Securing Microsoft 365: Introducing the Open-Source SharePoint Site Scanner
Are you ready for Microsoft 365 Copilot? Or are you worried about what it might uncover?
External sharing in SharePoint Online is incredibly useful, but as sites, libraries, folders, files, guests, and sharing links grow over time, it becomes increasingly difficult to manage. Many organizations struggle not because external sharing exists, but because it becomes hard to answer practical governance questions:
Are there external users with access to this site?
Are SharePoint groups overshared with "Everyone"?
Are active Anonymous (Anyone) links scattered across files?
Does this site need a governance review before a Copilot rollout?
To help solve these challenges, I'm excited to share the SharePoint Site Scanner, a new open-source SPFx web part designed for SharePoint site owners, M365 admins, consultants, and developers.
What is the SharePoint Site Scanner?
It's a lightweight, highly visual dashboard that helps surface common permission and external sharing risks directly from a SharePoint site—without needing global Graph API consent. It operates entirely within the logged-in user's context using the native SharePoint REST API.
Key Features
🔒 No Tenant-Admin API Consent Required: Because it relies entirely on the local SharePoint REST API under the current user's context, there are zero tenant-admin API consent headaches.
📊 Site-Level Risk Summary: Calculates a deterministic risk score out of 100 based on detected permission vulnerabilities.
🤖 Copilot Readiness Check: Actively flags libraries that are overshared with "Everyone except external users" (EEEU) or "All Company" to prevent AI data leaks.
🔗 Anonymous Link Detection: Specifically identifies which files contain active Anonymous sharing links so you can revoke them instantly.
The Risk Scoring Model
The scanner uses a mathematical risk score divided into four configurable buckets, weighted against industry standards for Copilot/AI data risk:
Copilot Data Leak / Oversharing Risk (40%): Flags if site role assignments natively expose data to "Everyone except external users" or if groups contain an "Everyone" claim.
External User Risk (30%): Evaluates the exposure of the site to external guest users, especially if they are placed in "Owner" or "Member" groups.
File Sharing & Permission Risk (20%): Identifies broken permission inheritance and active "Anyone with the link" sharing links.
Governance Hygiene (10%): Evaluates stale data (libraries unmodified for 2+ years) and unmanaged access (empty SharePoint groups).
Whether you're preparing for a Copilot rollout, planning a migration, or just doing a routine governance review, this tool provides the visibility you need to start the right conversations immediately.
Check out the repository, give it a ⭐, and try it out in your development tenant!
👉 SharePoint Site Scanner on GitHub
I'd love to hear your feedback, ideas, or feature requests in the GitHub Discussions tab. Let's make SharePoint governance easier for everyone!
#SharePoint #Microsoft365 #SPFx #Copilot #Governance #InfoSec #OpenSource