AuditSphere Pro (SPFx) - User Guide
Table of Contents
- Introduction
- Prerequisites
- Installation & Deployment
- Initial Configuration
- Using the Dashboard
- Overview Page
- Activity Log
- Anomaly Detection
- Compliance Monitoring
- Alerts Management
- Access Reviews
- Sites Management
- Reports
- Settings
- Troubleshooting
Introduction
AuditSphere Pro is a SharePoint Framework (SPFx) web part that brings comprehensive security and compliance monitoring directly into your SharePoint environment. It provides:
- Real-time Dashboard - Monitor security metrics at a glance
- Activity Monitoring - Browse and search audit events from Microsoft 365
- Anomaly Detection - AI-powered detection of unusual user behavior
- Compliance Checks - CIS Microsoft 365 benchmark assessments
- Access Reviews - Systematic permission review campaigns
- Alerting - Security notifications and alert management
- Reports - Generate compliance and activity reports
The web part connects to the AuditSphere API backend service, which handles all data processing, Microsoft Graph integration, and anomaly detection.
Prerequisites
System Requirements
- SharePoint Online tenant (Microsoft 365)
- SharePoint Administrator access (for initial deployment)
- Modern web browser (Edge, Chrome, Firefox, Safari)
Backend Requirements
- AuditSphere API deployed and accessible
- Azure AD app registration configured
- API permissions granted and admin consented
Azure AD App Registration
Your Azure AD app registration must have the following configured:
Application ID URI:
- Format:
api://{your-client-id} - Example:
api://eca12ded-8416-41fd-ac0a-ffaccb1ecb04
Exposed API Scope:
- Scope name:
access_as_user - Who can consent: Admins and users
- Admin consent display name: Access AuditSphere API
- State: Enabled
Required API Permissions (on backend app):
| Permission | Type | Description |
|---|---|---|
AuditLog.Read.All | Application | Read all audit log data |
Directory.Read.All | Application | Read directory data |
SecurityEvents.Read.All | Application | Read security events |
Sites.FullControl.All | Application | Full control of all site collections |
Sites.Read.All | Application | Read items in all site collections |
User.Read.All | Application | Read all users' full profiles |
GroupMember.ReadWrite.All | Application | Read and write group memberships |
Files.ReadWrite.All | Application | Read and write files |
Mail.Send | Application | Send mail as any user |
Office 365 Management APIs:
| Permission | Type | Description |
|---|---|---|
ActivityFeed.Read | Application | Read activity data for your organization |
Installation & Deployment
Step 1: Build the Package
If building from source:
# Navigate to project directory
cd auditsphere-spfx
# Install dependencies
npm install
# Build the solution package
npm run buildThis creates auditsphere-pro.sppkg in the sharepoint/solution/ folder.
Step 2: Upload to App Catalog
- Go to your SharePoint Admin Center
- Navigate to More features > Apps > Open
- Click App Catalog (create one if it doesn't exist)
- Select Apps for SharePoint
- Click Upload and select
auditsphere-pro.sppkg - In the deployment dialog:
- Check "Make this solution available to all sites in the organization" for tenant-wide deployment
- Click Deploy
Step 3: Approve API Permissions
- Go to SharePoint Admin Center
- Navigate to Advanced > API access
- You'll see pending permission requests for AuditSphere Pro
- Select each permission and click Approve
- The web part needs access to your Azure AD app registration
Step 4: Add to a Page
- Navigate to any SharePoint modern page
- Click Edit
- Click + to add a new web part
- Search for "AuditSphere" or find it under your organization's apps
- Click to add the web part to the page
- Configure the web part properties (see Initial Configuration)
- Click Publish
Initial Configuration
After adding the web part to a page, configure it using the property pane.
