What your agent can do
- Browse — List files and folders in sites and libraries
- Read — Fetch file content (including many Office formats via extraction)
- Create and edit text files — Create or update
.txt,.md, and.csvfiles - Organize — Move or rename files and folders, copy items (cross-site capable), create folders, and delete items to the site recycle bin (recoverable)
Deleting through Abundly sends items to the SharePoint site recycle bin, not permanent removal. Your Microsoft 365 admins or site owners can restore them from there if needed.
How to enable
You can connect SharePoint in two ways. Pick the one that fits the agent.| Mode | Acts as | Best for | Setup effort |
|---|---|---|---|
| Personal (default) | The connected user | Interactive agents where per-user attribution matters | Click-through OAuth |
| App-only | The agent’s own Entra identity | Autonomous agents that should not be kicked out by Conditional Access timeouts | One-time admin setup in Entra |
Personal mode
Enable the capability
Go to Settings → Capabilities and enable SharePoint, then pick Personal at the top of the card.
Connect your Microsoft account
Click Create new to sign in with your Microsoft account and create a personal access token. This token belongs to you and can be managed in your profile settings.If you already have a SharePoint token from setting up another agent, you can select it from the dropdown instead.
In many organizations, a Microsoft admin must approve the Abundly SharePoint app before the connection can be completed. If you see an “Almost There” message after sign-in, ask your admin to grant approval in Microsoft Entra, then try connecting again.
App-only mode
App-only mode runs SharePoint as the agent’s own Entra identity using the Microsoft client_credentials flow withSites.Selected permission. The agent gets access only to the sites an admin explicitly grants it — no broad tenant-wide read, no per-user token expiry.
Register an app in Microsoft Entra
In your customer’s tenant, go to Microsoft Entra → App registrations → New registration. Give it a name (e.g. “Abundly agent”). Accounts in this directory only is fine. No redirect URI needed.Copy the Directory (tenant) ID and Application (client) ID — you’ll paste them into Abundly in the last step.
Grant Sites.Selected
On the registration, go to API permissions → Add a permission → Microsoft Graph → Application permissions → Sites.Selected. Click Grant admin consent.
Create a client secret or upload a certificate
Under Certificates & secrets, create either:
- A client secret — copy the Value immediately (it’s only shown once). Store it in Abundly as a workspace secret of type SharePoint app-only — Client secret.
- A certificate — upload the public X.509 cert; you’ll need the SHA-1 thumbprint and the matching PKCS#8 PEM private key in Abundly. Store the PEM as a workspace secret of type SharePoint app-only — Certificate (separate type with a textarea so the multiline PEM is preserved exactly — pasting a PEM into a single-line input strips the newlines and Microsoft rejects it with a decoder error).
Grant per-site access
Sites.Selected starts the app with zero site access. A SharePoint or Global Administrator must grant the app access to each specific site you want the agent to reach.This is done via PowerShell — either PnP.PowerShell (Grant-PnPAzureADAppSitePermission) or Microsoft Graph PowerShell (POST /sites/{site-id}/permissions). Use whichever tool fits your environment.You’ll need:- The app’s Client ID
- The target site URL
- The desired permission level (
Read,Write, orFullControl)
Configure Abundly
In the SharePoint capability card, switch to App-only. Paste the tenant ID, client ID, and the secret (or certificate + thumbprint). Save, then click Test connection to confirm Microsoft accepts the credential.Optionally:
- Default site URL — used by tools when no
siteUrlis supplied per call. - Granted sites — one SharePoint site URL per line, listing the sites you granted the app in the previous step. Microsoft doesn’t expose an API for the app to discover which sites it has been granted, so paste the list here. The agent sees it in its prompt as the authoritative starting set, and Test connection verifies each entry by calling Microsoft Graph for it.
Behaviour differences in app-only modeTenant-wide site enumeration isn’t supported with
Sites.Selected — every tool call has to target a specific site (siteUrl), drive (driveId), or full SharePoint URL (webUrl). The agent can still work across multiple sites in a single task; tell it which ones (via Granted sites, the agent’s instructions, the user’s prompt, or Default site URL) and it will iterate, calling tools once per site. If the agent tries a site you haven’t granted, Microsoft returns 403 and the tool surfaces that.If the secret expires or Microsoft rejects the credential, Abundly marks the integration as failing and shows a Reconnect banner on the capability card. The next successful Test connection or token acquisition clears it.Access scope
After you connect a new SharePoint token, Abundly takes you to a settings page where you can choose which sites to allow and optionally narrow access to specific folders. You can keep broad access by choosing Allow All & Continue, or save a restricted scope and apply least privilege from the start.You can update these SharePoint access settings later from Profile settings → Personal Tokens.
Text-based files (txt, md, csv) can be created and edited in place. Office documents can be read, organized (moved, copied, renamed, deleted), and put into folders, but their contents cannot be edited directly.
Example use cases
- Document Search — “Find all documents in our Legal site that were modified this week”
- Content Retrieval — “Get the contents of the employee handbook and summarize it”
- Report Generation — “Every Friday, create a weekly summary report in the Team site based on our Slack activity”
- Cross-platform Sync — “Check my Outlook inbox every morning — if you see any invoice emails, save them to the Finance folder in SharePoint”