Sharepoint-Toolbox/.planning/research/FEATURES.md

Feature Research

Domain: SharePoint Online administration and auditing desktop tool (MSP / IT admin) Researched: 2026-04-02 Confidence: MEDIUM (competitive landscape from web sources; no Context7 for SaaS tools; Microsoft docs HIGH confidence)

Feature Landscape

Table Stakes (Users Expect These)

Features that IT admins and MSPs assume exist in any SharePoint admin tool. Missing these makes the product feel broken or incomplete.

Feature	Why Expected	Complexity	Notes
Permissions report (site-level)	Every audit tool has this; admins must prove who has access where	MEDIUM	Must show owners, members, guests, external users, and broken inheritance
Export to CSV	Standard workflow — admins paste into tickets, compliance reports, Excel	LOW	Already in current app; keep for all reports
Multi-site permissions scan	Admins manage dozens of sites; per-site-only scan is unusable at scale	HIGH	Requires batching Graph API calls; throttling management needed
Storage metrics per site	Native M365 admin center only shows tenant-level; per-site is expected	MEDIUM	Already in current app; retain and improve
Interactive login / Azure AD OAuth	No client secret storage expected; browser-based auth is the norm	MEDIUM	Already implemented; new version adds session caching
Site template management	Re-using structure across client sites is a core MSP workflow	MEDIUM	Already in current app; port to C#
File search across sites	Finding content across a tenant is a day-1 admin task	MEDIUM	Already in current app; Graph driveItem search
Bulk operations (user add/remove, site creation)	Manual one-by-one is unacceptable at MSP scale	HIGH	Already in current app; async required to avoid UI freeze
Error reporting (not silent failures)	Admins need to know when scans fail partially	LOW	Current app has 38 silent catch blocks — critical fix
Localization (EN + FR)	Already exists; removing it would break existing users	LOW	Key-based translation system already in place
Export to interactive HTML	Shareable reports without requiring recipients to have the tool	MEDIUM	Already in current app; retain embedded JS for sorting/filtering

Differentiators (Competitive Advantage)

Features that are not universally provided, or are done poorly by competitors, where this tool can create genuine advantage.

Feature	Value Proposition	Complexity	Notes
Multi-tenant session caching	MSPs switch between 10-30 client tenants daily; re-auth per client wastes 2-3 min each	HIGH	Token cache per tenant profile; MSAL token cache serialization; core MSP differentiator
User access export across selected sites	"Show me everything User X can access across these 15 sites" — native M365 can't do this for arbitrary site subsets	HIGH	Requires enumerating group memberships, direct assignments, and inherited access across n sites; high Graph API volume
Simplified permissions view (plain language)	Compliance reports today require admins to translate "Contribute" to "can edit files" — untrained staff can't read them	MEDIUM	Jargon-free labels, summary counts, color coding; configurable detail level
Storage graph by file type (pie + bar toggle)	Native admin center shows totals only; file-type breakdown identifies what's consuming quota (videos, backups, etc.)	MEDIUM	Requires Graph driveItem enumeration with file extension grouping; recharts-style WPF chart control
Duplicate file detection	Reduces storage waste; no native Microsoft tool provides this simply	HIGH	Hash-based (SHA256/MD5) or name+size matching; large tenant = Graph throttling challenge
Folder structure provisioning	Create standardized folder trees on new sites from a template — critical for MSPs onboarding clients	MEDIUM	Already in current app; differentiating because competitors (ShareGate) don't focus on this
Offline profile / tenant registry	Store tenant URLs, display names, notes locally — instant context switching without re-entering URLs	LOW	JSON-backed, local only — simple but missing from all SaaS tools by design
Operation progress and cancellation	SaaS tools run jobs server-side; desktop tool must show real-time progress and allow cancel mid-scan	MEDIUM	CancellationToken throughout async operations; progress reporting via IProgress

Anti-Features (Commonly Requested, Often Problematic)

Features that seem valuable but create disproportionate complexity, maintenance burden, or scope creep for this tool's purpose.

