You have a SharePoint site containing sensitive data and you have set its search visibility to Do not index in site settings. Despite this restriction, the site still appears in search results for users who should not see it. This happens because SharePoint search visibility settings work on the site collection level while search results are also controlled by permissions and search schema configurations. This article explains why restricted search settings fail to hide a sensitive site and provides the precise steps to fix the issue so the site is truly hidden from search.
Key Takeaways: Why Restricted Search Does Not Hide a Sensitive Site and How to Fix It
- Site Settings > Search and offline availability: Setting Do not index only blocks the site from being crawled, but does not remove existing indexed content.
- SharePoint admin center > Search > Manage Search Schema: The DoNotIndex managed property must be mapped to the crawled property ows_DoNotIndexSite for the setting to take effect.
- SharePoint admin center > Search > Result Sources: Creating a custom result source that excludes sites with the DoNotIndex property ensures the site is hidden from search results entirely.
Why the Do Not Index Setting Does Not Hide a Sensitive Site
The Do not index setting in SharePoint site settings (Site Settings > Search and offline availability) tells the SharePoint search crawler to skip the site during the next crawl. However, this setting alone does not remove the site from the search index if it was already indexed. The site continues to appear in search results until the index is updated or the site is explicitly excluded from search queries.
SharePoint search uses a two-step process: crawling and indexing. When you set a site to Do not index, the crawler skips it on subsequent crawls. But the existing index entries for that site remain. Users with at least read permissions to the site can still find it in search results. For sensitive sites, this is a security concern because users who should not have access might see the site title, description, or summary in search results before they even attempt to open it.
Additionally, the DoNotIndex managed property must be correctly mapped to the crawled property that stores the site’s search visibility setting. If the mapping is missing or incorrect, the Do not index flag is not passed to the search index, and the site remains fully searchable regardless of the setting.
Steps to Fix Restricted Search and Hide a Sensitive Site
Step 1: Verify the Do Not Index Setting on the Site
- Open Site Settings
Navigate to the sensitive site and click the gear icon in the top right corner. Select Site Information and then click View all site settings. - Locate Search and Offline Availability
Under the Search section, click Search and offline availability. This page shows the current search visibility setting. - Select Do Not Index
Choose Do not index under Allow this site to appear in search results? and click OK. Wait for the next incremental crawl or request a full crawl from the SharePoint admin center.
Step 2: Check the DoNotIndex Managed Property Mapping
- Open SharePoint Admin Center
Go to SharePoint admin center and select Search from the left navigation menu. If you do not see Search, click More features and then Open under Search. - Manage Search Schema
Click Manage Search Schema. In the Managed Properties tab, search for DoNotIndex. Select it to view its mapping. - Verify the Crawled Property Mapping
Under Mappings to crawled properties, ensure that ows_DoNotIndexSite is listed. If it is not, click Add Mapping, enter ows_DoNotIndexSite, and click OK. Click OK to save the property.
Step 3: Create a Custom Result Source to Exclude the Site
- Access Result Sources
In the SharePoint admin center under Search, click Result Sources. Click New Result Source. - Configure the Result Source
Give the source a name like Sensitive Site Exclusion. Set the protocol to Local SharePoint. In the query text box, enter the following query:
NOT(DoNotIndex:1) path:https://yourtenant.sharepoint.com/sites/sensitivesite
Replace the URL with the exact URL of your sensitive site. This query tells SharePoint search to exclude any item that has the DoNotIndex property set to 1 and to exclude the entire site path.
- Set as Default for Web Parts
After saving the result source, configure any search web parts (like Search Results or Content Search) on the site where you want the exclusion to apply. Set the result source to the one you just created.
Step 4: Request a Full Crawl
- Start Full Crawl
In the SharePoint admin center under Search, click Search Administration. Under Content Sources, select the content source that includes your sensitive site (typically Local SharePoint sites). Click Start Full Crawl. This forces the search system to re-index all content and respect the Do not index flag. - Monitor Crawl Status
Wait for the crawl to complete. You can check the status under Crawl Log. Once finished, test by searching for the site from a user account that has no permissions to it. The site should no longer appear.
If SharePoint Still Shows the Sensitive Site After the Fix
Search Results Still Display the Site Title and Description
If the site still appears in search results after performing steps 1 through 4, the issue is likely that the search index still contains cached data. Run an additional full crawl after 24 hours. Also confirm that the DoNotIndex managed property is set to Queryable. In the Manage Search Schema page, select DoNotIndex and check the Searchable and Queryable checkboxes. Save the property and run another full crawl.
The Site Appears in SharePoint Hub Search Results
If the sensitive site is associated with a hub site, the hub search may still show it. Hub search uses its own result source. Create a separate result source for the hub site and apply the same exclusion query. Alternatively, remove the sensitive site from the hub association if it is not required.
Users with Limited Permissions Can See the Site in Search Previews
Search previews display snippets of content from the site. Even if the site is excluded from search results, cached previews might still appear. To clear previews, go to the SharePoint admin center > Search > Remove Search Results. Enter the site URL and click Remove Now. This removes the site from search results immediately without waiting for a crawl.
Do Not Index vs Permissions-Based Exclusion: Key Differences
| Item | Do Not Index Setting | Permissions-Based Exclusion |
|---|---|---|
| Effect on search results | Site is not crawled, but existing index entries remain until a full crawl | Site is indexed but only visible to users with permissions |
| Requires crawl | Yes, a full crawl is needed to remove existing entries | No, permissions are enforced in real time during query |
| Hides site from all users | Yes, after crawl completes | No, users with permissions still see it |
| Best for | Sites that should not be discoverable at all | Sites that need role-based access but should appear in search for authorized users |
After applying the fix, you can now hide a sensitive SharePoint site from search results completely. Verify the fix by searching as a user without permissions to the site. For further protection, consider setting the site to Private in the Microsoft 365 group settings and removing external sharing. An advanced tip: use the Remove Search Results feature in the admin center for immediate removal while the full crawl is in progress.