Summary
Details
[What and Why]
We are enhancing how Restricted Access Control (RAC) for sites is enforced across Microsoft 365 search by extending RAC policy enforcement to Microsoft 365 search, including SharePoint search, organization-wide search, and Microsoft 365 app experiences such as Office.com.
RAC limits access to SharePoint and OneDrive sites that have RAC enabled to specific groups. With this update, users will only see search results for content they are permitted to access based on RAC policies, improving data security and ensuring consistency between access controls and content discovery.
This update applies to both existing and new RAC-enabled SharePoint sites and OneDrive accounts.
[Rollout Schedule]
General Availability (Worldwide, GCC High, DoD): Rollout is expected to begin in late July 2026 and complete by late July 2026.
[Impact on Your Organization]
Who is affected
- Admins managing SharePoint Online and OneDrive site access
- All users in organizations with RAC-enabled sites
Platforms/Services
- SharePoint Online
- OneDrive
- Microsoft 365 search (including SharePoint search, organization-wide search, and Microsoft 365 app experiences)
What will happen
- RAC policies for sites will be enforced in Microsoft 365 search results.
- This applies to both SharePoint sites and OneDrive accounts with RAC enabled.
- This change applies to existing and new sites where RAC is applied.
- This change is applied automatically as part of the service update.
- There is no change to how RAC policies are configured.
[Action Required/Recommendations]
No action is required to receive this update. However, you may consider the following:
- Review RAC configurations and associated group memberships for SharePoint and OneDrive sites.
- Inform helpdesk and support teams about changes to search result visibility.
- Update internal documentation that references search behavior and access expectations.
Learn more: Documentation will be updated closer to broad rollout (~90% completion).
- Restrict OneDrive access by security group | SharePoint in Microsoft 365 | SharePoint | Microsoft Learn
- Restrict SharePoint site access with Microsoft 365 groups and Microsoft Entra security groups | SharePoint in Microsoft 365 | SharePoint | Microsoft Learn
[Compliance considerations]
| Question | Answer |
| Does the change alter how existing customer data is processed, stored, or accessed (for example, documents, emails, chats)? | Yes. This update changes how existing content is surfaced in search results by enforcing existing permissions (RAC policies). |
Change History
Never Miss a Microsoft 365 Update
Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.