by running the following cmdlet.
Set-SPOTenant -ApplyAppEnforcedRestrictionsToAdHocRecipients $false
NOTE
"Anyone" links (shareable links that don't require sign-in) are not affected by these policies. People who have an "Anyone"
link to a file or folder will be able to download the item. For all sites where you enable conditional access policies, you
should disable "Anyone" links.
App impact
Blocking access and blocking download may impact the user experience in some apps, including some Office
apps. We recommend that you turn on the policy for some users and test the experience with the apps used in
your organization. In Office, make sure to check the behavior in Power Apps and Power Automate when your
policy is on.
NOTE
Apps that run in "app-only" mode in the service, like antivirus apps and search crawlers, are exempted from the policy.
If you're using classic SharePoint site templates, site images may not render correctly. This is because the policy prevents
the original image files from being downloaded to the browser.
For new tenants, apps using an ACS app-only access token is disabled by default. We recommend using the Azure AD
app-only model which is modern and more secure. But you can change the behavior by running ‘set-spotenant -
DisableCustomAppAuthentication $false' (needs the latest SharePoint admin PowerShell).
See also
Policy recommendations for securing SharePoint sites and files
Control access to SharePoint and OneDrive data based on defined network locations
Control access to SharePoint and OneDrive data
based on network location
3/23/2021 • 3 minutes to read • Edit Online
As an IT admin, you can control access to SharePoint and OneDrive resources in Microsoft 365 based on defined
network locations that you trust. This is also known as location-based policy.
To do this, you define a trusted network boundary by specifying one or more authorized IP address ranges. Any
user who attempts to access SharePoint and OneDrive from outside this network boundary (using web browser,
desktop app, or mobile app on any device) will be blocked.
NOTE
We recommend that when a location-based policy is enabled for SharePoint, the same policy and IP address
ranges should be configured for Exchange and Yammer. SharePoint relies on these services to enforce that the
users of these apps are within the trusted IP range. For protecting access to SharePoint via the Office.com portal
we recommend using the Azure Active Directory conditional access policy for "Office 365" and configuring the
trusted IP range there.
Access from dynamic IP ranges : Several services and providers host apps which have dynamic
originating IP addresses. For example, a service that accesses SharePoint while running from one Azure
data center may start running from a different data center due to a failover condition or other reason,
thus dynamically changing its IP address. The location-based conditional access policy relies on fixed,
trusted IP address ranges. If the IP address range cannot be determined up front, location-based policy
may not be an option for your environment.
Set a location-based policy in the new SharePoint admin center
NOTE
It can take up to 15 minutes for these settings to take effect.
1. Go to the Access control page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Access control page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Access control page.
2. Select Network location , and turn on Allow access only from specific IP address ranges .
IMPORTANT
Make sure you include your own IP address so you don't lock yourself out. This setting not only restricts access to
OneDrive and SharePoint sites, but also to the OneDrive and SharePoint admin centers, and to running PowerShell
cmdlets. If you lock yourself out and can't connect from an IP address within a range you specified, you will need
to contact Support for help.
If you save overlapping IP addresses, your users will see a generic error message with a correlation ID that points
to "The input IP allow list has overlaps."
NOTE
To set a location-based policy by using PowerShell, run Set-SPOTenant with the -IPAddressAllowList parameter. For more
info, see Set-SPOTenant.
SharePoint authentication
3/9/2021 • 2 minutes to read • Edit Online
SharePoint in Microsoft 365 serves a wide range of customers with a variety of usability and security needs.
Some customers don't mind asking users to reauthenticate if it means their data will be more secure. Other
customers want to minimize the number of sign-in screens that users see, especially in situations where it
seems as though SharePoint should already know who the user is. Luckily, customers don't have to choose
usability or security because they work together in a lot of great ways.
The following diagram outlines the SharePoint authentication process. It walks through how the scenario works
using either your own Identity Provider (IdP) or the default Azure Active Directory (Azure AD) IdP.
The Federation Authentication (FedAuth) cookie is for each top-level site in SharePoint such as the root site,
OneDrive, and the admin center site. The root Federation Authentication (rtFA) cookie is used across all of
SharePoint. When a user visits a new top-level site or another company's page, the rtFA cookie is used to
authenticate them silently without a prompt. When a user signs out of SharePoint, the rtFA cookie is deleted.
You control your data. When you put your data in SharePoint and OneDrive for Microsoft 365, you remain the
owner of the data. For more info about the ownership of your data, see Microsoft 365 Privacy by Design.
Continuously validated
We continuously monitor our datacenters to keep them healthy and secure. This starts with inventory. An
inventory agent scans each subnet looking for neighbors. For each machine, we perform a state capture.
After we have an inventory, we can monitor and remediate the health of machines. The security patch train
applies patches, updates anti-virus signatures, and makes sure we have a known good configuration saved. We
have role-specific logic that ensures we only patch or rotate out a certain percentage of machines at a time.
We have an automated workflow to identify machines that don't meet policies and queue them for replacement.
The Microsoft 365 "Red Team" within Microsoft is made up of intrusion specialists. They look for any
opportunity to gain unauthorized access. The "Blue Team" is made up of defense engineers who focus on
prevention, detection, and recovery. They build intrusion detection and response technologies. To keep up with
the learnings of the security teams at Microsoft, see Security, Privacy, and Compliance Blog.
To monitor and observe activity in your Microsoft 365 subscription:
If you have an on-premises security operations center or SIEM, you can monitor activity with the
Management Activity API. For information, see Microsoft 365 Management APIs overview. This will show
you activity from across SharePoint, Exchange, Azure Active Directory, DLP, and more. If you don't have an
on-premises security operations center or SIEM, you can use Cloud App Security. Cloud App Security uses
the Management Activity API. For info, see Overview of Microsoft 365 Cloud App Security. Through
Cloud App Security, you can report, search, and alert on activity.
Use Azure Active Directory identity protection. This applies machine learning to detect suspicious account
behavior, for example, simultaneous sign-ins from the same user in different parts of the world. You can
configure identity protection to take action to block these sign-ins. For more info, see Azure Active
Directory Identity Protection.
Use Secure Score to evaluate the security profile of your subscription against a known good baseline, and
identify opportunities to increase protection. For more info, see Microsoft Secure Score.
By default, SharePoint mobile app users can receive notifications about site activity. The service sends these
notifications through the Firebase Cloud Messaging service for Android or the Apple Push Notification service
for iOS. As a global or SharePoint admin in Microsoft 365, you can turn off these notifications for all users for
compliance purposes. If you allow these notifications, users can select to turn them off.
Currently, notifications are sent for the following activities:
SharePoint news published (users receive these based on relevancy)
Page comment (sent to the page author)
Page comment reply (sent to the page author and the author of the comment that is being replied to)
Page comment mention (sent to person @ mentioned)
Page like (sent to the page author)
Other notifications might be added in the future.
NOTE
Notifications aren't available for the US government environments, Office 365 Germany, or Office 365 operated by
21Vianet (China).
See also
For info about controlling OneDrive notifications, see Control notifications.
To control whether sharing emails include "At a glance" content, see Set-SPOTenant -
IncludeAtAGlanceInShareEmails.
Use information barriers with SharePoint
4/12/2021 • 8 minutes to read • Edit Online
Information barriers are policies in Microsoft 365 that a compliance admin can configure to prevent users from
communicating and collaborating with each other. This solution is useful if, for example, one division is handling
information that shouldn't be shared with specific other divisions, or a division needs to be prevented, or
isolated, from collaborating with all users outside of the division. Information barriers are often used in highly
regulated industries and those organizations with compliance requirements, such as finance, legal, and
government. Learn more about information barriers.
The following image illustrates three segments in an organization: HR, Sales, and Research. An information
barrier policy has been defined that blocks communication and collaboration between the Sales and Research
segments. These segments are incompatible.
With SharePoint information barriers, a SharePoint or global admin can associate segments to a site to prevent
the site from being shared with or accessed by users outside the segments. Up to 100 compatible segments can
be associated with a site. The segments are associated at the site level (previously called site collection level). The
Microsoft 365 group connected to the site is also associated with the site's segment.
In the above example, the HR segment is compatible with both Sales and Research. However, because the Sales
and Research segments are incompatible, they can't be associated with the same site.
Prerequisites
1. Make sure you meet the licensing requirements for information barriers.
2. Create information barrier policies that allow or block communication between the segments, and then set
them to active. Create segments and define the users in each.
3. After you've configured and activated your information barrier policies, wait 24 hours for the changes to
propagate through your organization.
4. Complete the steps in the following sections to enable and manage SharePoint and OneDrive information
barriers in your organization.
Enable SharePoint and OneDrive information barriers in your
organization
SharePoint Administrators or Global Administrators can enable information barriers in SharePoint and OneDrive
in your organization. Complete the following steps to enable information barriers for your organization:
1. Download and install the latest version of SharePoint Online Management Shell.
2. Connect to SharePoint Online as a global admin or SharePoint admin in Microsoft 365. To learn how, see
Getting started with SharePoint Online Management Shell.
3. To enable information barriers in SharePoint and OneDrive, run the following command:
4. After you've enabled information barriers for SharePoint and OneDrive in your organization, wait for
approximately 1 hour for the changes to take effect.
NOTE
If you have Microsoft 365 Multi-Geo, you must run this command for each of your geo-locations.
If you installed a previous version of the SharePoint Online Management Shell, complete the following steps:
1. Go to Add or remove programs and uninstall SharePoint Online Management Shell.
2. Navigate to the Microsoft Download Center for the SharePoint Online Management Shell), select your
language, and then select Download .
3. You may be asked to choose between downloading a x64 and x86 .msi file. Download the x64 file if you're
running the 64-bit version of Windows or the x86 file if you're running the 32-bit version of Windows. If
you don't know which version you're running on your computer, see Which version of Windows
operating system am I running?.
4. After the download is complete, run the installer file and follow the configuration steps in the setup
wizard.
5. Connect to SharePoint Online as a global admin or SharePoint admin in Microsoft 365. To learn how, see
Getting started with SharePoint Online Management Shell.
6. To enable information barriers in SharePoint and OneDrive, run the following command:
7.After you've configured information barriers in SharePoint and OneDrive in your organization, wait for
approximately 1 hour for the changes to take effect.
NOTE
If you have Microsoft 365 Multi-Geo, you must run this command for each of your geo-locations.
To view the complete list of segments associated with a site, select the site, and then select the Policies tab.
To edit the segments associated with the site, select Edit , add or remove segments, and then select Save .
2. Use SharePoint PowerShell to view and manage information segments on a site
1. Connect to the Security & Compliance Center PowerShell as a global admin.
2. Run the following command to get the list of segments and their GUIDs.
Sales a9592060-c856-4301-b60f-bf9a04990d4d
Research 27d20a85-1c1b-4af2-bf45-a41093b5d111
HR a17efb47-e3c9-4d85-a188-1cd59c83de32
4. If not previously completed, download and install the latest SharePoint Online Management Shell. If you
installed a previous version of the SharePoint Online Management Shell, follow the instructions in the
Enable SharePoint and OneDrive information barriers in your organization section in this
article.
5. Connect to SharePoint Online as a global admin or SharePoint admin in Microsoft 365. To learn how, see
Getting started with SharePoint Online Management Shell.
6. Run the following command:
3. Use the SharePoint REST API to view and manage information segments on a site
SharePoint includes a Representational State Transfer (REST) service that you can use to manage segments on a
site. To access SharePoint resources and manage site segments using REST, you'll construct a RESTful HTTP
request by using the OData standard, which corresponds to the desired client object model application
programming interface (API).
For more information about the SharePoint REST service, see Get to know the SharePoint REST service.
Auditing
After you enable information barriers for SharePoint, audit events are available in the Office 365 audit log to
help you monitor information barrier SharePoint activities. Audit events are logged whenever the following
activities occur:
Segments are added to a site
Segments are changed on a site
Segments are removed from a site
For more information about SharePoint segment auditing in Office 365, see Search the audit log in the
compliance center.
Search
Users will see search results from:
Sites that have an associated segment that matches the user's segment and the user has access permission
to the site.
Sites that don't have associated segments if they have access to the site.
NOTE
If you have Microsoft 365 Multi-Geo, you must run this command for each of your geo-locations.
See also
Information barriers in OneDrive
Sign out inactive users
3/23/2021 • 4 minutes to read • Edit Online
This article is for global and SharePoint admins in Microsoft 365 who want to control user access to SharePoint
and OneDrive data on unmanaged devices. Idle session sign-out lets you specify a time at which users are
warned and subsequently signed out of Microsoft 365 after a period of browser inactivity in SharePoint and
OneDrive.
NOTE
Idle session sign-out applies to the entire organization and can't be set for specific sites or users. To target different
settings for different users, use Azure AD Conditional Access policies instead (and see the next important note about the
Azure AD Premium requirement).
IMPORTANT
This feature relies on Azure AD Conditional Access policies being available. You will need an Azure AD Premium P1 or P2
subscription for this to work. For more info about this, refer to the announcement in the Azure Active Directory Identity
Blog.
Idle session sign-out is one of a number of policies you can use with SharePoint and OneDrive to balance
security and user productivity and help keep your data safe regardless where users access the data, what device
they're working on, and how secure their network connection is. For more ways to control access in SharePoint
and OneDrive, see How SharePoint and OneDrive safeguard your data in the cloud.
If users don't select Continue , they are automatically signed out, and the following message appears.
NOTE
If a user is active in another Microsoft 365 service (such as Outlook), but inactive in SharePoint and OneDrive, they are
signed out across Microsoft 365. If a user has multiple tabs to OneDrive and SharePoint sites open at the same time, they
won't be signed out unless they are inactive on all the sites. > Users won't be signed out if they selected to stay signed in
when they signed in. For info about hiding this option, see Add company branding to your sign-in page in Azure AD.
Users won't be signed out on a managed device (one that is compliant or joined to a domain), unless they're using
inPrivate mode or a browser other than Edge or Internet Explorer. If they use Google Chrome, you need to use an
extension to pass the device state claim. For more info about device state claims, see Azure AD conditional access settings.
IMPORTANT
Microsoft 365 apps and services will not support Internet Explorer 11 starting August 17, 2021 (Microsoft Teams will not
support Internet Explorer 11 earlier, starting November 30, 2020). Learn more. Please note that Internet Explorer 11 will
remain a supported browser. Internet Explorer 11 is a component of the Windows operating system and follows the
Lifecycle Policy for the product on which it is installed.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Access control page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Access control page.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running? After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command:
Where:
-Enabled specifies whether idle session sign-out is enabled or disabled by using $true or $false .
-WarnAfter specifies the amount of after which a user is notified that they will be signed out after
a period of inactivity as a New-TimeSpan which can be configured in seconds, minutes, or hours.
-SignOutAfter specifies the amount of time after which is a user is signed out of Microsoft 365 if
they do not respond to the -WarnAfter prompt.
NOTE
You must specify values for both WarnAfter and SignOutAfter . The SignOutAfter must be greater than the
WarnAfter value.
It takes about 15 minutes for the policy to take effect across your organization. The policy doesn't affect existing sessions.
To view the idle session sign-out values you've set, use Get-SPOBrowserIdleSignOut .
For info about Microsoft 365 session lengths (regardless of activity), see Session timeouts for Microsoft 365.
Introduction to managed metadata
3/9/2021 • 11 minutes to read • Edit Online
Metadata is information about information. For example, a book's title and author is metadata. Metadata can be
many kinds of information -- a location, a date, or a catalog item number. When you use SharePoint products,
you can manage the metadata centrally. You can organize the metadata in a way that makes sense in your
business and use the metadata to make it easier to find what you want.
This article describes some important terminology of managed metadata, and gives you a quick look at how
you can use the tools in SharePoint to manage metadata.
Important terminology
This section contains definitions of some key terminology. These terms and concepts appear frequently in
articles about managed metadata.
Taxonomy
A taxonomy is a formal classification system. A taxonomy groups the words, labels, and terms that describe
something, and then arranges the groups into a hierarchy.
People construct taxonomies for almost any kind of information, from biological systems to organizational
structures. For example, biologists group living organisms into four major classifications: animal, plant, fungus,
and microbe. Each of these major groups has many subdivisions. Together, the whole system is a taxonomy.
Organizations create taxonomies in too many ways to list. They create Chart of Accounts taxonomies to manage
accounting systems, organization charts and job classifications to manage employees, product catalogs and so
on. All these taxonomies are structured hierarchies of information; formal classification systems that help people
handle information.
Folksonomy
A folksonomy is an informal classification system. It evolves gradually as web site users collaborate on words,
labels, and terms on a site. Originally, folksonomies developed from popular applications such as bookmarking.
If you have ever seen a tag cloud on a website, then you have seen a visualization of a folksonomy. The
following figure shows a tag cloud on a SharePoint site.
A folksonomy-based approach to metadata can be useful. It creates a way to share the knowledge and expertise
of site users. By using a folksonomy, content classification can evolve together with changing business needs
and user interests.
Term Set
A Term set is a group of related terms.
Terms sets can have different scope, depending on where you create the term set.
Local term sets are created within the context of a site collection, and are available for use (and visible)
only to users of that site collection. For example, when you create a term set for a metadata column in a
list or library, then the term set is local. It is available only in the site collection that contains this list or
library. For example, a media library might have a metadata column that shows the kind of media
(diagram, photograph, screenshot, video, etc.). The list of permitted terms is relevant only to this library,
and available for use in the library.
Global term sets are available for use across all sites that subscribe to a specific Managed Metadata
Service application. For example, an organization might create a term set that lists names of business
units in the organization, such as Human Resources, Marketing, Information Technology, and so on.
In addition, you can configure a term set as closed or open. In a closed term set, users can't add new terms
unless they have appropriate permissions. In an open term set, users can add new terms in a column that is
mapped to the term set.
Terms
A term is a specific word or phrase that you associated with an item on a SharePoint site. It is a single item in a
term set. A term has a unique ID and it can have many text labels (synonyms). If you work on a multilingual site,
the term can have labels in different languages.
