6.2 KiB
6.2 KiB
SharePoint Toolbox v2
What This Is
A C#/WPF desktop application for IT administrators and MSPs to audit and manage SharePoint Online permissions, storage, files, and sites across multiple client tenants. Replaces a 6,400-line monolithic PowerShell script with a structured 10,071-line MVVM application shipping as a single self-contained EXE.
Core Value
Administrators can audit and manage SharePoint/Teams permissions and storage across multiple client tenants from a single, reliable desktop application.
Current State
Shipped: v2.2 Report Branding & User Directory (2026-04-09) Status: Active — v2.3 Tenant Management & Report Enhancements
Current Milestone: v2.3 Tenant Management & Report Enhancements
Goal: Streamline tenant onboarding with automated app registration, add self-healing ownership for access-denied sites, and enhance report output with group expansion and entry consolidation.
Target features:
- App registration on target tenant (auto via Graph API + guided fallback) during profile create/edit
- App removal from target tenant
- Auto-take ownership of SharePoint sites on access denied (global toggle)
- Expand groups in HTML reports (clickable to show members)
- Report consolidation toggle (merge duplicate user entries across locations)
v2.2 shipped features
- HTML report branding with MSP logo (global) and client logo (per tenant)
- Auto-pull client logo from Entra branding API
- Logo validation (PNG/JPG, 512 KB limit) with auto-compression
- User directory browse mode in user access audit tab with paginated load
- Member/guest filter and department/job title columns
- Directory user selection triggers existing audit pipeline
v1.1 shipped features
- Global multi-site selection in toolbar (pick sites once, all tabs use them)
- User access audit tab with Graph API people-picker, direct/group/inherited access distinction
- Simplified permissions with plain-language labels, color-coded risk levels, detail-level toggle
- Storage visualization with LiveCharts2 pie/donut and bar charts by file type
Tech stack: C# / WPF / .NET 10 / PnP Framework / Microsoft Graph SDK / MSAL / Serilog / CommunityToolkit.Mvvm / LiveCharts2 Tests: 285 automated (xUnit), 26 skipped (require live SharePoint tenant) Distribution: 200 MB self-contained EXE (win-x64) LOC: ~16,900 C#
Requirements
Validated
- Full C#/WPF rewrite of all existing PowerShell features — v1.0
- Multi-tenant authentication with cached sessions — v1.0
- Thorough error handling (per-item reporting, no silent failures) — v1.0
- Modular architecture (separate files per feature area, DI, MVVM) — v1.0
- Self-contained single EXE distribution — v1.0
Shipped in v1.1
- Global multi-site selection in toolbar (SITE-01/02) — v1.1
- Export all SharePoint/Teams accesses a specific user has across selected sites (UACC-01/02) — v1.1
- Simplified permissions reports (plain language, summary views) (SIMP-01/02/03) — v1.1
- Storage metrics graph by file type (pie/donut and bar chart, toggleable) (VIZZ-01/02/03) — v1.1
Shipped in v2.2
- HTML report branding with MSP and client logos (BRAND-01/02/03/04/05/06) — v2.2
- User directory browse mode in user access audit tab (UDIR-01/02/03/04/05) — v2.2
Active in v2.3
- Automated app registration on target tenant with guided fallback
- App removal from target tenant
- Auto-take ownership of sites on access denied (global toggle)
- Expand groups in HTML reports
- Report consolidation toggle (merge duplicate entries)
Out of Scope
- Cross-platform support (Mac/Linux) — WPF is Windows-only; not justified for current user base
- SQLite or database storage — JSON sufficient for config, profiles, and templates
- Web-based UI — must remain a local desktop application
- Cloud/SaaS deployment — local tool by design
- Mobile support — desktop admin tool
- Real-time monitoring / alerts — requires background service, beyond scope
- Automated remediation (auto-revoke) — liability risk
- Content migration between tenants — separate product category
Context
- v1.0 shipped with full feature parity: permissions, storage, search, duplicates, bulk operations, templates, folder provisioning
- v1.1 shipped with enhanced reports: user access audit, simplified permissions, storage charts, global site selection
- v2.2 shipped with report branding (logos in HTML exports) and user directory browse mode
- Localization: 230+ EN/FR keys, full parity verified
- Architecture: 140+ C# files + 17 XAML files across Core/Infrastructure/Services/ViewModels/Views layers
Constraints
- Platform: Windows desktop only — WPF requires Windows
- Distribution: Self-contained EXE (~200 MB) — no .NET runtime dependency
- Auth method: Interactive browser-based Azure AD login (no client secrets stored)
- Data storage: JSON files for profiles, settings, templates
- SharePoint API: PnP Framework / Microsoft Graph SDK
- Local only: No telemetry, no cloud services, no external dependencies at runtime
Key Decisions
| Decision | Rationale | Outcome |
|---|---|---|
| Rewrite to C#/WPF instead of improving PowerShell | Better async/await, proper OOP, richer UI, better tooling | ✓ Good — 10k LOC structured app vs 6.4k monolithic script |
| WPF over WinForms | Modern data binding, MVVM pattern, richer styling | ✓ Good — clean separation of concerns |
| Self-contained EXE | Users shouldn't need to install .NET runtime | ✓ Good — 200 MB single file, zero dependencies |
| Keep JSON storage | Simple, human-readable, sufficient for config/profiles | ✓ Good — atomic write-then-replace pattern works well |
| Multi-tenant session caching | MSP workflow requires fast switching between tenants | ✓ Good — per-clientId MSAL PCA with MsalCacheHelper |
| BulkOperationRunner pattern | Continue-on-error with per-item results for all bulk ops | ✓ Good — consistent error handling across 4 bulk features |
| Wave 0 scaffold pattern | Models + interfaces + test stubs before implementation | ✓ Good — all phases had test targets from day 1 |
Last updated: 2026-04-09 after v2.3 milestone started