Axonius Documentation
Start typing to search…
  1. Connecting Adapters
  2. Adapters S

SharePoint

SharePoint creates internal website where organizations store, organize, share, and access information from any device.

Asset Types Fetched

  • Devices, Users, Groups, Business Applications, Application Resources

Before You Begin

Authentication Methods

  • Client Credentials
  • Certificate-based Authentication

APIs

Axonius uses the SharePoint REST operations via the Microsoft Graph REST API Refer to Get access without a user for details on obtaining credentials.

To fetch users Axonius uses the SharePoint List Users endpoint.

To fetch site permissions Axonius uses the List permissions endpoint.

Required Ports

  • TCP port 80/443

Required Permissions

The value supplied for Tenand ID must be associated with credentials that have the following permissions:

  • ReadOnly Application permission
  • User.ReadBasic.All Application permission (to fetch Users).
  • Sites.Read.All Application permission (to fetch site permissions).

Connecting the Adapter in Axonius

Required Parameters

General parameters - required for all authentication methods:

  1. Host Name or IP Address - The hostname or IP address of the SharePoint server.

  2. Tenant ID - The ID for Microsoft Entra ID.

  3. Client ID - The Application ID of the Axonius application.

When authenticating with Client Credentials, provide the following:

  1. Client Secret - Specify a non-expired key, generated from the new client secret. This parameter is optional if Enable Certificate-Based Certificate is selected.

When authenticating with Certificate-based Authentication, provide the following:

  1. Private Key File (.pem) - Click Upload File to upload a client private key file in PEM format..

  2. Certificate File (.pem) - Click Upload File to upload a public key file in PEM format.

    📘

    Notes

    • Certificate-Based Authentication by Microsoft uses a digital certificate to verify the identity of a user or application accessing APIs. Instead of passwords, the certificate’s public and private keys sign and validate requests. This method enhances security as certificates are harder to compromise than traditional passwords.
    • If the Private Key File (.pem) and Certificate File (.pem) fields are populated, the adapter automatically connects using Certificate-based Authentication.

For more information on the different authentication methods and how to retrieve each parameter - see the Microsoft Entra ID documentation.

Add Connection

Optional Parameters

  1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  2. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  3. HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  4. HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.

  5. Microsoft Login Environment - Select the API environment to login to. The default option is Microsoft Public Login and you can change that to Microsoft Gov Login.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to ​Advanced Configuration for Adapters.

  1. Fetch lists from sites - Select this option to fetch list data from the endpoint sites/{site_id}/lists.

  2. Fetch sites groups - Select this option to fetch Sharepoint site groups that only exists within a site. To be able to select and use this configuration, you must do the following:

    • Enable the Fetch site permissions advanced configuration.
    • Under Connection Parameters, select Enable Certificate-Based Authentication, and provide a Client Private Key File and a Client Certificate File. Note that fetching site user roles may increase fetch time significantly.

  3. Fetch site permissions - Select this option to fetch site permissions. This requires the permission Sites.Read.All.

  4. Fetch site users roles - Select this option to fetch site user roles. To be able to select and use this configuration, you must do the following:

    • Enable the Fetch site permissions advanced configuration.
    • Under Connection Parameters, select Enable Certificate-Based Authentication, and provide a Client Private Key File and a Client Certificate File. Note that fetching site user roles may increase fetch time significantly.

  5. Fetch Sites as - Select which asset type you want to fetch Sites as. The options available are in accordance with your existing assets.

  6. Only fetch sites from specific lists by name (optional) - Enter names of lists. Axonius will only fetch sites from these lists. If no list names are provided, all lists are fetched.

  7. Fetch lists items (optional) - When fetching lists, also fetch all list items for each list. If no list names are provided, items of all lists are fetched.

  8. Fetch item permissions (optional) - This setting can only be enabled when Fetch lists items is also enabled, as it adds the permissions of each list item fetched. Permissions information includes role type, and which applications, devices, groups or users have the role required for this item. The results are displayed on the Devices page, for devices of "Item" type, in the field Item Permissions.

📘

Note

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

Version Matrix

This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.

VersionSupportedNotes
SharePoint v1.0.0Yes

Related Enforcement Actions

Updated about 16 hours ago