# Feature Research **Domain:** SharePoint Online administration and auditing desktop tool (MSP / IT admin) **Researched:** 2026-04-02 **Confidence:** MEDIUM (competitive landscape from web sources; no Context7 for SaaS tools; Microsoft docs HIGH confidence) ## Feature Landscape ### Table Stakes (Users Expect These) Features that IT admins and MSPs assume exist in any SharePoint admin tool. Missing these makes the product feel broken or incomplete. | Feature | Why Expected | Complexity | Notes | |---------|--------------|------------|-------| | Permissions report (site-level) | Every audit tool has this; admins must prove who has access where | MEDIUM | Must show owners, members, guests, external users, and broken inheritance | | Export to CSV | Standard workflow — admins paste into tickets, compliance reports, Excel | LOW | Already in current app; keep for all reports | | Multi-site permissions scan | Admins manage dozens of sites; per-site-only scan is unusable at scale | HIGH | Requires batching Graph API calls; throttling management needed | | Storage metrics per site | Native M365 admin center only shows tenant-level; per-site is expected | MEDIUM | Already in current app; retain and improve | | Interactive login / Azure AD OAuth | No client secret storage expected; browser-based auth is the norm | MEDIUM | Already implemented; new version adds session caching | | Site template management | Re-using structure across client sites is a core MSP workflow | MEDIUM | Already in current app; port to C# | | File search across sites | Finding content across a tenant is a day-1 admin task | MEDIUM | Already in current app; Graph driveItem search | | Bulk operations (user add/remove, site creation) | Manual one-by-one is unacceptable at MSP scale | HIGH | Already in current app; async required to avoid UI freeze | | Error reporting (not silent failures) | Admins need to know when scans fail partially | LOW | Current app has 38 silent catch blocks — critical fix | | Localization (EN + FR) | Already exists; removing it would break existing users | LOW | Key-based translation system already in place | | Export to interactive HTML | Shareable reports without requiring recipients to have the tool | MEDIUM | Already in current app; retain embedded JS for sorting/filtering | ### Differentiators (Competitive Advantage) Features that are not universally provided, or are done poorly by competitors, where this tool can create genuine advantage. | Feature | Value Proposition | Complexity | Notes | |---------|-------------------|------------|-------| | Multi-tenant session caching | MSPs switch between 10-30 client tenants daily; re-auth per client wastes 2-3 min each | HIGH | Token cache per tenant profile; MSAL token cache serialization; core MSP differentiator | | User access export across selected sites | "Show me everything User X can access across these 15 sites" — native M365 can't do this for arbitrary site subsets | HIGH | Requires enumerating group memberships, direct assignments, and inherited access across n sites; high Graph API volume | | Simplified permissions view (plain language) | Compliance reports today require admins to translate "Contribute" to "can edit files" — untrained staff can't read them | MEDIUM | Jargon-free labels, summary counts, color coding; configurable detail level | | Storage graph by file type (pie + bar toggle) | Native admin center shows totals only; file-type breakdown identifies what's consuming quota (videos, backups, etc.) | MEDIUM | Requires Graph driveItem enumeration with file extension grouping; recharts-style WPF chart control | | Duplicate file detection | Reduces storage waste; no native Microsoft tool provides this simply | HIGH | Hash-based (SHA256/MD5) or name+size matching; large tenant = Graph throttling challenge | | Folder structure provisioning | Create standardized folder trees on new sites from a template — critical for MSPs onboarding clients | MEDIUM | Already in current app; differentiating because competitors (ShareGate) don't focus on this | | Offline profile / tenant registry | Store tenant URLs, display names, notes locally — instant context switching without re-entering URLs | LOW | JSON-backed, local only — simple but missing from all SaaS tools by design | | Operation progress and cancellation | SaaS tools run jobs server-side; desktop tool must show real-time progress and allow cancel mid-scan | MEDIUM | CancellationToken throughout async operations; progress reporting via IProgress | ### Anti-Features (Commonly Requested, Often Problematic) Features that seem valuable but create disproportionate complexity, maintenance burden, or scope creep for this tool's purpose. | Feature | Why Requested | Why Problematic | Alternative | |---------|---------------|-----------------|-------------| | Permission change alerts / real-time monitoring | Admins want to know when permissions change | Requires persistent background service, webhook registration in Azure, certificate lifecycle management — turns a desktop tool into a service | Run scheduled audit scans manually or via Windows Task Scheduler; export diffs between runs | | Automated remediation (auto-revoke permissions) | "Fix it for