The first three posts in this series have covered the mechanics of storage in Microsoft 365 — how the pooled model works, what version history does to your quota, how archiving and backup options compare, and how retention policies interact with your ability to manage and delete content. This final post steps back from the operational detail and looks at the governance question: how do you build a storage management approach that is proactive rather than reactive, scalable rather than ad hoc, and resilient enough to handle what is coming next?
Because something is coming next. Microsoft Copilot for Microsoft 365 is changing how content is created, how much of it there is, and how quickly it accumulates. If your storage governance has not accounted for that, it needs to.
Series: Managing Storage in Microsoft 365 — Part 4 of 4. This post covers storage governance, the impact of Copilot, and building a sustainable long-term strategy. Part 1 covers fundamentals and version history. Part 2 covers archiving and backup. Part 3 covers compliance, retention, and GDPR.
Why Storage Governance Fails
Storage problems in Microsoft 365 are almost always content governance problems in disguise.
The storage itself is usually adequate. What is inadequate is the set of decisions, policies, processes, and ownership structures that determine how storage is consumed, monitored, and managed over time.
Storage governance fails for a few predictable reasons:
No one owns it. Storage sits at the intersection of IT operations, compliance, and business unit content management. In practice this often means it sits in a gap between all three, with no team taking clear ownership of monitoring, policy, or remediation.
It is treated as an infrastructure problem rather than a content problem. Expanding the storage quota is easier than addressing the underlying content management behaviour that is filling it. Organisations buy more storage, the same behaviour continues, and the problem recurs on a larger scale.
Policies exist but are not enforced. Many organisations have document retention schedules, version history limits, and archiving policies on paper. Without the automation and tooling to enforce them at scale, they remain aspirational rather than operational.
There is no baseline. Without a clear picture of current storage consumption by site, library, content type, and owner, it is impossible to make prioritised decisions about where to focus remediation effort.
Building a Storage Governance Framework
A workable storage governance framework for Microsoft 365 does not need to be complex. It needs to be clear, consistently applied, and supported by enough automation to reduce the manual effort required to maintain it.
1. Establish Ownership
Every SharePoint site should have at least one clearly identified business owner and one technical owner or steward, responsible not just for site permissions and lifecycle but for storage consumption. Site owners should receive regular reports on their site's storage usage and should be accountable for acting on them.
At the tenant level, a storage governance role or function should be responsible for:
- Monitoring overall tenant storage consumption and trends
- Managing storage-related policies — version limits, archiving rules, retention schedules
- Escalating sites that consistently exceed consumption thresholds
- Coordinating with compliance and legal on retention policy scope
Budget ownership matters too. Storage consumption should have a financial owner as well as an operational one. Where organisational chargeback or showback models exist, making business units aware of the cost implications of storage growth, version sprawl, and unmanaged inactive sites can be a powerful driver of better content management behaviour.
2. Define Policies and Limits
Storage governance requires a defined set of policies that establish what is acceptable. At minimum this should include:
Version history limits. A version limit of 100 major versions is a reasonable default for most libraries. High-activity libraries — those used for active project document collaboration — may warrant a lower limit of 20–50 during the active phase of a project. Intelligent Versioning in SharePoint Online adjusts version retention automatically based on age and activity and is worth evaluating for most libraries as a baseline control, though some regulated environments may require fixed version retention settings.
Inactive site thresholds. Sites that have had no activity for six months or more should be flagged for review. Sites with no activity for twelve months are candidates for archiving or decommissioning. Microsoft 365 Admin Center provides inactive site reports, and SharePoint lifecycle management capabilities can automate owner notifications, inactivity reviews, and in some scenarios support archival workflows — though availability varies depending on licensing and configuration.
Maximum site storage quotas. Applying explicit storage quotas to individual SharePoint sites — rather than relying on the shared tenant pool — gives site owners visibility into their consumption and creates a natural trigger for review when limits are approached.
