When periodic reports need to be shared in dedicated spaces, managing documents manually can quickly become a significant burden. Every reporting cycle involves generating and uploading files to multiple SharePoint folders, a time-consuming process that’s also prone to human error. The main challenge lies in handling SharePoint tasks manually, which affects efficiency, consistency, and makes it harder to scale since over time the quantity of reports grows and the number recipients might increase.
To address this issue, we’ve implemented an automated solution leveraging Python and the Microsoft Graph API, allowing for example the periodic reports described in previous articles about Vulnerability Management and External Attack Surface Management to be generated and distributed efficiently using Python.
This approach enables reliable, repeatable, and precise report distribution among the Business Partners of the Würth Group, significantly reducing manual effort while improving accuracy, scalability and overall operational efficiency.
Operational Flow
Let’s take a closer look at how the workflow is defined. The operational flow is structured this way:
- Report generation: Periodic reports are generated for each company using a Python-based process.
- MS Graph API authentication: Authentication is handled through an Azure AD application configured with the required permissions. The solution adopted uses msal (Microsoft Authentication Library for Python) with the ConfidentialClientApplication class and certificate-based authentication, enabling a secure, automated, and non-interactive access model.
- Retrieve SharePoint site and document library: The automation dynamically identifies the appropriate SharePoint site and document library (drive) ensuring that reports are uploaded to the correct location.
- Report upload: Once the destination is determined, the report is automatically uploaded to SharePoint via MS Graph API. By specifying the folder path in the API request, it’s also possible to create folders and subfolders to organize reports according to the desired structure of the environment.
The following code snippet shows at a high level the core logic used to authenticate, retrieve the SharePoint location, and upload the report.
import msal
import requests
# Configuration
tenant_id = "YOUR_TENANT_ID"
client_id = "YOUR_CLIENT_ID"
authority = f"https://login.microsoftonline.com/{tenant_id}"
certificate_path = "path/to/your/private.key"
thumbprint = "YOUR_CERT_THUMBPRINT"
site_name = "YOUR_SITE_NAME"
site_domain = "YOUR_SITE_DOMAIN"
file_path = "path/to/your/file/report.pdf"
# Authenticate with MS Graph API
scope = ["https://graph.microsoft.com/.default"]
app = msal.ConfidentialClientApplication(
client_id=client_id,
authority=authority,
client_credential={"private_key": open(certificate_path).read(), "thumbprint": thumbprint}
)
# Acquire token
token_response = app.acquire_token_for_client(scopes=scope)
access_token = token_response.get("access_token")
# Get Site ID and Drive ID
header = {"Authorization": f"Bearer {access_token}"}
response=requests.get(url="https://graph.microsoft.com/v1.0/sites/{site_domain}:/sites/{site_name}", headers=header)
site_id = response.json()["id"]
response = requests.get(url="https://graph.microsoft.com/v1.0/sites/{site_id}/drives", headers=header)
for drive in response.json()["value"]:
if drive["name"] == "{your_drive_name}":
drive_id = drive["id"]
break
file_name="{path/to/your/file/on/SharePoint}"
# Upload to SharePoint
with Path.open(file_path, "rb") as f:
file_content = f.read()
header = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/pdf",
}
response = requests.put(url="https://graph.microsoft.com/v1.0/sites/{site_id}/drives/{drive_id}/root:/{file_name}:/content", headers=header, data=file_content)
Operational Benefits
The automated report sharing solution described above brings clear benefits for managing periodic reports across multiple companies in the group. To conclude, some of the key advantages include:
- Automation: Reports are uploaded and shared without manual intervention, freeing teams to focus on higher-value tasks
- Error reduction: The risk of sending files to the wrong location, or leaving reports unmanaged, is minimized
- Integration and extensibility: The process integrates smoothly with existing workflows, and can be extended with features like automated notifications or sharing the SharePoint link to new reports
Overall, this solution provides a robust, efficient, and scalable way to manage report distribution, creating a solid foundation for further automation and process improvement.
These Solutions are Engineered by Humans
Did you find this article interesting? Does it match your skill set? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this and others here at Würth IT Italy.
Beatrice Dall'Omo
Red Team & Offensive Security Specialist | Cybersecurity Team | Würth IT Italy
Author
Latest posts by Beatrice Dall'Omo
27. 11. 2025
Exposure Assessment, SEC4U
See What Outsiders See: The External Attack Surface Management Report