There are two types of terms:
Managed terms Managed terms are terms that are pre-defined. Term Store administrators organize
managed terms into a hierarchical term set.
Enterprise keywords An enterprise keyword is a word or phrase that a user adds to items on a
SharePoint site. The collection of enterprise keywords is known as the Keywords set. Typically, users can
add any word or phrase to an item as a keyword. This means that you can use enterprise keywords for
folksonomy-style tagging. Sometimes, Term Store administrators move enterprise keywords into a
specific managed term set. When they are part of a managed term set, keywords become available in the
context of that term set.
To learn more about how to create and manage terms, see Create and manage terms in a term set.
Group
In SharePoint products, group is a security term. With respect to managed metadata, a group is a set of term
sets that all share common security requirements. Only users who have contributor permissions for a specific
group can manage term sets that belong to the group or create new term sets within it. Organizations should
create groups for term sets that will have unique access or security needs.
To learn more about how to create a group for term sets, see Set up a new group for term sets.
Term Store management tool
The Term Store management tool is the tool that people who manage taxonomies use to create or manage term
sets and the terms within them. The Term Store management tool displays all the global term sets and any local
term sets available for the site collection from which you access the Term Store management tool.
Managed Metadata column
A Managed Metadata column is a special kind of column that you can add to lists or libraries. It enables site
users to select terms from a specific term set. A Managed Metadata column can map to an existing term set, or
you can create a local term set specifically for the column.
To learn how to work with a Managed Metadata column, see Create a managed metadata column
Enterprise Keywords column
The enterprise Keywords column is a column that you can add to content types, lists, or libraries to enable users
to tag items with words or phrases that they choose. By default, it is a multi-value column. When users type a
word or phrase into the column, SharePoint presents type-ahead suggestions. Type-ahead suggestions might
include items from managed term sets and the Keywords term set. Users can select an existing value, or enter
something new.
List or library owners can enable or disable metadata publishing by updating the Enterprise Metadata and
Keywords Settings for a list or library.
To learn how to add a special keywords column, see Add an enterprise keywords column to a list or library.
Tagging
In a general sense, tagging refers to the act of applying managed metadata to an item.
When the content across sites in an organization has consistent metadata, it is easier to find business
information and data by using search. Search features such as the refinement panel, which displays on the left-
hand side of the search results page, enable users to filter search results based on metadata.
Metadata navigation for sites enables a site administrator to create navigation elements based on metadata
terms. For more information including performance recommendations, see Navigation options for SharePoint.
Metadata navigation for lists and libraries
Metadata navigation enables users to create views of information dynamically, based on specific metadata fields.
Then, users can locate libraries by using folders or by using metadata pivots, and refine the results by using
additional Key Filters. To learn how to set this up, see Set up metadata navigation for a list or library and Use
grouping to modify a SharePoint view.
Increased flexibility
Managed metadata makes it easier for Term Store Administrators to maintain and adapt your metadata as
business needs evolve. You can update a term set easily. And, new or updated terms automatically become
available when you associate a Managed Metadata column with that term set. For example, if you merge
multiple terms into one term, content that is tagged with these terms is automatically updated to reflect this
change. You can specify multiple synonyms (or labels) for individual terms. If your site is multilingual, you can
also specify multilingual labels for individual terms.
Managing metadata
Managing metadata effectively requires careful thought and planning. Think about the kind of information that
you want to manage the content of lists and libraries, and think about the way that the information is used in the
organization. You can create term sets of metadata terms for lots of different information.
For example, you might have a single content type for a document. Each document can have metadata that
identifies many of the relevant facts about it, such as these examples:
Document purpose - Is it a sales proposal? An engineering specification? A Human Resources procedure?
Document author, and names of people who changed it
Date of creation, date of approval, date of most recent modification
Department responsible for any budgetary implications of the document
Audience
Here are some important activities that are involved with managing metadata:
Planning and configuring
Managing terms, term sets, and groups
Specifying properties for metadata
Planning and configuring managed metadata
Your organization may want to do careful planning before you start to use managed metadata. The amount of
planning that you must do depends on how formal your taxonomy is. It also depends on how much control that
you want to impose on metadata.
If you want to let users help develop your taxonomy, then you can just have users add keywords to items, and
then organize these into term sets as necessary.
If your organization wants to use managed term sets to implement formal taxonomies, then it is important to
involve key stakeholders in planning and development. After the key stakeholders in the organization agree
upon the required term sets, you can use the Term Store management tool to import or create your term sets. To
learn how to access the tool, see Open the Term Store management tool
Managing terms, term sets, and groups
The Term Store management tool provides a tree control that you can use to perform most tasks. Your user role
for this tool determines the tasks that you can perform. To work on global terms in the Term Store management
tool, you must be a global admin or SharePoint admin in Microsoft 365, or a Term Store Administrator in
SharePoint. To work on terms for a site, you can be a designated Group Manager or Contributor for term sets.
For more information, see Create and manage groups and term sets.
To take actions on an item in the hierarchy, follow these steps.
1. Point to the name of the Managed Metadata Service application, group, term set, or term that you want to
change, and then click the arrow that appears.
2. Select the actions that you want from the menu.
For example, if you are a Term Store Administrator or a Group Manager you can create, import, or delete term
sets in a group. Term set contributors can create new term sets.
At each level of the hierarchy, you can configure specific properties for a group, term set, or term by using the
properties pane in the Term Store management tool. For example, if you are configuring a term set, you can
specify information such as Name, Description, Owner, Contact, and Stakeholders in pane available on the
General tab. You can also specify whether you want a term set to be open or closed to new submissions from
users. Or, you can choose the Intended Use tab, and specify whether the term set should be available for
tagging or site navigation.
See also
Introduction to managed metadata in SharePoint Server
Set up metadata navigation for a list or library
Configure metadata navigation for a list or library
Add an enterprise keywords column to a list or library
Create a Managed Metadata column
Import term sets
Open the Term Store Management Tool
3/9/2021 • 2 minutes to read • Edit Online
If you're a global or SharePoint admin in Microsoft 365, you can access the Term Store Management Tool from
the SharePoint admin center.
1. Open the SharePoint admin center.
2. In the left navigation, under Content ser vices , choose Term store .
A term group is a set of term sets that all share common security requirements. Only users who are designated
as contributors to a specific group can manage term sets that belong to the group or create new term sets
within it. Organizations should create unique groups for term sets that will have unique access or security needs.
For information about how to create a term set, see Set up a new term set.
IMPORTANT
To create a new term set group, you must be a term store admin.
3. Enter a name for your new group, and then press ENTER.
4. To edit the Term group name and description , select Edit next to the group name. The Edit name and
description panel appears. Enter a description to help users understand the purpose of this term group.
Select Save .
5. To edit the group managers or contributors, select Edit next to Group managers . The Edit admins
panel appears. Enter the names or email addresses of the people you want to add, assign them to a role,
and then click Save .
6. To copy the unique identifier for this term group, select Copy .
Create and manage terms in a term set
3/9/2021 • 2 minutes to read • Edit Online
To create and manage terms, you must be a contributor, a group manager, or a term store admin. (If you have
many terms that you want to add, consider importing them.)
NOTE
If you are adding a term to a local term set, you must open term store management at the site level.
Select Copy term . This action shows the name of the new term as Copy of <original term name> . No
child terms for the source term are copied.
Move term
If you delete this term, any terms below it will also be deleted. Terms that are shared with other term sets will be
placed in the Orphaned terms term set under System.
1. Select Delete term .
2. Select Delete .
Pin term
Pinning a term makes linked copies of the term and its children available at the destination. You can only create
or edit the children of a pinned term at the source and the changes will reflect everywhere the term is used.
1. Select Pin term . The Pin term to panel appears.
2. Select the target term set or term where you want to pin the term.
3. Select Pin .
Reuse term
Reusing a term makes linked copies of the term and its children available at the destination. You can create
children for a reused term anywhere it is used but will exist only in the term set they were created.
1. Select Reuse term . The Reuse term to panel appears.
2. Select the target term set or term where you want to reuse the term.
3. Select the term, and then select Reuse .
Merge term
Merging this term with another will collapse its synonyms, translations and custom properties into the other
term.
1. Select Merge term . The Merge to panel appears.
2. Select the target term set or term where you want to merge the term.
3. Select Merge .
Deprecate term
This action makes any instances of this term in any term set to which it belongs unavailable for tagging. Child
terms of the term are not deprecated.
Select Deprecate term .
Set up a new term set
3/9/2021 • 3 minutes to read • Edit Online
To add a term set, you must be a contributor, group manager or a term store admin.
To set up a new term set
1. In the SharePoint admin center, under Content ser vices , click Term store .
2. In the tree-view navigation pane, expand the groups to select the group to which you want to add a term
set.
3. Click Add term set .
.
4. Type a name for the term set and press ENTER.
General tab
1. On the General tab, for Owner , select Edit . The Edit Proper ties panel appears. Specify the following
information about who owns and maintains this term set:
Term Set owner : If you want the owner of the term set to be someone other than you, enter the
person, group, or email address for who will maintain this term set.
Stakeholders : Add the names of users, groups, or email addresses that should be notified before
major changes are made to the term set.
Contact : If you want site users to be able to provide feedback on the term set, enter an email
address.
2. Click Save .
Usage settings tab
To configure the term submission policy
1. On the Usage settings tab, for Submission policy , select Edit . The Edit submission policy panel
appears.
2. Specify whether you want the term set to be Closed or Open . If you select Closed , only people with
contribute permissions can add terms to this term set. If you select Open , users can add terms from a
tagging application.
3. Click Save .
To configure the tagging policy
1. Under the Usage settings tab, for Available for tagging , select Edit . The Available for tagging
panel appears.
2. Select the Enable check box to make the terms in the term set available for tagging. If you clear the
Enable check box, this term set won't be visible to most users. If the term set is still in development, or is
not otherwise ready for use, you might want to clear the Enable check box.
3. Select Save .
Usage navigation tab
Enabling site navigation means you can use the terms in this term set for site navigation links with friendly URLs
and dynamic content. Enabling faceted navigation means users can use refiners based on managed metadata
from the search index to quickly browse to specific content
1. Under the Usage Navigation tab, for Use term set for site navigation , select Edit . The Edit
Proper ties panel appears.
2. Click the Enable check boxes to use this term set for site or faceted navigation.
3. Click Save.
Enabling either using the term set for site or faceted navigation enables options to set a custom target page and
a custom catalog item page.
You can choose a custom target page if you want to display a specific page. Custom target pages that you set for
individual terms will override this setting.
To set a custom target page
1. For Custom target page , select Edit . The Edit term set target page panel appears.
2. Move the toggle switch to enable Use a custom target page .
3. Click Select , and then select Save . The target page appears when users navigate to a friendly URL in this
term set.
If terms in this term set are used as catalog categories, you can select the page used to render catalog data for
items under those categories.
To set a custom catalog item page
1. For Custom catalog item page , select Edit . The Edit term set catalog item page panel appears.
2. Move the toggle switch to enable Use a custom catalog item page .
3. Click Select and then select Save .
Advanced tab
You can use machine translation to translate your terms, or you can export and import XLIFF files. You must
repeat the translation each time you update the term set.
To configure translations
1. Under the Advanced tab, for Translation , select Manage . The Translation panel appears.
2. To use machine translation to translate this term set into the working languages for the term store, select
Star t . The Machine translation panel appears.
3. For the terms you want to translate, select either All terms , or Only the terms updated since the last
translation .
4. From both the Translate from and Translate to dropdowns, select a language.
5. Click Translate.
You can use custom properties to store additional data about a term set.
To edit custom properties
1. For Custom proper ties , select Edit . The Edit Custom proper ties panel appears.
2. Enter a Proper ty name and Value , and then select Add .\
3. Click Save.
To learn how to add a term to the new term set, see Create and manage terms in a term set.
Assign roles and permissions to manage term sets
3/9/2021 • 3 minutes to read • Edit Online
The tasks that you can do in the term store are determined by the specific role that you're assigned.
To be able to create or change a term, you must have one of three specific roles: term store admin, group
manager, or contributor.
A term store admin can do these tasks:
Create or delete term set groups.
Add or remove group managers or contributors, or other term store admins
Change the working languages for the term store.
Any task that a group manager or contributor can do.
When you set up a term set, you can designate a group or a person as an Owner, Contact, or Stakeholders for
the term set. These labels do not grant any specific permission to work with the term set. Instead, they provide a
useful way to track the business owners or stakeholders for a term set.
IMPORTANT
You must be a term store admin to add new Group Managers.
Content types help make it easy to provide consistency across a site. You create or customize a content type with
the characteristics that you want, such as a certain template, specific metadata, and so on. For example, when a
user chooses an item from the New Item or New Document menu, you can ensure that customized content is
used.
Content types created in SharePoint admin center are saved to the SharePoint content type hub located at
/sites/ContentTypeHub.
To learn more about content types, see Introduction to content types and content type publishing.
To understand how the built-in content types relate to each other, see SharePoint in Microsoft 365 default
content type hierarchy.
To create a content type, follow these steps:
To create a content type
1. Go to the SharePoint admin center.
2. Under Content ser vices , select Content type galler y .
3. Select Create content type . The Create content type panel appears.
4. On the Create content type panel, provide a name and description for the new content type.
5. In the Parent content type section, from the Categor y and Content type dropdowns, select the
content type that you want to base this content type on.
6. In the Categor y section, you are provided two choices:
To put the new content type in an existing category, select Use an existing categor y , and from
the Categor y dropdown, select a category.
To put the content in a new category, select Create a new categor y , and in the Categor y name
box, provide a name.
7. Select Create .
The new content type appears in the Content type galler y .
Related topics
Add columns to a content type
Create or customize a site content type
Add columns to a content type
3/9/2021 • 3 minutes to read • Edit Online
The columns for a content type represent metadata. To add a metadata element, add a new column.
For example, your organization might want to track specific metadata for purchase orders, such as account
number, project number, and project manager. If you add columns for this information to the purchase order
content type, SharePoint prompts users to provide the information when they save their work. In addition, if you
add the content type to a list or library, you can define a view to display the columns.
You can customize content types by adding columns of the types you need. You can also change the order of
columns and specify if they are required fields.
Related topics
Remove columns from a content type
Add columns to a content type
Add a content type to a list or library
Create, change, or delete a view of a list or library
Remove columns from a content type
3/9/2021 • 2 minutes to read • Edit Online
Columns can be added and removed from content types as necessary. To remove a column from a content type,
follow these steps:
To remove a column from a content type
1. Go to the SharePoint admin center.
2. Under Content ser vices , select Content type galler y .
3. On the Content type galler y page, under the Site content type column, select the name of the site
content type to which you want to remove a column.
4. Under Site columns , select the column name you want to remove.
5. Select the vertical ellipsis to the right of the site column name you selected, and from the dropdown,
select Delete . A Delete site column dialog box appears prompting you that this action will remove the
column from the content type.
6. Select Delete to confirm.
Related topics
Add columns to a content type
Create or customize a site content type
Add a content type to a list or library
Remove columns from a content type
Publish a content type
3/9/2021 • 2 minutes to read • Edit Online
You can publish, unpublish, or republish content types in the content type hub at /sites/ContentTypeHub or from
the SharePoint admin center.
To publish, republish, or unpublish a content type
1. Go to the SharePoint admin center.
2. Under Content ser vices , select Content type galler y .
3. On the Content type galler y page, under the Site content type column, select the name of the site
content type for which you want to manage updates. That site content type page appears.
4. In the menu bar, select Publish . The Manage Publishing panel appears.
Related topics
Publish a content type from a content publishing hub
Introduction to content types and content type publishing
Search experiences in SharePoint
3/23/2021 • 3 minutes to read • Edit Online
Microsoft Search is the modern search experience in SharePoint in Microsoft 365 and is a personalized
experience. It uses the insights of the Microsoft Graph to show results that are relevant to you. Routine tasks
such as finding the right version of a document, getting back to a presentation you were editing, or a document
you were collaborating with others on, are easy. Learn more about Microsoft Search for users. The classic search
experience, on the other hand, can be tailored more to your organization. Learn about the differences between
the search experiences.
Both search experiences are turned on by default and as a search administrator you can't turn either search
experience off. Which search experience your users see depends on where they search from:
Users get the classic search experience on publishing sites, classic team sites, and in the Search Center.
Users get the Microsoft Search experience on the SharePoint start page, hub sites, communication sites,
and modern team sites. Learn about classic and modern sites.
If you're in a document library, the search box shows Search this librar y . If you're in the home page of
the site, the box shows Search this site . In all other locations, the search box shows Search .
If you're responsible for search in your organization, learn how you can tailor the search experience to your
organization and make search even better for your users.
SharePoint in Microsoft 365 has both a classic and a modern search experience, where Microsoft Search in
SharePoint is the modern search experience. The most visible difference is that the Microsoft Search box is
placed at the top of SharePoint, in the header bar. Another difference is that Microsoft Search is personal. The
results one user sees are different from what other users see, even when they search for the same words. Users
see results before they start typing in the search box, based on their previous activity and trending content in
Microsoft 365, and the results update as they type. The search results are easy to explore without any effort
from you as an admin. Learn more about the Microsoft Search experience for users in Find what you need with
Microsoft Search.
Both search experiences use the same search index to find search results. You can customize and tailor the
classic search experience more than Microsoft Search in SharePoint. Some classic search settings can impact
both experiences, learn how to avoid impacting Microsoft Search. Read When to use which search experience to
decide which experience is best for your organization.
See the following main areas where you can customize and impact the search experience and make sure that
search is performing the way you want. The high-level overview of How search works can also help you
understand where and how you can impact the search experience in SharePoint.
Many of the classic search features are available on the search administration page in the SharePoint admin
center.
See also
Learn about Microsoft Search
Get started with Microsoft Search in SharePoint
SharePoint classic search administration overview
3/23/2021 • 3 minutes to read • Edit Online
As a global or SharePoint admin in Microsoft 365, you can customize and impact the search experiences for
your users. You can define searchable managed properties in the search schema, identify high-quality pages to
improve relevance, manage query rules and result sources, and remove individual results. You can also evaluate
any changes by viewing reports about usage and search.
