The Copilot Retrieval API is a Microsoft Graph API that apps can use to search Microsoft 365 locations to find information to ground user prompts. Grounding means that the apps use the information found by Copilot to add context to the queries they submit to a generative AI engine for processing. Although I don’t have an immediate purpose for the API, it provides a nice insight into how grounding works.
This article discusses the use of restricted site creation for third-party Entra ID apps. The feature has an allow or deny list to identify apps that can create new SharePoint Online sites. Controlling the set of apps that can create new sites contributes to limiting site sprawl and makes sure that every site has a real function. First-party apps like Teams are unaffected.
I’ve used a SharePoint alert to create an emailed daily digest of changes made to files in a document library for seven years. Microsoft plans to retire SharePoint Alerts in July 2026, and the race is on to find a replacement. Regretfully, neither Power Automate nor SharePoint Rules seem capable of generating an equivalent daily digest, perhaps because these solutions don’t handle the number of file versions created by AutoSave well.
If installed into a MIcrosoft 365 tenant, ChatGPT Enterprise apps can access SharePoint Online files, Exchange Online email and calendar, and Teams chats, messages, and tasks. The Entra ID apps created by ChatGPT have the necessary permissions to access information accessible to the signed-in user. Microsoft 365 Copilot can access more information, but being able to process files, emails, calendar items, and chats and channel conversations delivers access to a lot of Work IQ.
Company-wide sharing links allow any authenticated user account in a Microsoft 365 tenant to access a shared file or folder. New settings are available to create an expiration policy for company-wide sharing links, with different values supported for SharePoint Online and OneDrive for Business. The idea is to stop the potential for abuse of sharing links, including stale links that should not grant access to files and folders.
The Microsoft 365 Backup solution will soon be able to restore individual files and folders instead of complete sites. That’s a welcome upgrade to restore capabilities to cover situations like the inadvertent deletion of a file. It’s a wonder why Microsoft didn’t make more about this capability when they celebrated SharePoint’s 25th anniversary last week when they discussed departmental billing for Microsoft 365 Backup.
From July 2026. SharePoint Online and OneDrive for Business will use Entra B2B Collaboration (guest accounts) to control external access to shared files. This change has been coming since 2021, but it takes time for organizations to get their heads around changing the way to grant external access. It’s time to embrace guest accounts, and that means doing some work to manage guest accounts on an ongoing basis.
Microsoft celebrated the 25th anniversary of SharePoint with a batch of announcements, including AI in SharePoint, intended to help administrators to manage all aspects of SharePoint Online through natural language. Other interesting announcements included department-level payments for Microsoft 365 Backup and the renaming of the Connections app in Teams as the SharePoint app. Well, the last wasn’t that interesting…
Sensitivity labels offer great protection against unauthorized access, but sometimes files that aren’t encrypted escape from a document library. SharePoint Online can now use sensitivity labels configured with user defined permissions (UDP) to extend protection to downloaded files. The magic works by configuring permissions on download based on the membership of the user who downloads a file.
This article explains how to use scoped Graph permissions to restrict app access to lists and list items in SharePoint Online and OneDrive for Business sites. It’s a follow-up to other articles covering how to restrict app access to SharePoint Online sites and files. Scoping app access to specific objects is important because otherwise apps can access everything in SharePoint Online, and that isn’t good.
A code error allowed Copilot Chat to expose confidential email. Microsoft is fixing the problem, but it’s a reminder of how AI can expose information of Microsoft 365 tenants don’t use available features to restrict AI access. Those features need to be configured and deployed, but that doesn’t take much effort. It’s better than users complaining when Copilot exposes their most secret thoughts.
Microsoft released the beta version of the SharePoint Online create Site API for the Microsoft Graph in late November 2025. Since then, Microsoft has dropped one of the three site templates. Playing with the API, we’ve discovered that the API can certainly create sites but that the SharePoint Graph API misses a heap of features, like adding members to the new site. Oh well, one step forward…
Restricted Content Discovery (RCD) is a feature that blocks access by Microsoft 365 Copilot and agents to the files stored in a SharePoint Online site. Instead of relying on tenant administrators, site administrators can now enable or disable RCD. It’s a natural evolution of what is an essential feature to keep sensitive and confidential information being leaked inadvertently by AI.