Archiving criteria. Define what makes a site or document library a candidate for Microsoft 365 Archive. The criteria used in Part 2 of this series — six months of inactivity, content older than a defined threshold, project sites for completed projects — provide a starting point that should be adapted to your organisation's content lifecycle.
3. Automate Monitoring and Reporting
Manual storage audits do not scale. A governance framework that relies on someone periodically running a report and emailing the results will degrade over time as competing priorities take precedence.
PnP PowerShell provides the building blocks for automated storage reporting. A scheduled script that runs weekly or monthly and produces a storage report by site — with flags for sites approaching quotas, sites with high version counts, and inactive sites — gives governance owners the information they need without manual effort.
A basic tenant storage report:
$clientId = ""
Connect-PnPOnline -Url "https://tenantName-admin.sharepoint.com" -ClientId $clientId -Interactive
$sites = Get-PnPTenantSite -IncludeOneDriveSites:$false |
Select-Object Url, StorageUsageCurrent, StorageQuota, LastContentModifiedDate, Owner
$report = $sites | ForEach-Object {
$percentUsed = if ($_.StorageQuota -gt 0) {
[math]::Round(($_.StorageUsageCurrent / $_.StorageQuota) * 100, 1)
} else { 0 }
$daysSinceActivity = if ($_.LastContentModifiedDate) {
(New-TimeSpan -Start $_.LastContentModifiedDate -End (Get-Date)).Days
} else { 999 }
[PSCustomObject]@{
Url = $_.Url
StorageMB = $_.StorageUsageCurrent
QuotaMB = $_.StorageQuota
PercentUsed = $percentUsed
DaysSinceActivity = $daysSinceActivity
Owner = $_.Owner
Flag = if ($percentUsed -gt 80) { "High Usage" }
elseif ($daysSinceActivity -gt 180) { "Inactive" }
else { "" }
}
}
$report | Sort-Object PercentUsed -Descending |
Export-Csv -Path "StorageReport_$(Get-Date -Format 'yyyyMMdd').csv" -NoTypeInformation
Write-Host "Report saved. Sites flagged: $(($report | Where-Object { $_.Flag -ne '' }).Count)"This gives you a weekly snapshot you can act on — sites at risk, sites that are inactive, and an overall picture of tenant storage health.
Organisations licensed for SharePoint Advanced Management can further automate lifecycle reviews, inactive site identification, ownership validation, and archiving workflows — extending the capabilities available through standard SharePoint administration.
4. Build a Review Cycle
Governance without review is not governance. A storage review cycle — quarterly at minimum — should cover:
- Current tenant storage consumption against quota and trend
- Sites flagged in the automated report that have not been actioned
- Retention policy scope review — are policies still appropriately scoped?
- Version limit compliance — are the defined limits actually in place across the estate?
- Archive candidates identified and progressed
The output of each review should be a short action list with named owners and deadlines. Without this, the review becomes an information exercise rather than a governance exercise.
Copilot for Microsoft 365 and Storage
Microsoft Copilot for Microsoft 365 is accelerating content creation in ways that have direct storage implications. When Copilot generates a document draft, summarises a meeting, creates a PowerPoint from a prompt, or produces a Teams meeting transcript, it creates content — content that lands in SharePoint, OneDrive, or Exchange and counts toward your storage quota.
The specific areas to watch:
Meeting transcripts and recordings. Teams meeting recordings are stored in OneDrive by default for non-channel meetings, or in SharePoint for channel meetings. With Copilot enabled, organisations often choose to increase the use of recordings and transcripts because they improve the quality and usefulness of meeting summaries and post-meeting analysis. A one-hour meeting recording can consume hundreds of megabytes to multiple gigabytes depending on video quality, participant count, and recording settings. At scale, across an organisation where meetings are recorded by default, this creates significant storage pressure.
Copilot-generated document drafts. Content generated or substantially rewritten by Copilot creates new versions of existing documents. Each Copilot interaction that saves a file creates a version. In high-activity environments, the version growth from Copilot-assisted editing can exceed the version growth from human editing alone.