The changes you make from the search administration page are valid for the whole tenant, but you can also
customize search on site collection level and on site level.
You can customize and tailor the classic search experience more than Microsoft Search in SharePoint. Some
classic search settings can impact both experiences, learn how to avoid impacting Microsoft Search.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
Manage the search schema Learn how to create a customized search experience by
changing the search schema. In the search schema, you can
view, create, or change managed properties, and map
crawled properties to managed properties.
Manage search dictionaries Learn how to manage search dictionaries for classic search.
You can use search dictionaries to include or exclude
company names to be extracted from the content of your
indexed documents, or you can include or exclude words for
query spelling correction.
Manage authoritative pages Influence the pages or documents that should appear at the
top of the search results by identifying high-quality pages,
also known as authoritative pages, for the classic search
experience.
C H O O SE T H IS O P T IO N : TO DO T H IS:
Manage query suggestion settings Learn how to add phrases that you want the system to
suggest to users as they search for an item using classic
search, and how to add phrases that you don't want the
system to suggest to users. Also, learn how to turn this
feature on or off.
Manage query rules Improve search results in the classic search experience by
creating and managing query rules. Query rules can help
searches respond to the intent of users.
Manage query client types Learn how query client types decide in which order queries
are performed in the classic search experience.
Remove search results Learn how you can temporarily remove items from the
search results with immediate effect. These items can be
documents, pages, or sites that you don't want users to see
when they search.
View usage and search reports View usage reports and search reports and see how often
your users search, what their top queries are, and which
queries they're having trouble getting answers for.
Manage Search Center settings Choose where searches in the classic search experience
should go by specifying the URL of your Search Center.
Import and export customized search configuration settings Learn how to export and import customized search
configuration settings between tenants, site collections, and
sites.
Manage crawl log permissions Learn how to grant users or groups read access to crawl log
information for the tenant. A typical use case is in
eDiscovery, where users may need to check whether crawled
content was in fact added to the search index.
NOTE
Thesaurus isn't available in SharePoint in Microsoft 365.
See also
Search limits for SharePoint
Make sure content can be found
3/23/2021 • 2 minutes to read • Edit Online
The content must be crawled and added to the search index for your users to find what they're searching for in
Microsoft SharePoint. SharePoint in Microsoft 365 has both a classic and a modern search experience, both use
the same search index. Learn about the differences between the classic and modern search experiences in
SharePoint
When users search on a site, results can come from many places such as columns, libraries, and pages. A site
owner can change search settings to decide whether content is allowed to appear in search results. Permissions
on content also affect whether users are allowed to see the content in search results. A good understanding of
how permissions and search settings work can help you ensure that users can see the right documents and sites
in the search results.
NOTE
Search results are always security trimmed, so users will only see content they have permission to see. The search settings
only define what content is included in the search index.
NOTE
To change this setting, you must have the Manage Permissions permission level. This permission level is included in the "
Site Name " Owner group.
1. On the site, select Settings , and then select Site settings . If you don't see Site settings , select Site
information , and then select View all site settings .
2. Under Search , click Search and offline availability .
3. In the Indexing Site Content section, under Allow this site to appear in Search results , select Yes
to allow the content of the site to appear in search results.
To prevent the content from appearing in search results, select No .
NOTE
To change this setting, you must have the Manage Lists permission level. The Designer and " Site Name " Owner groups
contain this permission level. When you do not have Manage Lists permissions, the menus described in this procedure
aren't available.
1. On the site, find and click the list or library you want to customize.
2. Select Settings , and then select Site settings . If you don't see Site settings , select Site
information , and then select View all site settings .
3. Under Site Administration , click Site Libraries and lists .
4. Click an item from the list, for example, Customize "Shared Documents."
5. On the List Settings page, under General Settings , click Advanced settings .
6. In the Search section, under Allow items from this document librar y to appear in search results ,
select Yes to include all of the items in the list or library in search result.
To prevent items from the list or library to appear in search results, select No .
NOTE
To change this setting, you must have the Manage Permissions permission level. This permission level is included in the "
Site Name " Owner group.
1. On the site, select Settings , and then select Site settings . If you don't see Site settings , select Site
information , and then select View all site settings .
2. Under Search , click Search and offline availability .
3. In the Indexing ASPX Page Content section, select one of the following options:
O P T IO N DESC RIP T IO N
Do not index Web Parts if this site contains fine-grained When permissions of the ASPX page are different from the
permissions parent site, no content on the site appears in search results.
Always index all Web Parts on this site Show content of all ASPX pages on the site in search results
regardless of permissions.
Never index any Web Parts on this site Hide content of all ASPX pages on the site from search
results regardless of permissions.
NOTE
To change this setting, you must have the Manage Permissions permission level. This permission level is included in the
"Site Name" Owner group.
1. On the site that contains the list or library, select Settings , and then select Site settings . If you don't
see Site settings , select Site information , and then select View all site settings .
2. Under Search , click Searchable columns .
3. In the Excluded Columns from Search Indexing section, under Excluded , check the box next to the
Column Name for the column you want to exclude in search results.
NOTE
Columns that appear are those that belong to the current site.
In SharePoint, content is automatically crawled based on a defined crawl schedule. The crawler picks up content
that has changed since the last crawl and updates the index. You will want to manually request crawling and full
re-indexing of a site, a document library, or a list after a schema change has occurred.
Cau t i on
Re-indexing a site can cause a massive load on the search system. Don't re-index your site unless you've made
changes that require all items to be re-indexed.
Re-index a site
1. On the site, select Settings , and then select Site settings . If you don't see Site settings , select Site
information , and then select View all site settings .
2. Under Search , click Search and offline availability .
3. In the Reindex site section, click Reindex site .
4. A warning appears, click Reindex site again to confirm. The content will be re-indexed during the next
scheduled crawl.
See also
Get-PnPSearchCrawlLog
Remove search results
3/23/2021 • 2 minutes to read • Edit Online
As a global or SharePoint admin in Microsoft 365, you can temporarily remove items from search results with
immediate effect. The items that you can remove can be documents, pages, or sites that you don't want users to
see. An example of this could be a Word document containing an invitation to an event that has been cancelled,
but the organizer has not removed the document from the site yet. Removing a result removes it from both
classic and modern search results.
IMPORTANT
This is only a quick fix! Unless you delete the items or change the permissions of items manually, they will show up again
in your search results after the next crawl.
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
Presenting the search results the right way makes content easier to find for users.
SharePoint has both a classic and a modern search experience, where Microsoft Search in SharePoint is the
modern search experience. Learn about the differences between the search experiences in SharePoint.
If you're responsible for search in your organization, you can customize how results are presented on classic
search results pages. Read about how you can use the search web parts in SharePoint to make it easier for users
find what they're looking for in the classic search experience.
The Search Center is a classic search experience. The Search Center is a site or site collection that has a starting
page where users enter search queries and a search results page where users can drill into and refine search
results, or run a new query.
SharePoint offers two types of Search Centers: the Basic Search Center and the Enterprise Search Center. By
default, SharePoint is set up with the Basic Search Center.
Both Search Centers search the same content and show the same search results. The main difference is that the
Enterprise Search Center comes with the search verticals People, Conversations, and Videos. Search verticals are
pages that are tailored for displaying search results that are filtered and formatted for a specific content type or
class. Search verticals help users move quickly between such different types and classes of content. Also, as a
search administrator you have more options for tailoring the look and feel of the Enterprise Search Center.
If your organization needs an enterprise-wide search experience, evaluate first whether the modern search
experience covers your needs. Modern search also comes with verticals, it doesn't require any set up, and the
results are personal. Learn about the modern search experience for users.
If modern search doesn't cover you needs, you can switch from the Basic Search Center to an Enterprise Search
Center.
PA GE DESC RIP T IO N
default.aspx The home page for Search Centers, and the page where
users enter their queries.
results.aspx The default search results page for the Search Centers.
If you have an Enterprise Search Center, this is also the
search results page for the Ever ything search vertical.
advanced.aspx This is the search page where users can apply some
restrictions to their search phrases — for example, they can
limit the search to an exact phrase.
As a global or SharePoint admin, you can also create your own search pages and add them to the Enterprise
Search Center as search verticals, see Add a search vertical to the Search Navigation Web Part.
About the Web Parts used on Search Center pages
The Search Center pages contain the following predefined Web Parts: Search Box Web Part, Search Results Web
Part, Search Navigation Web Part, and Refinement Web Part.
If you have an Enterprise Search Center, the Web Parts on the search result pages are by default set up the same
way. The only difference is that the query in the Search Results Web Part is directed to different result sources
for each search vertical page. For example, for the People search vertical page, the query in the Search
Results Web Part is limited to the Local People Results result source. For the Videos search vertical page, the
query in the Search Results Web Part is limited to the Local Video Results .
For information about how to customize the Search Center Web Parts, see the following articles:
Change settings for the Search Box Web Part
Change settings for the Search Results Web Part
Change settings for the Search Navigation Web Part
Change settings for the Refinement Web Part
Search Center settings
3/23/2021 • 2 minutes to read • Edit Online
As a global or SharePoint admin in Microsoft 365, you can specify where searches should go for your classic site
collection or site by specifying the URL of your Search Center. For example, if you have created an Enterprise
Search Center where users can search everything in your company, you can enter the URL of that site here.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
It may take up to 30 minutes before changes take effect.
Specify search settings for a site collection or a site
3/9/2021 • 3 minutes to read • Edit Online
As a global or SharePoint admin, you can specify how search should behave for a classic site collection or a site.
The shared Search Box at the top of most classic pages uses these search settings. Any settings you specify on
site collection level applies to all sites within that site collection, unless you specify other settings for the site.
You can specify where searches should go for your classic site collection or site by specifying the URL of your
Search Center. For example, if you have created an Enterprise Search Center on your site where users can search
everything in your company, you can enter the URL of that site here. If you do not enter a Search Center URL,
searches will go to the default Search Center, available at <host_name>/search/.
When you create an Enterprise Search Center site collection SharePoint creates a default search home page and
a default search results page. In addition, several pages known as search verticals are also created. Search
verticals are customized for searching specific content, such as People, Conversations, and Videos, and they
display search results that are filtered and formatted for a specific content type or class.
For more on creating and customizing a search center for your site, see Manage the Search Center in
SharePoint.
You can change which search results page queries are sent to. By default, queries are sent to the same search
results page as the parent, but you can override this for a site collection or a site.
You can also configure search navigation for a site. With search navigation, users can move quickly between
different search vertical pages. Navigation links are shown in the Search Navigation Web Part on search result
pages, and can also be shown as a drop-down menu in the search box.
NOTE
It may take up to 30 minutes before changes take effect.
The Search Box Web Part shows a text box where users can enter words or phrases to search for information. By
default, the Search Box Web Part is used on the home page for the Search Center (default.aspx), and all default
search results pages (Ever ything , People , Conversations , and Videos ).
As a global or SharePoint admin in Microsoft 365, you can change settings in the Search Box Web Part. You can:
Change where the search results should be displayed — for example, show results in a custom Search
Results Web Part or a custom search results page.
Turn off query suggestions and people suggestions.
Show links to a search preference page and an advanced search page.
Change the display template that is used for the Web Part.
NOTE
If there are no other Web Parts on a page, search results will be sent to the search results page that is specified on
the Search Settings page.
To send queries to a different search results page, select Send queries to a custom results page URL ,
and then type the URL of the custom search results page.
NOTE
You can't send queries to a custom search results page that uses a friendly URL.
4. Click OK .
See also
Manage the Search Center in SharePoint
Change settings for the Search Navigation Web Part
Change settings for the Refinement Web Part
Change settings for the Search Results Web Part
Change settings for the Search Navigation Web
Part
3/9/2021 • 4 minutes to read • Edit Online
The Search Navigation Web Parts shows links that let users move quickly between the different search pages,
known as search verticals. Search verticals are predesigned to give users different search experiences
depending on what they are looking for. For example, if users click the People link, they are taken to the people
search vertical, which is a search page specifically set up to display people information.
By default, the Search Navigation Web Part is set up to show links to the search verticals Ever ything , People ,
Conversations and Videos . The Search Navigation Web Part uses search results from the Search Results Web
Part so that when users click a search vertical link, the search results are filtered and displayed according to how
the search vertical is set up.
As a global or SharePoint admin in Microsoft 365, you can change how the Search Navigation Web Part is set up
by specifying a different Web Part to get the results from, change how many links to show, and change the
appearance and layout of the Web Part. You make these changes by editing the properties in the Web Part tool
pane.
To make other changes, such as changing display names for the links, or change their order, go to the Search
Settings for the corresponding site. Here, you can also add a link to a new search vertical to be shown in the
Web Part.
NOTE
You can't use a page that uses a friendly URL for your search vertical.
5. Click OK .
See also
Manage the Search Center in SharePoint
Change settings for the Search Box Web Part
Change settings for the Refinement Web Part
Change settings for the Search Results Web Part
Change settings for the Refinement Web Part
3/9/2021 • 3 minutes to read • Edit Online
The Refinement Web Part filters search results into categories called refiners. Users can click these refiners to
narrow search results to find what they're looking for more easily.
By default, the Refinement Web Part is used on all default search vertical pages in the Enterprise Search Center,
which are the search results pages for Ever ything , People , Conversations , and Videos .
As a global or SharePoint admin in Microsoft 365, you can change how the Refinement Web Part is set up. You
can:
Filter search results from a different Search Results Web Part.
Specify which refiners to show.
NOTE
Any managed properties that you want to use as refiners must be set to refinable and queryable in the search
schema. Also, the content source that contains the managed properties must have been crawled before the
properties can be used as refiners.
NOTE
If you've a single language site, you can change the refiner display name in the Display name section. For
multilingual sites, change the refiner display language as described under Change the display name for a refiner.
8. Click OK .
Change the display name for a refiner in the classic search experience
By default, the name of the managed property will be used as a display name for the refiner. In many cases, the
managed property name is hard to understand—for example, RefinableString00 or ColorOWSTEXT . You can
fix this by changing the name of the refiner in a JavaScript file.
1. On the page that contains the Refinement Web Part, select Settings , and then select Site settings . If
you don't see Site settings , select Site information , and then select View all site settings .
2. On the Site Settings page, in the Web Designer Galleries section, click Master pages and page
layouts .
3. On the Master Page Galler y page, click Display Templates .
4. On the Display Templates page, click Language Files .
5. On the Language Files page, click the folder for the relevant language.
6. Open the CustomStrings.js file.
7. Add one line for each managed property that you want to change the display name for. Use this syntax:
"rf_RefinementTitle_ManagedPropertyName": "Sample Refinement Title for ManagedPropertyName"
For example, add this line to change the display name for the managed property RefinableInt00 to
Price :
"rf_RefinementTitle_RefinableInt00": "Price"
See also
Manage the Search Center in SharePoint
Change settings for the Search Box Web Part
Change settings for the Search Navigation Web Part
Change settings for the Search Results Web Part
Change how search results look by using result
types and display templates
3/23/2021 • 3 minutes to read • Edit Online
To help users quickly distinguish between different types of results when they search for something in the
classic search experience, we use result types and display templates. Important information is shown directly in
the search results, so that users don't have to click on each result to see if they've found what they're looking for.
By default, the Search Results Web Part in your Search Center is set up to use different display templates
according to the result type of the search result. Result types define when to use which display template, and the
display template defines what information to show in the search results.
For example, there's a display template for PowerPoint files and another display template for Word documents.
A result type says that if the search term is found in a PowerPoint file, then use the PowerPoint display template
when showing that result. The users can see right away that this result is a PowerPoint file, and they can also see
other information that helps them see whether this result is what they're looking for. When users hover over the
result, they'll see a preview of the PowerPoint in the hover panel, together with more details about it. The hover
panel also lets users perform actions, such as Edit or Send . The same way, the result type for Word documents
uses a Word display template to show information.
Results look different based on result type and display template. This picture shows item display templates for
Word, PowerPoint and Excel on the left side, and a hover panel display template for PowerPoint on the right side.
The Hover panel display template typically shows a preview of the item or document when the users hover over
the search result. The hover panel display template also contains actions such as Edit or Send , and other
information about the search result.
You can create your own display templates that show information that's important to your users, for specific
types of results.
For more information about managed properties, see Manage the search schema in SharePoint.
For information about the Search Center and how to set it up, see Manage the Search Center in
SharePoint.
For a full list of available display templates, see Display templates for the Search Results Web Par t
in Display template reference in SharePoint Server 2013.
About display templates in the Content Search Web
Part and other search-driven Web Parts
3/9/2021 • 2 minutes to read • Edit Online
The Content Search Web Part and the other search-driven Web Parts use display templates to control how the
search results appear in the Web Part. By using display templates, you can control the ways in which search
results appear and behave in search-driven Web Parts.
Display templates are HTML files that specify which managed properties from the search result to display, and
also how these properties should be displayed. For example, a display template could specify that the managed
property PublishingImage displays a 100x100 pixel picture, and the managed property Title appears in bold to
the left of the image. You can use any of the pre-configured display templates, or create your own.
The different search-driven Web Parts have different default display template settings that are optimized for the
intended use of that Web Part. For example, by default, the Content Search Web Part displays a list of items
where each item has a picture on the left side and three lines of text on the right.
Configure a Content Search Web Part in SharePoint (CSWP) offers a lot of flexibility for configuring the query it
contains. However, if you configure the Web Part to use a very complex query, or if you have many CSWPs on a
page, the page can take longer time to load. To make the page load faster, you can configure the CSWP to cache
search results for users who belong to the same AD security groups. Because it's faster to look up search results
in the cache than in the search index, the page loads faster.
When you have configured a CSWP to use caching, it will first look in the cache for existing search results that
match the query and the AD security group. If it doesn't find any search results in the cache, it will look in the
search index.
