Share via

Compare site policies with the site policy comparison reports for SharePoint sites

As a best practice, SharePoint admins should use the same security policies for similar sites. Usually, admins organize sites by department, location, or nature of content, and then apply consistent security settings. For example, a site containing legal contracts should have strict security measures, such as preventing external sharing, applying conditional access, restricting access to specific groups, and blocking downloads. However, when there are hundreds or thousands of sites, it can be challenging for SharePoint admins to find sites with similar content and ensure they all have the right security policies.

Now with the power of AI, you can select one or more reference sites as your baseline and compare them against up to 10,000 target sites. The AI identifies sites with similar content and highlights any differences in their policy settings compared to your reference sites. This report is called the "site policy comparison report."

What do you need to create site policy comparison reports?

To access the feature discussed in this article, your organization must meet specific licensing and administrative requirements.

What are the license requirements?

To use this feature, your organization must have one of the following base licenses:

  • Office 365 E5 or A5
  • Microsoft 365 E5 or A5

Additionally, you need at least one of these licenses:

  • Microsoft 365 Copilot license: At least one user in your organization must be assigned a Copilot license (this user does not need to be a SharePoint administrator).
  • Microsoft SharePoint Advanced Management license: Available as a standalone purchase.

Administrator requirements

You must be a SharePoint administrator or have equivalent permissions.

Additional information

If your organization has a Copilot license and at least one person in your organization is assigned a Copilot license, SharePoint administrators automatically gain access to the SharePoint Advanced Management features needed for Copilot deployment. The only SharePoint Advanced Management feature that's not included with Copilot is Restricted Site Creation.

For organizations without a Copilot license, you can use SharePoint Advanced Management features by purchasing a standalone SharePoint Advanced Management license.

How to create site policy comparison reports

To create site policy comparison reports, follow these steps:

  1. Locate the report: Sign in to the SharePoint admin center with the SharePoint administrator credentials for your organization. In the left pane, expand Reports and then select Site Policy configuration. Screenshot showing the Site Policy creation page in SharePoint admin center.

  2. Start creating the new report: Select the New report button to bring up the report wizard. You'll be guided through two steps to create your report. Watch for the callout that explains what "Similarity of content" means—the system looks at up to 5 of the most recently used files in your chosen site or sites and compares them semantically to files in the target sites. Screenshot showing the site policy comparison report overview with step 1 of reference sites, step 2 of target sites, and the similarity of content call-out.

  3. Select the reference sites: On the Reference sites page, pick up to 5 reference (input) sites that will serve as the basis for your comparison. Choose a site that contains files with similar types of content, such as contracts, agreements, statements of work, or project specifications. If the files in your reference site aren't alike, the matching results may not be as accurate. Screenshot showing the reference site selection page where administrators can choose one or more sites to serve as the baseline for policy comparison.

  4. Select the scope of comparison: On the Scope page, pick which sites to compare, known as the "target" sites. You can compare up to 10,000 target sites. There are two ways to provide information about the target sites.

    1. As the first option, the admin can select specific site properties, and only the top sites that match those properties will be included in the comparison. Screenshot showing the scope selection page where administrators can filter target sites by properties like site type, creation date, and sensitivity label.
    2. Another option is to upload a CSV file with site URLs. The CSV file should have a header named "SiteURL" and contain the URLs of the target sites you want to compare. You can download a sample CSV file from the Set scope page. Screenshot showing the option to upload a CSV file containing site URLs for target sites.

Note

For comparison, only the top 10 recently used files in a site for both reference sites and target sites.

  1. Name the report: On the Report name and review page, provide an appropriate name for the report, review your reference sites and target sites. Then select Finish. Screenshot showing the report naming and review page where administrators can name the report and review selected reference and target sites. Screenshot showing the site policy comparison report in progress with status indicating the report is being generated.

    The report is now placed in a queue for processing. For large number of sites, it can take up to 48 hours to finish processing and generate the report. Screenshot showing the site policy comparison report in queue status while waiting to be processed.

How to read the site policy comparison report

Let's use the following sample report to understand the different sections of the site policy comparison report, and what each part means. Screenshot showing a sample site policy comparison report with total sites analyzed, sites with high similarity, and policy mismatches identified. This report displays sites that have been semantically matched with your reference site or sites and got a "similarity" score of 80% or higher. While the visual report shows the top 100 matched sites, you can download a complete list of all matched sites as a CSV file.

In this example:

  • Total sites analyzed: 1,300 sites were included in the comparison scope
  • Sites with high similarity: 150 sites got a similarity score of 80% or higher
  • Policy mismatches identified: 60 sites have one or more policy settings that differ from the reference site or sites

Policies included in the comparison

The report compares five key security policies across your sites:

  1. Sensitivity label: The sensitivity label applied to the site
  2. External sharing: Whether external users can access the site
  3. Conditional access: Access restrictions based on conditions like location or device
  4. Block download: Whether users are prevented from downloading files
  5. Restricted site access: Access limited to specific groups or users

The report helps you quickly identify sites with similar content but different security policies. This ensures you can apply consistent policies across your organization.

To investigate policy differences:

  • Look for exclamation marks (!) that highlight policy mismatches
  • Select the site name to examine its content and settings
  • Navigate to the Active sites page in SharePoint admin center for additional management options

Limitations

  • Maximum sites: You can include up to 10,000 sites in the target scope for comparison.
  • Site access review: Currently, you can't initiate a site access review from this report.