Feature	Why Requested	Why Problematic	Alternative
Permission change alerts / real-time monitoring	Admins want to know when permissions change	Requires persistent background service, webhook registration in Azure, certificate lifecycle management — turns a desktop tool into a service	Run scheduled audit scans manually or via Windows Task Scheduler; export diffs between runs
Automated remediation (auto-revoke permissions)	"Fix it for me" saves time	One wrong rule destroys access for a client's entire org; liability risk; requires undo capability and audit trail that equals a full compliance system	Surface recommendations, let admin click to apply one at a time
SQLite or database storage	Faster queries on large datasets	Adds install dependency, schema migration complexity, and breaks the "single EXE" distribution model	JSON with chunked loading; lazy evaluation; paginated display
Cloud sync / shared tenant registry	Team of admins sharing tenant configs	Requires auth system, conflict resolution, server infrastructure — out of scope for local tool	Export/import JSON profiles; share config files manually
AI-powered governance recommendations	Microsoft is adding this to native admin center (SharePoint Admin Agent, Copilot-licensed)	Requires Copilot license, Graph calls with high latency, and competes directly with Microsoft's own roadmap	Focus on raw data accuracy and export quality; let Microsoft handle AI summaries
Cross-platform (Mac/Linux) support	Some admins use Macs	WPF is Windows-only; rewrite to MAUI/Avalonia is a full project — not justified for current user base	Confirmed out of scope in PROJECT.md
Version history management / rollback	Admins sometimes need to see version bloat	Version management is a deep separate problem; Graph API pagination for versions is complex and slow at scale	Surface version storage totals in storage metrics; flag libraries with high version counts
SharePoint content migration	Admins ask to move content between tenants or sites	Migration is a fully separate product category (ShareGate, AvePoint); competing here is a multi-year investment	Refer to ShareGate or native SharePoint migration for content moves

Feature Dependencies

Multi-tenant session caching
    └──requires──> Tenant profile registry (JSON-backed)
                       └──required by──> All features (auth gate)

User access export across selected sites
    └──requires──> Multi-site permissions scan
                       └──requires──> Multi-tenant session caching

Simplified permissions view
    └──enhances──> Permissions report (site-level)
    └──enhances──> User access export across selected sites

Storage graph by file type
    └──requires──> Storage metrics per site
    └──requires──> Graph driveItem enumeration (file extension data)

Duplicate file detection
    └──requires──> File search across sites (file enumeration infrastructure)
    └──conflicts──> Automated remediation (deletion without undo = data loss risk)

Bulk operations
    └──requires──> Operation progress and cancellation
    └──requires──> Error reporting (not silent failures)

Export (CSV / HTML)
    └──enhances──> All report features
    └──required by──> Compliance audit workflows

Folder structure provisioning
    └──requires──> Site template management

Dependency Notes

• Multi-tenant session caching requires Tenant profile registry: Without a registry of tenant URLs and display names, the session cache has nothing to key against. The tenant profile JSON must exist before any feature can authenticate.
• User access export requires multi-site permissions scan: The "all accesses for user X" feature is essentially a filtered multi-site permissions scan. The scanning infrastructure must exist first.
• Simplified permissions view enhances reports: This is a presentation layer on top of raw permissions data — it cannot exist without the underlying data model.
• Storage graph by file type requires Graph driveItem enumeration: The native Graph storage reports do not include file type breakdown. This requires enumerating files with their extensions, which is a heavier Graph operation than summary-only calls.
• Duplicate detection requires file enumeration infrastructure: The file search feature already enumerates files; duplicate detection reuses that path but adds hash computation or name+size matching on top.
• Bulk operations require cancellation support: Long-running bulk operations that cannot be cancelled will freeze or force-kill the app. CancellationToken must be threaded through before bulk ops are exposed to users.
• Duplicate detection conflicts with automated remediation: Surfacing duplicates is safe; auto-deleting them without undo is not. Keep these concerns separate.

MVP Definition

Launch With (v1)

Minimum viable product — sufficient to replace the existing PowerShell tool completely.

• Tenant profile registry with multi-tenant session caching — without this, no feature works
• Permissions report (site-level) with CSV + HTML export — core audit use case
• Storage metrics per site — currently used daily
• File search across sites — currently used daily
• Bulk operations (member add, site creation, transfer) with progress + cancel — currently used; async required
• Site template management — core MSP provisioning workflow
• Folder structure provisioning — paired with templates
• Duplicate file detection — currently used for storage cleanup
• Error reporting (no silent failures) — current app's biggest reliability issue
• Localization (EN/FR) — existing users depend on this

Add After Validation (v1.x)

Features to add once core parity is confirmed working.