We recommend that you use caching only in CSWPs that are on pages that have more than 10 page loads per
15 minutes, for example on popular home pages or on category pages that are starting points for navigating to
more detailed catalog pages.
TIP
See Configure a Content Search Web Part in SharePoint for other things you can do to make pages load faster.
NOTE
To test that the CSWP returns the expected results, you have to be member of the AD security group that you
select.
TIP
You can't look up the name of your AD security groups from the CSWP. To look up your AD security groups, go to your
Azure classic portal. For more information, see Managing groups in Azure Active Directory
When should I use caching?
Before you change all your Content Search Web Parts (CSWP) to use caching, you should consider the
characteristics of the page where the CSWPs are used:
What type of page is the CSWP on? Caching works great in CSWPs that are on home pages or pages
that many users have as a starting point when they browse for information. CSWPs on category pages
that are starting points for navigating to more detailed catalog pages, can also benefit from caching.
How many page loads does the page have? We recommend that you use caching only in CSWPs
that are on pages with more than 10 page loads per 15 minutes.
Is the CSWP configured to show different results to different users? If the CSWP query involves
too many user groups, the search result combinations can overload the cache, and the page load time will
not be reduced, or may even increase.
The example below shows an intranet page with four CSWPs. On average, the page has 38 page loads per 15
minutes. These page characteristics suggest that the page can load faster if you configure some of the CSWPs to
use caching.
Now let's look at how results are displayed in a Content Search Web Part (CSWP) with caching:
1. A user goes to a page that has a CSWP.
2. An AD security group, for example Ever yone except external users , is assigned in the CSWP. This
example assumes that the user who visits the page belongs to the assigned AD security group.
3. The query and the assigned AD security group in the CSWP is combined, and search first looks for a
matching query and security group in the cache. If it doesn't find any matching results in the cache, the
query is sent to the search index.
4. Search finds results in the search index, and removes any results that the users in the assigned AD
security group are not allowed to see.
5. The search result is sent from the search index to the cache where it is stored (Result 1).
6. The search result is served from the cache to the CSWP, where the user sees the result.
7. A second user goes to the same page. The second user belongs to the same AD security group as the first
user.
8. Search finds existing search results for the combination of the query and the AD security group in the
cache.
9. The search result is served from the cache to the CSWP where the users sees the result.
Because it's quicker to look up search results in the cache than in the search index, the page loads faster.
IMPORTANT
The cache expires after 15 minutes. It's repopulated by the first user that goes to the page after the cache has expired, so
page load time might be longer for the first user that repopulates the cache after an expiration.
IMPORTANT
This feature is gradually rolling out and might not be available yet for your organization.
The Basic Search Center is a classic search experience. To offer your users a richer search experience, you can
either switch from a Basic Search Center to an Enterprise Search Center or rely on the modern search experience
that SharePoint comes with. Learn about differences between classic and modern search and when to choose
which search experience for your organization.
If you are currently using the Enterprise Search Center, you can easily replace (swap) it with the Basic Search
Center if needed. This will result in your users seeing the classic search experience in their default search home
page and default search results page. You can use the Invoke-SPOSiteSwap PowerShell cmdlet to do this.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the Invoke-SPOSiteSwap cmdlet.
Invoke-SPOSiteSwap
-SourceUrl <string>
-TargetUrl <string>
-ArchiveUrl <string>
PA RA M AT ER DESC RIP T IO N
See also
Manage the Search Center in SharePoint
Show the right search results
3/9/2021 • 2 minutes to read • Edit Online
All search results are not relevant to everyone all the time. Learn how you can help users find exactly the results
they're looking for in SharePoint. SharePoint has both a classic and a modern search experience, learn about the
differences between the classic and modern search experiences in SharePoint.
The search schema controls what users can search for, how users can search it, and how you can present the
results on your search websites. By changing the search schema, you can customize the search experience in
SharePoint in Microsoft 365.
NOTE
Numeric data in Microsoft Excel files isn't indexed. For example, the number "123456789" isn't indexed, but the string
"PO123456789" is indexed.
Each managed property has settings that determine how users can search for the content of that managed
property, and how the content can be shown in the search results.
You can create new, custom managed properties, but these can only contain text or Yes/No. If you need other
content types in your custom managed property, then use one of the unused, built-in managed properties that
search comes with. These managed properties can contain information in integer, decimal, date and time, double
precision float, or binary format. You can "rename" these unused managed properties by using the alias setting.
For the built-in managed properties, you can change their mappings to crawled properties, but the only setting
you can change is the alias.
Define which content that users can search and get results for
If you set a managed property to be searchable , the content is added to the index. This means that a simple
query for "Smith" returns items that contain the word "Smith" and also items whose "author" property contains
"Smith". If you want users to be able to "only search for items that have this specific author", set the author
property to be quer yable . Then, to find only items that have an author named Smith, users can query for
"author:Smith".
If you want to prevent the content in a managed property from showing up as search results, you can disable
the retrievable setting for the managed property.
If you don't want anonymous users to see the information in a managed property, for example who has
authored an item, disable the "Safe for Anonymous" setting for the managed property.
Get better search results when you have multi-lingual content and metadata with special
characters
When search indexes content or when it processes queries, it breaks a stream of text into smaller parts such as
words, phrases, symbols, or other meaningful elements. These parts are called tokens. When users enter a
query, search tries to find tokens in the index that match the tokens of the query.
For most languages, search changes text to lower-case, removes diacritics, replaces special characters, such as
punctuation, with white space, and then breaks on white spaces.
Breaking on white spaces works fine for a language like English, but not so well for East Asian languages. Let's
say you have a document library that contains product datasheets both in English and Chinese. Each datasheet
has a product identifier with non-alphanumerical characters, such as "11.132-84-115#4". When search
processes the datasheet, it detects its language, and tokenizes everything in it according to that language. So,
the product identifier in a Chinese data sheet is tokenized as if it was Chinese text, and in an English data sheet
the product identifier is tokenized as if it was English text. When users search for a product identifier, search
tokenizes their query according to the language setting of the SharePoint site they're on. If the site is set to
English, and the user searches for a product identifier that was tokenized as Chinese text, the tokens might not
match, and the users get no results.
Here's how you can make results better for users: When search crawls the datasheet, it extracts the product
identifier. Map the crawled property for the product identifier to a new managed property, "ProductID". Enable
language neutral tokenization for the "ProductID" managed property, and instruct users to search for
product identifiers against the "ProductID" managed property, like this: ProductID:"11.132-8" . Because you've
enabled language neutral tokenization for "ProductID", search uses language neutral tokenization for the query
and can find matching results for the query.
Get better search results when you have metadata with special characters
To help users get better search results when they search in managed properties that contain metadata with non-
alphanumeric characters, you can enable the finer tokenization setting for the managed property.
Let's look at the example with a product datasheet library again.
Users who prefer to quickly enter a query and then browse the results to find the datasheet they're looking for,
typically enter queries like ProductID:"132-884". Because search breaks content for the search index into
smaller parts than it does for queries , search might not find matches for these queries. When the query is
tokenized finer, it's more likely that there are matches between the tokens in the search index and in the query.
Users can also query for the middle or last part of the product identifier.
Users who search for a datasheet and expect to only get results that match the full product identifier, typically
write queries like ProductID:"11.132-884-115#4" . Finer query tokenization doesn't make a difference for such
queries.
Determine which title to show in results
A single crawled property can be mapped to multiple managed properties. Or, multiple crawled properties can
be mapped to a single managed property, for example both the "Writer" and "Author" crawled properties can be
mapped to the "Author" managed property.
For example, a document in a library can have a SharePoint title, a title in the file metadata, and the content can
have a title formatted with the style "Title". All these are mapped to the "Title" managed property. It's the title
from the crawled property that's highest on the mapping list and that has a value that's included in the index.
Auto-generated managed proper ties
Some managed properties are generated automatically. One example is when you add a site column to a
SharePoint library or list. When search crawls that list it automatically generates a crawled and a managed
property for the site column, and a mapping between them. Another example is when crawling finds metadata
in a document you've uploaded to SharePoint. If there isn't already a mapping to a managed property for that
metadata, such as 'Title', search auto-generates a managed property. The type of crawled property determines
the settings of the auto-generated managed property.
The search schema displays the name of auto-generated managed properties and their mappings to crawled
properties in grey in the search schema. The search schema doesn't hold the settings of the managed auto-
generated managed properties. The settings exist, but they're hidden from the search schema. You can add
mappings to other managed properties for the crawled properties, but if you change any other setting, you
override the other (hidden) settings and the auto-generated managed property is converted to a regular
managed property. If you decide to change an auto-generated managed property, review all the settings
carefully, just as you would when you create a new property manually.
IMPORTANT
Auto-generated managed properties are case-sensitive. When accessing auto-generated managed properties, such as
through a REST query, verify the casing is correct. If the casing is incorrect, no value will be returned.
If you want to use a managed property as a refiner on the search results page, use the setting refinable . This
setting is only available on the built-in managed properties, and only affects the classic search experience. If you
need to use a new managed property, or an auto-generated managed property, as a refiner, rename an existing,
unused managed property (that's refinable) by using an alias. There are quite a few managed properties
available for this purpose. They have names such as "RefinableString00" and "RefinableDate19."
For example, you create a new site column called "NewColors", and you want users to be able to use
"NewColors" as an option when they refine on the search results. In the search schema, you choose an unused
managed property, for example "RefinableString00", and rename the property to "NewColors" by using the Alias
setting. Then, you map this new managed property to the relevant crawled property.
Change the search schema on tenant level or on site collection level
Usually, you don't have to change the default search schema for the tenant unless you want to create a more
advanced or customized search experience.
You can change the search schema for the whole tenant or for a specific site collection only. The search schema
for the site collection is based on the search schema for the tenant, so typically, you would make changes on the
tenant level first, and then on the site collection level. Any changes you make on a site collection, only apply to
that site collection.
Crawling and re -indexing
When you change managed properties or add new ones, the changes take effect only after the content has been
re-crawled. In SharePoint in Microsoft 365, crawling happens automatically based on the defined crawl schedule.
When you have added a new property to a list or to a library, or when you have changed properties that are
used in a list or library, search has to re-crawl the content before your changes will be reflected in the search
index. Because your changes are made in the search schema, and not to the actual site, the search will not
automatically re-crawl the list or the library. To make sure that your changes are crawled, you can specifically
request a re-indexing of the list or library. When you do this, the list or library content will be re-crawled so that
you can start using your new managed properties in queries, query rules and display templates.
Managed properties and Delve
Delve uses managed properties to query the Office graph and to display content cards in Delve. For example,
you can see managed properties like Author, Filename, ModifiedBy and LastModifiedTime on the Delve content
cards.
Any document that a user can view or edit in Microsoft 365, can also appear in Delve. Delve doesn't change any
permissions and users will only see documents they already have access to. Sometimes, though, you may want
to prevent a document from appearing in Delve.
You can use the HideFromDelve managed property to hide a document from Delve. You can keep storing the
document in Office 365, and people can still find it through search - it just won't show up in Delve anymore. See
Hide documents from Delve.
For more info about Delve, see Office Delve for Office 365 admins
In SharePoint in Microsoft 365, when you create a new managed property, it will have some limitations. For
example, the property can only be of type Text or Yes/No , and it can't be refinable or sortable.
IMPORTANT
Consider using only letters and digits in managed property names. Although it is possible to create custom managed
properties with special characters (such as hyphens, dots, and underscores), many of those characters act as operator
characters in the query syntax. For example, a hyphen means negation. Such property names have to be enclosed in
double quotation marks when used in queries. Many tools and applications that create queries don’t handle this correctly,
and therefore it is better to use only letters and digits in managed property names.
If you need a property of a different type, or one that has different characteristics than what is available, follow
the steps under Create a managed property by renaming an existing one.
Go to the Search Schema page for the tenant
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
2. Under Search , select Open .
3. On the search administration page, select Manage Search Schema .
Go to the Search Schema page for a site collection
1. On the site, select Settings , and then select Site settings . If you don't see Site settings , select Site
information , and then select View all site settings .
2. Under Site Collection Administration , select Search Schema .
3. Select Managed Proper ties .
4. On the Managed Proper ties page, select New Managed Proper ty .
5. In the Name and description section, in the Proper ty name box, enter the name of the new managed
property. Optionally, enter a description.
6. In the Type section, select one of the available options for the property:
Yes/No.
Text.
7. In the Main characteristics section, select one or several of the available options.
8. In the Mappings to crawled proper ties section, select Add a mapping .
9. In the crawled proper ty selection dialog, select a crawled property to map to the managed property,
and then select OK . If you want to map more crawled properties to the same managed property, repeat
this step.
10. In the Mappings to crawled proper ties section, specify if you want to include:
All content from all crawled properties mapped to this managed property.
Content from the first crawled property that contains a value and, optionally, in which order.
11. Select OK .
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
IMPORTANT
To be able to use the property as a refiner later, choose a managed property that is marked with Refine .
4. Point to the managed property, select the arrow, and then select Edit/Map proper ty .
5. On the Edit Managed Proper ty page, under Main characteristics , in the Alias section, in the Alias
box, enter the new name for the property.
6. In the Mappings to crawled proper ties section, select Add a mapping .
7. On the Crawled proper ty selection page, select a crawled property to map to the managed property,
and then select OK . Repeat this step to map more crawled properties to this managed property.
8. Select OK .
IMPORTANT
When you have created a new managed property this way, the library or list that will use the refiner must be re-
crawled and re-indexed before the property will appear as an option in the refinement configuration. See Request
re-indexing of a document library or list.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
IMPORTANT
If you delete a managed property: > Users can't search on the property. > A query rule that uses the property no
longer works. > A custom web part that uses the property no longer works.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
This may cause a massive load on the search system, so be sure to re-index only after you've made all the changes
you want to be re-indexed.
Related Topics
Overview of crawled and managed properties in SharePoint Server 2013
Overview of the search schema in SharePoint Server
Manually request crawling and re-indexing of a site
Manage query rules
3/23/2021 • 18 minutes to read • Edit Online
As a global or SharePoint admin in Microsoft 365, you can improve search results in the classic search
experience by creating and managing query rules. Query rules help searches respond to the intent of users.
In a query rule, you specify conditions and associated actions. When a query meets the conditions in a query
rule, the search system performs the actions specified in the rule to improve the relevance of the search results.
This could be by narrowing results or changing the order in which results are displayed. For example, a query
rule condition could be that a term in a query matches a particular term in a SharePoint term set, or that a query
is frequently performed on a particular result source in a search system, such as videos. When the query rule
condition is met, an associated action could be to show a specific item at the top of the search results. Say you
have an intranet site where all company events are maintained in a library, and you want to promote a first-aid
seminar. To do this, you create a query rule that boosts the first-aid seminar to the top of the search results when
someone searches for "seminar" or "event."
A query rule can specify the following three types of actions:
Promote a search result to appear above ranked results. For example, for the query "sick leave", a query rule
could specify a particular result, such as a link to a site that has a statement of company policy regarding
time off work.
Add one or more groups of search results, called result blocks. For example, for a query that contains
“Fabrikam sales report”, a query rule might use a taxonomy dictionary to recognize “Fabrikam” as a
customer, and then display a result block with pertinent results about Fabrikam from your customer
relationship management (CRM) system.
Change the ranking of search results. For example, for a query that contains “download toolbox”, a query rule
could recognize the word “download” as an action term and boost search results that point to a particular
download site on your intranet.
You can create query rules at different levels: for the whole tenant, for a site collection, or for a site. When you
create query rules at tenant level, the query rules can be used in all site collections. When you create query rules
at site collection level, the rules can be used on all sites in the site collection. When you create query rules at site
level, the rules can only be used on that site.
You can configure query rules for one or more result sources, and you can specify a time period for when the
query rule is active.
SharePoint has both a classic and a modern search experience. Only query rules that return promoted results
and that are defined for the default result source can affect the modern search experience. Query rules which do
query re-writes are not supported for modern experiences. Users might see such promoted results on the All
tab on the search results page when they search across all of SharePoint. Learn more about the differences
between the classic and modern search experiences in SharePoint.
NOTE
The rule fires when any condition is true.
NOTE
Custom managed properties are not shown in the Proper ty filter list. To add a custom managed property to
your query, in the Quer y text box, enter the name of your custom managed property followed by the query
condition, for example MyCustomColorProperty:Green
4. Specify how the search results within your result block should be sorted. Sorting of search results is case
sensitive. On the SORTING tab, in the Sor t by drop-down list , select a managed property, and then
select Descending or Ascending . The list only contains managed properties that are set as sortable in
the search schema. You can also sort by rank. To add more sorting levels, click Add sor t level .
5. If you chose to sort by rank, you can optionally:
Select which model to use for ranking search results (this selection is optional). Use the Ranking Model
drop-down list.
Define rules for dynamically changing the ordering of results. In the Dynamic ordering section, define
when to change ranking by selecting a condition from the drop-down list and then specifying whether to
promote or demote the result. To add more rules, click Add dynamic ordering rules
6. Preview the final query that will be run by the Content Search Web Part, on the TEST tab. The preview is
based on the original query template where dynamic variables are substituted with current values. Other
changes to the query may have to be made as part of query rules. Click Show more to display additional
information.
The Quer y text shows the final query that'll be run by the Content Search Web Part. It's based on the
original query template where dynamic variables are replaced with current values. You might end up
making other changes to the query as part of query rules.
The Quer y template box shows the content of the query template that is applied to the query.
The Quer y template variables section shows the query variables that will be applied to the query, and
the values of the variables that apply to the current page. You can type other values to test the effect they
will have on the query. Click the Test Quer y button to preview the search results.
7. Click OK to close the build your quer y dialog.
8. Define which result source this result block should be applied to. Use the Search this Source drop-
down list in the Quer y section
9. In the Items drop-down list, select how many results to show in the result block.
10. Click to expand the Settings section.
The result block only displays the number of search results that you specified in the previous step.
However, you can add a Show more link at the bottom of the result block that'll show all search results
for the result block. To add a Show more link, select "More" link goes to the following URL , and
then type a URL. You can use query variables in this URL—for example, http://www.
