Skip to content
SharePoint Security

Secure SharePoint for AI Agents

A Microsoft Graph token grants AI agents reach into every site, document library, list, and OneDrive folder the connecting user can see. PortEden sits between your AI agent and Microsoft Graph, enforcing four layers of security: operation permissions, site and library firewall rules, sensitivity-label awareness, and field masking.

PortEden SharePoint Access API

PortEden's SharePoint Access API is a token-gated, data-firewalled surface in front of Microsoft Graph. Connect SharePoint Online or OneDrive for Business once, define your rules at the site, list, folder, MIME-type, or sensitivity-label level, and every request from any AI agent gets filtered and logged automatically. No code changes needed on the agent side.

The Problem

Giving AI direct access to your data is risky. Here's what can go wrong.

One Token, Every Site

A SharePoint or Microsoft Graph OAuth token grants access to every site, library, list, and OneDrive folder the connecting user can see. There is no built-in way to scope an AI agent down to a single team site or department library.

Confidential Documents Mixed With Routine Files

Board decks, HR records, legal contracts, and customer data sit alongside meeting notes and templates. Without a security layer, AI agents cannot tell the difference and will retrieve, summarize, or quote any of them on request.

Sensitivity Labels Are Not Enforced at the API

Microsoft Information Protection labels are visible to AI agents through the Graph API, but Graph does not block access to a Highly Confidential file just because it carries that label. The classification is metadata, not a gate.

How PortEden Protects You

Six layers of security between AI and your data.

Operation Permissions

Pick from individual flags such as list_files, search_files, get_file_metadata, download_file, upload_file, write_list_item, search_content, or use composites like read_only and write_file. Each token gets exactly the operations it needs.

Multi-Level Firewall Rules

Allow or block at the site, drive (document library), folder, list, list-item, file ID, or MIME-type level. Block rules always win, so a single block on a confidential site overrides any broader allow-all default.

Sensitivity-Label Aware

Block items by sensitivity label or content-type ID. Restricted, Highly Confidential, or any custom label becomes a real gate at the API surface, not just a watermark on the document.

Field Masking

Drop fields like owners, sharedWith, parent_folder, sensitivity_label, or the entire list-item field_values dictionary from responses. Agents see what they need, not your organizational map or row contents.

OneDrive for Business Coverage

OneDrive document libraries are treated as ordinary SharePoint drives. The same operation flags and rules cover personal OneDrive folders that often contain the most sensitive personal work.

Filtered Microsoft Search

KQL searches across files, list items, lists, and sites are filtered through your token rules. Items the token cannot read are silently dropped from hit lists, so search cannot be used to enumerate around your firewall.

Full Audit Trail

Every site browsed, file fetched, list item written, and search query executed is logged. Know exactly which content each agent touched, what was returned, and what was blocked.

Get Started in 3 Steps

1

Connect SharePoint

Connect your Microsoft 365 tenant via delegated OAuth or a Sites.Selected app-only grant. Both modes use the same PortEden surface.

2

Set Your Rules

Configure operation permissions, site and library firewall rules, sensitivity-label gates, and field masks for each access token.

3

Connect Your Agent

Point your AI agent at PortEden's SharePoint Access API instead of Microsoft Graph. Every request is filtered through your rules with full audit logging.

Without vs. With PortEden

Without PortEden

  • OAuth token grants every site, library, list, and OneDrive folder the user can reach
  • No built-in way to restrict AI agents to a single team site or department library
  • Sensitivity labels are visible but do not gate API access
  • Microsoft Search returns results across the entire tenant footprint
  • Revoking access means revoking the user's Microsoft 365 session

With PortEden

  • Per-token operation flags control exactly which actions the agent can perform
  • Site, drive, list, folder, MIME-type, and label rules act as a real firewall
  • Sensitivity labels become enforced gates, not advisory metadata
  • Search results are post-filtered against the same rules as direct reads
  • Per-token revocation without disconnecting the underlying Microsoft 365 account

Related Solutions

Frequently Asked Questions

Can AI agents read every SharePoint site my account has access to?
Yes. A standard SharePoint or Microsoft Graph OAuth token inherits the connecting user's full visibility, including every site, document library, list, and OneDrive folder. PortEden replaces that blanket access with explicit allow rules at the site, drive, list, folder, MIME-type, and sensitivity-label level.
Does PortEden support both delegated OAuth and Sites.Selected app-only modes?
Yes. The PortEden SharePoint API surface is identical for delegated per-user OAuth and enterprise Sites.Selected app-only connections. The same operation flags, allow/block rules, and field masks apply in both modes.
Can I block AI agents from reading items with a specific sensitivity label?
Yes. PortEden has a sensitivity_label_id rule type. You can block any item carrying a Highly Confidential or Restricted label without naming individual files. Block rules always win, even when the file would otherwise be visible to the connecting user.
Can I expose list metadata without exposing row contents?
Yes. Turn the field_values flag off in visibleSharePointFields. The token can still see which lists exist, who owns them, and when they changed, but the actual fields dictionary on each list item is returned as null.
Does this work for OneDrive for Business as well?
Yes. OneDrive for Business document libraries are treated as ordinary SharePoint drives by PortEden. The same endpoints, DTOs, and rule types apply, so you can block personal OneDrive folders the same way you block any other library.

Ready to secure your data?

Set up PortEden in under 5 minutes. Free tier available.

Read the Docs