Opening the Property Pane
- Click the web part to select it
- Click the pencil icon (Edit) on the web part toolbar
- The property pane opens on the right side
Configuration Options
| Property | Description | Default |
|---|---|---|
| API URL | The AuditSphere API backend URL | https://auditsphere-api.nubewired.com |
| Azure AD Client ID | Your Azure AD app registration client ID | (Required) |
| Default Page | Which page to show when the web part loads | Overview |
| Refresh Interval | Auto-refresh interval in seconds (0 = disabled) | 0 |
| Theme Color | Visual color theme | Default (Blue) |
Available Themes
| Theme | Description |
|---|---|
| Default | Blue color scheme |
| Indigo | Deep purple/indigo |
| Light Blue | Lighter blue tones |
| Navy | Dark navy blue |
| Violet | Purple/violet |
| Sky Blue | Bright sky blue |
The web part also automatically detects and applies dark/light mode based on your SharePoint site theme.
Using the Dashboard
Navigation
The dashboard uses a tab-based navigation at the top:
| Tab | Icon | Function |
|---|---|---|
| Overview | Home | Dashboard summary and quick stats |
| Activity | List | Audit event browser |
| Anomalies | Warning | ML-detected unusual behavior |
| Compliance | Shield | CIS benchmark checks |
| Alerts | Bell | Security alert management |
| Access Review | People | Permission review campaigns |
| Sites | Building | SharePoint site management |
| Reports | Document | Report generation |
| Settings | Gear | Configuration |
Common Actions
- Refresh: Click the refresh button in the header to reload data
- Auto-refresh: Configure in Settings to automatically refresh at intervals
- Theme: Change visual theme in Settings
Overview Page
The Overview page provides a dashboard summary of your security posture.
Statistics Cards
- Total Events (24h): Audit events collected in the last 24 hours
- Anomalies: Number of detected anomalies requiring attention
- Active Alerts: Security alerts that need action
- Compliance Score: Overall compliance percentage
Activity Trends
A 7-day chart showing event volume trends over time.
Recent Activity Feed
A combined feed showing:
- Recent audit events
- Recent anomaly detections
- Timestamps and severity indicators
Activity Log
Browse and search all collected audit events from Microsoft 365.
Filtering Events
Use the filter bar to narrow results:
| Filter | Options |
|---|---|
| Search | Free text search across all fields |
| Operation | Filter by operation type (FileAccessed, FileModified, etc.) |
| User | Filter by specific user email |
| Site | Filter by SharePoint site URL |
| Date Range | Select start and end dates |
Event Details
Each event displays:
- Timestamp: When the event occurred
- Operation: Type of action performed
- User: Who performed the action
- Site URL: Where the action occurred
- IP Address: Source IP address
- User Agent: Client application used
Pagination
Events are displayed 50 per page. Use the pagination controls at the bottom to navigate.
Exporting
Click Export to download the current filtered view as CSV.
Anomaly Detection
View AI-detected unusual behavior patterns.
Anomaly Types
| Type | Description |
|---|---|
| Access Pattern | Unusual file access behavior |
| Timing | Activity at unusual times |
| Volume | Unusually high activity levels |
| External Sharing | Suspicious sharing with external users |
Severity Levels
| Level | Color | Meaning |
|---|---|---|
| CRITICAL | Red | Immediate action required |
| HIGH | Orange | Urgent attention needed |
| MEDIUM | Yellow | Should be reviewed soon |
| LOW | Blue | Informational |
Managing Anomalies
Filter by Severity
Use the severity filter dropdown to show only specific severity levels.
Filter by Status
Filter by status: NEW, INVESTIGATING, RESOLVED, FALSE_POSITIVE
Update Status
- Click on an anomaly row
- Select new status from the dropdown
- Status updates immediately
AI Explanations
Each anomaly includes an AI-generated explanation describing:
- What was detected
- Why it's unusual
- Recommended actions
Compliance Monitoring
Run and view CIS Microsoft 365 benchmark compliance checks.