me" saves time | One wrong rule destroys access for a client's entire org; liability risk; requires undo capability and audit trail that equals a full compliance system | Surface recommendations, let admin click to apply one at a time | | SQLite or database storage | Faster queries on large datasets | Adds install dependency, schema migration complexity, and breaks the "single EXE" distribution model | JSON with chunked loading; lazy evaluation; paginated display | | Cloud sync / shared tenant registry | Team of admins sharing tenant configs | Requires auth system, conflict resolution, server infrastructure — out of scope for local tool | Export/import JSON profiles; share config files manually | | AI-powered governance recommendations | Microsoft is adding this to native admin center (SharePoint Admin Agent, Copilot-licensed) | Requires Copilot license, Graph calls with high latency, and competes directly with Microsoft's own roadmap | Focus on raw data accuracy and export quality; let Microsoft handle AI summaries | | Cross-platform (Mac/Linux) support | Some admins use Macs | WPF is Windows-only; rewrite to MAUI/Avalonia is a full project — not justified for current user base | Confirmed out of scope in PROJECT.md | | Version history management / rollback | Admins sometimes need to see version bloat | Version management is a deep separate problem; Graph API pagination for versions is complex and slow at scale | Surface version storage totals in storage metrics; flag libraries with high version counts | | SharePoint content migration | Admins ask to move content between tenants or sites | Migration is a fully separate product category (ShareGate, AvePoint); competing here is a multi-year investment | Refer to ShareGate or native SharePoint migration for content moves | ## Feature Dependencies ``` Multi-tenant session caching └──requires──> Tenant profile registry (JSON-backed) └──required by──> All features (auth gate) User access export across selected sites └──requires──> Multi-site permissions scan └──requires──> Multi-tenant session caching Simplified permissions view └──enhances──> Permissions report (site-level) └──enhances──> User access export across selected sites Storage graph by file type └──requires──> Storage metrics per site └──requires──> Graph driveItem enumeration (file extension data) Duplicate file detection └──requires──> File search across sites (file enumeration infrastructure) └──conflicts──> Automated remediation (deletion without undo = data loss risk) Bulk operations └──requires──> Operation progress and cancellation └──requires──> Error reporting (not silent failures) Export (CSV / HTML) └──enhances──> All report features └──required by──> Compliance audit workflows Folder structure provisioning └──requires──> Site template management ``` ### Dependency Notes - **Multi-tenant session caching requires Tenant profile registry:** Without a registry of tenant URLs and display names, the session cache has nothing to key against. The tenant profile JSON must exist before any feature can authenticate. - **User access export requires multi-site permissions scan:** The "all accesses for user X" feature is essentially a filtered multi-site permissions scan. The scanning infrastructure must exist first. - **Simplified permissions view enhances reports:** This is a presentation layer on top of raw permissions data — it cannot exist without the underlying data model. - **Storage graph by file type requires Graph driveItem enumeration:** The native Graph storage reports do not include file type breakdown. This requires enumerating files with their extensions, which is a heavier Graph operation than summary-only calls. - **Duplicate detection requires file enumeration infrastructure:** The file search feature already enumerates files; duplicate detection reuses that path but adds hash computation or name+size matching on top. - **Bulk operations require cancellation support:** Long-running bulk operations that cannot be cancelled will freeze or force-kill the app. CancellationToken must be threaded through before bulk ops are exposed to users. - **Duplicate detection conflicts with automated remediation:** Surfacing duplicates is safe; auto-deleting them without undo is not. Keep these concerns separate. ## MVP Definition ### Launch With (v1) Minimum viable product — sufficient to replace the existing PowerShell tool completely. - [ ] Tenant profile registry with multi-tenant session caching — without this, no feature works - [ ] Permissions report (site-level) with CSV + HTML export — core audit use case - [ ] Storage metrics per site — currently used daily - [ ] File search across sites — currently used daily - [ ] Bulk operations (member add, site creation, transfer) with progress + cancel — currently used; async required - [ ] Site template management — core MSP provisioning workflow - [ ] Folder structure provisioning — paired with templates - [ ] Duplicate file detection — currently used for storage cleanup - [ ] Error reporting (no silent failures) — current app's biggest reliability issue - [ ] Localization (EN/FR) — existing users depend on this ### Add After Validation (v1.x) Features to add once core parity is