Agent Knowledge Source Scanner¶
Version: v1.1.3 | Status: live | Domain: Content & Data Protection | Tier: 2 | Zones: personal, team, enterprise | Data classification: confidential
Item-level permission scanning for SharePoint libraries backing Copilot Studio agent knowledge sources.
Mapped Controls¶
Prerequisites¶
| Role | Requirement |
|---|---|
sharepoint-admin |
SharePoint Site Collection Admin or Site Member access is required to read item permissions in each target knowledge source library. |
global-reader |
Entra ID Reader or GroupMember.Read.All is required when resolving agent user scope from -AgentUserGroupId. |
Verification¶
Run Get-KnowledgeSourceItemPermissions.ps1 and confirm RiskScore values in ./output/item-permissions-report.csv, then cross-check any flagged items in SharePoint Manage Access.
Documentation¶
| Document |
|---|
| Prerequisites |
| Troubleshooting |
View source on GitHub { .md-button }