sharepoint-audit
稽核 SharePoint 權限
使用者需要稽核 SharePoint Online 權限以符合安全性合規要求。此技能引導您完成設定憑證驗證、執行本機稽核腳本,以及為單一網站或 CSV 檔案中的批次產生權限報告。
Descargar el ZIP de la skill
Subir en Claude
Ve a Configuración → Capacidades → Skills → Subir skill
Activa y empieza a usar
Pruébalo
Usando "sharepoint-audit". Audit SharePoint site https://contoso.sharepoint.com/sites/Marketing with tenant-id, app-id, and PFX at /certs/app.pfx
Resultado esperado:
- Audit completed successfully
- Report saved to: ./runs/20240110-143022/site-marketing/report.html
- Total sites audited: 1
- Permission levels found: Full Control, Edit, Read, View
- WARNING: Report contains sensitive permission data
Usando "sharepoint-audit". Run batch audit for sites in sites.csv with certificate authentication
Resultado esperado:
- Processing 50 sites from sites.csv
- Audit complete: 50 sites, 3 sites with elevated permissions
- Full report: ./batch-reports/20240110/batch-summary.html
- Detailed CSV: ./batch-reports/20240110/detailed-permissions.csv
- Review reports before sharing - they contain sensitive access data
Usando "sharepoint-audit". Generate SharePoint audit automation script
Resultado esperado:
- Created: automate-audit.sh
- Script prompts for: Tenant ID, App ID, PFX path, Site/CSV path
- Runs audit with timestamped output directory
- Set PFX_PASS environment variable before running
Auditoría de seguridad
Riesgo bajoLegitimate SharePoint permission audit tool. Static findings are false positives - the tool requires command execution, network access, and credential handling because these are necessary capabilities for a security auditing tool. All operations are documented, local-only, and follow security-conscious practices (credentials from env vars, no secret echoing, explicit warnings about sensitive report data).
Problemas de riesgo bajo (2)
Factores de riesgo
⚙️ Comandos externos (1)
📁 Acceso al sistema de archivos (1)
🔑 Variables de entorno (1)
Puntuación de calidad
Lo que puedes crear
合規權限審查
跨多個網站集合審查 SharePoint 網站權限,以識別過度授權的存取並確保合規性。
租用戶範圍稽核工作流程
使用憑證驗證對 SharePoint Online 環境執行系統化權限稽核,適用於无人值守操作。
批次網站報告
為 CSV 檔案中定義的數百個網站產生權限報告,適用於大規模治理計畫。
Prueba estos prompts
Run a SharePoint audit for site https://contoso.sharepoint.com/sites/HRTeam. Tenant ID is my-tenant-id, App ID is my-app-id, PFX path is /certs/app.pfx. Output to ./reports.
Run a SharePoint audit for all sites listed in sites.csv. Use certificate auth with tenant-id, app-id, and PFX at /certs/app.pfx. Output to ./batch-reports.
Run a SharePoint audit for site https://contoso.sharepoint.com/sites/Finance with Sites.Selected permission set to Write. Tenant ID, App ID, and PFX path as configured.
Create a shell script to automate SharePoint audits. It should prompt for all required inputs, run the audit, and save reports with timestamps.
Mejores prácticas
- 安全地儲存 PFX 憑證和密碼,切勿將其提交到版本控制。
- 除非明確需要寫入存取權限,否則使用預設的 Sites.Selected Read 權限範圍。
- 完成稽核後,檢視並刪除包含敏感資料的稽核報告。
Evitar
- 在聊天輸出中顯示秘密或認證資料。請務必從環境變數中讀取。
- 未先驗證 PFX 憑證路徑和密碼就執行稽核。
- 將稽核報告留在共享目錄中,卻未設定適當的存取控制。
Preguntas frecuentes
需要什麼版本的 PowerShell 和 Python?
支援哪些驗證方法?
我可以一次稽核多少個網站?
我的認證資料安全嗎?
稽核失敗並出現連線錯誤。我應該檢查什麼?
這與 Microsoft Purview 相比如何?
Detalles del desarrollador
Autor
AqualiaLicencia
MIT
Repositorio
https://github.com/Aqualia/Skills-Library/tree/main/sharepoint-audit-agent/wrappers/claude-skillRef.
main
Estructura de archivos
📄 SKILL.md