confirmed working. - [ ] User access export across selected sites — new feature; high value for MSP audits; add once multi-site scan is stable - [ ] Simplified permissions view (plain language) — presentation enhancement; add after raw data model is solid - [ ] Storage graph by file type (pie + bar toggle) — visualization enhancement on top of existing storage metrics ### Future Consideration (v2+) Features to defer until product-market fit is established. - [ ] Scheduled scan runs via Windows Task Scheduler integration — requires stable CLI/headless mode first - [ ] Permission comparison between two points in time (diff report) — useful for compliance but requires snapshot storage - [ ] Export to XLSX (full Excel format, not just CSV) — requested but not critical; CSV opens in Excel adequately ## Feature Prioritization Matrix | Feature | User Value | Implementation Cost | Priority | |---------|------------|---------------------|----------| | Tenant profile registry + session caching | HIGH | MEDIUM | P1 | | Permissions report (site-level) | HIGH | MEDIUM | P1 | | Storage metrics per site | HIGH | MEDIUM | P1 | | File search across sites | HIGH | MEDIUM | P1 | | Bulk operations with progress/cancel | HIGH | HIGH | P1 | | Error reporting (no silent failures) | HIGH | LOW | P1 | | Site template management | HIGH | MEDIUM | P1 | | Folder structure provisioning | MEDIUM | MEDIUM | P1 | | Duplicate file detection | MEDIUM | HIGH | P1 | | Localization (EN/FR) | MEDIUM | LOW | P1 | | User access export across selected sites | HIGH | HIGH | P2 | | Simplified permissions view | HIGH | MEDIUM | P2 | | Storage graph by file type | MEDIUM | MEDIUM | P2 | | Permission diff / snapshot comparison | MEDIUM | HIGH | P3 | | XLSX export | LOW | LOW | P3 | | Scheduled scans (headless/CLI) | LOW | HIGH | P3 | **Priority key:** - P1: Must have for v1 launch (parity with existing PowerShell tool) - P2: Should have — add after v1 validated; new features from PROJECT.md active requirements - P3: Nice to have, future consideration ## Competitor Feature Analysis | Feature | ShareGate | ManageEngine SharePoint Manager Plus | AdminDroid | Our Approach | |---------|-----------|---------------------------------------|------------|--------------| | Permissions matrix report | Yes — visual matrix, CSV export | Yes — granular permission level reports | Yes — site users/groups report | Yes — with plain-language layer on top | | Multi-tenant management | Yes — SaaS, per-tenant login | Yes — web-based | Yes — cloud SaaS | Yes — local session cache, instant switch, offline profiles | | Storage reporting | Basic | Basic tenant-level | Basic | Enhanced — file-type breakdown, pie/bar toggle | | Duplicate detection | No | No | No | Yes — differentiator | | Folder structure provisioning | No | No | No | Yes — differentiator | | Site templates | Migration focus | No | No | Yes — admin provisioning focus | | Bulk operations | Yes — migration-focused | Limited | No | Yes — admin-operations focus (not migration) | | User access export (cross-site) | Partial — site-by-site | Partial | Partial | Yes — arbitrary site subset, single export | | Plain language permissions | No | No | No | Yes — differentiator for untrained users | | Local desktop app (no SaaS) | No — cloud | No — cloud | No — cloud | Yes — core constraint and privacy advantage | | Offline / no internet needed | No | No | No | Yes (after auth token cached) | | Price | ~$6K/year | Subscription | Subscription | Tool cost (one-time dev, distributed free or licensed) | ## Sources - [ShareGate SharePoint audit tool feature page](https://sharegate.com/sharepoint-audit-tool) — MEDIUM confidence (marketing page) - [ManageEngine SharePoint Manager Plus permissions auditing](https://www.manageengine.com/sharepoint-management-reporting/sharepoint-permission-auditing-tool.html) — MEDIUM confidence - [Microsoft Data access governance reports — site permissions for users](https://learn.microsoft.com/en-us/sharepoint/data-access-governance-site-permissions-users-report) — HIGH confidence - [Microsoft SharePoint Advanced Management overview](https://learn.microsoft.com/en-us/sharepoint/advanced-management) — HIGH confidence - [sprobot.io: 9 must-have features for SharePoint storage reporting](https://www.sprobot.io/blog/how-to-choose-the-right-sharepoint-storage-reporting-tool-9-must-have-features) — MEDIUM confidence - [AdminDroid SharePoint Online auditing](https://admindroid.com/microsoft-365-sharepoint-online-auditing) — MEDIUM confidence - [CIAOPS: Best ways to monitor and audit permissions across SharePoint M365](https://blog.ciaops.com/2025/04/27/best-ways-to-monitor-and-audit-permissions-across-a-sharepoint-environment-in-microsoft-365/) — MEDIUM confidence - [ShareGate: How to generate a SharePoint user permissions report](https://sharegate.com/blog/build-the-perfect-sharepoint-permissions-report) — MEDIUM confidence - [Microsoft SharePoint storage reports admin center](https://learn.microsoft.com/en-us/microsoft-365/admin/activity-reports/sharepoint-storage-reports?view=o365-worldwide) — HIGH confidence --- *Feature research for: SharePoint Online administration/auditing desktop tool (C#/WPF, MSP/IT admin)* *Researched: 2026-04-02*