<site>/search/results.aspx?k={subjectTerms}.
11. Click OK .
NOTE
Query rules that you created for this site collection are listed in the Defined for this site collection section.
Quer y Matches The query rule fires when a In the Quer y exactly Type "picture; pic" in the
Keyword Exactly query exactly matches a matches one of these box. The query rule fires
word or phrase that you phrases text box, type one when a user types "picture"
specify. or more phrases separated or "pic" in a search box. The
by semicolons. rule doesn't fire if a user
types "pictures" or "sunny
picture."
Q UERY C O N DIT IO N DESC RIP T IO N C O N F IGURAT IO N EXA M P L E
Query Contains Action The query rule fires when a Enter the action term that Type the word "download"
Term query contains a term for causes the query rule to fire in the Action term is one
something that the user by doing one of the of these phrases box.
wants to do. The term must following: When a user types
be at the beginning or end Select Action term is one "download Contoso
of the query. of these phrases , and Electronics datasheet" in a
type one or more phrases. search box, there are
Select Action term is an chances the user isn't
entr y in this dictionar y , searching for a document
and then click Impor t that contains the words
from term store . In the "download," "Contoso,"
dialog, select a term from a "Electronics," and
term set, and then click "datasheet." Instead, the
Save . user most likely wants to
download a Contoso
Electronics datasheet. The
query rule fires, and only
the words "Contoso,"
"Electronics," and
"datasheet" are sent to the
search index.
Query Matches Dictionary The query rule fires when From the Quer y exactly A word that a user types in
Exactly the query is an exact match matches an entr y in this a search box perfectly
of a dictionary entry. dictionar y list, select a matches an entry in the
dictionary. To specify a preconfigured People
different dictionary, click Names dictionary.
Impor t from term store ,
select a term from a term
set in the dialog, and then
click Save .
Query More Common in The query rule fires if users In the Quer y is more You selected Local Video
Source frequently sent this query likely to be used in this Results in the list. The
from another source that source list, select a result query rule fires if a user
you have already specified. source. types the word "training" in
a search box and if that
word had already been
frequently typed in a search
box in the Videos vertical.
Result Type Commonly The query rule fires if other In the Commonly clicked You selected SharePoint
Clicked users frequently clicked a results match result MicroBlog Post in the list.
particular result type after type list, select a result If users frequently click a
typing the same query. type. microblog post in search
results, consider configuring
the most recent microblog
post as the first promoted
result, and the next most
recent microblog post as
the second promoted result
(in the Actions section).
Q UERY C O N DIT IO N DESC RIP T IO N C O N F IGURAT IO N EXA M P L E
Advanced Query Text You want to use a phrase or Enter the phrase or term You selected Quer y
Match a dictionary entry that that causes the query rule contains one of these
causes the query rule to to fire by doing one of the phrases , and then chose
fire, and then define more following: Star t of quer y matches,
detailed conditions for Select Quer y contains but not entire quer y .
when the query rule fires. one of these phrases , The query rule fires only if
and type one or more the phrase is at the
phrases. beginning of a query, not if
Select Quer y contains an it's at the end.
entr y in this dictionar y ,
and then click Impor t
from term store . In the
dialog, select a term from a
term set, and then click
Save .
Then, add more conditions
by checking off options in
the lists.
Customize query suggestions in SharePoint search
3/23/2021 • 3 minutes to read • Edit Online
Query spelling suggestions are words that appear below the search box as a user types a query. SharePoint
automatically creates a query suggestion when you've clicked a search result for a query at least six times. For
example, if you've entered the query word "coffee" and then clicked a search result six times, "coffee"
automatically becomes a query suggestion.
Automatic query suggestions are generated daily for each result source and each site collection, so the query
suggestions can be different for different result sources and site collections.
For example, in the following screenshot, "contoso" is automatically suggested.
SharePoint has both a classic and a modern search experience, learn about the differences between the classic
and modern search experiences in SharePoint. The modern search experience uses the same default result
source as the classic search experience. Automatic query suggestions for the default result source appear in
both the classic and modern search experiences.
You can manually create your own lists of query suggestions and import them to SharePoint. Manual query
suggestions apply to all result sources, all site collections, and to both search experiences.
To create query suggestions for multiple languages, you'll need to create a separate file for each language. The
language determines how the query suggestions are processed internally in the search system. All manual
query suggestions are always displayed for all languages. Add each phrase as a separate line in the text file that
you create and save the file in UTF-8 encoding.
Query suggestions are turned on by default. To turn them off, go to Search Suggestions , and clear Show
search suggestions .
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
Result sources limit searches to certain content or to a subset of search results. You can also use result sources
to send queries to external providers such as Bing.
A global or SharePoint admin can manage result sources for all site collections and sites in the tenant. A site
collection administrator or a site owner can manage result sources for a site collection or a site, respectively.
SharePoint has both a classic and a modern search experience. The modern search experience gets results from
the default result source. If you change the default result source, this impacts both the classic and modern
search experiences. Learn more about the differences between the classic and modern search experiences in
SharePoint.
For the classic search experience, you can create your own result sources, or use the predefined result sources.
After you create a result source, you configure Search Web Parts and query-rule actions to use it.
NOTE
The Exchange Web Services Managed API must be installed on the computer where the search service is running.
5. If you choose Local SharePoint or Remote SharePoint for protocol, choose a Type :
SharePoint Search Results to search the whole index.
People Search Results to search in people profiles and enable query processing that is specific to
people search, such as phonetic name matching or nickname matching.
6. In the Quer y Transform section, you can change incoming queries to use a new query text instead. Choose
one of these options:
Leave the default query transform ( searchTerms ) as is. The query will be unchanged since the previous
transform.
Type a different query transform in the box. See Understanding query transforms.
Build your own query. Select Launch Quer y Builder and build your query by specifying filters on the
BASICS , sorting on the SORTING tab, and then testing the query on the TEST tab. Each of these tabs are
described in the following sections.
7. In the Credentials Information section, choose an authentication type for users to connect to the result
source.
8. Select Save .
The BASICS tab
C H O O SE T H IS O P T IO N TO DO T H IS
Keyword filter Use keyword filters to add predefined query variables to the
query transform. Select query variables from the list, and
add them to the query by clicking Add keyword filter .
Sort results Define sorting for results. The Sor t by list contains
managed properties that are set as sortable in the search
schema.
Select a property to sort by, and then select Descending or
Ascending . To sort by relevance, select Rank .
Click Add sor t level if you want to specify more levels of
sorting.
Ranking model If you selected Rank from the Sor t by list, choose the
ranking model to use for sorting.
C H O O SE T H IS O P T IO N TO DO T H IS
Query text See the final query text, which is based on the original query
template, the applicable query rules, and the variable values.
Query template See the query as it is defined in the BASICS tab or in the
text box in the Quer y transform section on the Add Result
Source page.
Query template variables Test the query template by specifying values for the query
variables. Click Test quer y to see the results.
See also
Understanding result sources
Understanding query transforms
Manage result types
3/9/2021 • 3 minutes to read • Edit Online
As a site collection administrator or site owner, you can create and use result types to customize how results are
displayed for particular types of documents.
SharePoint has both a classic and a modern search experience. For the classic search experience, you use a result
type to specify a display template that the search system should use for a particular type of document or search
result. As documents aren't all the same, search results shouldn't be either. By using result types and display
templates, it's much easier for users to find the results they are looking for. You can't customize how results are
displayed for the modern search experience. Learn about the differences between the classic and modern search
experiences in SharePoint.
A result type specifies one or more conditions to compare search results against, such as the type or the result
source of the search result, and an action to take if a search result meets those conditions. The action specifies
the display template to use for the search result.
For example, a preconfigured result type named Person specifies that if a search result comes from the result
source Local People Results , then use the People Item display template. The People Item display template
shows information in the hover panel such as documents the person's authored and gives you quick access to
those documents.
Another example is to have a result type that fires if the ContentType property contains Sales Report , and
then have a specific display template for sales reports. Users will identify the search result as a sales report right
away.
See Change how search results look by using result types and display templates for more information.
There are many preconfigured result types to choose from, and you can also create new custom result types.
You can configure result types at site collection level and at site level.
You can use search dictionaries to include or exclude company names to be extracted from the contents of your
indexed documents, or you can include or exclude words for query spelling correction.
For company name extraction to work, that is, for a company name to be pulled from your content and for it to
be mapped to the managed property companies , you have to make sure that:
The managed property setting Company name extraction is enabled on the managed property that
you want to extract company names from. This setting is available for the managed properties Title ,
Body and Notes . See also Manage the search schema in SharePoint.
The name of the company that you want to extract is in the prepopulated company name dictionary or in
the Company Inclusions list.
After you have done this, you can then use the managed property companies to create refiners based on the
extracted company name in the Refinement Web Par t , on the search results page.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
2. Under Search , select Open , and to open the term store, select Manage Search Dictionaries .
3. On the Site Settings: Term Store Management Tool page, to expand the Search Dictionaries
menu, select the arrow.
4. Select Company Inclusions , then select the arrow, and then select Create Term .
5. Enter the name of the company that you want to include in the box that appears.
6. To add the term to the Company Inclusions list, select anywhere on the page.
Exclude company names
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
If you or another user enters a word in a search query that appears to be misspelled, the search results page
helps you out by displaying query spelling corrections. These are important words in your indexed documents.
This is also known as "Did you mean?".
For example, if you enter a query that contains the word "ampitheater", the query spelling correction would
show "amphitheater" if this term is available in many places in your indexed documents. You can add terms such
as the one just shown to the Quer y Spelling Inclusions list, or to the Quer y Spelling Exclusions list to
influence how you want query spelling corrections to be applied or not. It takes up to 10 minutes for any
changes to the Quer y Spelling Inclusions or the Quer y Spelling Exclusions list to take effect.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
As a global or SharePoint admin in Microsoft 365, you can influence the pages or documents that should appear
at the top of your list of search results by identifying high-quality pages, also known as authoritative pages.
Authoritative pages link to the most relevant information. A typical example of an authoritative page could be
the home page of your company portal.
Authoritative pages only work for classic search and only for web parts that use the default ranking model.
If you have specific knowledge of an area, you can influence the relative importance of pages by adding more
levels of authoritative pages (second-level and third-level).
In the same way, you can also add non-authoritative pages. A typical example of a non-authoritative page could
be the URL of a site that contains outdated information.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
TIP
All URLs whose prefix matches the prefix of a URL in the Sites to demote box are demoted. Example: Entering
http://archive/ demotes the rank of all URLs that begin with http://archive/.
8. Select OK .
How results are ranked
Classic search uses the list of authoritative pages to calculate the ranking of results. Static rank determines the
relative importance of a page. Static rank is calculated as the smallest number of clicks that it would take a user
to navigate from an authoritative page to a document. The closer a document is to the most authoritative page,
the higher the static rank of the page is.
Export and import customized search configuration
settings
3/23/2021 • 8 minutes to read • Edit Online
As a global or SharePoint admin in Microsoft 365, you can export and import customized search configuration
settings between tenants, site collections, and sites. The settings that you export and import include all
customized query rules, result sources, result types, ranking models and site search settings. It's also possible to
export customized search configuration settings from a Search service application and import the settings to
tenants, site collections, or sites. You can't export the default configuration settings.
Overview
When you export customized search configuration settings, SharePoint creates a search configuration file in
XML format. This search configuration file includes all exportable customized search configuration settings at
the tenant, site collection, or site level from where you start the export. A search configuration file for a site
collection doesn't contain search configuration settings from the individual sites within the site collection.
When you import a search configuration file, SharePoint creates and enables each customized search
configuration setting in the tenant, site collection or site from where you start the import.
This table shows the settings that you can export or import. For each setting, you'll find dependencies on other
customized search configuration settings. If the customized search configuration settings depend on a
customized search configuration setting at a different level, for example, if a site query rule depends on a result
source at site collection level, you must export and import settings at all of the relevant levels.
Query rules. These include result blocks, promoted results, Result sources, result types, search schema, ranking model.
and user segments.
If the search configuration file and the target for your import have settings with the same name, the import of
the search configuration file fails when it encounters this setting. There are exceptions however:
If you reimport a search configuration file, the settings that have the same name in the search
configuration file and on the target do not cause the import to fail.
Managed properties with the same name do not cause an import to fail if the individual managed
property settings are the same on the property in the search configuration file and on the target
property.
Managed properties with the same name do not cause an import to fail if the aliases and mappings to
crawled properties are different on the managed property in the search configuration file and on the
target managed property. The import adds the aliases and mappings on the managed property in the
search configuration file to the aliases and mappings on the target managed property.
If the search configuration file contains managed property names or aliases that contain invalid characters, the
import fails when it encounters that managed property name or alias.
The managed property names and aliases of a search schema must be unique for a site and its parent site
collection. This means:
If your search configuration file has a managed property that has the same name as an alias for a
managed property on your target site or the parent site collection of your target site, then the import
fails.
If your search configuration file has a managed property with an alias that has the same name as a
managed property on your target site or the parent site collection of your target site, then the import
fails.
NOTE
Any customized search settings that were created and enabled by SharePoint before the import failed, remain enabled.
If the import fails, remove the condition that caused the failure and reimport the search configuration file. For
example, if the Notes column states that there is already a query rule with the same name as the query rule that
you are trying to import, then you should remove that query rule either from the target or from the import file,
and then reimport the file. See Invalid characters causing your import to fail later in this article.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
C H A RA C T ER NAME
space
: colon
; semicolon
, comma
( opening parenthesis
) closing parenthesis
[ opening bracket
] closing bracket
C H A RA C T ER NAME
{ opening brace
} closing brace
% percent
$ dollar sign
_ underscore
+ plus sign
! exclamation point
* asterisk
= equal sign
& ampersand
? question mark
@ at sign
# number sign
\ backslash
~ tilde
| pipe
` grave accent
^ caret
Known issue
When you import search configuration files into the tenant admin search settings page, you might encounter an
issue that the Search Config List could not display properly and you might receive a "File not found" error.
This issue only blocks the UI from displaying the list of search configuration files you imported and would not
break the Impor t functionality. Your search configuration will be imported properly.
Since you are unable to check the status of the search configuration file you imported from the UI, you could
choose an alternative way to access the list, like SharePoint CSOM API or SharePoint Online REST API.
Check logs, limits and reports
3/9/2021 • 2 minutes to read • Edit Online
See if the crawler has added content to the search index, and if your users are finding what they're looking for in
SharePoint.
Query throttling
In SharePoint, you can't turn query throttling on or off, but you can use client-type information to make sure
lower-priority clients like automated queries don't squeeze out higher-priority clients like UI. Learn more.
Search limits
Look up the limits to SharePoint search. For example, there are limits to the number of entries you can have in a
custom search dictionary and the number of results that can be returned for a query. Learn more.
View search usage reports
3/23/2021 • 3 minutes to read • Edit Online
NOTE
Starting in the fourth quarter of 2021, we'll be retiring classic tenant-wide search usage reports in SharePoint Online.
After this change, you will be able to discover site collection search usage data through the classic site collection usage
reports under the Site > Site Settings > Site collection Administration > Search Repor ts where you can access
and download usage data for the last 31 days and past 12 months. For administrators of Microsoft Search you can access
the tenant usage analytics reports through the Microsoft 365 admin center under Settings > Search and Intelligence
> Insights .
If you're a SharePoint admin in your organization, you're probably asked questions about search usage, such as:
What are the top queries on my site per day or per month?
How many search queries are users performing on average?
Which queries are getting low clicks as they're simply not showing up in any results?
How often are query rules firing and how often are people clicking promoted results?
This article describes how you can use search reports in the SharePoint admin center to find answers to these
questions.
To view a report
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
Number of Queries This report shows the number of search queries performed.
Use this report to identify search query volume trends and
to determine times of high and low search activity.
REP O RT DESC RIP T IO N
Top Queries by Day This report shows the most popular search queries. Use this
report to understand what types of information visitors are
seeking.
Top Queries by Month This report shows the most popular search queries. Use this
report to understand what types of information visitors are
seeking.
Abandoned Queries by Day This report shows popular search queries that received low
click-through. Use this report to identify search queries that
might create user dissatisfaction and to improve the
discoverability of content. Then, consider using query rules
to improve the query's results.
Abandoned Queries by Month This report shows popular search queries that received low
click-through. Use this report to identify search queries that
might create user dissatisfaction and to improve the
discoverability of content. Then, consider using query rules
to improve the query's results.
No Result Queries by Day This report shows popular search queries that returned no
results. Use this report to identify search queries that might
create user dissatisfaction and to improve the discoverability
of content. Then, consider using query rules to improve the
query's results.
No Result Queries by Month This report shows popular search queries that returned no
results. Use this report to identify search queries that might
create user dissatisfaction and to improve the discoverability
of content. Then, consider using query rules to improve the
query's results.
Query Rule Usage by Day This report shows how often query rules trigger, how many
dictionary terms they use, and how often users click their
promoted results. Use this report to see how useful your
query rules and promoted results are to users.
Query Rule Usage by Month This report shows how often query rules trigger, how many
dictionary terms they use, and how often users click their
promoted results. Use this report to see how useful your
query rules and promoted results are to users.
Related topics
Microsoft 365 Reports in the Admin Center - SharePoint site usage
Microsoft 365 Reports in the Admin Center - SharePoint activity
Crawl log permissions
3/23/2021 • 2 minutes to read • Edit Online
As a global or SharePoint admin in Microsoft 365, you can grant users read access to crawl log information for
the tenant. The crawl log tracks information about the status of crawled content.
A typical use case is in eDiscovery, where you can grant a security group permission to view the crawl log
information for the tenant. The users in the security group can view the crawl log data via the eDiscovery portal
to check whether crawled content was successfully added to the search index, or whether indexing failed
because of an error.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
Learn how query client types decide in which order queries are performed.
