SharePoint: SharePoint agent usage statistics across all SharePoint sites

🚨 The Signal: Tenant admins can now view aggregated usage statistics for SharePoint agents across all sites. This provides visibility into agent activity, aiding in governance and identifying potential misuse or over-privilege of agent identities.

The Impact

Tenant admins are affected by new reporting, which helps identify security risks from agent over-privilege or anomalous activity.

• Tenant Admins: Gain visibility into agent activity, aiding in security posture assessment.
• Security Teams: Can use data to detect anomalous agent behaviour or potential misuse.
• Compliance Teams: Enhanced reporting supports auditing and compliance with data access policies.

The Action

1. Review SharePoint agent usage statistics in the SharePoint admin centre.
2. Identify agents with unusually high activity or access patterns.
3. Assess agent permissions and scope, reducing privileges where excessive.
4. Establish a baseline for normal agent behaviour to detect anomalies.
5. Integrate agent usage data into existing security monitoring and incident response processes.

Domain: Agentic-AI · Impact: medium · Workload: SharePoint · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898