CoreView Control for SharePoint policies

Description

This policy identifies SharePoint files stored in the Preservation Hold Library. It helps show how much storage is consumed by deleted files that are still being preserved and therefore continue to occupy space in the environment.

Impact on your tenant

Files stored in the Preservation Hold Library can continue to consume a meaningful amount of SharePoint storage even though they are no longer visible as active user content. Without visibility into these files and their storage consumption, it can be difficult to understand why part of the storage cannot be reclaimed through standard cleanup activities. This policy helps identify preserved deleted files that still contribute to storage usage, improving transparency into storage constrained by compliance or retention-related preservation.

Severity level

Informational

Remediation action

1. Generate a report containing the list of SharePoint files in the Preservation Hold Library
2. Send the report to the designated recipients

What you can configure

• Define when to send the report
• Choose the report format (Excel, CSV, PDF)
• Insert an additional message
• Choose the report recipient(s)
• Schedule the recurrence of the remediation action

Description

This policy scans all SharePoint items with unique permissions. It filters items where the “Last Modified Date” is older than the selected inactivity period of 60, 90, or 180 days.

Impact on your tenant

Neglected items with unique permissions may contain sensitive or outdated information and represent a potential security, compliance, or storage risk. Unused resources increase clutter, may incur unnecessary storage costs, and could be overlooked during incident or breach remediation.

Severity level

Warning

Remediation action

1. Generate a report containing the list of SharePoint items not modified in the past 60, 90, or 180 days
2. Send the report to the designated recipients

What you can configure

• Define when to send the report
• Choose the report format (Excel, CSV, PDF)
• Insert an additional message
• Choose the report recipient(s)
• Schedule the recurrence of the remediation action

Description

This policy identifies SharePoint files with unique permissions that are externally shared and grant “Can edit” access to guest users through sharing links. It helps admins quickly detect risky external edit access and, for each flagged item, focuses investigation on the “Link” tab, showing only external sharing links associated with Can edit permission.

Impact on your tenant

Granting “Can edit” rights to external users increases the risk of data modification, loss of version control, and potential compliance violations. If not managed, this configuration may lead to unintentional data leaks, unauthorized changes, and audit failures, making sensitive business content vulnerable.

Severity level

Warning

Remediation action

1. Send an approval email to: File creator / Site owners / Custom address, or skip the approval entirely
2. Based on the response, downgrade the access to: “Can view” / “Can't download” / “Remove access via sharing link”

What you can configure

• Type of access to be applied (Can view, can download, ...)
• Choose approval request recipient (File creator, site owners, custom address, no one)
• Edit request message
• Set time-out days (min: 1 day – max: 180 days)
• Set and customize completion email to send to approver once the action is completed
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This policy identifies SharePoint files with unique permissions that are externally shared and grant “Can edit” access to guest users through direct people-based sharing. It helps admins quickly detect risky external edit access and, for each flagged item, focuses investigation on the “People” tab, showing only external users with “Can edit”.

Impact on your tenant

Granting “Can edit” rights to external users increases the risk of data modification, loss of version control, and potential compliance violations. If not managed, this configuration may lead to unintentional data leaks, unauthorized changes, and audit failures, making sensitive business content vulnerable.

Severity level

Warning

Remediation action

1. Send an approval email to: File creator / Site owners / Custom address, or skip the approval entirely
2. Based on the response, downgrade the access to: “Can view” / “Can't download” / “Remove access via sharing link”

What you can configure

• Type of access to be applied (Can view, can download, ...)
• Choose approval request recipient (File creator, site owners, custom address, no one)
• Edit request message
• Set time-out days (min: 1 day – max: 180 days)
• Set and customize completion email to send to approver once the action is completed
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This policy scans all SharePoint items with unique permissions and identifies those with the selected sensitivity label that are shared externally via “Anyone” links.

Impact on your tenant

Failing to enforce this policy exposes sensitive information to the public internet via anonymous sharing links, risking leaks, regulatory non-compliance (for example GDPR or SOX), and reputational harm, especially when high-sensitivity documents are involved.

Severity level

Warning

Remediation action

1. Send an approval email to: File creator / Site owners / Custom address, or skip the approval entirely
2. Based on the response, delete the entire link

What you can configure

• Choose approval request recipient (File creator, site owners, custom address, no one)
• Choose a fallback email address if approver is not found
• Edit request message
• Set time-out days (min: 1 day – max: 180 days)
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This policy scans SharePoint files for version history and storage consumption. It identifies files where the number of versions and the related storage usage exceed the configured threshold.

Impact on your tenant

Files with excessive version histories consume unnecessary storage, can slow file access, and increase tenant storage costs. If not regularly managed, version sprawl can also increase retention and governance overhead.