A query client type is how a client performing a query tells the system what type of client it is. For example, a
client might tell us it is UI, or an automated query. Query throttling monitors the use of resources and protects
the search system. Administrators can use client-type information for throttling, to make sure lower-priority
clients like automated queries don't squeeze out higher-priority clients like UI. Query client types are also used
for things like logging, reports, and determining relevance.
The client sets the client type as a label in the query. The administrator configures the valid client types (though
some are default and mandatory), and the client chooses one for each query.
NOTE
You can't turn query throttling on or off.
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
Lower priority queries are throttled first. The search system processes queries from top tier to bottom tier.
7. Select OK .
Prioritize a client query type
You can use throttling tiers to prioritize query processing. When the resource limit is reached, query throttling
kicks in, and the search system processes queries, starting from the top tier, right through to the bottom tier.
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
Lower priority queries are throttled first. The search system processes queries from top tier to bottom tier.
6. Select OK .
Search limits for SharePoint
3/23/2021 • 4 minutes to read • Edit Online
As an admin who manages SharePoint (for more info, see SharePoint search administration overview), you
should also be aware of limits to search. For example, there are limits to the number of entries you can have in a
custom search dictionary or the number of rows that are returned as part of a search.
There are two types of limits:
Boundar y A number that can't be exceeded.
Suppor ted A recommended number, based on testing that Microsoft has done, that shouldn't be exceeded.
If you exceed a supported limit, you might encounter unexpected results or see a significant decrease in
performance.
These limits apply to all SharePoint plans.
The following table lists the limits for SharePoint search.
L IM IT M A XIM UM VA L UE L IM IT T Y P E N OT ES
See also
SharePoint Limit
SharePoint Service Description
Overview of the search schema in SharePoint Server 2013
SharePoint feature availability across Office 365 plans
View Popularity Trends and Most Popular Items
3/9/2021 • 2 minutes to read • Edit Online
To identify usage trends and find out at what times activity is high or low, you can view Popularity Trends
reports for a site or a site collection. The reports show historical usage information, such as number of views
(hits) and unique users per day or month. Popularity Trends for a page or item in a library in a library show how
many views the page or item has had recently.
You can also view the most popular items in a library. You'll see which items have the most views, either recently
or ever (from the first time the item became available.)
NOTE
For SharePoint Modern sites, please see View usage data for your SharePoint site.
You can sort the list by Recent (views the last 14 days), or Ever (views from the first time the item became
available).
To see more details for each item, click the Popularity Trends link under each item URL.
This article is for global admins and SharePoint admins in Microsoft 365.
If you're running SharePoint Server, see Administer the User Profile service in SharePoint Server.
If you're not an admin, see View and update your profile in Office Delve for info about changing your
profile.
Most organizations don't need to change any user profile settings in the SharePoint admin center. For the
organizations that do need to work with user profile settings, this article describes the most common tasks.
NOTE
Instead of creating user sub-types in the SharePoint admin center, we recommend using the Microsoft 365 admin center
to Compare groups or using the Azure AD admin center to create groups with dynamic membership.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
WARNING
Do not remove a user as the admin of their own OneDrive. Doing this causes many experiences to break.
For info about automatically transferring ownership of OneDrive to a user's manager when the user account is
marked for deletion, see Set up access delegation.
Manage audiences
Audiences let you customize content on pages so that it appears only to particular people based on their:
Membership in a distribution list or security group
Location in the reporting structure or public info in the user profile
For example, you can display a navigational link to only people in a particular geographic location. For info
about using audiences, see Target content to specific audiences.
NOTE
Only sites that use classic templates can be customized based on audience.
Audiences are not a security feature. They help you deliver relevant content to specific groups of people, but don't
prevent content from being available to anyone with the appropriate permissions.
To add, edit, or delete an audience or an audience rule, go to the Manage Audiences page:
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
Audiences compile approximately weekly, and you can only view audience members after the audience
compiles. The user profiles page shows the number of audiences, the number of uncompiled audiences, and the
compilation status and time.
NOTE
If a user already created a OneDrive, changing the following setting won't delete it.
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
4. By default, "Everyone except external users" has permission to "Create Personal Site" (which includes
creating a OneDrive and saving user data such as followed and frequent sites). Remove that group and
add specific groups to allow only a subset of licensed users to create a OneDrive.
NOTE
The Disable OneDrive check box has no effect. Use the "Create Personal Site" check box to specify the security groups
that have permission to create a OneDrive.
5. Select OK .
Add and edit user profile properties in SharePoint
3/23/2021 • 4 minutes to read • Edit Online
If your organization uses the cloud identity model, your user accounts are stored in Azure AD and you can
manage most user profile info in the Microsoft 365 admin center. For info, see Edit or change a user in Microsoft
365. You can also manage user profiles (including adding user pictures and defining user managers) in the
Azure AD admin center. For info, see Add or change profile information for a user in Azure Active Directory. If
you need to create custom user profile properties, such as languages spoken, emergency contact info, or sales
account, you can use user properties in SharePoint. Note that these properties are NOT synced back to Azure
AD.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
6. In the Display Name box, enter the profile property name that will be displayed to all users. (This name
doesn't have to be unique.)
7. In the Type list, select the data type for the property.
NOTE
If you select string (Multi Value) , the property will be permanently set as a multi-valued property. You cannot
change this setting after you select OK . You can only delete the property and add it again as a new single-value
property.
8. If you selected binary, HTML, or string, use the Length box to enter the maximum number of characters
allowed for property values.
9. If you selected string and want to associate the profile property with a managed metadata term set, select
Configure a Term Set to be used for this proper ty . Then select a term set from the list.
10. Make sure Default User Profile Subtype is selected so the default user profile subtype is associated
with this user profile property.
11. In the Description box, enter the instructions or information that is displayed to users about this profile
property.
12. In the Policy Settings section, select the policy setting and default privacy setting that you want for this
property. Select the User can override box to enable users to override these settings.
13. If you want users to be able to change this profile information for themselves, select Allow users to
edit values for this proper ty .
14. In the Display Settings section, specify whether and how the property will be viewed by users.
15. In the Search Settings section, select Alias if the property is the equivalent of a user's name. For
example, you might do this if you create a property for a "Stage name" and want searches for all
documents by John Kane to return the same results as searches for the user's real name. Select the
Indexed if you want searches to return all the user profiles matching that property. For example, if you
have a property for "University," a search for that value would return all alumni from that university.
NOTE
The Alias check box is available only if you set the Default Privacy Setting > Ever yone .
16. Select OK .
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
2. Select User profiles , and then select Open . Under People , choose Manage User Proper ties .
3. In the Proper ty Name column, select the profile property that you want to change, and then select Edit
or Delete .
4. Edit the elements you want to change.
NOTE
Some elements of profile properties, such as the Type element, are unavailable because they can't be edited. To
define these elements, create a new property. The exception is the Source Data Connection property. It's
predefined in SharePoint and can't be changed.
Microsoft SharePoint uses the Active Directory synchronization job to import user and group attribute
information into the User Profile Application (UPA).When a new user is added to Azure Active Directory (Azure
AD), the user account information is sent to the SharePoint directory store and the UPA sync process creates a
profile in the User Profile Application based on a predetermined set of attributes. Once the profile has been
created, any modifications to these attributes will be synced as part of regularly scheduled sync process.
NOTE
The profile properties that are synced by the UPA sync process are not configurable. Synchronization times will vary based
on workloads.
Sync process
There are four steps in the sync process.
ST EP DESC RIP T IO N
1. Active Directory to Azure AD Azure AD Connect syncs data from on-premises Active
Directory to Azure AD. For more info, seeWhat is hybrid
identity with Azure Active Directory? and Attributes
synchronized.
3. SharePoint to UPA The UPA sync process syncs user account information in
SharePoint directory store to the User Profile Application
(UPA).
Typically, user profiles are created automatically for all accounts that are created in Microsoft 365. For
organizations that have a Microsoft 365 Education subscription, user profiles are not created for new accounts
by default. The user must access SharePoint once, at which time a basic stub profile will be created for the user
account. The stub profile will be updated with all remaining data as part of the sync process.
If block sign-in is set on the user account in Azure AD or disabled accounts are synced from Active Directory on
premises, those user accounts will not be processed as part of the UPA sync process. The user must be enabled
and licensed for changes to be processed.
sn LastName Yes
msExchHideFromAddressLis SPS-HideFromAddressLists No
t
NOTE
To update additional or custom properties, see Bulk update custom user profile properties.
Will UPA synchronization over write existing proper ties in SharePoint user profiles?
For the default properties that are synced by UPA synchronization, values will be overwritten to align with Azure
AD.
Does UPA synchronization update only proper ties that have changed?
UPA synchronization is driven primarily by changes that are made Azure AD, including adding new users. A full
import can occur under certain maintenance events.
Why isn't it possible to map additional proper ties for UPA synchronization to sync from Azure AD
to the User Profile Application?
UPA synchronization is limited to a preconfigured set of properties to guarantee consistent performance across
the service.
How to remove deleted users from SharePoint
3/23/2021 • 3 minutes to read • Edit Online
This article describes how to remove deleted users so they no longer appear in SharePoint. It should be used to
troubleshoot Profile Property synchronization or mismatched ID issues only as advised by Microsoft Customer
Support Services.
Scenario 1: Someone is deleted from the Microsoft 365 admin center but still appears in
SharePoint.
When a user or guest browses to a SharePoint site, their user information is cached in the UserInfo list.
When the user or guest is deleted, their related UserInfo information is not removed. Their profile still
appears, which may cause confusion when people view the people picker.
Scenario 2: Site User ID Mismatch.
This issue most frequently occurs when a user is deleted and the account is then re-created with the same
user name. The account in the Microsoft 365 admin center or Active Directory (in directory
synchronization scenarios) is deleted and re-created with the same user principal name (UPN). The new
account is created by using a different ID value. When the user tries to access a site collection or their
OneDrive, the user has an incorrect ID. A second scenario involves directory synchronization with an
Active Directory organizational unit (OU). If users have already signed in to SharePoint, and then are
moved to a different OU and resynced with SharePoint, they may experience this problem.
NOTE
If you're using directory synchronization, you must remove the user from the on-premises Active Directory environment.
After you delete a user, a series of jobs will remove the user from SharePoint. After the next incremental profile
import job, the user (or users) will be marked as deleted, the user's profile page will be deleted, and the user's
OneDrive will be marked for deletion by the MySite cleanup job.
NOTE
If you have Office 365 Germany, sign in at https://portal.office.de. If you have Office 365 operated by 21Vianet
(China), sign in at https://login.partner.microsoftonline.cn/. Then select the Admin tile to open the admin center.
4. Remove the guest from each site collection by using the following command:
NOTE
Replace the [email protected] placeholder with the account for your scenario.
NOTE
This option is available only if the user previously browsed to the site collection. They won't be listed if they were granted
access but never visited the site.
1. Browse to the site and edit the URL by adding the following string to the end of it:
/_layouts/15/people.aspx?MembershipGroupId=0
For example, the full URL will resemble the following:
https://fabrikam.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0
2. Select the person from the list, and then on the Actions menu, select Delete Users from Site
Collection .
Using the SharePoint Online Management Shell
1. Install the SharePoint Online Management Shell.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command:
NOTE
Replace the [email protected] placeholder with the person in question.
In SharePoint in Microsoft 365, you can create Business Connectivity Services (BCS) connections to data sources,
such as SQL Azure databases or Windows Communication Foundation (WCF) web services, that are outside the
SharePoint site. Once you've created these connections, you can manage or edit BCS information in the
SharePoint admin center. Microsoft SharePoint uses BCS together with Secure Store Services to access and
retrieve data such as BDC Models from external data systems. See also Deploy a Business Connectivity Services
hybrid solution in SharePoint.
Object permissions
Object permissions apply only to a specific External System, BDC Model, or External Content Type (ECT). Each
ECT is a securable object. For example, if you have an ECT called WCFBookSales, object permissions apply only
to the WCFBookSales object, and not to any other ECT that might be defined.
To set object permissions for an object, follow these steps.
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
P ERM ISSIO N N OT ES
Selectable in clients Allows the user or group to create external lists for any ECTs,
and to view the ECTs in the external item picker.
Set permissions Allows the user, group, or claim to set permissions on the
Metadata Store.
At least one user or group must have this permission on
every BCS connection so that permissions management can
occur. With this permission, a user can grant Edit
permissions to the Metadata Store. This setting should be
reserved for highly privileged users
Metadata Store permissions apply globally to the whole BCS store. That is, they apply to all BDC Models, external
systems, ECTs, methods, and methods instances that are defined for that external data system. You can set
permissions on the metadata store to determine who can edit items and set permissions for the store.
Metadata Store permissions apply to many objects, such as BDC Models, ECTs, and external systems. Because
Metadata Store permissions can replace object permissions, they must be managed carefully. When applied with
forethought, Metadata Store permissions can grant access quickly and completely.
To set Metadata Store permissions, follow these steps.
1. In the left pane of the new SharePoint admin center, select More features .
2. Under BCS , select Open .
3. Select Manage BDC Models and External Content Types .
4. On the ribbon, select Set Metadata Store Permissions .
5. Enter a user account or group into the text box, and then select Add . You can also select Browse to look
for the account that you want.
6. The account or group will appear in the second text box. If you have multiple accounts or groups, you
must select them one at a time to set the level of access.
P ERM ISSIO N N OT ES
Selectable in clients Allow the user or group to create external lists for any ECTs,
and to view the ECTs in the external item picker.
Set Permissions Allows the user, group, or claim to set permissions on the
Metadata Store.
At least one user or group must have this permission on
every BCS connection so that permissions management can
occur.
With this permission, a user can grant Edit permissions to
the Metadata Store. This setting should be reserved for
highly privileged users.
7. To propagate permissions to all items in the Metadata Store, select Propagate permissions to all BDC
Models, External Systems and External content types in the BDC Metadata Store . If you select this
option, you'll replace all existing permissions (including object permissions) that you may have set anywhere
else in your selected BCS Application.
NOTE
You can create a BDC Model using XML code. If you do so, it's important to know that you cannot use the authentication
modes Rever tToSelf and PassThrough with SharePoint. Although you might be able to import a BDC Model that was
written in XML, the connection will not be usable.
When you import a BDC Model, you also import its specified permissions. Before you import a BDC Model, it's a
good idea to understand how imported permissions interact with existing permissions.
Imported permissions for a BDC Model are added to the store of existing permissions in the BDC service. If an
entry for an object already exists in the access control list, the existing value is overwritten with the permissions
information from the imported file.
To import a BDC Model, follow these steps:
1. In the left pane of the new SharePoint admin center, select More features .
2. Under BCS , select Open .
3. In the business connectivity services section, select Manage BDC Models and External Content
Types .
4. On the ribbon, select Impor t .
5. In the BDC Model section, enter the name of the BDC Model File. The Model name must not include any
special characters, such as ~ " # % & * : < > ? \ { | } or the character 0x7f. You can also select Browse to
locate the *.bdcm file for a BDC Model.
6. In the File Type section, select Model or Resource as the file type that you want to import.
7. In the Advanced Settings section, select one or more of the following resources to import:
8. Localized names to import localized names for the ECTs in a particular locale. Imported localized names
are merged with the existing localized names by Business Data Connectivity.
9. Proper ties to import properties for ECTs. Imported properties are merged with the existing property
descriptions by Business Data Connectivity.
10. Permissions to import permissions for ECTs and other securable objects in the model.
11. (Optional) To save the resource settings in a file for later use, type a name for the resource file in the Use
Custom Environment Settings text box.
12. Select Impor t .
Export a BDC Model
You can export a BDC Model and then read its contents to determine differences between connections. This can
be useful if you are troubleshooting. You can also import an exported BDC Model file into another environment
for testing or reuse.
To export a BDC Model or Resource file, follow these steps:
1. In the left pane of the new SharePoint admin center, select More features .
2. Under BCS , select Open .
3. Select Manage BDC Models and External Content Types .
4. Select the dropdown, and in the View group, select BDC Model .
5. Select the name of the BDC Model that you want to export, on the ribbon, select Expor t .
6. On the Business Data Connectivity Models page, select the model or resource file to export.
7. On the Export page, in the File Type section, to specify the type of file that you want to export, select
Model or Resource .
8. In the Advanced Settings section, to further refine the data export, select one or more of the following:
To export localized names for the ECTs in a particular locale, selectLocalized names .
To export properties for ECTs, select Proper ties .
To export permissions for ECTs, select Permissions .
To export an implementation-specific proxy that is used to connect to the external system, select Proxies .
.
9. If you saved a file of resource settings for later use, enter the name of the file to export in the Use
Custom Environment Settings field.
10. Select Expor t to start a dialog that enables you to save a *.bdcm file to your local drive. You can open the
*.bdcm file in a text editor.
NOTE
Under the control, you can find an example URL. The example shows how to add one (or more) parameter place-
holders such as {0}, or {1} (http://www.adventure-works.com/sample.aspx?p0={0}&p1={1} ).
7. If you want web parts on the site to be able to use this new action, select one of the following options:
C OMMAND A C T IO N
8. In the URL Parameters field, specify any parameters that are required by the URL. These are numbered
in the interface starting at 0.
9. Decide if you want to use an Icon or not. This field also allows you to use Standard icons.
10. If you want the action to be the default action, select the Default Action check box.
IMPORTANT
Parameters can contain personally identifying information such as names and Social Security numbers. When you
design an action, be careful not to use fields that display personally identifying information.
By default, the BCS connection uses the External Content Types view. This view shows Service Application
Information, and lists the following information:
ECT name
ECT display name
ECT type namespace
Namespace version
External system name
For most processes in BCS, this view is sufficient. However, if there are many ECTs, this view can be difficult to
navigate.
External Systems view
The External Systems view shows a BCS connection in terms of its system of origin. This view is useful if you
want to know the BCS connection information after you create the BCS. In this view, you can see the property
settings for a named External System. In addition, you can configure some of the property settings.
The name of the External System appears on this page as a selectable link (a navigable URL). You can select the
URL to open a window that shows the original property settings for that store. In addition, if you are connected
to SQL Azure, you can see the database server name and database, in this view.