MC1211579 (3 January 2026) announces the retirement of four legacy SharePoint compliance features in favor of Purview Data Lifecycle management and Records management. It’s always unsurprising when Microsoft chooses to remove old features developed for on-premises and replaces them with better online options, which is exactly what’s happening here. Some tenants might face additional licensing requirements for Purview.
Microsoft is launching version expiration policies in SharePoint Online for audio and video files. The approach is the same as used for intelligent versioning of Office files stored in SharePoint Online and OneDrive for Business and can be configured at the tenant, site, and document library level. If your tenant uses Clipchamp, this could be a way to save expensive SharePoint storage.
Microsoft has released a set of security benchmark recommendations for Microsoft 365 tenants that it calls baseline security mode. The recommendations cover authentication, file access, and Teams and the idea is that these are settings that Microsoft believes have proven their value over the years. The only criticism that you might have is about the potential clash for conditional access policies, but that’s not serious.
Paul Robichaux and I led a session about Microsoft 365 Compliance at the European SharePoint Conference in Dublin on December 2, 2025. During the session, we discussed how intelligent versioning works and its value in saving storage, priority cleanup and its ability to delete files even if the files are under retention hold, and the recent revamp of the Purview eDiscovery solution. We were thrilled at the attendance. Here’s what happened.
The latest versions of the SharePoint Online PowerShell module support app-only authentication (certificate-based authentication) for the Connect-SPOService cmdlet. In other words, applications can now connect to SharePoint Online to run administrative cmdlets by presenting a registered Entra ID app and an X.509 certificate instead of the credentials for a human SharePoint administrator. It’s a good change, even if I still prefer using the Graph APIs for SharePoint automation.
In January 2025, Microsoft changed the SharePoint folder location to store copies of the email sent to Teams channels. Apparently, this update improved security, but it’s unclear exactly how the improvement comes about unless through obscurity. In any case, we missed this change completely and are publishing this note to remind everyone else of the importance of reading message center posts.
OpenAI has launched a ChatGPT enterprise SharePoint Connector that allows organizations to synchronize files from SharePoint Online to ChatGPT. I could never understand why Microsoft 365 tenants allowed users to upload individual files from SharePoint or OneDrive to ChatGPT for processing. Using a connector to synchronize entire sites to ChatGPT makes even less sense, especially from a compliance perspective. I must be missing something!
An update for Chromium 141 can affect the ability of SharePoint Online and OneDrive for Business to access offline content, including files and lists and lead to degraded performance. The change is designed to improve user privacy, but some Microsoft 365 apps need browsers to be able to access local files, notably for OneDrive synchronization. Prepare by upgrading the OneDrive Sync client and distributing a new policy to workstations.
With not a little hype, Microsoft launched the SharePoint Knowledge Agent on September 18. Getting some AI help to organize sites sounds good, but only if the assistance delivered by the artificial intelligence does something useful. In this case, the agent generated some moderately interesting results without ever reaching the level of AI magic anticipated (and reported) by some.
Microsoft 365 Copilot now has some SharePoint skills to deploy in the SharePoint admin center. The problem is that the skills aren’t very good and don’t do much to help hard-pressed SharePoint Online administrators cope with the vast explosion of sites that exist in many tenants today. The problem is data. If Copilot doesn’t have the information to reason over, it can’t answer questions or give advice.
A new SharePoint Site content and policy comparison report is available to tenants with Microsoft 365 Copilot or SharePoint advanced management licenses. The idea is that you choose some reference sites to compare other sites against to detect deviations from the reference site. It seems like a good idea if you’re trying to impose standards to control Copilot. Unhappily, attempts at running the report turned up zero results.
Finally, Microsoft solved the technical issues that blocked SharePoint Online support for sensitivity labels with user-defined permissions (UDP). The feature is now generally available and it’s very welcome because support opens access for Office files and PDFs with UDP labels for search and Purview solutions like DLP and eDiscovery. Files with UDP labels applied prior to GA are not processed until they are edited, but that’s reasonable.
Purview Priority Cleanup is growing its capabilities to be able to process files stored in SharePoint Online and OneDrive for Business. Public preview begins in mid-August, and the solution should be generally available at the end of September 2025. Removing files without regard for retention holds is much more complicated than removing mailbox items. The question is who needs this feature and how will it be used?
