Skip to content
English - Australia
More support
Contact us
  • There are no suggestions because the search field is empty.

SWOOP for SharePoint – Offboarding Guide

SWOOP for SharePoint must be fully removed from your environment due to its installation across SharePoint sites, Graph API Permissions, and the JS Tracker. This guide details the required steps to ensure a complete offboarding.

Prerequisites required for you to follow these instructions

Before beginning, ensure you have:

  • Global Admin rights
  • PnP PowerShell access
  • The following information:
    • Your Tenant name (e.g., yourtenant.onmicrosoft.com)
    • The Client ID used for SWOOP setup
    • List of SharePoint sites where SWOOP is installed

 

Remove Graph API Permissions

Sites.Read.All

No additional action is required for this permission.

Sites.Selected

Note: Once the SWOOP app registration has been removed, these permissions are effectively inactive. However, if you'd like a complete cleanup, you can revoke the site-level permissions individually.

 

Step 1: Remove SWOOP Application from Azure AD / Entra ID

  • Confirm the SWOOP app is deleted from Azure AD / Entra ID.
  • If already removed, proceed to the next step.

 

Step 2: Revoke SharePoint Site Permissions (Sites.Selected)

If SWOOP used Sites.Selected permissions, remove its access from each site:

Steps:

  • Replace $SITEURL with the URL of the SharePoint site.
  • Replace $CLIENTID and $DOMAINNAME with your tenant's values.
  • Run Get-PnPAzureADAppSitePermission to retrieve the Permission ID.
  • Use that Permission ID in the Revoke-PnPAzureADAppSitePermission command.

For each SharePoint site:

Connect-PnPOnline -Url "$SITEURL" -ClientId $CLIENTID -Tenant $DOMAINNAME.onmicrosoft.com -DeviceLogin
Get-PnPAzureADAppSitePermission -AppIdentity "645db201-85c4-490b-a5a8-3054feef2f91"
Revoke-PnPAzureADAppSitePermission -PermissionId $PermID
  • This revokes all site permissions granted to SWOOP.

 

Step 3: Remove JS Tracker from SharePoint Sites

3.1 Remove Per-Site Customisations

  • Retrieve the ID with:
Get-PnPApplicationCustomizer
(Get-PnPApplicationCustomizer -Identity $ID).Client
  • For each SharePoint site:

Steps:

  • Replace $SITEURL with the URL of the SharePoint site.
  • Replace $CLIENTID and $DOMAINNAME with your tenant's values.
Connect-PnPOnline -Url "$SITEURL" -ClientId $CLIENTID -Tenant $DOMAINNAME.onmicrosoft.com -DeviceLogin
Remove-PnPApplicationCustomizer -Identity "$ID" -Scope Site
  • This deletes any remaining site-level trackers.

3.2 Remove Tenant-Wide Extensions

  1. Go to:
    • SharePoint Admin Centre
    • More Features → Apps → Tenant Wide Extensions
  2. Delete any SWOOP-related configurations.
  3. This removes the tenant-level JS tracker.

3.3 Remove SWOOP App from Sites

  • Uninstall the SWOOP app from every SharePoint site where it was added.
  • Complete this step before removing configuration items.

 

Completion Checklist

You’re fully offboarded when:

  • SWOOP Azure AD / Entra ID app is removed
  • All Graph API Permissions are revoked
  • JS Tracker is deleted from all sites

 

Important Notes

  • Every step is mandatory for full removal.
  • Some steps require action on each SharePoint site.
  • Skipping steps may leave residual permissions or tracking components.