• User access export across selected sites — new feature; high value for MSP audits; add once multi-site scan is stable
• Simplified permissions view (plain language) — presentation enhancement; add after raw data model is solid
• Storage graph by file type (pie + bar toggle) — visualization enhancement on top of existing storage metrics

Future Consideration (v2+)

Features to defer until product-market fit is established.

• Scheduled scan runs via Windows Task Scheduler integration — requires stable CLI/headless mode first
• Permission comparison between two points in time (diff report) — useful for compliance but requires snapshot storage
• Export to XLSX (full Excel format, not just CSV) — requested but not critical; CSV opens in Excel adequately

Feature Prioritization Matrix

Feature	User Value	Implementation Cost	Priority
Tenant profile registry + session caching	HIGH	MEDIUM	P1
Permissions report (site-level)	HIGH	MEDIUM	P1
Storage metrics per site	HIGH	MEDIUM	P1
File search across sites	HIGH	MEDIUM	P1
Bulk operations with progress/cancel	HIGH	HIGH	P1
Error reporting (no silent failures)	HIGH	LOW	P1
Site template management	HIGH	MEDIUM	P1
Folder structure provisioning	MEDIUM	MEDIUM	P1
Duplicate file detection	MEDIUM	HIGH	P1
Localization (EN/FR)	MEDIUM	LOW	P1
User access export across selected sites	HIGH	HIGH	P2
Simplified permissions view	HIGH	MEDIUM	P2
Storage graph by file type	MEDIUM	MEDIUM	P2
Permission diff / snapshot comparison	MEDIUM	HIGH	P3
XLSX export	LOW	LOW	P3
Scheduled scans (headless/CLI)	LOW	HIGH	P3

Priority key:

• P1: Must have for v1 launch (parity with existing PowerShell tool)
• P2: Should have — add after v1 validated; new features from PROJECT.md active requirements
• P3: Nice to have, future consideration

Competitor Feature Analysis

Feature	ShareGate	ManageEngine SharePoint Manager Plus	AdminDroid	Our Approach
Permissions matrix report	Yes — visual matrix, CSV export	Yes — granular permission level reports	Yes — site users/groups report	Yes — with plain-language layer on top
Multi-tenant management	Yes — SaaS, per-tenant login	Yes — web-based	Yes — cloud SaaS	Yes — local session cache, instant switch, offline profiles
Storage reporting	Basic	Basic tenant-level	Basic	Enhanced — file-type breakdown, pie/bar toggle
Duplicate detection	No	No	No	Yes — differentiator
Folder structure provisioning	No	No	No	Yes — differentiator
Site templates	Migration focus	No	No	Yes — admin provisioning focus
Bulk operations	Yes — migration-focused	Limited	No	Yes — admin-operations focus (not migration)
User access export (cross-site)	Partial — site-by-site	Partial	Partial	Yes — arbitrary site subset, single export
Plain language permissions	No	No	No	Yes — differentiator for untrained users
Local desktop app (no SaaS)	No — cloud	No — cloud	No — cloud	Yes — core constraint and privacy advantage
Offline / no internet needed	No	No	No	Yes (after auth token cached)
Price	~$6K/year	Subscription	Subscription	Tool cost (one-time dev, distributed free or licensed)

Sources

• ShareGate SharePoint audit tool feature page — MEDIUM confidence (marketing page)
• ManageEngine SharePoint Manager Plus permissions auditing — MEDIUM confidence
• Microsoft Data access governance reports — site permissions for users — HIGH confidence
• Microsoft SharePoint Advanced Management overview — HIGH confidence
• sprobot.io: 9 must-have features for SharePoint storage reporting — MEDIUM confidence
• AdminDroid SharePoint Online auditing — MEDIUM confidence
• CIAOPS: Best ways to monitor and audit permissions across SharePoint M365 — MEDIUM confidence
• ShareGate: How to generate a SharePoint user permissions report — MEDIUM confidence
• Microsoft SharePoint storage reports admin center — HIGH confidence

---

Feature research for: SharePoint Online administration/auditing desktop tool (C#/WPF, MSP/IT admin) Researched: 2026-04-02