# SharePoint Agent

<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-cover data-type="image">Cover image</th></tr></thead><tbody><tr><td><strong>Overview</strong></td><td><ul><li>Search and retrieve documents and files stored in SharePoint Online through Blockbrain</li><li>Access, read, and manage content within SharePoint sites and document libraries</li><li>Extract and summarize file content and metadata for reporting or AI analysis</li><li>Navigate SharePoint site structures, lists, and libraries</li><li>Automate document management and workflow processes using SharePoint data</li></ul></td><td><a href="/files/ikR2AL5octrVSvEocI7Z">/files/ikR2AL5octrVSvEocI7Z</a></td></tr><tr><td><strong>Prerequisites</strong></td><td><ul><li>Complete the <a href="https://docs.en.theblockbrain.ai/for-users/agents">general setup steps</a> from the main AI Agents page</li><li>Ensure users have active Microsoft 365 accounts with access to SharePoint Online</li><li>Verify appropriate Microsoft 365 licensing for SharePoint Online and related services</li></ul></td><td><a href="/files/X7MpGP1nVARHAWPFype1">/files/X7MpGP1nVARHAWPFype1</a></td></tr></tbody></table>

### Azure App Registration Configuration

#### Required API Permissions

Add the following Microsoft Graph permissions to your app registration:

| Permission                    | Type      | Description                                         |
| ----------------------------- | --------- | --------------------------------------------------- |
| `offline_access`              | Delegated | Maintain access to data you have given it access to |
| `User.Read`                   | Delegated | Sign in and read user profile                       |
| `Files.Read.All`              | Delegated | Read all files that user can access                 |
| `Sites.Read.All`              | Delegated | Read items in all site collections                  |
| `User.ReadBasic.All`          | Delegated | Search for user information                         |
| `Tasks.Read`                  | Delegated | Read the signed-in user's tasks and task lists      |
| `GroupMember.Read.All`        | Delegated | Read the members of all groups in an organization   |
| `Group-Conversation.Read.All` | Delegated | Read conversations in Microsoft 365 groups          |

> As alternative, you can use the `.default` scope (uses all scopes set in the app).

#### Redirect URL

* Add <https://nango.theblockbrain.ai/oauth/callback> as allowed redirect URL to your app registration

#### Permission Configuration Steps

1. In your Azure app registration, go to **API permissions**
2. Click **"Add a permission"** > **Microsoft Graph** > **Delegated permissions**
3. Search for and select each required permission
4. Click **"Add permissions"**
5. Click **"Grant admin consent"** (recommended for organization-wide deployment)

### Agent Configuration in Blockbrain

<div data-with-frame="true"><figure><img src="/files/JWnkjAPWCK7huedpQjfo" alt=""><figcaption></figcaption></figure></div>

<div data-with-frame="true"><figure><img src="/files/W22pqYsrjUseyM2RGum0" alt=""><figcaption></figcaption></figure></div>

1. **Access Agent Settings**:
   * Navigate to your Blockbrain admin panel
   * Go to **Agents** > **SharePoint Agent**
   * Click **"Configure"**
2. **Enter Azure Credentials**:
   * **Client ID**: Enter the Application ID from your Azure app registration
   * **Client Secret**: Paste the client secret you generated
   * **Tenant**: Enter your Azure tenant ID
3. **Configure OAuth Scopes**:
   * Add each required scope individually using the **"Add"** button as mentioned [here](#required-api-permissions)
   * Each scope will appear as a removable tag
   * Use the **"X"** button to remove incorrect scopes
4. **Additional Configuration** (Optional):
   * Add custom key-value pairs if needed for specific requirements
   * Configure any organization-specific settings
5. **Save Configuration**:
   * Click **"Save"** to apply the settings
   * Wait for the confirmation message

### Alternative: Admin Consent Configuration

For simplified scope management with admin pre-approval:

1. In Azure, grant admin consent for all required permissions
2. In Blockbrain configuration, use `.default` scope instead of individual scopes
3. This eliminates the need for users to consent to individual permissions

### Testing the SharePoint Agent

#### Verification Steps

1. **Connection Test**:
   * Use the built-in connection test in Blockbrain
   * Verify successful authentication with Microsoft Graph
2. **User Testing**:
   * Have a test user connect their SharePoint account
   * Attempt to access a known SharePoint file or site
   * Verify file retrieval and search functionality
3. **Permission Validation**:
   * Check that the agent can access appropriate SharePoint sites
   * Confirm file read permissions are working correctly

### Common SharePoint Integration Use Cases

* **Document Search**: Find files across multiple SharePoint sites
* **File Retrieval**: Access specific documents for AI analysis
* **Site Navigation**: Browse SharePoint site structures and libraries
* **Metadata Extraction**: Retrieve file properties and metadata

### Troubleshooting

#### Authentication Issues

**Problem**: "Access denied" or authentication failures

* **Solution**: Verify admin consent is granted for all required permissions
* **Check**: Ensure the redirect URL is exactly `https://nango.theblockbrain.ai/oauth/callback`

#### Permission Errors

**Problem**: "Insufficient privileges" when accessing SharePoint

* **Solution**: Confirm the app registration has `Sites.Read.All` and `Files.Read.All` permissions
* **Check**: Verify the user has SharePoint access in your organization

#### Scope Configuration Issues

**Problem**: Scopes not saving correctly

* **Solution**: Add each scope individually using the "Add" button
* **Check**: Remove any duplicate or incorrect scopes using the "X" button

### Security Considerations

* **File Access**: The agent inherits the user's SharePoint permissions
* **Site Scope**: Access is limited to sites the authenticated user can access
* **Data Privacy**: Files are processed according to Blockbrain's data handling policies
* **Audit Trail**: SharePoint access is logged in both Azure AD and SharePoint audit logs

### Next Steps

After successful SharePoint Agent configuration:

* Train users on SharePoint integration features
* Configure [Outlook Agent](/for-admins/agents/outlook-agent.md) if email integration is needed
* Monitor usage and performance through Azure AD reports


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.blockbrain.ai/for-admins/agents/sharepoint-agent.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.