Audit SharePoint Document Permissions Across Sites and Report Violations

Scan SharePoint sites and document libraries to identify files with overly broad sharing permissions or unexpected external access, compile an audit report, and send it to the compliance team via email.

How the workflow runs

The scenario uses specific integration tools at each step, while Metorial keeps access scoped and visible.

  1. 1

    Discover all SharePoint sites and document libraries

    List all sites in the tenant and retrieve their document libraries to scope the permission audit.

    • microsoft-sharepoint:list_sites
    • microsoft-sharepoint:get_drive
  2. 2

    Search for broadly shared or externally accessible files

    Search each library for files that have been shared via anonymous links or with users outside the organisation.

    • microsoft-sharepoint:search_drive
  3. 3

    Inspect permissions on flagged items

    For each flagged file or folder, retrieve the full permission list to identify who has access and what level of permission they hold.

    • microsoft-sharepoint:manage_permissions
  4. 4

    Compile and send the audit report

    Compose a structured audit report listing sites, files, current permissions, and recommended remediation actions, draft it for review, then send it to the compliance team inbox.

    • agent-mail:manage_draft
    • agent-mail:reply_to_email

Integrations used in this scenario

microsoft-sharepoint

List Sites

Discover all SharePoint sites to include in the audit.

View details

microsoft-sharepoint

Get Drives

Retrieve document libraries for each site.

View details

microsoft-sharepoint

Search Drive

Find files shared externally or with broad access within each library.

View details

microsoft-sharepoint

Manage Permissions

Inspect permission details on flagged files and folders.

View details

agent-mail

Manage Draft

Compose the audit report as an email draft for review before sending.

View details

agent-mail

Reply to Email

Send the finalised audit report to the compliance team inbox.

View details

Connected systems

Integration

Sharepoint

Manage SharePoint sites, document libraries, lists, and files. Create, read, update, and delete lists and list items with custom columns. Upload, download, move, copy, and version files in document libraries. Search across sites, files, folders, lists, and list items using Microsoft Search. Manage permissions at site, list, and item levels with granular access control. Define and manage content types and site columns. Subscribe to webhooks for list and library change notifications. Retrieve site properties and search for sites across Microsoft 365.

View Sharepoint

Integration

Agent Mail

Create and manage email inboxes for AI agents to send, receive, and reply to emails programmatically. Organize conversations with threads, labels, and drafts. Search emails semantically across inboxes. Extract structured data from unstructured emails and auto-categorize messages with custom prompts. Manage custom domains, contact/mailing lists, and multi-tenant pods. Subscribe to webhook and WebSocket events for message delivery, bounces, complaints, and domain verification. Supports IMAP and SMTP access alongside the REST API.

View Agent Mail

Expected outcomes

Outcome 1

Compliance teams receive regular SharePoint permission audit reports without manual investigation

Metorial keeps the workflow connected, governed, and traceable across the systems involved.

Explore scenarios

Outcome 2

Overly broad sharing permissions are identified before they create regulatory exposure

Metorial keeps the workflow connected, governed, and traceable across the systems involved.

Explore scenarios

Outcome 3

External access to sensitive documents is surfaced and documented for remediation

Metorial keeps the workflow connected, governed, and traceable across the systems involved.

Explore scenarios

Outcome 4

Audit reports are delivered on a consistent schedule with no manual effort

Metorial keeps the workflow connected, governed, and traceable across the systems involved.

Explore scenarios

How Metorial powers this scenario

Metorial is the governed connection layer between your AI agents and the tools your company runs on. It turns workflows like audit sharepoint document permissions across sites and report violations into something you can deploy quickly, safely, and at scale.

Fast

Ready for your entire team

Connect 1000+ verified integrations through one Magic MCP URL instead of building and maintaining bespoke connectors for each system in this workflow.

Browse integrations

Secure

Guardrails on every action

Protoguard inspects every message and tool call for prompt injection and policy violations before an agent touches your systems.

See how Protoguard works

Enterprise

SSO, policies, and audit trails

Agents act on real identity under company SSO, with per-user and per-group access policies and a complete, searchable record of everything that happens.

Explore enterprise

Team ready

Reusable across your org

Package this workflow as a skill, attach the tools it needs, and let teammates run it through Portals — governed by admins, owned by the people who do the work.

See Skills & Portals

Products behind this workflow

The Metorial products that connect, govern, and observe this scenario.

Connectivity

Integrations

Start from 1000+ verified integrations or bring your own, and give every one a governed path to your agents under existing SSO and access policies.

Explore Integrations

Connectivity

Magic MCP

A single URL your AI client connects to. Sign in with the login you already use and your agent reaches every integration and tool you allow — no per-app setup.

Explore Magic MCP

Identity

Access Control

Sign in with company SSO, set policies per user and group, and let agents act on real identity across every connected system in this workflow.

Explore Access Control

Governance

Protoguard

Metorial’s security layer reviews every message and tool request before an agent acts — catching prompt injection and blocking anything outside your policies.

Explore Protoguard

Observability

Tracing

A complete, searchable record of everything your agents, team, and machines do across these integrations, so you can trust the workflow in production.

Explore Tracing

Governance

Portals

Let teammates connect agents to the integrations and skills your company already uses, with admins deciding who gets access to what.

Explore Portals

Built for your whole team

However you adopt AI, Metorial has a path for connecting it safely.

Solution

For Agents

Give the agents behind this scenario governed access to every tool and integration they need, with one connection layer instead of bespoke glue code.

Agents solution

Solution

For Enterprise

SSO, granular access control, security review, and full audit trails so this workflow meets enterprise governance and compliance requirements.

Enterprise solution

Solution

For your Workforce

Let the people who do this work connect their own AI agents to approved integrations and reusable skills — safely, without waiting on engineering.

Workforce solution

Build this workflow with your own tools

Metorial gives teams one governed layer for connecting integrations to real production work.