Running Checks
- Click Run Compliance Check
- Select the compliance standard (CIS MS365 Benchmark)
- Wait for checks to complete
- Review results
Understanding Results
Compliance Score
A percentage showing how many checks passed vs. total checks.
Check Status
| Status | Meaning |
|---|---|
| PASS | Configuration meets the benchmark |
| FAIL | Configuration doesn't meet the benchmark |
| ERROR | Check couldn't be completed |
| NOT_APPLICABLE | Check doesn't apply to your environment |
Severity Levels
| Level | Description |
|---|---|
| CRITICAL | Must fix immediately - high security risk |
| HIGH | Should fix soon - significant risk |
| MEDIUM | Recommended to fix - moderate risk |
| LOW | Nice to have - minor improvement |
Viewing Check Details
Click on any check to see:
- Full check description
- Current configuration evidence
- Remediation steps
Clear Data
Click Clear Data to remove all compliance check history and start fresh.
Alerts Management
View and manage security alerts generated by the system.
Alert Types
| Type | Description |
|---|---|
| ANOMALY | Generated from ML anomaly detection |
| COMPLIANCE | Generated from compliance check failures |
| SECURITY | Custom security policy violations |
Alert Status Workflow
Managing Alerts
Mark as Read
Click the checkbox to mark an alert as read.
Change Status
- Click on an alert to expand details
- Select new status from dropdown:
- ACKNOWLEDGED: Being investigated
- RESOLVED: Issue addressed
- DISMISSED: False positive or no action needed
Alert Statistics
The header shows counts by status:
- New alerts
- Acknowledged
- Resolved
Access Reviews
Create and manage systematic permission review campaigns.
Access Review Tabs
| Tab | Function |
|---|---|
| Campaigns | Create and manage review campaigns |
| My Reviews | View and action your pending review items |
| Schedules | Set up recurring automatic reviews |
| Designated Owners | Assign resource owners for reviews |
Creating a Campaign
-
Go to Access Review > Campaigns
-
Click Create Campaign
-
Fill in campaign details:
- Name: Descriptive campaign name
- Description: Purpose of the review
- Scope: Select sites/resources to review
- Due Date: Deadline for completion
-
Click Create
Campaign Lifecycle
| Status | Description |
|---|---|
| DRAFT | Being configured |
| SCHEDULED | Waiting to start |
| COLLECTING | Gathering permissions from Microsoft 365 |
| IN_REVIEW | Reviewers making decisions |
| COMPLETED | All decisions made |
Reviewing Permissions (My Reviews)
- Go to Access Review > My Reviews
- See all permissions assigned to you for review
- For each item, decide:
- Retain: Keep the permission
- Remove: Revoke the permission
- Enter justification (required for remove decisions)
- Click Submit Decision
Bulk Decisions
- Select multiple items using checkboxes
- Click Bulk Retain or Bulk Remove
- Enter common justification
- Click Submit
Scheduled Reviews
Set up recurring automatic reviews:
-
Go to Access Review > Schedules
-
Click Create Schedule
-
Configure:
- Name: Schedule name
- Frequency: Weekly, Monthly, Quarterly, or Yearly
- Review Period: Days allowed for completion
- Scope: Sites/resources to include
- Auto-execute: Automatically remove access on completion
- Notifications: Enable email reminders
-
Click Save
Designated Owners
Assign users responsible for reviewing specific resources:
- Go to Access Review > Designated Owners
- Click Add Owner
- Select the resource (site or drive)
- Select the owner (user)
- Optionally mark as Primary Owner
- Click Save
Sites Management
View and manage SharePoint sites being monitored.
Site List
Displays all SharePoint sites with:
- Site name and URL
- Last activity date
- Security status
- Monitoring status
Site Statistics
Header cards show:
- Total Sites: Number of sites
- External Sharing: Sites with external sharing enabled
- Recently Active: Sites with recent activity
Syncing Sites
Click Sync Sites to refresh the site list from Microsoft 365.
