MC1198075 – Site attestation policy is now generally available

Product:

Microsoft 365 admin center, SharePoint

Platform:

Online, World tenant

Status:

Change type:

New feature, Admin impact

Links:

Details:

Summary:
Site attestation policy is now generally available, enabling SharePoint admins to require site owners to periodically verify site ownership, membership, and sharing settings. This helps reduce compliance risks and prevent oversharing. The feature is off by default and requires admin setup with configurable enforcement actions.

Details:
[Introduction]
Empower your organization with proactive governance. The new site attestation policy ensures that site owners regularly validate critical details like ownership, membership, and sharing settings. By automating periodic reviews and enforcement actions, this policy helps reduce compliance risks, prevent oversharing, and maintain a secure, well-governed SharePoint Online experience.
[When this will happen:]
This feature is now generally available to all customers.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-12-18

updated:
2025-12-18

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Increased Compliance Risks
Without proper preparation, site owners may overlook the need to verify site ownership and sharing settings, leading to potential compliance violations and data oversharing.
   - roles: SharePoint Administrators, Site Owners
   - references: https://learn.microsoft.com/sharepoint/request-site-attestations

User Experience Disruption
If the site attestation policy is enabled without prior communication, site owners may be caught off guard by unexpected prompts, leading to confusion and frustration.
   - roles: Site Owners, End Users
   - references: https://learn.microsoft.com/sharepoint/request-site-attestations

Operational Inefficiencies
Failure to configure enforcement actions properly may result in unaddressed non-compliance, leading to operational inefficiencies and potential data management issues.
   - roles: SharePoint Administrators, Compliance Officers
   - references: https://learn.microsoft.com/sharepoint/request-site-attestations

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Compliance Management
Implementing the site attestation policy will streamline compliance management by ensuring that site owners regularly validate site details. This reduces the risk of oversharing sensitive information and enhances overall governance.
   - next-steps: Train SharePoint admins on how to configure and enforce the site attestation policy. Develop a timeline for periodic reviews and establish clear communication channels for site owners regarding their responsibilities.
   - roles: SharePoint Administrators, Compliance Officers, IT Governance Managers
   - references: https://learn.microsoft.com/sharepoint/request-site-attestations

Automated Risk Mitigation
By automating the periodic review of site ownership and sharing settings, the organization can proactively mitigate risks associated with data exposure and ensure that only authorized personnel have access to sensitive information.
   - next-steps: Identify critical sites that require attestation and prioritize their review. Set up automated reminders for site owners and configure enforcement actions for non-compliance to enhance accountability.
   - roles: SharePoint Administrators, Site Owners, Risk Management Teams
   - references: https://learn.microsoft.com/sharepoint/request-site-attestations

Improved User Experience
Regular prompts for site owners to confirm their site's details can enhance user engagement and awareness regarding site governance, leading to a more secure and organized SharePoint environment.
   - next-steps: Gather feedback from site owners on the attestation process to identify areas for improvement. Update internal documentation to provide clear guidance on the attestation process and its importance.
   - roles: Site Owners, User Experience Designers, IT Support Staff
   - references: https://learn.microsoft.com/sharepoint/request-site-attestations

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

The site attestation policy for SharePoint is a new feature that allows administrators to ensure that site owners regularly check and confirm important details about their sites. Think of it like a regular health check-up for your SharePoint sites. Just as you might visit a doctor to confirm everything is functioning well with your health, site owners are prompted to verify details such as who owns the site, who has access to it, and how information is being shared.

This process helps to keep everything in order and reduces the risk of sharing sensitive information with the wrong people. It's like ensuring that only the right people have the keys to your office, preventing any unauthorized access. The feature is not automatically turned on, so administrators need to set it up. They can also decide what happens if site owners don't complete these checks, such as limiting access to the site or archiving it.

The goal is to maintain a secure and well-organized SharePoint environment, similar to keeping a tidy and secure office space. By implementing this policy, organizations can ensure that their digital spaces are as well-managed as their physical ones.