Severity level

Warning

Remediation action

1. Send an approval email to: File creator / Site owners / Custom address, or skip the approval entirely
2. Based on the response, choose one of the options below:
   1. Delete older versions, keeping the last N (specify N)
   2. Delete versions in a range (specify the from/to values)

What you can configure

• Type the first and last version number of the range to delete
• Enter the number of the most recent versions to keep
• Choose approval request recipient (File creator, site owners, custom address, no one)
• Edit request message
• Set time-out days (min: 1 day – max: 180 days)
• Set and customize completion email to send to approver once the action is completed
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This policy identifies SharePoint files and folders with unique permissions applied. It helps detect items where inheritance has been broken and access is managed in a more granular and potentially less governable way than inherited access.

Impact on your tenant

Files and folders with unique permissions increase access governance complexity and make it harder to understand who has access to specific content. Over time, this can lead to fragmented permission models, reduced visibility, more difficult reviews, and a higher risk of oversharing or unintended access. This policy helps identify the content where inheritance has been broken so it can be reviewed and, where appropriate, restored.

Severity level

Informational

Remediation action

1. Generate a report containing the list of SharePoint items with unique permissions
2. Send the report to the designated recipients

What you can configure

• Define when to send the report
• Choose the report format (Excel, CSV, PDF)
• Insert an additional message
• Choose the report recipient(s)
• Schedule the recurrence of the remediation action

Description

This policy identifies SharePoint files with the highest storage consumption. It helps detect oversized files that may have a significant impact on SharePoint storage and may represent an opportunity for storage optimization.

Impact on your tenant

Large files can consume a disproportionate amount of SharePoint storage and quickly reduce available capacity for the rest of the environment. Without visibility into which files are driving storage growth, customers may struggle to understand where capacity is being used and which items should be reviewed first. This policy helps identify the most storage-intensive files so cleanup and optimization efforts can be prioritized.

Severity level

Informational

Remediation action

1. Send an approval email to: File creator / Site owners / Custom address, or skip the approval entirely
2. Based on the response, move files exceeding the size limit to the Microsoft recycle bin

What you can configure

• Choose approval request recipient (File creator, site owners, Tenant Admin, custom address, no one)
• Choose a fallback email address if the approver is not found
• Edit request message
• Set time-out days (min: 1 day – max: 180 days)
• Set and customize completion email to send to approver once the action is completed
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This policy identifies SharePoint sites currently in the recycle bin. It helps detect deleted sites that may still be consuming storage and may represent a reclamation opportunity if they are no longer needed.

Impact on your tenant

Deleted sites stored in the recycle bin can continue to consume a meaningful portion of SharePoint storage even though they are no longer active. If they are not retained for a valid business reason, they reduce available capacity and make storage optimization less efficient. This policy helps identify recoverable storage tied to deleted sites so retention or permanent removal decisions can be made.

Severity level

Warning

Remediation action

1. Send an approval email to: File creator / Site owners / Custom address, or skip the approval entirely
2. Based on the response, remove the site from the recycle bin (hard delete)

What you can configure

• Choose approval request recipient (Tenant Admin, creator, custom address)
• Edit request message
• Set time-out days (min: 1 day – max: 180 days)
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This policy identifies SharePoint sites that contain items with unique permissions and where the number of uniquely permissioned items exceeds a user-defined threshold. It helps identify sites where permissions are highly fragmented, inheritance is frequently broken, and access governance may be difficult to manage.

Impact on your tenant

A high number of uniquely permissioned items within a SharePoint site increases access governance complexity and makes it harder to understand who has access to what. Over time, this can lead to oversharing, inconsistent permission models, reduced visibility, and a higher risk of unauthorized or unintended access to content. This policy helps identify the sites most affected by permission fragmentation so review and monitoring can be prioritized.

Severity level

Warning

Remediation action

1. Generate a report containing the list of SharePoint sites with high permission sprawl as defined by the threshold
2. Send the report to the designated recipients

What you can configure

• Define when to send the report
• Choose the report format (Excel, CSV, PDF)
• Insert an additional message
• Choose the report recipient(s)
• Schedule the recurrence of the remediation action

Description

This policy identifies SharePoint files and folders that are still marked as having unique permissions, even though the manually added unique access has already been removed. These items remain unique only because inherited permissions are still duplicated. The policy helps identify content that is already ready for full inheritance restoration, so permissions can be simplified without further access review.

Impact on your tenant

Files and folders that remain uniquely permissioned after manual unique access has been removed continue to add unnecessary permission complexity. Keeping these items in a unique state makes the permission model harder to govern, increases fragmentation, and leaves content flagged for review even when it is already aligned with inherited permissions. This policy helps reduce permission sprawl with low-risk cleanup opportunities.

Severity level

Informational

Remediation action

Restore inheritance

What you can configure

• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action