{"id":25043,"date":"2025-11-24T03:51:13","date_gmt":"2025-11-24T11:51:13","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/?p=25043"},"modified":"2026-01-13T11:03:18","modified_gmt":"2026-01-13T19:03:18","slug":"sharepoint-site-creation-in-microsoft-graph","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/sharepoint-site-creation-in-microsoft-graph\/","title":{"rendered":"SharePoint Site Creation in Microsoft Graph"},"content":{"rendered":"<p>The SharePoint team is excited to (finally) bring <a href=\"https:\/\/learn.microsoft.com\/en-us\/graph\/api\/site-post-sites\">Site Collection creation to Graph<\/a>! Starting in Microsoft Graph beta you can now create new site collections!<\/p>\n<p>But that\u2019s not all! Creating site collections through older APIs required that your application have <em>Sites.FullControl.All<\/em> \u2013 which is a tenant-wide high-privilege scope that grants access to essentially everything. Because that just isn\u2019t a good model for a site provisioning model we\u2019re also introducing a new scope, <em>Sites.Create.All<\/em> allowing for a low-permission site provisioning flow. Read on to learn how?<\/p>\n<h2>Create A Site<\/h2>\n<p>Creating a site follows the normal pattern of issuing a POST request to the <em>\/sites<\/em> endpoint. An example body is show below:<\/p>\n<pre class=\"prettyprint language-json\"><code class=\"language-json\">{\r\n\u00a0 \"name\": \"Communication Site Test\",\r\n\u00a0 \"webUrl\": \"https:\/\/contoso.sharepoint.com\/sites\/commsite1\",\r\n\u00a0 \"locale\": \"en-US\",\r\n\u00a0 \"shareByEmailEnabled\": false,\r\n\u00a0 \"description\": \"Test Site Description\",\r\n\u00a0 \"template\": \"sitepagepublishing\",\r\n\u00a0 \"ownerIdentityToResolve\": {\r\n\u00a0\u00a0\u00a0 \"email\": \"ryan@contoso.com\"\r\n\u00a0 }\r\n}<\/code><\/pre>\n<p>A few notes, be sure to <a href=\"https:\/\/learn.microsoft.com\/en-us\/graph\/api\/site-post-sites?view=graph-rest-beta&amp;tabs=http#request-body\">check out the docs<\/a> for all the details:<\/p>\n<ul>\n<li>webUrl is the absolute url within your tenant where you want the site created<\/li>\n<li>template supports three options\n<ul>\n<li>sts \u2013 team site<\/li>\n<li>sitepagepublishing \u2013 publishing\/communication site<\/li>\n<\/ul>\n<\/li>\n<li>ownerIdentityToResolve is required when calling in application-only mode<\/li>\n<\/ul>\n<h2>Use Sites.Create.All to Improve Security<\/h2>\n<p>To create a more secure provisioning experience we are also introducing the <em>Sites.Create.All<\/em> scope. Designed to be used with <em>Sites.Selected<\/em>, this scope allows your application, in both delegated and application-only flows to create new site collections but not read any existing site collections to which it does not have explicit permissions.<\/p>\n<p>Once the site collection is created, the <em>Sites.Create.All<\/em> scope provides no additional access or control \u2013 instead the calling application is auto-granted <em>Sites.Selected<\/em> + <em>FullControl<\/em> of the new site collection. At this point the application permissions can be managed like any other, including full removal from the site.<\/p>\n<p>Once created the site can be managed and further setup by the creating application through the <em>Sites.Selected<\/em> permissions. Lists and Libraries can be created, other applications added to the site, and other provisioning actions can be completed.<\/p>\n<p><figure id=\"attachment_25046\" aria-labelledby=\"figcaption_attachment_25046\" class=\"wp-caption alignnone\" ><a href=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2025\/11\/sharepoitn-graph-site-creation.webp\"><img decoding=\"async\" class=\"size-full wp-image-25046\" src=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2025\/11\/sharepoitn-graph-site-creation.webp\" alt=\"SharePoint Site Creation Microsoft Graph\" width=\"600\" height=\"591\" srcset=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2025\/11\/sharepoitn-graph-site-creation.webp 600w, https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2025\/11\/sharepoitn-graph-site-creation-300x296.webp 300w, https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2025\/11\/sharepoitn-graph-site-creation-24x24.webp 24w, https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2025\/11\/sharepoitn-graph-site-creation-48x48.webp 48w, https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2025\/11\/sharepoitn-graph-site-creation-96x96.webp 96w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><figcaption id=\"figcaption_attachment_25046\" class=\"wp-caption-text\">Figure 1: Sequence Diagram showing which scopes apply during a series of provisioning calls.<\/figcaption><\/figure><\/p>\n<p>The creating application maintains access, allowing for centralized idempotent provisioning designs. It would also be possible to have multiple provisioning applications for different audiences like HR or Finance where the central app would manage only those sites with custom business logic and controls.<\/p>\n<p>To see this in action, give your application <em>Sites.Create.All<\/em> and <em>Sites.Selected<\/em> scopes, and call the API as described above.<\/p>\n<h3>Migrating to Sites.Create.All<\/h3>\n<p>For your applications that create site collections today, you can swap <em>Sites.FullControl.All<\/em> for <em>Sites.Create.All<\/em> and <em>Sites.Selected<\/em>. Moving forward for any new sites your provisioning code should remain mostly unchanged.<\/p>\n<p>For existing sites provisioned before this update, you need to run a script to add the application permissions to the already created sites. This can be done using calls to <a href=\"https:\/\/learn.microsoft.com\/en-us\/graph\/api\/site-post-permissions?view=graph-rest-beta&amp;tabs=http#http-request\">\/permissions<\/a> for each site.<\/p>\n<h2>Call To Action<\/h2>\n<p>These are two long required features, and we\u2019re excited to bring them to you! Now is a great time to review your provisioning applications to see if migrating to this lower-permission model is a good fit. <a href=\"https:\/\/learn.microsoft.com\/en-us\/graph\/permissions-selected-overview\">Review the Sites.Selected model<\/a>, and for ISVs and vendors creating provisioning solutions \u2013 we hope this reduces the friction where <em>Sites.FullControl.All<\/em> was previously required. Let us know your input and feedback on the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The SharePoint team is excited to (finally) bring Site Collection creation to Graph! Starting in Microsoft Graph beta you can now create new site collections!<\/p>\n","protected":false},"author":69078,"featured_media":25044,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1,3,166],"tags":[225,233,162],"class_list":["post-25043","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-365-developer","category-microsoft-graph","category-sharepoint","tag-microsoft-365","tag-microsoft-graph","tag-sharepoint"],"acf":[],"blog_post_summary":"<p>The SharePoint team is excited to (finally) bring Site Collection creation to Graph! Starting in Microsoft Graph beta you can now create new site collections!<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/25043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/users\/69078"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/comments?post=25043"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/25043\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media\/25044"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media?parent=25043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/categories?post=25043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/tags?post=25043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}