Depending on the type of BCS connection, the property settings can include any combination of the following
items:
Access Provider (such as WCF Service)
Authentication Mode (such as User's Identity)
Database Server
Impersonation Level (such as None, Anonymous, Identification, Impersonation, Delegation)
Initial Database name
Integrated Security (such as SSPI)
Secure Store Implementation
Secure Store Target Application ID (as the ID entered in Secure Store)
Service EndPoint Address (such as the URL pointing to SomeWCFService.svc)
Connection Pooling (Active/Inactive)
Secondary Secure Store Target Application ID
Secure Store Implementation
Configure property settings
If you point to an External System Name, you can open a shortcut menu that includes a Settings command.
This is useful for SharePoint connections that use Windows Communication Foundation (WCF) Web Services. By
selecting the Settings option from the menu, you can configure any of the following settings:
Metadata Exchange URL
Metadata Exchange Discovery Mode
Web Services Description Language (WDSL) Authentication Mode
WSDL Secure Store Target Application Id
Secure Store Implementation.
BDC Model view
The BDC Model view offers ribbon commands that enable you to import or export BDC Models. In addition, the
BDC Model view can make it easier to move around in a very large collection of ECTs. Because the BDC Model
shows hyperlinks for each distinct connection, rather than showing all ECTs for each connection, it can make a
more manageable list.
If you want to see all the ECTs for a BDC Model, select the name of the Model. If you select the name of an ECT,
open a table that shows the fields that are defined for the ECT. It resembles the following table.
Order Id System.String No
Employee Id System.String No
NAME TYPE DISP L AY B Y DEFA ULT
This display can closely mirror the layout of the data source connected via an ECT, and give better insight into
the structure of the underlying data.
Also, at the bottom of the page, any Associations, Actions, or Filters for this ECT appear.
Create or edit a Secure Store Target Application
3/23/2021 • 6 minutes to read • Edit Online
When you want to use external data (such as data from your other business applications or partner resources)
in SharePoint, you can use Business Connectivity Services (BCS) together with Secure Store. And, you can
manage BCS and Secure Store right in the SharePoint admin center. The external data source that you can
connect to is called a Secure Store Target Application, or just a Target Application.
BCS makes it possible for you to set up a connection to the Target Application, and the Secure Store enables you
to manage the credentials that are required by the external data source.
NOTE
To access the Secure Store, you must have the SharePoint Admin role or Global Admin role.
4. In the Target Application Settings section, enter values for the following fields:
5. Target Application ID . You might find it useful to assign a meaningful name. For example, if you are
connecting to source that contains employee data, you might enter EmployeeTargetApp.
6. Display Name. This field should be a user-friendly name for the Target Application. For example, you
might use Employee Data.
7. Contact E-mail Enter a valid email address for people to use when they have questions.
8. Target Application Type . By default, SharePoint uses type Group Restricted .
9. In the Credential Fields section, for the credentials that are required to access data in the Target
Application, enter the Field Names and Field Types . These fields determine how you will map identity
in the Secure Store Service. By default, the Credential Fields list the Windows User Name and Windows
Password with matching Field Types (User Name and Password), and specifies that the password is
masked.
10. In the Target Application Administrators section, enter a list of users, or to search for the name of a
group, select Browse . This section usually contains the account of the SharePoint admin, or a global
admin.
11. In the Members section, enter a list of users or SharePoint groups of users who need to access the target
app. Or, to search for the name of a group that you want to map to the Target Application, select Browse .
12. Select OK to accept this configuration and return to the Secure Storage Service page. The new Target
Application appears on the page.
NOTE
Some fields on the Edit page are not available. These elements cannot be edited. After you create a Target
Application, you can't change the Target Application ID , Target Application Type , or Credentials Fields .
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
The following fields cannot be edited. These fields specify the Secure Store mapping for the Target Application:
Target Application Name , Target Application ID , and Credential Owners .
IMPORTANT
Be careful when you enter the password. If you enter a password that is incorrect, you won't see a message about
the error. Instead, you'll be able to continue with configuration. However, errors can occur later, when you attempt
to access data through BCS. Also, if the password for the external data source is updated, you have to return to
this page to manually update the password credentials.
As a SharePoint or global admin in Microsoft 365, you can use services in Microsoft SharePoint to access data
from a Microsoft SQL Azure database. Because SQL Azure is a cloud-based relational database technology, the
connection works completely in the cloud. This article describes how to use SharePoint technologies to access
data from a SQL Azure database without having to write code.
To use data from a SQL Azure database, you have to create an External List by using Business Connectivity
Services (BCS) and Secure Store. BCS connects SharePoint solutions to external data, and Secure Store enables
user authentication for the data. By using an External List, you can display the contents of a table from SQL
Azure in SharePoint. Users can read, edit, and update the data, all in SharePoint.
For more information about how to use BCS to use external data, see Introduction to external data.
SQL Azure databases are cloud-based relational databases that are created by using SQL Server technology. To
learn how to get started with these databases, see Getting Started with Microsoft Azure SQL Database Using the
Microsoft Azure Platform Management Portal
W H AT TO DO : W H ERE TO DO IT :
Step 1: Set permissions on the BCS Metadata Store SharePoint admin center
Step 3: Create an External Content Type (ECT) SharePoint Designer 2010 OR Visual Studio
NOTE
SharePoint in Microsoft 365 doesn't support offline use of external lists.
This illustration shows how the connections between the different elements occur:
The following list describes the steps in the connectivity process. Each step in this list corresponds to a number
in the previous diagram.
1. The user signs in to SharePoint and opens an External List. The Business Data Connectivity (BDC) service
in SharePoint queries External Content Type for that list in the BDC metadata store that contains the list.
The query asks for the following information: how to access the external system, which operations are
supported, and what credentials to use.
2. The BDC service runtime sends the request (SOAP over HTTP) to the endpoint of the SQL Azure Windows
Communication Foundation (WCF) service.
3. The SQL Azure service returns the data in a SOAP envelope.
4. The SharePoint site displays the external list in the user's browser. The user can then perform all the
configured operations on the data source for which the user has permissions.
TIP
Make sure that you have SQL Azure credentials ready. You'll use these credentials when you create the mapping between
SharePoint users and a SQL Azure account.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
After you create the Target Application, you are ready to enter the credentials that Secure Store uses to access
the external data. To set the credentials, follow these steps
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
IMPORTANT
Keep a secure record of this information. After you set these credentials, an administrator cannot retrieve them.
NOTE
If SharePoint displays a prompt for you to add a new user, ensure the user account you use has sufficient
permissions. The user account must be able to make and test BCS changes to the SharePoint site. Typically, a
SharePoint or global admin performs these steps.
If you want to change to a different user, select Add a new user , select Personal or Organization , sign in to
the site as the SharePoint or global admin, and select Sign In .
3. After the site opens, in the Site Objects tree on the left of the application window, select External
Content Types .
4. Select the External Content Types tab, and in the ribbon, to begin the creation process, select External
Content Type .
5. In the External Content Type Information section of the page, change the Name and Display Name .
Make certain that the Name is descriptive. The Display Name is a friendly name for the ECT.
6. To open the Operation Designer page, select the link Click here to discover external data sources
and define operations .
7. To open the External Data Source Type Selection dialog, select Add Connection .
8. To access the SQL Azure database, select SQL Ser ver .
NOTE
You cannot use on-premises data sources, such as .NET Type, with SharePoint in Microsoft 365. In addition, you
cannot use a SQL Server data source that is on-premises with SharePoint in Microsoft 365.
IMPORTANT
The URL you use to access the database contains the Fully Qualified Server Name. For example, if you access the
database via https://aaapbj1mtc.database.windows.net your Fully Qualified Server Name is
aaapbj1mtc.database.windows.net . > If you log on at a higher level, such as the Management Portal for
Microsoft Azure, you can discover the Fully Qualified Server Name. On the portal page, under Subscriptions ,
select the name of your subscription. Then, under Fully Qualified Ser ver Name , expand your subscription and
the server name. Names of databases appear under each server name.
In the SQL Ser ver Connection dialog, select Connect with Impersonated Custom Identity . Then,
in the Secure Store Application ID text box, type the Secure Store Application ID that stores credentials
for the target database and then select OK .
10. If you see a prompt for credentials to access the external data source, to access the external data system,
enter the correct User name and Password credentials. Then, to connect, select OK .
The Data Source Explorer tab, you can view a list of tables that are available from the SQL Azure
database. To see a list of possible operations for this table, open the shortcut menu for the table.
You can select specific options such as New Read Item Operation and New Update Operation for the
table. Or, you can just select Create All Operations .
11. To open a wizard, select Create All Operations , and then select Next .
On the Operation Proper ties page of the wizard, in the Errors and Warnings pane, read about any
issues. It is important to resolve reported issues that you see. For example, you may have to choose a
field to show in an external item picker control. For a customer table, you could choose the customer
name.
IMPORTANT
The wizard may display a warning message if unique, required fields, such as 'CustomerID', exist in the target
table. This is valid if the specified field is required and unique in the table, such as a primary key.
NOTE
For more information about how to define filters in external content types, see How to: Define filters for External
Item Picker controls .
12. To accept the operations properties that you configured, select Finish . SharePoint Designer displays the
operations as a list of ECT Operations.
When this step is complete, you are ready to create an External List to use the data from the external source.
1. In SharePoint Designer 2010, on the ribbon, select Create Lists and Forms .
SharePoint Designer may display a message that states, "Creating lists and forms requires the external
content type to be saved". select Yes to save the ECT.
In the Create List and Forms for databasename Customers dialog, in the List Name text box, enter
a meaningful name for the External List. For example, if you created an ECT for the "Customers" database
table, you might use "Tailspintoys Customers" in the list name.
2. From the list of Operations, select a Read Item Operation .
3. In the System Instance text box, enter the name of the SQL Azure database.
4. To create the External List in the SharePoint site, select OK , and then select Save .
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
IMPORTANT
You must manually assign permissions to manage the ECT to a global or SharePoint admin by using the Set
Object Permissions command. If you do not assign these permissions explicitly, the admins won't have
permission to manage the ECT.
5. In the set object permissions dialog, select the check boxes for all the permissions (( Edit, Execute,
Selectable in Clients, and Set Permissions ) that the SharePoint admin needs.
NOTE
Make sure that at least one user or group has Set Permissions rights. If you don't assign someone this right,
you might create an unmanageable BCS connection.
6. Select Propagate permissions to all methods of this external content type . Doing this overwrites
any existing permissions.
NOTE
If you want to add a group that can use the External Lists, you must also give the group Execute rights. That
enables users in the group to run a query to the external source, and view the results in SharePoint.
Manage app licenses for a SharePoint environment
3/23/2021 • 3 minutes to read • Edit Online
As a SharePoint or global admin in Microsoft 365, you can use the SharePoint admin center to manage licenses
for apps purchased from the SharePoint Store, regardless of whether you purchased them. All apps available
from the SharePoint Store have built-in licenses that SharePoint recognizes. An app license provides digital
verification of a user's right to use an app.
It is important to keep track of the number of licenses that are available for each app so that the number of app
users does not exceed the number of available licenses. If necessary, you can buy additional licenses for an app.
From the admin center, you can also add users to an app, or delegate management of a license to someone else.
NOTE
The Office and SharePoint App Stores are optional services operated by Microsoft Corporation or its affiliate from any of
Microsoft's worldwide facilities. The apps available in the Store are provided by various app publishers, and are subject to
the app publisher's terms and conditions and privacy statement. Your use of any of these apps may result in your data
being transferred to, stored, or processed in any country where the app publisher, its affiliates or service providers
maintain facilities. Availability of specific apps and payment methods depends on your region and service. You can review
the app publisher's terms and conditions and privacy statements before downloading and using such apps.
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
TO DO T H IS: DO T H IS:
Assign licenses to specific users Under People with a License , select assign licenses ,
enter the name(s) of the people you want to add, and then
select Add User .
Buy more licenses Under People with a License , select buy , and then follow
the steps to sign in with your Microsoft account to buy the
additional number of licenses than you want.
TO DO T H IS: DO T H IS:
Remove app licenses Under View a purchase , select the arrow next to Actions
and then select Remove this license .
Recover app licenses When you recover a license, you basically reacquire it from
the SharePoint Store. You might need to do this if your
license gets out of sync with Office.com or if you are moving
the license to a new deployment (for example, in a disaster
recovery scenario).
NOTE
If this is a free app, some of the actions in the table above will not apply.
A user cannot grant an app permissions to do more than that user has permissions to do.
See also
Add an app to a site
Buy an app from the SharePoint Store
Monitor apps for your SharePoint environment
3/23/2021 • 2 minutes to read • Edit Online
As a SharePoint or global admin in Microsoft 365, you can monitor information such as app usage and error
information for the apps that are in use in your SharePoint environment. Before you can monitor information
about an app, you need to add it to the list of apps you want to monitor.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
View the details about the app such as: On the ribbon, select View Details . In the Usage section,
number of licenses purchased or used to change the timeframe for the usage info that displays in
counts of errors and installs the chart, select Days , Months , or Years .
usage info
View error information for an app On the ribbon, select View Errors . To find the errors in the
error log, use the Correlation ID. In the Location column, to
view more error details for this app, select the URL.
NOTE
If you no longer want to monitor an app, you can select it on the Monitor Apps page, and on the ribbon select Remove
App .
App usage and error detail info is processed by different timer jobs that are pre-configured to run at set times
for SharePoint. These timer jobs pick up events for the previous day. For this reason, the data visible on the
Monitor Apps page may be delayed for up to 29 hours.
Request app installation permissions
3/9/2021 • 3 minutes to read • Edit Online
Apps are small, easy-to-use web applications that add functionality to SharePoint sites. They offer unlimited
possibilities for customizing your sites in ways that are specific to your organization. For example, you can add
apps that perform general tasks such as time and expense tracking, or apps that make it easy for customers to
contact you, or productivity apps that enable you to establish data connections and develop reports for your
stakeholders.
Some apps are included with SharePoint, others might be developed by your organization, and still others are
created by third-party developers and available for purchase from the SharePoint Store.
Only those users who have the appropriate permission level can add apps to a site. Typically, Full Control
permission (or membership in the Site Owners group) is the minimum requirement. But some apps require
access to data sources or web services to read data required for the app. This kind of app has permissions
associated with it.
When the app requires organization-level permissions, the requestor will need approval from a Microsoft 365
admin to continue with the installation. The approval process includes a workflow, called the permission request
flow, which ensures installation requests are directed to the right person.
This article is intended for global admins and SharePoint admins at the organization level who receive requests
for app installation.
Clicking the link displays an App Request dialog where they provide justification for the request.
When they click Request , an automated email is sent to everyone who is a site collection admin for the app
catalog.
NOTE
Sometimes, depending on the Office Store settings, the App Request dialog will include a place for users to indicate the
number of licenses required along with the justification. For more information, see Configure settings for the SharePoint
Store.
The app catalog is where you store and manage all apps for the organization. There you can see a list of all
pending app installation requests.
View all requests
1. Browse to your app catalog. (In the SharePoint admin center, select apps in the left pane and then click
the App Catalog link.)
2. Click Settings > Site settings > Site Collection Administration > Manage App Requests .
3. In the left nav, select App Requests .
4. Click the title of each pending request to review it. Once the request is approved or denied, it's removed
from the view. If you change your mind about allowing an app or apps to be added to your sites, you can
revoke approval on the request. To revoke approval for a request, choose the request and click Remove
Approvals .
When you promote users to site collection administrators on the app catalog site collection, you are giving them
the ability to approve the installation of apps that have organization-wide impact. Consider this decision
carefully.
Add site collection admins to the app catalog
1. Browse to your app catalog. (In the SharePoint admin center, select apps in the left pane and then click
the App Catalog link.)
2. Select Settings > Site settings > Users and Permissions > Site collection administrators .
3. Type the name of the group or individuals who you want to add as site collection administrators.
4. Select OK .
Use the App Catalog to make custom business apps
available for your SharePoint environment
3/23/2021 • 7 minutes to read • Edit Online
As a SharePoint or global admin in Microsoft 365, you can create an App Catalog site to make internally
developed custom apps available for users to install when they browse apps under the From Your
Organization filter on the Site Contents page. Site owners can then add these apps to customize sites with
specific functionality or to display information.
After the App Catalog site has been created, you can use it to upload any custom apps that your organization
has developed. Uploading custom apps isn't much more complicated than uploading a document to a library
and setting some properties. You can use the App Catalog site to do things like install custom or third-party
apps on sites for users (also called app deployment). You can also manage app requests from users.
For more information about your options for developing custom apps for SharePoint, see: Build apps for
SharePoint and Apps for SharePoint compared with SharePoint solutions.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
5. On the Create App Catalog Site Collection page, enter the required info, and then select OK .
Step 2: Add custom apps to the App Catalog site
To get to the App Catalog site once it's been created, follow steps 1 and 2 in the previous section. The site may
take a little time to appear. The App Catalog site will have a document library for Apps for Office and a
document library for Apps for SharePoint, as well as a list that tracks App Requests from site users.
1. On the home page of the App Catalog site, select the tile labeled either Distribute apps for
SharePoint or Distribute apps for Office , depending on which type of app you are uploading.
2. Select New , and browse to the app you want upload, or drag the app into the library.
NOTE
Depending on the functionality that the app provides, the developer can set a flag that allows you to make the
app available to all sites in the organization. If the app builds something (for example, it creates a new list), you
can't make it available to all sites and will need to deploy it as described in the next section under "Deploy a
custom app." We always recommend testing solutions before deploying them more broadly. If the "Do you trust"
dialog appears when you upload the app, and you want to make the app available to all sites in your organization,
select Make this solution available to all sites in the organization , and then click Deploy .
3. To help site owners identify and use the app, right-click it, and then select Proper ties .
4. In the properties dialog form, you can change the Name for the app and enter optional information like a
description, images, category, publisher, and support URL. Follow the instructions on the screen for
details like image size.