Site Details
Click on a site to see additional details and configuration options.
Reports
Generate and download compliance and activity reports.
Available Report Types
| Report | Description |
|---|---|
| Access Audit | Detailed permission inventory |
| Compliance | Compliance check results summary |
| Anomaly | Detected anomalies summary |
| Sharing | External sharing analysis |
| External Access | Guest user access report |
Generating a Report
- Click Generate Report
- Select report type
- Configure parameters:
- Date range
- Filters (if applicable)
- Click Generate
- Wait for processing to complete
Downloading Reports
- Find the report in the list
- Click the Download button
- Report downloads as CSV file
Managing Reports
- View: See report details and parameters
- Download: Download the generated file
- Delete: Remove the report
Settings
Configure the web part and manage connections.
API Configuration
- API URL: The AuditSphere API backend URL
- Azure AD Client ID: Your app registration client ID
Click Test Connection to verify the API is accessible.
Microsoft Connection Status
Shows whether the backend is connected to Microsoft 365:
- Connected: Green indicator, connection active
- Disconnected: Red indicator, action needed
Theme Settings
Select from available color themes:
- Default (Blue)
- Indigo
- Light Blue
- Navy
- Violet
- Sky Blue
Dark/light mode is automatically detected from your SharePoint site theme.
Auto-Refresh
Configure automatic data refresh:
- Set interval in seconds
- Set to 0 to disable
Troubleshooting
Common Issues
"Failed to connect to API"
Problem: Web part cannot reach the AuditSphere API.
Solutions:
- Verify the API URL in Settings is correct
- Check that the API service is running
- Verify network connectivity
- Check browser console for CORS errors
"Authentication failed"
Problem: Azure AD token acquisition failed.
Solutions:
- Verify the Azure AD Client ID is correct
- Check that API permissions are approved in SharePoint Admin Center
- Ensure the app registration has the correct scopes configured
- Clear browser cache and try again
"No data appearing"
Problem: Dashboard shows empty or no events.
Solutions:
- Verify Microsoft 365 connection is active (check Settings)
- Ensure audit logging is enabled in your Microsoft 365 tenant
- Wait for the sync interval (events sync every 15 minutes)
- Check that the connected account has proper permissions
"Compliance checks failing"
Problem: All compliance checks show errors.
Solutions:
- Verify the API service has proper Microsoft Graph permissions
- Check that the service account has admin access
- Review API logs for specific error messages
"Access review not collecting"
Problem: Campaign stuck in "Collecting" status.
Solutions:
- Verify Sites.FullControl.All permission is granted
- Check that selected sites are accessible
- Review API service logs
"Permission changes not executing"
Problem: Access review remove decisions not being applied.
Solutions:
- Verify Sites.FullControl.All and Sites.Manage.All permissions
- Check GroupMember.ReadWrite.All for group permissions
- Ensure the API service has write access
Getting Help
For additional support:
- Check the Help page within the application
- Contact your SharePoint administrator
- Review browser developer console for error details
- Check API service logs for backend errors
Browser Developer Console
To view detailed error messages:
- Press F12 to open Developer Tools
- Go to the Console tab
- Look for red error messages
- Network tab shows API request/response details
Glossary
| Term | Definition |
|---|---|
| SPFx | SharePoint Framework - Microsoft's development model for SharePoint |
| Web Part | A modular component that can be added to SharePoint pages |
| Azure AD | Azure Active Directory - Microsoft's identity service |
| Bearer Token | Authentication token sent with API requests |
| Anomaly | ML-detected unusual behavior pattern |
| Campaign | Access review initiative with defined scope |
| CIS Benchmark | Industry standard security guidelines |
Document Information
| Property | Value |
|---|---|
| Version | 1.0 |
| Last Updated | December 2025 |
| Web Part Version | 2.1.0 |
| Audience | End Users & Administrators |