Compare Site Security Policies in SharePoint Admin Center 

We all know the mantra: consistent security policies for similar sites. However, keeping security settings consistent across them is not an easy task. A site storing sensitive legal contracts should have the same ironclad security as any other handling similar data — no external sharing, strict conditional access, downloads blocked… the full lockdown. 

But the problem is you’re a human, not a superhero with X-ray vision. Even if you organize sites by department or region, managing hundreds (or thousands) of them and ensuring each one’s secured properly is exhausting. 

But what if I told you there’s a powerful new feature that automatically spots sites with similar content and instantly flags every policy mismatch for you? 

That’s exactly what the new Site Policy Comparison Reports in SharePoint do. 

Why Compare Site Policies? 

Take a moment to picture your SharePoint environment. 

You’ve probably got sites for HR, Finance, Legal, Projects, and Operations — each serving a different purpose. Over time, they grow, people change, and settings start to drift. 

Now imagine this: your Legal site is locked down tight (as it should be), but someone creates a new Contracts Collaboration site that accidentally allows external sharing. Suddenly, a confidential file could slip through the cracks just because one site wasn’t configured like the other. 

These little inconsistencies can turn into big security risks. Even the most organized admin teams struggle with this. You can have the best policies and checklists, but when you’re dealing with thousands of sites, manual checks just don’t scale. 

You might catch yourself asking — 

• Do all HR sites have external sharing turned off?
• Are Finance sites using the right sensitivity labels? 
• Did someone create a project site without conditional access? 

You could spend hours exporting reports, filtering CSVs, and comparing settings. Or, you could let the new AI-powered Site Policy Comparison Report do it for you, in just minutes. 

The Site Policy Comparison Reports in SharePoint 

The idea behind this feature is simple: ensure sites with similar content follow the same security standards. 

Using the power of AI, SharePoint analyzes site content and compares its security settings against a baseline, your trusted reference sites. 

Here’s how it works in simple terms: 

• You choose one or more reference sites, the ones with the perfect, ideal security setup. 
• Then, you pick your target sites up to 10,000 of them. 
• The AI scans the most recently used files, looks for content similarities, and then flags any sites that look alike in content but differ in policy. 

For example, if your “Legal Contracts” site is the reference, the report identifies other sites holding similar content (like agreements or NDAs) and instantly highlights the ones that don’t have matching policies, like those still allowing downloads or external sharing. 

How to Create Site Policy Comparison Reports  

Before you can make use of the AI-powered site policy comparison reports, your organization needs to meet a couple of straightforward requirements. Before jumping in, make sure your org has the right licenses and permissions. You’ll need either:

• A Microsoft 365 Copilot license (just one person in your org needs it — doesn’t even have to be the SharePoint admin), or
• A SharePoint Advanced Management (SAM) license (available as a standalone).

If you have a Copilot license, then make sure you are a SharePoint administrator or have equivalent permissions. 

1. Go to your SharePoint Admin Center. 

2. From the left pane, expand Reports → then select Site Policy configuration. 

 

3 . You’ll see the option to select New report to launch the wizard.

4 . This is the most critical step. You need to pick between one and five reference sites— these will serve as your baseline for comparison. 

For example: 

• A Legal Contracts site 
• A Finance Approvals site 
• An HR Onboarding site 

Pro-Tip: Choose sites with highly similar content. If your reference site has a mix of legal contracts, marketing material, and HR memos, the AI won’t know which content type to prioritize. The system will look at up to five of the most recently used files in your chosen site(s) and use them for the semantic comparison. The more consistent the content in your reference sites, the more accurate your matches will be! 

5 . Choose Your Target Sites (Scope of Comparison): Now you need to tell the system which sites to compare against your reference. You can compare up to 10,000 target sites, perfect for large environments! You have two excellent options here: 

• Filter by site properties: You can filter by Site Type (e.g., all Team Sites), Creation Date, or even Sensitivity Label if you want to focus on a specific bucket OR 
• Upload a CSV file: If you already have a list of sites you suspect need review (perhaps sites tied to a specific project or department), simply upload a CSV file containing the site URLs under a header named “SiteURL.” 

Note: Only the 10 most recently used files from each site are analyzed during comparison, so make sure your recent activity represents the site’s usual content. 

6 . Name and Review Your Report: Once you’ve selected the reference and target sites: 

• Give your report a meaningful name (like “Legal Policy Comparison Q3”). 
• Review your selections. 
• Click Finish. 

Now, sit back and relax. The report is placed in a queue. For a massive comparison scope, it can take up to 48 hours to process, You’ll see its status as “in progress” while it’s being generated. But trust me, the wait is worth it! 

How to Read the Site Policy Comparison Report 

Once the report is complete, it provides an immediate, high-level snapshot of your environment’s policy health based on your reference sites. Let’s look at an example to understand what you’re seeing: 

Metric	Example Value	Meaning
Total sites analyzed	1,300	How many target sites were checked?
Sites with high similarity	150	Sites with 80% or higher content similarity to your reference sites.
Policy mismatches identified	60	How many of those similar sites have policy settings that differ from your baseline?

The report displays a visual list of the top matched sites (up to 100), but you can always download a complete CSV file of all matched sites. Let’s say your report analyzed 1,300 sites in total. 

• 150 sites got a similarity score of 80% or higher.
• 60 of those had one or more policy mismatches.

This instantly tells you: 60 of your content-similar sites might need policy corrections. 

Security Policies Compared in the Report 

The report zeroes in on the most critical security settings that control access, data flow, and compliance. It compares five key policies across your sites: 

1. Sensitivity label – Ensures consistent classification (like Confidential, Internal, etc.) across similar-content sites. 
2. External sharing – Checks if sharing is enabled where it should be locked down. 
3. Conditional access – Verifies whether access rules based on location or device are applied uniformly. 
4. Block download – Confirms users can’t download files from sensitive sites.
5. Restricted site access – Ensures only the right groups or people have access. 

In the report, you’ll see a column for each of the five policies. Look for the exclamation marks (!)—these instantly highlight a policy mismatch! You can then: 

• Click the site name to open it directly.
• Review its content and settings.
• Or jump to the Active sites page in the SharePoint admin center to fix the policy.

The AI tells you exactly where the gaps are, allowing you to fix 60 policy inconsistencies in a fraction of the time it would take to find even one manually. By comparing site policies, you can: 

• Prevent misconfigurations that could lead to data leaks.  
• Keep your security posture consistent across departments.  
• Save hours of manual auditing and cross-checking. 
• Gain AI-driven insights into sites that are alike not just by name, but by actual content. 

This moves you from reactive security management to proactive, policy-driven compliance. And also frees you up to focus on applying the fixes, not finding the problems. 

Limitations (For Now) 

A few things to note: 

• You can compare up to 10,000 sites at a time.
• You can’t initiate a site access review directly from the report yet.
• The system looks only at the most recently used 10 files per site, so heavily inactive sites might not produce meaningful results.

Still, considering the time it saves and the visibility it gives, this feature is a huge step forward. 

Take Control of Your SharePoint Security 

For years, we’ve relied on careful naming conventions, manually applied sensitivity labels, and a whole lot of hoping. Now, with the power of AI, we can use the actual content of the sites to drive our security decisions. 

The Site Policy Comparison Report is like giving your SharePoint admin center a brain. It’s an easy-to-use, incredibly powerful tool that helps you enforce consistent security across your organization, making your environment more compliant, more secure, and infinitely easier to manage. 

So, go ahead: sign in, create your first report using a rock-solid reference site, and see how many policy mismatches the AI can find for you. You might be surprised—and incredibly relieved- by what you uncover.