Retrieve Site Policies in SharePoint Online using PowerShell PnP

Site Policies in SharePoint can be used to have a better governance as the platform is growing.
Storage is expensive, so if you let your (unused) sites just “sitting there“, then it’s not a good use of money is it?

If you need more information about Site Policies, start with an Overview of site policies in SharePoint Server.

In this blog post, we are going to use SharePoint PowerShell PnP (Patterns & Practices) to retrieve site policies that are applied in SharePoint Online site collections.

ℹ️ Note that this cmdlet is also available for SharePoint Server (2013/2016) associated with the correct PnP module.

Create the PowerShell script

With SharePoint PowerShell PnP, we use the Get-PnPSitePolicy to retrieve the policies applied to a site collection.
BUT, we also need a list of the Site Collections don’t we? 😉 So we’ll also need to use the Get-PnPTenantSite cmdlet.

So let’s start by connecting to the SPO Admin Center with our credentials (change the value “YOUR_TENANT” to your own)

$creds = Get-Credential
Connect-PnPOnline -Url https://<YOUR_TENANT>-admin.sharepoint.com -Credentials $creds

Now we will create an array (called $Results), and loop through each Site Collection while using the Get-PnPSitePolicy

$Results = @()
$AllSC = Get-PnPTenantSite

foreach ($SC in $AllSC){
    Write-Host "Connecting to" $SC.Url -ForegroundColor Green
      
    Connect-PnPOnline -Url ($SC).Url -Credentials $creds    
    $Policy = Get-PnPSitePolicy
    $SCProps = @{
        Url = $SC.Url
        Name = $Policy.Name
        Description = $Policy.Description
    }
    $Results += New-Object PSObject -Property $SCProps
} 
$Results | Select-Object Url, Name, Description

When we run the script, it works fine. However, what happens if there’s a Site Collection you do not have access to? 🤔
Well… We have a lovely red message on the console with error 401. And personally, I don’t like to see a bunch of red lines on my console!

Error “401” when no access to the Site Collection

Let’s add a little bit of error handling here. Adding a Try-Catch should help a bit.

$Results = @()
$AllSC = Get-PnPTenantSite

foreach ($SC in $AllSC){
    Write-Host "Connecting to" $SC.Url -ForegroundColor Green
    Try{    
        Connect-PnPOnline -Url ($SC).Url -Credentials $creds -ErrorAction Stop
        $Policy = Get-PnPSitePolicy
        $SCProps = @{
            Url = $SC.Url
            Name = $Policy.Name
            Description = $Policy.Description
        }
        $Results += New-Object PSObject -Property $SCProps
    } 
    catch {
        Write-Host "You don't have access to this Site Collection" -ForegroundColor Red
    }
    
} #end foreach
$Results | Select-Object Url, Name, Description

Run the script

Should we have a look at the results? Yes!
Save the script in your location of choice, and let’s run it.

Error handling is already much better 😋

Script with error handling

And the results…. We have 3 policies applied in this example.

Site Policy results

That’s it!

ℹ️ When running the script a second time (in a row), PnP PowerShell seems to lose the connection, likely to get an error for the Connect-PnPOnline cmldet.
This is somewhat seen in this GitHub issue for another cmdlet. Simply open another tab is PowerShell ISE, or another console window, and re-run the script.