SharePoint Site Hygiene Analysis: Inactive, Ownerless, and Duplicate Sites

SharePoint sprawl is one of the most common governance problems in Microsoft 365 tenants. Over time, project sites outlive their projects, owners leave the company, and teams create near-duplicate sites because they can't find the original. The result is storage bloat, confused end users, stale content surfacing in search, and compliance risk from orphaned data.

This recipe scans every non-personal SharePoint site in the tenant and flags three classes of hygiene issues:

• Inactive sites — no modifications in the last 90 days (configurable).
• Ownerless sites — no user currently holds the Owner permission, which blocks self-service governance and membership changes.
• Likely duplicates — sites with identical or near-identical display names, a strong indicator of redundant workspaces.

The output is a CSV report with a recommended disposition (Archive, Review, or Reassign Owner) for each flagged site, giving you the raw material for a governance review cycle.

Run this quarterly, before storage-quota renewals, or ahead of a tenant-to-tenant migration.

After completing this recipe you will have:

• A full inventory of SharePoint sites in the tenant (excluding OneDrive personal sites).
• A CSV report (SharePoint_Hygiene_Report.csv) listing every site with one or more issues, including URL, current owners, last-modified date, detected issues, and a recommended action.
• Counts of total sites analyzed and total sites flagged for reporting to stakeholders.
• A prioritized list of candidates to archive (inactive), reassign (ownerless), or consolidate (duplicates).

The report is designed to be handed directly to a governance steering committee or the site business owners for disposition sign-off.

Important considerations

• Do not auto-delete based on this report. lastModifiedDateTime on a site can lag behind real user activity (e.g., file views without edits). Always require human sign-off before deletion.
• Anonymized reporting. By default, M365 admin reports conceal user and site names. If your hygiene data comes back with obfuscated names, disable concealment in Microsoft 365 Admin Center → Settings → Org settings → Reports, or PATCH /admin/reportSettings to set displayConcealedNames=false.
• Legal hold and retention. Sites under eDiscovery hold or a retention policy must not be archived or deleted without consulting Compliance, even if flagged as inactive.
• Duplicate detection is heuristic. Name-based matching will produce false positives (e.g., "HR" as a common prefix). Treat duplicate flags as candidates for review, not confirmed redundancy.
• Ownership via permissions vs. group owners. Microsoft 365 group-connected sites derive owners from the backing group. The site-permissions endpoint may show Owner roles differently than the group's owner list — cross-reference both when a site is flagged ownerless.
• API throttling. Large tenants (>1,000 sites) will hit Graph throttling. Implement exponential backoff on 429 responses.