Tool Installation & Management
Power Platform Tool Box uses a marketplace-style registry system for discovering and installing tools. Learn how to find, install, update, and manage tools.
Tool Marketplace
Discovering Tools
The Tool Marketplace provides a centralized catalog of available tools:
- Click "Tool Marketplace" in the sidebar
- Browse featured tools or search by name
- View tool details:
- Name and description
- Author and version
- Download count
- Required permissions
- Screenshots (if available)
- Click "Install" to add the tool
Tools are downloaded as pre-built packages from the PPTB registry. No npm or pnpm installation required on your machine!
Installation Methods
From Marketplace (Recommended)
The easiest way to install tools:
- Open Tool Marketplace
- Find the tool you want
- Click "Install"
- Tool downloads and installs automatically
- Appears in Tools panel when ready
Benefits:
- Pre-built and verified
- Fast download and installation
- Automatic dependency resolution
- No build tools required
From npm (For Development & Private Packages)
For debugging, development, or installing private npm packages:
- Ensure pnpm is installed on your system
- Click "Install from npm"
- Enter package name (e.g.,
@your-org/your-tool) - PPTB installs via pnpm
- Tool loads after installation
Use this method for testing local tools during development or installing private npm packages not available in the marketplace.
Managing Installed Tools
View Installed Tools
The Tools panel shows all installed tools:
- Tool name and icon
- Version number
- Status (loaded, error, updating)
- Quick launch button
Launch a Tool
- Click on a tool in the Tools panel
- Tool loads in the main workspace
- Tool UI appears in an isolated iframe
- Tool can now interact with active connection
Update a Tool
- Marketplace shows update badge for outdated tools
- Click "Update" next to the tool
- New version downloads and replaces old version
- Tool reloads with new features
Updates are atomic - if an update fails, the previous version remains installed.
Uninstall a Tool
- Right-click tool in Tools panel
- Select "Uninstall"
- Confirm deletion
- Tool and its data are removed
Tool Registry System
Power Platform Tool Box uses a VS Code-style marketplace architecture:
How It Works
1. Developer publishes tool to npm
↓
2. Developer submits to PPTB registry via GitHub issue form
↓
3. Automated validation checks package
↓
4. Manual review by maintainers
↓
5. Tool approved and added to registry
↓
6. Users discover tool in marketplace
↓
7. Installation downloads pre-built archive
↓
8. Tool extracted and cached locally
↓
9. Tool appears in Tools panel
Registry Features
- Pre-built Archives: Tools distributed as ready-to-run packages
- Version Management: Track and install specific versions
- Update Checks: Automatic detection of new versions
- Metadata: Rich descriptions, icons, screenshots
- Categories: Organize tools by function
- Search: Find tools quickly by name or description
Tool Permissions
Tools request permissions for sensitive operations:
Permission Types
- Name
dataverse.read- Description
Read data from Dataverse (retrieve, query)
- Name
dataverse.write- Description
Create, update, delete records in Dataverse
- Name
terminal.create- Description
Create and manage terminal instances
- Name
files.write- Description
Save files to local disk
- Name
clipboard.write- Description
Copy data to clipboard
Reviewing Permissions
- Before installation, review requested permissions
- Understand what data the tool can access
- Only install tools from trusted sources
- Report suspicious tools to maintainers
Understanding CSP Exceptions
Some tools may request Content Security Policy (CSP) Exceptions when you install them. Here's what you need to know in simple terms:
What Are CSP Exceptions?
Think of CSP Exceptions like app permissions on your smartphone. Just as a mobile app might ask permission to access your camera or location, tools in Power Platform Tool Box may ask permission to access specific external resources on the internet.
By default, Power Platform Tool Box enforces strict security rules that only allow tools to use resources packaged within themselves. This protects you from malicious code. However, some legitimate tools need to access external resources to function properly.
Why Do Tools Need CSP Exceptions?
Tools may request exceptions for valid reasons:
- Loading visualization libraries from trusted CDNs (like Chart.js or D3.js)
- Accessing external APIs to fetch data or integrate with other services
- Using web fonts from services like Google Fonts
- Embedding maps or videos from trusted providers
- Connecting to Dataverse or other Microsoft services
The Consent Dialog
When you first launch a tool that needs CSP exceptions, you'll see a consent dialog that shows:
- Exactly which external resources the tool wants to access
- The type of access needed (scripts, styles, API connections, images, etc.)
- Specific domains or URLs the tool will communicate with
You can then choose to Accept (grant the permissions) or Decline (don't allow the tool to load).
If you decline, the tool won't load. If you accept, your choice is saved and you won't see the dialog again for that tool.
Staying Safe
Follow these best practices when reviewing CSP exceptions:
- Name
Review Carefully- Description
Read what the tool is requesting access to. Does it make sense for what the tool does?
- Name
Trust the Source- Description
Only grant exceptions to tools from developers you trust or tools with good reviews in the marketplace.
- Name
Watch for Red Flags- Description
Be suspicious if a simple tool requests access to many unrelated domains or services.
- Name
Revoke Anytime- Description
You can revoke CSP permissions at any time in the tool settings if you change your mind.
Example Scenarios
Here are common, legitimate reasons tools request CSP exceptions:
Scenario 1: Data Visualization Tool
Requests: script-src from https://cdn.jsdelivr.net
Reason: Loads a charting library to create graphs
Scenario 2: Dynamics Integration Tool
Requests: connect-src to https://*.dynamics.com
Reason: Needs to communicate with your Dynamics 365 environment
Scenario 3: Custom Branding Tool
Requests: font-src from https://fonts.googleapis.com
style-src from https://fonts.googleapis.com
Reason: Uses custom web fonts for professional appearance
CSP exceptions are tool-specific, not global. Granting access for one tool doesn't affect other tools' permissions.
Troubleshooting
Tool Won't Install
Symptom: Installation fails or hangs
Solutions:
- Check internet connectivity
- Verify registry server is accessible
- Check disk space is sufficient
- Try closing and reopening PPTB
- Check logs for specific errors
Tool Won't Load
Symptom: Tool installed but won't launch
Solutions:
- Ensure Node.js 18+ is installed
- Check tool compatibility with PPTB version
- Look for errors in developer console
- Try uninstalling and reinstalling
- Report issue to tool author
Tool Updates Fail
Symptom: Update downloads but doesn't apply
Solutions:
- Close the tool before updating
- Check write permissions in tool directory
- Verify sufficient disk space
- Manually uninstall and reinstall
Missing Dependencies
Symptom: Tool reports missing dependencies
Solutions:
- Registry packages should be self-contained
- Report issue to tool author
- Check tool's npm package configuration
- Try reinstalling from marketplace
For Tool Developers
Interested in publishing your own tools?
Next Steps
- Browse the marketplace for useful tools
- Connect to your Power Platform environment
- Start using tools to be more productive
- Provide feedback on tools you use
- Build your own tools for the community