In July, Microsoft plans to introduce an app consent policy to stop users granting access to third-party apps to their files and sites. Letting users grant unsupervised consent to third-party apps to access files stored in OneDrive for Business and SharePoint Online is a bad idea. There are certainly apps out there that need such access, but requiring one-time administrator approval is no hardship.
Copilot Studio Agents can use files as knowledge sources to reason over when they respond to user prompts. We explain how to use the monthly PDFs issued for the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell eBooks as knowledge sources. If you’ve got Microsoft 365 Copilot licenses, this is an interesting way to interact with the books.
After July 1, 2025, any sharing links generated with one-time passcodes (OTP) will stop working. Only links based on Entra ID B2B Collaboration will work. Users who lose access to content shared from SharePoint Online or OneDrive for Business will have to contact the original sharer to ask them to generate a new sharing link. Sounds like a recipe for confusion, which is what might happen.
An article by a company specializing in penetration tests raised some questions about how attackers might use Copilot for Microsoft 365 to retrieve data. The article is an interesting read and reveals how Copilot can reveal data in password protected Excel worksheets. However, many of the issues raised can be controlled by applying available controls, and the biggest worry is lhow the account being used to run Copilot came to be compromised!
Microsoft 365 users can connect their OneDrive for Business account to ChatGPT. This is not a great thing because it exposes the potential for sensitive corporate information to be exposed outside the organization. How can you block ChatGPT Access to OneDrive? The best way is to stop people from using the ChatGPT app. If that’s not possible, make sure to encrypt confidential files with sensitivity labels.
SharePoint Online will add support for files protected with user-defined permissions from March 2025. This step will enable support for Microsoft Search, DLP, eDiscovery, and content searches, but only for files processed by Microsoft Search. Processing happens automatically when new files are created or existing files are edited, so making all UDP-protected files searchable will take some time. Indexing doesn’t make UDP-protected files available to Copilot.
Microsoft 365 Archive will no longer charge fees to reactivate archived SharePoint Online sites after March 31, 2025. The good news might encourage higher use of Microsoft 365 Archive to store old but wanted material in a safe location while removing it from the view of apps like Microsoft 365 Copilot. The reduction in fees does not apply to archived OneDrive for Business accounts.
SharePoint Online is basically a big Azure SQL application. Custom columns for sites and libraries enhance metadata and are even better if they’re properly indexed to become searchable. This article explores how even non-SharePoint administrators can create, index, and search custom columns. The key thing is to take your time. SharePoint cannot be rushed!
The second part of the Azure Automation runbook primer brings us to output, specifically how to create items generated by a runbook in a SharePoint Online list. Once in the lists, items can be processed using Power Automate, Power Apps, or Power BI or exported to Excel. It’s a great way of capturing information generated by background jobs.
Microsoft released the SharePoint Pages API in mid-2024. This article describes how to create and publish a news item using cmdlets from the Microsoft Graph PowerShell SDK based on the API. The net result is that the API appears to work well but some problems are evident in the cmdlets. Or maybe it’s just my lack of knowledge!
SharePoint Online intelligent versioning uses algorithms to decide what file versions must be kept for file recoverability. Unwanted versions are discarded (trimmed). A notional 500 version limit applies when intelligent versioning is in force but if data lifecycle management (retention) is used, SharePoint cannot trim versions to keep within the 500 version threshold. Some change is needed to resolve the conflict.
The slew of product announcements at the Microsoft Ignite 2024 conference included lots about AI and Copilot. This article covers some of the more interesting announcements for Microsoft 365 tenants for Teams, SharePoint Online, and Purview. Many of the new features need high-end licenses or add-ons, but that doesn’t mean that the issues addressed by the technology should be ignored.
Intelligent versioning recently appeared in SharePoint Online. The purpose is to save storage by removing unnecessary versions. But retention policies and labels can stop the removal of versions. This article explains what happens when SharePoint Online attempts to trim (remove) unwanted versions of files under the control of retention policies and labels.
Copilot agents are part of Microsoft’s Wave 2 initiative launched in September 2024. Basically, an agent restricts Copilot queries to a defined set of content, meaning that the response generated by Copilot is much more precise and won’t be affected by information found in other sites. The wizard makes it very easy to create a new custom agent. Some features are missing, but they’re on the way.