Microsoft’s new SharePoint architecture model means that the all governance plans need to be rewritten.  Modern cloud features are nowhere near the same animal as on-premise classic SharePoint.

Everything is now a site collection and suddenly subsites are a swear word, (pretty much like subfolders were back in the day).  The site collection model is more flexible so you can change the hierarchy when the company changes and attach them to hubs.  Microsoft Teams, the Add New Site from SharePoint and Planner all make new site collections though, and instantly lock out the SharePoint Admins.  You need PowerShell scripts to get access to all site collections.

One way to stay ahead of the game if you don’t have a PowerShell person nearby, is to put an alert on for yourself on any new site collections created.

Go to the Security and Compliance Centre in Office 365, then the Records Dashboard and Alerts.

There are some default alerts – you can get alerts on multiple actions :

Common user activities
User submitted email
Detected malware in file
Shared file or folder
Created mail forward/redirect rule
Any file or folder activity
Changed file or folder
Shared file externally
Granted Exchange admin permission
Granted mailbox permission
External user file activity
DLP policy match

File and folder activities
Accessed file
Checked in file
Checked out file
Copied file
Deleted file
Discarded file checkout
Downloaded file
Modified file
Moved file
Renamed file
Restored file
Uploaded file

File sharing activities
Accepted access request
Accepted sharing invitation
Created a company shareable link
Created access request
Created an anonymous link
Created sharing invitation
Denied access request
Removed a company shareable link
Removed an anonymous link
Shared file, folder, or site
Updated an anonymous link
Used an anonymous link

Synchronization events
Allowed computer to sync files
Blocked computer from syncing files
Downloaded files to computer
Downloaded file changes to computer
Uploaded files to document library
Uploaded file changes to document library

Site administration activities
Added exempt user agent
Added site collection admin
Added user or group to SharePoint group
Allowed user to create groups
Changed exempt user agents
Changed a sharing policy
Created group
Created Sent To connection
Created site collection
Deleted group
Deleted Sent To connection
Enabled document preview
Enabled legacy workflow
Enabled Office on Demand
Enabled RSS feeds
Enabled result source for People Searches
Modified site permissions
Removed user or group from SharePoint group
Renamed site
Requested site admin permissions
Set host site
Updated group

When you’ve configured your alert, you can see all it’s settings by clicking on it.

When a user creates a new site collection, you get an email.

You can view alert details and filter on data to get to specific results.

Access the link to the site created by clicking the alert, then View Activity List.

Double click the URL and paste into into a new window to access it.

Then you can action the alert if the site is all okay.

Use the filters from the View Alerts screen to view all alerts.