Integration · drive
Secure SharePoint for AI
Site, library, and sensitivity-label-aware controls for SharePoint Online. Stop AI agents from enumerating Finance, HR, and Legal sites by accident — without re-architecting your permission model.
Why SharePoint needs PortEden
What goes wrong when you connect SharePoint to AI
- Sites.Read.All gives an agent visibility into every SharePoint site the user can access — which in a typical M365 tenant means dozens of department sites the user has read-everyone permissions on without realizing.
- Document libraries with inherited 'Everyone except external users' permissions are wide open to any authenticated agent, including newly-onboarded contractors and ex-employees not fully offboarded.
- List items with sensitive columns (employee SSN, salary bands, NDAs uploaded as attachments) return in full to any agent making a /lists/{id}/items query — Graph does not respect column-level permissions for read.
What you can control
Site and library allowlist
- · Whitelist specific site collection URLs or site IDs — agents can only enumerate items inside.
- · Per-library policy: allow document libraries, deny list libraries entirely (lists often have the messiest schemas).
Sensitivity-label enforcement
- · Microsoft Information Protection labels on documents are honored at request time. Confidential and Highly Confidential default to denied.
- · Per-agent label allowlist — your contracts-summarizer agent can see Internal, your inbox-triage agent cannot.
Field and content filtering
- · Strip list-item columns matching patterns (ssn, salary, ndan_*) before returning to the agent.
- · MIME-type denylist for libraries: block .key, .pem, .env file types regardless of label.
Set up in 5 minutes
1
Install PortEden CLI
npx @porteden/cli — Windows, macOS, Linux supported. Tested on Microsoft 365 commercial and GCC.
2
Connect SharePoint via Graph
porteden sharepoint connect --tenant-id <id>. Requests Sites.Read.All or Sites.ReadWrite.All; admin consent flow if required.
3
Allowlist sites and libraries
Run porteden sharepoint sites list to enumerate, then add the relevant site IDs to ~/.porteden/sharepoint.yaml under site_allowlist.
4
Verify with the audit log
porteden audit tail --tool sharepoint shows every Graph request including site, list, item, and the rule that fired.
Compatible AI clients
ClaudeChatGPTGeminiCopilotCursor
Frameworks this integration touches
Microsoft Information ProtectionMicrosoft Purview labelsInternal data classification
Frequently Asked Questions
Does PortEden honor Microsoft Information Protection labels?
Yes. The SharePoint connector reads the sensitivity label returned by the Graph API on each document and applies your per-agent label policy. A Highly Confidential document returns a redaction stub instead of body content — without per-document configuration.
Can we use this with GCC and GCC High tenants?
GCC commercial: yes, out of the box. GCC High and DoD: the connector supports the alternate Graph endpoints — pass --cloud usgov or --cloud dod at connect time. Confirm specifics with our team for your deployment.
What about list items vs document libraries?
Both are governed. Document libraries get file-level controls (sensitivity labels, MIME types). Lists get column-level field filtering — strip SSN columns, redact salary band columns, hide private notes — before the items array reaches the agent.
We have 4,000 site collections. Do I really have to allowlist each one?
No. The default mode is allow-with-deny: agent can read any site the user has access to, except sites matching deny patterns (e.g. /sites/HR-*, /sites/Legal-*, hub site IDs). Strict allowlist mode is opt-in for high-security accounts.