5. Make sure the Enabled check box is selected so that users are able to add this app to sites.
6. If it appears, in the Hosting Licenses box, specify the number of licenses you think you will need.
7. Select Save .
NOTE
If you want to make third-party apps available for users to find and install, you simply need to buy a site license for them.
When you buy a site license for a third-party app from the SharePoint store, the apps will automatically display under
Apps You Can Add .
NOTE
This option is only available for SharePoint add-ins. To see tenant-scoped deployment options for SharePoint Framework
solutions, see Tenant-scoped solution deployment for SharePoint Framework solutions.
However, if you want to make the app available for use without requiring users to find and install it, you can
deploy it.
1. If you have not already purchased the app, you must buy it first. For info about how to do this, see Buy an
app from the SharePoint Store.
2. On the App Catalog site, select Settings , and then select Add an app .
3. Select the app you want to add, and when prompted, select Trust It .
4. On the Site Contents page, find the app you want to deploy.
5. Select ... (ellipses icon) next to the app, and to view the menu, select ... (ellipses icon) again in the callout,
and then select Deployment . (For some apps, the Deployment command may appear on the first
callout.)
6. On the Manage App Deployments page, enter the URL for each site collections to which you want to
deploy the app, and to add it to the list, select Add .
7. In the Managed Paths section, to specify which managed paths should have this app available, select
Add .
8. In the Site Templates section, to specify which site templates should have this app available, select Add .
9. Select OK .
10. If you are prompted to Trust the app, select Trust It .
Deploy a custom app
If you upload a custom app to the App Catalog, it is automatically available for users to install when they browse
apps under From Your Organization . If you want you want the app to be available for use without the need
for site users to install it, you can deploy it.
1. Before you can deploy a custom app, you must first upload it to the App Catalog site. For step-by-step
guidance about how to do this, see the previous section, Step 2: Add custom apps to the App Catalog site.
2. After you have uploaded the app, you then must add it as an app to the App Catalog site so that it
appears on the Site Contents page for the App Catalog itself. On the App Catalog site, go to Settings
and then click Add an app .
3. Select the app you want to add, and when prompted, select Trust It .
4. On the Site Contents page, find the app you want to deploy.
5. Next to the app, select ... (ellipses icon), and to view the menu, select ... (ellipses icon) again in the callout,
and then select Deployment . (For some apps the Deployment command may appear on the first
callout.)
6. On the Manage App Deployments page, enter the URL for each site collections to which you want to
deploy the app, and to add it to the list, select Add .
7. In the Managed Paths section, to specify which managed paths should have this app available, select
Add .
8. In the Site Templates section, to specify which site templates should have this app available, select Add .
9. Select OK .
10. If you are prompted to Trust the app, select Trust It .
NOTE
It may take up to 30 minutes for an app to deploy.
If you deploy an app that adds commands to the item callout for document libraries or lists, then those
commands are visible to users. However, if you deploy an app that features custom ribbon controls or an App
Part, additional steps may be required to make the user interface commands for the app appear.
See also
Configure settings for the SharePoint Store
Manage app licenses for a SharePoint environment
Monitor apps for your SharePoint environment
Add an app to a site
Manage access to Azure AD-secured APIs
3/9/2021 • 2 minutes to read • Edit Online
When developers build SharePoint Framework solutions, they might need to connect to an API that's secured
through Azure Active Directory (Azure AD). Developers can specify which Azure AD applications and
permissions their solution requires, and an administrator can manage the permission request from the API
access page of the new SharePoint admin center.
Learn more about building SharePoint Framework solutions that connect to Azure-AD secured APIs.
The API access page shows pending and approved requests. It also shows which requests apply to any
SharePoint Framework component or custom script in your organization (organization-wide) and which
requests apply to only the specific component (isolated).
NOTE
The admin role that's required to approve permissions depends on the API. To approve permissions to any of the third-
party APIs registered in the tenant, the application administrator role is sufficient. To approve permissions for Microsoft
Graph or any other Microsoft API, the global admin role is required.
NOTE
If you try to approve a permission request for a resource that already has some permissions granted (for example,
granting additional permissions to the Microsoft Graph), the requested scopes are added to the previously
granted permissions.
As a global or SharePoint admin in Microsoft 365, you can allow custom script as a way of letting users change
the look, feel, and behavior of sites and pages to meet organizational objectives or individual needs. If you allow
custom script, all users who have "Add and Customize Pages" permission to a site or page can add any script
they want. (By default, users who create sites are site owners and therefore have this permission. For more info
about SharePoint permission levels, see Understanding permission levels in SharePoint.)
NOTE
For simple ways to change the look and feel of a site, see Change the look of your SharePoint site.
By default, script is allowed on most sites that admins create. It is not allowed on OneDrive, on sites users create
themselves, on modern team and communication sites, and on the root site for your organization. You'll
probably want to limit the amount of script you allow for security reasons. For more info about the security
implications of custom script, see Security considerations of allowing custom script.
IMPORTANT
If SharePoint was set up for your organization before 2015, your custom script settings might still be set to "Not
Configured" even though in the SharePoint admin center they appear to be set to prevent users from running custom
script. In this case, users won't be able to copy items between SharePoint sites and between OneDrive and SharePoint. On
the Settings page of the SharePoint admin center, to accept the custom script settings as they appear, select OK , and
enable cross-site copying. For more info about copying items between OneDrive and SharePoint, see Copy files and
folders between OneDrive and SharePoint sites.
Before you allow custom script on sites in your organization, make sure you understand the security
implications.
1. Go to the Settings page of the new SharePoint admin center, and sign in with an account that has admin
permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Settings page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Settings page.
NOTE
Because self-service site creation points to your organization's root site by default, changing the Custom Script
setting allows custom script on your organization's root site. For info about changing where sites are created, see
Manage site creation in SharePoint.
Before you allow custom script on sites in your organization, make sure you understand the security
implications.
To allow custom script on a particular site (previously called "site collection") immediately, follow these steps:
1. Download the latest SharePoint Online Management Shell.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting
started with SharePoint Online Management Shell.
3. Run the following command.
If you change this setting for a user's OneDrive or a classic team site, it will be overridden by the Custom Script
setting in the admin center within 24 hours.
Save Site as Template No longer available in Site Settings Users can still build sites from
templates created before custom script
was blocked.
Save document library as template No longer available in Library Settings Users can still build document libraries
from templates created before custom
script was blocked.
Solution Gallery No longer available in Site Settings Users can still use solutions created
before custom script was blocked.
Theme Gallery No longer available in Site Settings Users can still use themes created
before custom script was blocked.
Help Settings No longer available in Site Settings Users can still access help file
collections available before custom
script was blocked.
HTML Field Security Still available in Site Settings, but Users can still use HTML field security
changes made will not take effect that they set up before custom script
was blocked.
Sandbox solutions Solution Gallery is no longer available Users can't add, manage, or upgrade
in Site Settings sandbox solutions. They can still run
sandbox solutions that were deployed
before custom script was blocked.
SharePoint Designer Pages that are not HTML can no Users can still open some data sources.
longer be updated. To open a site that does not allow
Handling List: Create Form and custom script in SharePoint Designer,
Custom Action will no longer work. you must first open a site that does
Subsites: New Subsite and Delete allow custom script.
Site redirect to the Site Settings
page in the browser.
Data Sources: Proper ties button is no
longer available.
Uploading files that potentially include The following file types can no longer Existing files in the library are not
script be uploaded to a library impacted.
.asmx
.ascx
.aspx
.htc
.jar
.master
.swf
.xap
.xsf
Uploading Documents to Content Access denied message when We recommend using Document
Types attempting to attach a document Library document templates.
template to a Content Type.
W EB PA RT C AT EGO RY W EB PA RT
Search Refinement
Search Box
Search Navigation
Search Results
Publishing Sites Can't create or edit master pages and page layouts
Best practice for communicating script setting changes to users
Before you prevent custom script on sites where you previously allowed it, we recommend communicating the
change well in advance so users can understand the impact of it. Otherwise, users who are accustomed to
changing themes or adding web parts on their sites will suddenly not be able to and will see the following error
message.
Communicating the change in advance can reduce user frustration and support calls.
Security considerations of allowing custom script
3/23/2021 • 3 minutes to read • Edit Online
Allowing users to customize sites and pages in SharePoint by inserting script can give them the flexibility to
address different needs in your organization. However, you should be aware of the security implications of
custom script.
When you allow users to run custom script, you can no longer enforce governance, scope the capabilities of
inserted code, block specific parts of code, or block all custom code that has been deployed. Instead of allowing
custom script, we recommend using the SharePoint Framework. For more info, see An alternative to custom
script.
The SharePoint Store is an Internet-based service that offers apps for Office, SharePoint, Exchange, Access, and
Project. Site users can access the SharePoint Store directly from a SharePoint site in order to browse for and buy
third-party apps. If a SharePoint environment has been configured to prevent users from getting apps from the
SharePoint Store, users can still browse for and request apps. These requests are added to the App Requests list
in the App Catalog.
For more information about the SharePoint Store, see Office Store and SharePoint Store Terms of Use.
For more information about how to buy apps, see Buy an app from the SharePoint Store.
Specify whether users can get apps from the SharePoint Store
By default, SharePoint is configured to allow users to get or request apps from the SharePoint Store. The option
to change this setting will not be enabled if you have not yet created an App Catalog site. For information about
how to create an App Catalog site, see Use the App Catalog to make custom business apps available for your
SharePoint environment.
Even if you choose not to allow users to buy apps from the SharePoint Store, they will still be able to browse the
SharePoint Store and request apps.
1. Go to the More features page of the new SharePoint admin center, and sign in with an account that has
admin permissions for your organization.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
2. Under Apps , select Open , and then select Configure Store Settings .
3. Next to App Purchases , do one of the following:
If you want users to be able to get free, trial, or paid third-party apps from the SharePoint store, select
Yes .
If you do not want users to be able to get third-party apps, select No .
2. Under Apps , select Open , and then select Configure Store Settings .
3. Next to App Requests , select the link Select here to view app requests .
4. In the App Requests list, select a request, and then select Edit .
5. In the Status list, do one of the following:
To approve the request, select Approved . If you approve the app request and you want to purchase the
app immediately, select the link next to View App Details . The app details page in the SharePoint store
will open in another tab in your browser, and you can follow the steps to purchase the app. For more
information about buying apps, see Buy an app from the SharePoint Store. Note that the app must be
purchased from the store before it will be available for the user in their site.
To decline the request, select Declined .
6. On the app request form, add any comments in the Approvers Comments field, and then select Save .
7. After the status has been changed to Approved , if the app wasn't purchased during the previous
approval process, the global admin or SharePoint admin must go to the SharePoint Store and acquire the
app to make it available for the user. See Buy an app from the SharePoint Store.
Site users who request apps can view their requests by going to Settings > Add an app > Your Requests .
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
2. Under Apps , select Open , and then select Configure Store Settings .
3. Next to Apps for Office from the Store , do one of the following:
If you want to allow apps for Office to start when documents are opened in the browser, select Yes .
If you do not want to allow apps for Office to start when documents are opened in the browser, select No .
Configure InfoPath Forms Services
3/23/2021 • 3 minutes to read • Edit Online
InfoPath Forms Services in SharePoint lets you deploy your organization's forms to your sites, enabling users fill
out these forms in a web browser. You can configure InfoPath Forms Services in any of several ways, depending
on the needs of your organization.
NOTE
InfoPath Forms Services 2013 is the last release of InfoPath Forms Services. Microsoft Power Apps is the recommended
solution for creating and delivering custom forms for SharePoint lists. Create new forms with Power Apps from the
command bar or the Customize button on SharePoint list forms. Support for InfoPath Forms Services will match the
support lifecycle for SharePoint Server 2016.
Overview
This article discusses settings that apply only to user form templates, which are form templates that are not
deployed by a developer. User form templates don't require Full Trust, and they don't contain code or other
business logic.
Form designers can publish user form templates to a list or a form library in a SharePoint site collection.
Because user form templates can be deployed by many users, a server can potentially host thousands of user
form templates. In large numbers, even form templates that contain no business logic can put a heavy load on
the server.
NOTE
These settings apply only to form templates published to form libraries. Workflow form templates and list forms
are not affected.
a. Select the Allow users to browser-enable form templates check box to allow users to publish
browser-enabled form templates.
NOTE
Clearing this check box disables browser-enabled form templates across the entire site collection.
b. Select the Render form templates that are browser-enabled by users check box to allow
browser-enabled form templates that users publish to be rendered in a web browser.
NOTE
If this option is not selected, users can still publish browser-compatible form templates to form libraries, but these
form templates cannot be filled out in a web browser.
4. Select OK .
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the More features page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the More features page.
By default, the OneDrive and SharePoint app tiles appear in the app launcher and on the Microsoft 365 admin
center. If your subscription doesn't include one of these services, or if you don't want users using one of them,
you can hide the app tile for it.
NOTE
Hiding these services doesn't remove them for users. If users have saved the address of the service, they will still be able
to access it.
If users click a tile for a service they don't have, they will see an Access Denied message.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Settings page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Settings page.
NOTE
If you have an Office 365 Education subscription, you also have the option to hide OneNote Class Notebooks
and OneNote Staff Notebooks .
Hiding the OneDrive tile also hides the tiles for Word, Excel, PowerPoint, and OneNote.
4. To save the settings, select OK .
See also
Customize the navigation on your SharePoint site
Customize the Microsoft 365 theme for your organization
Add custom tiles to the app launcher
Change site collection version and upgrade settings
3/9/2021 • 2 minutes to read • Edit Online
The Global Experience Version Settings on the settings page of the classic SharePoint admin center are no
longer in use.
The Upgrade settings on the site collections page of the classic SharePoint admin center are no longer in use.
Allow users to create modern pages
3/23/2021 • 5 minutes to read • Edit Online
Using modern pages in Microsoft SharePoint is a great way to share ideas using images, Office files, video, and
more. Users can Add a page to a site quickly and easily, and modern pages look great on any device.
If you're a global or SharePoint admin in Microsoft 365, you can allow or prevent users from creating modern
pages. You can do this at the organization level by changing settings in the SharePoint admin center. If you allow
the creation of site pages as the organization level, you can turn it on or off at the site level by using PowerShell.
Site owners can also turn it on or off at the site level.
NOTE
If you want to prevent members from creating or modifying any SharePoint pages on a site, go to Site Pages, select
Settings > Librar y settings > Permissions for this document librar y , and then set the Members group to
Read.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin
center and open the Settings page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to
the SharePoint admin center and open the Settings page.
2. Select Pages .
3. Select or clear Allow users to create new modern pages .
NOTE
Preventing users from creating modern pages hides the following options:
- On the Site Pages and Site contents pages > New > Page .
- Settings > Add a page .
Users can still add pages from other modern pages, either from the New menu or from modern webparts (such as
News).
4. You can also select to allow or prevent commenting on modern pages. If you allow commenting, it can be
turned on or off at the page level.
Prevent users from creating modern pages on a specific site by using
PowerShell
If you allow the creation of site pages as the organization level, you can turn it off at the site level by using
PowerShell.
1. Download the latest SharePoint Online Management Shell.
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs
and uninstall "SharePoint Online Management Shell."
On the Download Center page, select your language and then click the Download button. You'll be asked to
choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of
Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows
operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.
NOTE
Read About Execution Policies and make sure you run the SharePoint Online Management Shell as an
administrator and the correct execution policy to run unsigned scripts.
4. Copy the following code and paste it into a text editor, such as Notepad.
# Load SharePoint Online Client Components SDK Module
Import-Module 'C:\Program Files\Common Files\microsoft shared\Web Server
Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll'
# Verify that the Site Pages feature is no longer present in the Web
$web = $context.Site.OpenWeb($webUrl)
$features = $web.Features
$context.Load($features)
$context.ExecuteQuery()
if(($features | ? { $_.DefinitionId -eq $sitePagesFeatureIdString }).Count -eq 0)
{
Write-Host "The Site Pages feature has been successfully disabled"
}
else
{
throw "The Site Pages feature failed to be disabled"
}
5. Save the text file, and then change its extension. In this example, we name it SitePagesOut.ps1.
NOTE
You can use a different file name, but you must save the file as an ANSI-encoded text file whose extension is .ps1.
./SitePagesOut.ps1
NOTE
Read About Execution Policies and make sure you run the SharePoint Online Management Shell as an
administrator and the correct execution policy to run unsigned scripts.
4. Copy the following code and paste it into a text editor, such as Notepad.
# Load SharePoint Online Client Components SDK Module
Import-Module 'C:\Program Files\Common Files\microsoft shared\Web Server
Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll'
# Verify that the Site Pages feature is not present in the web
if(($features | ? { $_.DefinitionId -eq $sitePagesFeatureIdString }).Count -gt 0)
{
Write-Host "The Site Pages feature is already enabled in this web"
return
}
# Verify that the Site Pages feature is now present in the web
$web = $context.Site.OpenWeb($webUrl)
$features = $web.Features
$context.Load($features)
$context.ExecuteQuery()
if(($features | ? { $_.DefinitionId -eq $sitePagesFeatureIdString }).Count -gt 0)
{
Write-Host "The Site Pages feature has been successfully enabled"
}
else
{
throw "The Site Pages feature failed to be enabled"
}
5. Save the text file, and then change its extension. In this example, we name it SitePagesIn.ps1.
NOTE
You can use a different file name, but you must save the file as an ANSI-encoded text file whose extension is .ps1.
./SitePagesIn.ps1
As a global or SharePoint admin in Microsoft 365, you can allow or prevent site collection administrators from
connecting classic team sites to new Microsoft 365 groups. You can also use Microsoft PowerShell or the API to
connect sites to new Microsoft 365 groups.
NOTE
If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center
and open the Settings page.
If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the
SharePoint admin center and open the Settings page.
NOTE
If your organization has set up OneDrive and SharePoint Multi-Geo, site collection administrators can connect a site to a
new Microsoft 365 group only if the site's location matches the user's preferred data location.
Hybrid for SharePoint Server
3/23/2021 • 2 minutes to read • Edit Online