Dex

๐Ÿ“ Recipe ยท SharePoint & OneDrive

Search for Files Across Microsoft 365 and Review Their Sharing Permissions

Use Microsoft Graph Search to locate files by keyword across OneDrive and SharePoint, then audit their sharing links and permissions

Complexity

Intermediate

Impact

discovery + security-audit + access-review + read-only

Context

Why This Matters

IT admins frequently need to locate a specific document somewhere in the tenant โ€” a policy, a config export, a contract โ€” and determine who has access to it. When an end user says "I can't find the VPN setup doc" or "can you check who can see this file?", the admin needs a repeatable way to search across OneDrive and SharePoint, surface the best matches, and inspect the sharing posture.

This recipe uses the Microsoft Graph Search API and drive item permissions endpoints to find files by keyword and return locations, owners, and sharing links. It is useful for access troubleshooting, shadow-sharing audits, eDiscovery triage, and incident response where a sensitive keyword might be exposed via an anonymous link.

Expected Outcomes

After running this recipe you will have:

  • A ranked list of files matching your search keyword(s) across the tenant
  • File metadata: owner, last modified, URL, and parent site/drive
  • A complete permissions inventory for any chosen match โ€” direct grants, sharing links, and link scopes (anonymous, organization, specific people)
  • Actionable recommendations: whether to tighten a link, move the file to a managed SharePoint site, or grant explicit access to a requesting user

Risks & Considerations

Before you run this:

  • Scope matters. /search/query requires Files.Read.All or Sites.Read.All as an app/delegated permission. Without these, results will silently return empty โ€” which can be mistaken for "file doesn't exist".
  • GET vs POST. The tenant-wide Search API (/search/query) requires POST with a JSON body. GET /drive/root/search(q='...') only searches the caller's own OneDrive, not the whole tenant.
  • Anonymous links are a leak risk. If a permissions check reveals scope: anonymous, treat it as a finding โ€” especially for files named with sensitive keywords (VPN, SSH, password, salary).
  • Don't modify permissions without approval. This recipe is read-only. Revoking a sharing link can break active workflows โ€” always confirm with the file owner before removing links.
  • Keyword results are relevance-ranked, not exhaustive. A file may not appear if it hasn't been indexed yet (typically โ‰ค15 min after upload).

Required Permissions

PermissionWhy It's Needed
Files.Read.AllRequired to search drive items across all users' OneDrive and SharePoint
Sites.Read.AllRequired to enumerate SharePoint sites and search site document libraries
Files.ReadWrite.AllOptional โ€” only needed if you plan to modify sharing links or grant new permissions as a follow-up action

The fastest way to get this done โ€” just ask Dex. Copy the prompt below and paste it into your Dex conversation.

For IT Admins

Paste into Dex CoAdmin

Search Microsoft 365 for files matching the keyword "{keyword}". Return the most likely matches with owner, location, and last-modified date. For the top result, review its sharing permissions and flag any anonymous links. Recommend next steps if the permissions look risky or if a user needs access.
Try in Dex CoAdmin

For End Users

How an employee would ask Dex for help

Can you help me find the {topic} document? I think someone shared it with me a while back but I can't remember where it is.
Try in Dex Playground