Loop components and Copilot Pages. Microsoft Loop components — collaborative blocks that can be embedded in Teams chats, Outlook emails, and other surfaces — are stored in SharePoint. Copilot Pages are stored within Microsoft 365 and contribute to an organisation's overall content footprint, making them another consideration for storage governance.
What this means for governance. Copilot adoption should trigger a review of version history limits, meeting recording retention policies, and overall storage projections. Organisations deploying Copilot without adjusting their storage governance model will see accelerated consumption that catches them off guard.
Specifically:
- Set a retention policy for Teams meeting recordings — 90 days is a common default for non-critical meetings, with longer retention for recorded training sessions or significant business meetings
- Review version history limits on libraries where Copilot is actively used and consider tightening them
- Evaluate and enable Intelligent Versioning where appropriate — it is better equipped to handle the volume of versions that Copilot-assisted editing generates than static version limits
- Include Copilot-related storage in your tenant storage projections when planning quota purchases or PAYG billing
The Role of Sensitivity Labels in Storage Governance
Sensitivity labels — applied via Microsoft Purview — are primarily a data protection tool, but they also have a role to play in storage governance. Content labelled as Confidential or Highly Confidential may have different retention and archiving requirements than unlabelled content. Building sensitivity label awareness into your storage governance framework means you can:
- Apply stricter version limits to highly sensitive content that should have a shorter active lifecycle
- Ensure that content labelled as Confidential is not archived to Microsoft 365 Archive without appropriate access controls being maintained
- Use label-based retention policies rather than site-level policies, as discussed in Part 3, to reduce the storage overhead of broad retention holds
This is not a complex integration to build — it requires aligning your sensitivity label taxonomy with your retention schedule and ensuring that the two are designed together rather than independently.
A Practical Maturity Model
Storage governance maturity in Microsoft 365 tends to follow a recognisable progression. Understanding where your organisation sits helps identify the most valuable next steps.
Level 1 — Reactive. Storage is managed when problems occur. No monitoring is in place. Version history is unconstrained. Retention policies are either absent or overly broad. Storage is expanded when quotas are reached.
Level 2 — Aware. Basic monitoring is in place. Someone reviews storage reports periodically. Version limits have been defined but may not be consistently applied. Retention policies exist but have not been reviewed recently. Archiving is done manually on an ad hoc basis.
Level 3 — Managed. Automated monitoring produces regular reports. Version limits are applied and enforced via policy. Retention policies are scoped to content types rather than entire sites. A named owner exists for storage governance. Inactive sites are reviewed and actioned quarterly.
Level 4 — Optimised. Storage governance is integrated with the broader information governance framework. Sensitivity labels drive retention and archiving decisions automatically. Copilot adoption has been factored into storage projections. Site lifecycle policies automate owner notifications and archiving. Storage costs are tracked and optimised as part of the Microsoft 365 licensing review cycle.
Most Microsoft 365 tenants sit at Level 1 or Level 2. Moving to Level 3 is achievable with the tooling and scripts covered across this series — it is primarily an organisational and process change rather than a technical one.
Bringing It Together
Storage problems in Microsoft 365 are almost always content governance problems in disguise.
The storage mechanics — pooled quotas, version history, the Preservation Hold Library, Microsoft 365 Archive — are the technical expression of content management decisions that were or were not made upstream.
The organisations that manage storage well are not the ones with the largest quotas. They are the ones that know what content they have, who owns it, how long it needs to be kept, and what happens to it when that period expires. That knowledge is the foundation of effective storage governance — and it is what makes everything else in this series actually work.
If you are starting from scratch, the sequence that produces the fastest return is:
- Run a tenant storage report and understand where your consumption is concentrated
- Evaluate and enable Intelligent Versioning across your SharePoint environment where appropriate
- Audit your retention policies and tighten any that are broader than your legal obligations require
- Identify and archive or decommission inactive sites
- Build a review cycle that keeps you ahead of the problem rather than responding to it
The scripts and guidance across this series give you the tools for all five. The governance framework gives you the structure to make them sustainable.