Admin Approval Guide
Everything your SharePoint administrator needs to deploy SP Toolkit — two steps, no Global Admin required.
What is SP Toolkit?
SP Toolkit is a SharePoint Framework (SPFx) web part that migrates SharePoint lists, libraries, and documents between sites or tenants. It preserves metadata, lookup relationships, version history, and all 30+ SharePoint field types. Built by DNG Software Pty Ltd — sharepointtoolkit.com.
Deployment Steps
Upload the package to the App Catalog
- Go to SharePoint Admin Centre → More features → Apps → App Catalog
- Upload
sp-toolkit.sppkg - In the deployment dialog, choose whether to deploy tenant-wide or to specific site collections only
- Click Deploy
That's it — one step.
No Global Admin required. No API permissions to approve. A SharePoint Administrator can complete the deployment. Users can now add the SP Toolkit web part to any SharePoint page and start a free trial immediately.
Security FAQ for Administrators
“What does the API permission actually do?”
SP Toolkit no longer requires an API permission approval step. The web part communicates with the licence server directly — no admin consent is needed. What is sent: Tenant ID (a GUID) and aggregate usage metrics (item counts, list counts). What is NOT sent: No list names, item content, document content, user names, passwords, site URLs, or any other tenant data. Ever.
“Does it require Global Admin?”
No. SharePoint Administrator permissions are sufficient to upload the package. The tool runs under the signed-in user's own permissions — it cannot access anything the user doesn't already have access to.
“Does it use Application Permissions?”
No. SP Toolkit uses Delegated Permissions exclusively (User Impersonation). It acts on behalf of the signed-in user, not as a service account. There is no background service, no daemon app, and no service principal with tenant-wide access. This is the lowest-risk permission model available in Microsoft 365.
“Where does the data go during migration?”
Nowhere outside Microsoft 365. The migration engine runs in the user's browser. Data flows directly from source SharePoint → browser → target SharePoint via standard SharePoint REST and Microsoft Graph APIs. No third-party server is involved in the data path.
“What appears in our audit logs?”
Every action (item created, file uploaded, folder created) is recorded in the Microsoft 365 Unified Audit Log under the signed-in user's identity. There are no hidden service accounts. Your existing DLP and compliance policies apply automatically.
“Can we scope it to specific sites only?”
Yes. Instead of deploying tenant-wide, you can upload the package to a Site Collection App Catalog. This restricts the tool to a single site collection. Users on other sites will not see or have access to it.
“What happens if we remove it?”
Delete the app from the App Catalog. The web part is immediately removed. There are no residual services, background processes, or configuration artefacts to clean up.
“Is there a trial period?”
Yes — 14 days, unlimited usage, no credit card required. This allows you to run a full test migration on real data in your own tenant before any purchase decision.
Quick Reference
| Question | Answer |
|---|---|
| Global Admin required? | No — SharePoint Admin is sufficient |
| Application Permissions? | No — Delegated only (user impersonation) |
| Data leaves tenant? | No — browser-to-SharePoint only |
| Service accounts? | None |
| Audit trail? | Standard M365 Unified Audit Log |
| API permissions | None required — no admin consent step |
| Removal process | Delete from App Catalog — instant, complete |
| Trial | 14 days, unlimited, no credit card |
Need More Detail?
Read our full Security & Data Privacy Overview for a complete technical breakdown of permissions, data flow, and compliance posture.