SharePoint
Grant, audit, and query SharePoint sites and lists through Microsoft Graph.
Dex connects to SharePoint Online via Microsoft Graph and lets admins manage site access, query and update list items in plain language, and route access requests to the owners of the underlying M365 group — so the right person always approves.
What Dex does with SharePoint
Dex handles both admin workflows and employee self-service — all policy-guardrailed and audit-logged.
For admins (CoAdmin)
- Discover every SharePoint site in the tenant (communication, team, and group-backed)
- For group-backed sites, route access requests to the M365 group owners (group_owners approver pattern) instead of a static admin group
- Grant and revoke user access to SharePoint sites
- Query any SharePoint list with OData filters, field selection, and pagination
- Insert and update SharePoint list items by exact-match filter (safe single-row updates)
- Map display-name fields to internal field names so prompts can use "Assigned To" instead of technical field IDs
- Fall back to a global_admins approver when a site has no owning M365 group
For employees (self-service)
- Request access to a specific SharePoint site (routed to the site owners for approval)
- Query a SharePoint list you already have access to — e.g. "show me active projects"
- Check the status of your pending SharePoint access requests
Just ask Dex
Your team types a request in plain language. Dex investigates, plans, and executes — with the right guardrails.
Admin prompts
- >Show me every SharePoint site and flag the ones without an owner set
- >Get items from the "Projects" list on https://acme.sharepoint.com/sites/pm where Status is "Active" and show only "Title" and "Assigned To"
- >Update the "Status" field to "Completed" in the "Tasks" list where Title is "A1018"
- >Grant sarah@acme.com read access to the "Finance" SharePoint site
- >For every group-backed site, who are the current owners that will approve access?
Employee prompts
- >Request access to the "Marketing Assets" SharePoint site
- >Show me records in the "Customers" list where Owner is me
- >Add a new row to the "Leave Requests" list with Start Date today and Reason "Personal"
Policy actions
Every action Dex can take on SharePoint is declared, scoped, and guardrailed. Admins control which apply, who approves them, and whether they're limited to self-service.
| Action | What it does |
|---|---|
grant_access | Add a user to a SharePoint site (routed to group owners when available) |
revoke_access | Remove a user from a SharePoint site |
query_list | Read items from a SharePoint list the caller has access to |
update_list_item | Update a single list item matched by exact filter |
insert_list_item | Insert a new list item into a SharePoint list |
How to configure SharePoint
Onboarding takes minutes. Dex validates your credentials before saving them.
Setup steps
- 1Complete the Dex Microsoft 365 integration if you haven't — SharePoint uses the same tenant-wide admin consent.
- 2During consent, ensure Sites.ReadWrite.All (or Sites.Manage.All if you need to grant/revoke permissions) is granted alongside the default Graph scopes.
- 3In Dex, enable the SharePoint integration — no separate credentials are needed; it reuses the M365 Graph connection.
- 4Run SharePoint discovery — Dex enumerates all sites via /sites?search=*, fetches owners for group-backed sites, and generates per-site policy targets with group_owners approvers.
- 5Review the generated policy — sites without an owning M365 group fall back to global_admins; adjust any specific routing before enabling.
No extra credentials
This integration is covered by your Microsoft 365 tenant authorization to Dex. There are no per-app credentials to create or rotate.
Requirements
- •Microsoft 365 tenant with SharePoint Online (any M365 Business or Enterprise plan)
- •Global Administrator or SharePoint Administrator needed to grant Sites.ReadWrite.All / Sites.Manage.All
- •Credentials are inherited from the Dex Microsoft 365 Graph connection — no app-specific setup
- •Group-backed sites require the M365 group to have at least one owner for the group_owners approver pattern to work (falls back to global_admins otherwise)
- •List item updates require exactly one row to match the filter — Dex refuses ambiguous updates to prevent data corruption
Related integrations
Directory & IdentityMicrosoft Entra ID
Manage Entra ID users, groups, licenses, and sign-in risk through Microsoft Graph.
Learn more →
CollaborationMicrosoft Teams
Manage Teams membership, route approvals to team owners, and send direct messages.
Learn more →
CollaborationExchange Online
Manage shared mailboxes, distribution lists, aliases, and mailbox delegation.
Learn more →
See Dex run SharePoint
Book a 30-minute walkthrough with our team and see how autonomous IT works in your environment — or get started for free.