Skip to main content
This guide shows you how to configure the Microsoft SharePoint connector for WRITER Agent. After setting up this connector, WRITER Agent can perform operations like accessing SharePoint sites, reading documents and lists, searching content across your organization’s SharePoint environment, and managing files stored in document libraries.

Set up the Microsoft SharePoint connector

Configure the Microsoft SharePoint connector in AI Studio under Connectors & Tools. The Microsoft SharePoint connector supports two authentication options:
  • WRITER-managed OAuth (recommended): Writer provides the OAuth application. No setup required - just authorize access to your SharePoint.
  • Organization-managed OAuth: Create your own Microsoft OAuth application for custom branding and control.
Most users should choose WRITER-managed OAuth for faster setup. Only use organization-managed OAuth if you need custom branding or have specific security requirements.

Create a Microsoft OAuth application (organization-managed only)

If you choose to create a self-managed OAuth application to connect, first create a new Microsoft OAuth application in Microsoft Entra ID (Azure AD):
  1. Navigate to the Microsoft Entra admin center
  2. Go to Applications > App registrations
  3. Create a new registration
  4. Configure authentication with Web platform
  5. Add the Writer redirect URI to Redirect URIs: 
    https://app.writer.com/mcp/oauth/callback
  6. Add API permissions for the required Microsoft Graph scopes
  7. Create a client secret in Certificates & secrets
  8. Copy the application (client) ID and client secret
For detailed instructions, see Microsoft’s OAuth 2.0 documentation.

Required OAuth scopes

For self-managed OAuth, choose one of the following scope configurations based on the level of access you need:
  • Option A — Broad access: Add the following scopes to grant read and manage access across all site collections:
    • Sites.Read.All - Read items in all site collections
    • Sites.Manage.All - Create, edit, and delete items and lists in all site collections
    • Files.ReadWrite.All - Read and write files the user can access
    • offline_access - Maintain access to data
  • Option B — Selected sites only: Add the following scopes, then have a tenant admin grant FullControl on specific sites through the Microsoft Graph API. This avoids granting access to your entire SharePoint environment.
    • Sites.Selected - Access selected site collections
    • User.Read - Read user profile information
    • offline_access - Maintain access to data
OAuth scopes are fixed per connector and cannot be customized based on enabled tools. When users authorize the Microsoft SharePoint connector, they will grant all the scopes you configure, even if you disable certain tools in AI Studio.

Configure the connector in AI Studio

  1. Navigate to Connectors & Tools in AI Studio
  2. Select the Microsoft SharePoint connector
  3. Select who has access by default (all users or specific teams)
  4. Select the connection type:
    • Level: User level (each user authenticates their own account) or org level (shared connection to a single account)
    • Managed by: WRITER-managed or self-managed (your own OAuth app)
  5. Select which tools to enable for your agents
  6. Enter your OAuth client ID and client secret (if using self-managed OAuth)
  7. Complete the OAuth authorization flow

Next steps