Skip to Content
SourcesMicrosoft 365

Microsoft 365

Required
Fields required for a valid configuration.
PathTypeRequiredDescriptionDefaultConstraints
requiredobjectYes
Masked
Sensitive fields under(secrets/credentials).
PathTypeRequiredDescriptionDefaultConstraints
maskedobjectYes
Optional
Optional configuration fields.
PathTypeRequiredDescriptionDefaultConstraints
optionalobjectNono extra properties
optional.connectionobjectNoNetwork and throttle controls for Graph API requests.no extra properties
optional.connection.max_retriesintegerNoMaximum retries on transient errors and 429 throttling3min 0, max 10
optional.connection.page_sizeintegerNoItems per page for Graph API list requests200min 1, max 999
optional.connection.rate_limit_delay_secondsnumberNoBase delay between requests when throttled (exponential backoff applied)1min 0
optional.connection.request_timeout_secondsintegerNoSocket timeout for Graph API operations30min 5, max 300
optional.extractionobjectNoControls which structural assets to emit beyond files.no extra properties
optional.extraction.include_drive_metadatabooleanNoEmit drive-level assets with metadatatrue
optional.extraction.include_permissionsbooleanNoInclude file/site permission metadata (requires Sites.FullControl.All)false
optional.extraction.include_site_metadatabooleanNoEmit site-level assets with metadatatrue
optional.scopeobjectNoEcosystem selection and content filtering.no extra properties
optional.scope.drive_filterarrayNoDrive names or IDs to include (empty = all)
optional.scope.drive_filter[]stringNo
optional.scope.ecosystemsarrayNoMicrosoft 365 ecosystems to scan (select one or more)["sharepoint_sites"]
optional.scope.ecosystems[]enumNoMicrosoft 365 ecosystem to scan Allowed values: sharepoint_sites, onedrive, teams_files
optional.scope.exclude_extensionsarrayNoSkip files with these extensions
optional.scope.exclude_extensions[]stringNo
optional.scope.include_extensionsarrayNoOnly include files with these extensions (e.g. .pdf, .docx)
optional.scope.include_extensions[]stringNo
optional.scope.max_object_bytesintegerNoSkip files larger than this many bytes (default 100 MB)104857600min 0
optional.scope.path_prefixstringNoOnly scan items under this folder path (e.g. /Documents/Legal)
optional.scope.site_filterarrayNoSharePoint site hostnames or paths to include (empty = all accessible)
optional.scope.site_filter[]stringNo
Extracted Metadata

File

FieldTypeRequiredDescription
size_bytesintegerYesRaw byte size of the content
mime_typestringYesResolved MIME type
parse_errorstringNoSet when content extraction failed
image_widthintegerNoWidth in pixels
image_heightintegerNoHeight in pixels
page_countintegerNoNumber of pages (pdf)
paragraph_countintegerNoNumber of paragraphs (docx)
table_countintegerNoNumber of tables (docx)
row_countintegerNoNumber of data rows
columnsobject[]NoColumns as {name, type} objects (type may be empty for csv/xlsx)
encodingstringNoDetected character encoding
json_root_typestringNoRoot JSON type: object, array, or scalar
top_level_keysintegerNoNumber of top-level keys when the root is an object
array_lengthintegerNoLength when the root is an array
site_namestringNoSharePoint site display name
drive_namestringYesDrive display name
item_pathstringYesFull path within the drive
ecosystemstringYesSource ecosystem (sharepoint_sites, onedrive, teams_files)
web_urlstringNoBrowser-accessible URL for the item
etagstringNoGraph API eTag for the item
created_bystringNoUser who created the file
modified_bystringNoUser who last modified the file
permissionsstring[]NoSharing permissions on the item: list of {role, grantee_type, grantee} entries (requires include_permissions)

Image

FieldTypeRequiredDescription
size_bytesintegerYesRaw byte size of the content
mime_typestringYesResolved MIME type
parse_errorstringNoSet when content extraction failed
source_hashstringYesHash of the parent file asset
locationstringYesLocation of the embedded image within the parent

Site

FieldTypeRequiredDescription
site_idstringYesGraph API site ID
site_urlstringNoSite URL
site_namestringYesSite display name
drive_countintegerNoNumber of document libraries

Drive

FieldTypeRequiredDescription
drive_idstringYesGraph API drive ID
drive_namestringYesDrive display name
drive_typestringNoDrive type (documentLibrary, personal, etc.)
site_namestringNoParent site display name
quota_totalintegerNoTotal storage quota in bytes
quota_usedintegerNoUsed storage in bytes
Examples
SharePoint document scan with client secret
Scan all SharePoint sites and document libraries for PII and secrets using app registration with client secret

Config Payload

{
  "type": "MICROSOFT_365",
  "required": {
    "auth_mode": "CLIENT_SECRET",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "client_id": "11111111-1111-1111-1111-111111111111"
  },
  "masked": {
    "client_secret": "your-client-secret"
  },
  "optional": {
    "scope": {
      "ecosystems": [
        "sharepoint_sites"
      ]
    },
    "extraction": {
      "include_site_metadata": true,
      "include_drive_metadata": true
    }
  },
  "sampling": {
    "strategy": "LATEST"
  },
  "detectors": [
    {
      "type": "PII",
      "enabled": true
    },
    {
      "type": "SECRETS",
      "enabled": true
    }
  ]
}

Schedule

{
  "enabled": true,
  "preset": "nightly",
  "cron": "15 1 * * *",
  "timezone": "UTC"
}
Multi-ecosystem certificate auth scan
Scan SharePoint, OneDrive, and Teams files using certificate authentication with path and extension filtering

Config Payload

{
  "type": "MICROSOFT_365",
  "required": {
    "auth_mode": "CERTIFICATE",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "client_id": "22222222-2222-2222-2222-222222222222"
  },
  "masked": {
    "certificate_pem": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"
  },
  "optional": {
    "scope": {
      "ecosystems": [
        "sharepoint_sites",
        "onedrive",
        "teams_files"
      ],
      "path_prefix": "/Documents",
      "include_extensions": [
        ".pdf",
        ".docx",
        ".xlsx",
        ".pptx"
      ]
    },
    "connection": {
      "page_size": 500,
      "max_retries": 5
    }
  },
  "sampling": {
    "strategy": "ALL",
    "enable_ocr": true
  },
  "detectors": [
    {
      "type": "PII",
      "enabled": true
    }
  ]
}

Schedule

{
  "enabled": true,
  "preset": "weekly",
  "cron": "30 2 * * 0",
  "timezone": "UTC"
}
Azure-hosted managed identity scan
Scan SharePoint and OneDrive from an Azure VM or container using managed identity — no secrets required

Config Payload

{
  "type": "MICROSOFT_365",
  "required": {
    "auth_mode": "MANAGED_IDENTITY"
  },
  "masked": {},
  "optional": {
    "scope": {
      "ecosystems": [
        "sharepoint_sites",
        "onedrive"
      ],
      "exclude_extensions": [
        ".mp4",
        ".mov",
        ".avi",
        ".wmv"
      ],
      "max_object_bytes": 52428800
    }
  },
  "sampling": {
    "strategy": "RANDOM",
    "rows_per_page": 25
  }
}

Schedule

{
  "enabled": true,
  "preset": "weekday_morning",
  "cron": "45 7 * * 1-5",
  "timezone": "UTC"
}