blog.atwork.at

news and know-how about microsoft, technology, cloud and more.

Provisioning an Office 365 group with an approval flow and Azure functions-part 3

This article describes the workflow for the group provisioning process by using the Azure function from part two in combination with PowerApps, SharePoint Online and Flow to enable a good user experience. Technically, we already have the toolset with the ProvisionGroup function. Now let's create the rest.

Create a list for requests

The workflow described in part one shall be started by a new entry in a SharePoint list or a PowerApp. So we need a custom list to collect all requests for a new Office 365 group in our company. This enables us to have a history for group request s coming in. Pick a SPO site (here it's "O365security")  and create a custom list "ProvisionGroup" as here. Actually, we only need a group name, but we added another text field for the "Purpose" of the group.

image

Of course, in real world, the list would be extended with Approval status and Success status, but in here we keep it simple. The idea is that when a new line is added to that list, the workflow shall start. The creator of the list item shall become owner of the group (as described in part two).

Create a new Flow

So, "Create a flow" asks for the trigger. In our sample, we use "Start approval when a new item is added". Flow and LogicApps are a very powerful tools. Although there would be a ton of things to say about these instruments, in this article we just concentrate on performing our desired workflow.

image

The Microsoft Flow management site https://flow.microsoft.com opens and wants confirmation for the Flow template. The current user is already added.

SNAGHTML9ddabd6

"Continue" opens the template for further modifications. As you can see, the flow is already created with the trigger "When a new item is created" and an approval email. We just need to enter the user account who shall receive the email. In our sample, that's the Admin user who works in the IT department and acts as manager.

image

In real world, we would add an Office 365 function lookup for the manager of the "Created by Email" user and send the request to that user.

If yes, use the Azure function

Then, a "new action" must be added in the "If yes" part. We will call our Azure function from part two where we saved the endpoint URL. We will use that to call the HTTP function with a JSON body with the parameters.

Search for "http" and select "HTTP - HTTP" from the search result.

image

So, we simply need to fill out the HTTP request action with our data from the Azure function. It's an HTTP POST operation and the URI is the one we copied from our PowerShell Azure function. As Body, we use the Request body from our Test pane:

{
"groupname":"DeathStar",
"upn":"admin@<mycompany>.onmicrosoft.com"
}

We pass the group name and the owner's UPN to the function. We don't use any HTTP headers in this case, just a Body.

image

Now we need to replace the hardcoded values by the list item values. This can be done as follows:

image

Ensure that the syntax stays valid and that there are no unnecessary spaces left between the quotes.

And add another notification email to the creator of the request (it's the "Created by Email" property)t: Add another action and search for "Office 365 send" as here:

image

And fill out the email form similar as before.

image

Done. Rename and create the flow (or update it if your already saved it).

Now we have created the basic functionality of our workflow.

Try it

Let's see if the workflow does what we defined. Return to the SharePoint list and add a new item to the "ProvisionGroup" list.

image

See how the flow is started. The 2nd step is waiting for an approval. This will look as here.

image

Let's open the manager's Outlook (here it's the Admin user) and approve the request:

image

"Approve and Submit":

image

The email content changes to "Approved".

image

Voila: The group provisioning takes usually only seconds and the user who initiated the group request will receive a notification email that the group has been created.

SNAGHTMLa139b45

If you want to check the flow, you can see all requests as well:

image

...and the details (success, data and runtime) of each step: Which way did the flow go?

image

Here you can see that the process of calling the Azure function until it ended was 16 seconds while sending the emails takes up to one second.

Check it out

Returning to Outlook, you should see the newly created Office 365 group "IgniteDemo".

image

The important part in here is, that the creator of the group is the owner and can now start to add members and content. Mission accomplished.

Create a PowerApp

As last step we can improve the user experience by using a PowerApp for the SharePoint Online list. This is just a click away: "PowerApps" and "Create an app"

image

"ProvisionGroupApp" is an appropriate name for the app. When clicking "Create", a minute later, we get a ready to use PowerApp. We can run the app out-of-the-box.

image

The generated app has the Create-Update-Delete (CRUD) features as any SharePoint list (featured by the SPO Connector and the OData interface with a Swagger definition). So, we can create a new entry as "ConnectDemo" and add it to the list. After the postback, the new item shows up in the list and we can check the details.

image

Since we added a new record to the ProvisionGroup list in the PowerApp, the trigger must fire. When checking out the flow, we see that it did.

image

Again, we are waiting for approval. So let's do that as before in Outlook...

After the approval, we see the new Office 365 group.

image

So, we have two ways for our users to start an Office 365 group provisioning approval workflow, whether it's accessing the SharePoint list or using a PowerApp.

Consideration and costs

We have seen that such a scenario as "Provisioning an Office 365 group with an approval workflow" can be developed with existing Microsoft services by Power Users and Developers, depending on the complexity of the solution. This workflow acts as a sample to show the possibilities of creating self-service processes in your organization. Of course, there exist many third party solutions that can deliver similar workflows combined with more management options, deployment, and more features. Our goal was to show a solution that existing Microsoft services can be used as well.

When being asked about the costs for this solution: Well, this is all within the Office 365 licenses, just Azure function are billed extra, pls. see Azure Functions pricing. To give you a short insight here: "Azure Functions consumption plan is billed based on resource consumption and executions. Consumption plan pricing includes a monthly free grant of 1 million requests and 400,000 GB-s of resource consumption per month.". As long we stay under one million requests (we call the Azure function 1 million times for group provisioning per month and it does not consume more than 400GB-s) the service is free (otherwise it costs $0.000016/GB-s - that's affordable, or?). Smile

Imagine the complexity that happens behind the scenes: Various products and services can be used to create a standardized workflow with loose coupling. The workflow starts in an app, writes data to a list, what acts as trigger and an approval workflow is started. If approved, the new Office 365 group is created in AAD, a SharePoint site is triggered to been provisioned, the email address is created in Exchange Online, members and permissions are added and so forth. Not bad, or?

We hope, this article series inspires you to have a look into the Microsoft Office 365 and Azure services and for using such processes within your organization!
In case of questions pls. contact us.

Quicklinks:

Comments (4) -

  • Marco Mangiante

    12/26/2017 6:21:33 PM |

    Only a curiosity about costs: it seems to me that it is reasonable that we can assume that for simple workflows with Azure Functions the costs are near 0..but what the costs of the app that one creates to have client id and secret?

  • Toni Pohl

    12/26/2017 6:58:02 PM |

    Hi Marco,
    well, the app is registered in the Azure Active Directory (AAD). Apps are registered for free-as well is the AAD itself (except you add Office 365 licenses to it). To make it short: AAD is free (up to 500,000 objects)!
    See more at azure.microsoft.com/.../
    hth! br, Toni

  • Toni Pohl

    2/8/2018 6:06:02 PM |

    Hi Erin,
    yes, this sample focuses on Office 365 groups creation. Other "groups" can be added depending on the existing Microsoft APIs. With Graph, now Teams can be provisioned as well. Exchange Groups can be created as email enabled security groups as well. AFAIK, Planner is available in preview as well. So, the answer is yes. You just need to check out the interface for offering other object types and then simply use them.
    Hope this helps?
    br, Toni

Pingbacks and trackbacks (6)+

Loading