As a SharePoint administrator, you need a consistent process when users request new sites. Without a governance checklist, sites can be created with excessive permissions, no owner contact information, and no content retention rules. This leads to sprawl, security risks, and compliance gaps. This guide provides a complete governance checklist you can implement for every new SharePoint site request. You will learn what items to include, how to enforce them using policies, and how to avoid common setup mistakes.
Key Takeaways: Governance Checklist for New SharePoint Sites
- Site request form with business justification: Captures purpose, owner, and expected lifespan before creation.
- SharePoint admin center > Active sites > Policies: Apply site lifecycle, external sharing, and retention policies at creation time.
- Site owner training and secondary owner assignment: Prevents orphaned sites and ensures ongoing management.
What a Governance Checklist for New SharePoint Sites Covers
A governance checklist is a set of required steps and approvals that must be completed before a new SharePoint site is created. It ensures every site aligns with your organization’s security, compliance, and operational standards. The checklist typically includes a site request process, approval workflow, permission configuration, content retention settings, and an owner training requirement.
Prerequisites for using this checklist: You need SharePoint admin permissions to view the SharePoint admin center. You also need access to Microsoft 365 admin center for user and group management. If you use Microsoft Teams, understand that Teams-connected SharePoint sites follow the same governance rules but are created through Teams provisioning.
Why a Checklist Is Necessary
Without a checklist, site creators may set overly permissive sharing links, fail to assign secondary owners, or store sensitive data without retention labels. A checklist enforces consistency. It also provides an audit trail for compliance reviews.
Who Should Use This Checklist
This checklist is designed for SharePoint administrators, compliance officers, and IT governance teams. Site owners should also be aware of the checklist requirements so they can provide the necessary information during the request phase.
Steps to Build and Apply a Governance Checklist for New Sites
Follow these steps to create and implement a governance checklist for every new SharePoint site. The steps assume you have SharePoint admin center access and the ability to create Microsoft 365 groups.
- Create a site request form in Microsoft Forms or Power Apps
Include fields for site name, description, business justification, expected lifespan, primary owner, secondary owner, department, and sensitivity level. Require approval from a manager or compliance officer before the request moves forward. - Set up an approval workflow using Power Automate
When a form is submitted, trigger a Power Automate flow that sends an approval request to the designated approver. If approved, the flow can automatically create a SharePoint site using a REST API call or a template. If rejected, send a notification to the requester with the reason. - Define default site permissions in the SharePoint admin center
Go to SharePoint admin center > Policies > Sharing. Set the default sharing link type to “People with existing access” or “Specific people” to prevent external sharing by default. Override per site only when business need is documented. - Apply a site lifecycle policy
In SharePoint admin center > Policies > Site lifecycle, create a policy that automatically notifies owners after 90 days of inactivity. Set the policy to send an email to the owner. If no response, move the site to read-only and then delete it after 180 days. - Assign retention labels to the site’s default document library
In Microsoft Purview compliance portal, create a retention label for each site type (e.g., “Project – 3 years”, “HR – 7 years”). Apply the label to the site’s default document library using a PowerShell script or a Power Automate flow triggered on site creation. - Require two site owners
During site creation, enforce that at least two distinct users are listed as site owners. This prevents orphaned sites when one owner leaves the organization. You can validate this in your Power Automate flow before provisioning. - Send a welcome email with governance rules to site owners
Use Power Automate to send an email that includes the site URL, owner responsibilities, sharing guidelines, and a link to your internal governance documentation. Include the site’s expected expiration date. - Audit new sites monthly
Run a PowerShell script or use SharePoint admin center > Reports > Site usage to review all sites created in the last 30 days. Verify that each site has two owners, a retention label, and no external sharing enabled without approval.
Common Mistakes When Implementing a Governance Checklist
Even with a checklist, administrators can overlook important details. Here are the most frequent issues and how to avoid them.
Site Owners Are Not Trained on Their Responsibilities
Many governance checklists require owners to be assigned but do not include a training step. Without training, owners may not know how to manage permissions, add members, or set expiration dates. Include a mandatory 15-minute training session or a recorded video in the welcome email. Track completion using Microsoft Lists or a separate Power Automate flow.
Retention Labels Are Not Applied Automatically
Manually applying retention labels to each new site is error-prone and time-consuming. Use a PowerShell script or a Power Automate flow that runs on site creation to apply the correct label based on the site type. Test the automation on a test site first.
External Sharing Settings Are Not Enforced at the Tenant Level
If your tenant allows external sharing by default, individual site owners can enable it without approval. Change the tenant-level sharing setting to “Existing guests” or “Only people in your organization” in SharePoint admin center > Policies > Sharing. Then allow site owners to request exceptions through a separate approval flow.
No Process for Site Closure or Deletion
Sites that are no longer active accumulate content and licensing costs. A lifecycle policy addresses this, but many administrators skip this step. Create a site lifecycle policy as described in step 4 of the checklist. Also, include a manual review trigger when a site owner submits a deletion request.
Team Site vs Communication Site: Governance Checklist Differences
| Item | Team Site | Communication Site |
|---|---|---|
| Primary use | Collaboration with a Microsoft 365 group | Broadcast information to a large audience |
| Default permissions | Group members are site members | Site visitors have read access by default |
| External sharing | Controlled by Microsoft 365 group settings | Controlled by site sharing settings |
| Owner requirement | Two group owners recommended | Two site owners recommended |
| Retention label | Apply to group mailbox and site | Apply to site only |
| Lifecycle policy | Group inactivity triggers site archiving | Site inactivity triggers policy |
Use a single checklist template that adapts based on the site type. For team sites, include steps for group management. For communication sites, focus on audience targeting and approval workflows for content publishing.
Now you can build a governance checklist that covers site request, approval, permission configuration, retention, and owner training. Start by creating the site request form in Microsoft Forms and the approval flow in Power Automate. Then apply the lifecycle policy and retention labels. For advanced control, use PowerShell to automate the checklist validation across all new sites each month. Remember to review the checklist quarterly to keep it aligned with your organization’s changing compliance requirements.