Introduction
Microsoft Teams is a collaboration app built for hybrid work, so you and your team stay informed, organized, and connected. With remote work taking the front seat, Teams have received immense acceptance in every organization and have in fact become the backbone of collaboration over a short period of time. Automation of Team and Channel Creation within Microsoft Teams hence becomes a topic of interest.
In this article, we will see how we can automate Microsoft teams provisioning process using SharePoint List and invoking Power Automate from Microsoft Graph
Business Use Case
Governance around Microsoft teams is something every organization is facing challenges with. As there is out of the box option to create a team from the UI for everyone, even for a casual chat people tend to spin up a Teams and leave it unused after a week or so resulting in exponential creation of teams which the admins will have a tough time managing later.
So, general practice has been to disable the out of the box team creation option which again results in numerous IT tickets for new team creation and the IT team may not be able to decide the authenticity of the request as many a time they are disconnected from the business side of the organization and have to take requestor’s manager approval to process the ticket which again lengthens the process and the work involved.
To work around this, we can set up an automation system where:
- We will create a SharePoint list with the basic columns that captures information for creating a Team and end users can create a new item and fill in the details if they want to have a new team created.
- The list will have content approval enabled and on item creation, we will trigger a Power Automate and start an approval process where a set of approvers in the business side will have to validate the team creation request which was created in the SharePoint list.
- Upon approval, we will use the column values to create a team using Microsoft Graph API
Implementation
One of the first things to do is to create the SharePoint list with the needed columns that will capture the team creation details. The simplified form of implementation can be done using the below columns.
Now let’s head over to the Azure Portal to create the App Registration. We can access it from Azure Active Directory > App registrations blade > click the New registration button. Specify the app name and click on register.
The next step is to create the client secret which can be done from the Certificates and secrets blade. Click on New client secret to generate a new one by adding the description and the expiry window.
Click on add which will generate the secret and show it in the window. Ensure that we save it somewhere safe as it will be hashed the moment we navigate away from the page.
Now we need to specify the permissions that needs to be granted to the app from the API Permissions blade. Since we are going to work on team creation, as per the official documentation, the permissions needed are:
|
Delegated Permission |
Team.Create |
|
Application Permission |
Team.Create, Teamwork.Migrate.All |
Microsoft Graph permission names follow a simple pattern: resource.operation.constraint. For example, here Team. Create grants the permission to do the operation of creation on the resource Team.
Delegated Permissions are used when there is a signed-in user context in our implementation. Since in our case, the application runs as a background service in response to when a user requests for team creation, we don’t need to specifically call for a signed-in user context. However, to allow this, the administrator will have to consent to the requested permission (Team.Create) as it will run unattended and with full privileges once the application goes live.
So, let’s head over to the API Permissions and click on Add a permission which will slide open the panel where we can select the API – Microsoft Graph which we will be using in our app.
Let’s select Application Permissions and select the Permission – Team.Create.
The administrator will have to grant access to the newly added application permission by clicking on “Grant Admin Consent for <Tenant>”
After providing the admin consent for the permission, a tick mark will appear in the status
Thus the configurations are completed in the portal and we can note down 2 more value from the Overview blade: Tenant ID and Application ID along with the client secret as we will be using it in the Power Automate.
Build the Flow
Now let’s head over to flow.microsoft.com to create the cloud flow which will be triggered on item creation in the SharePoint List.
Next, we will declare 3 variables to hold the values of Tenant ID, Client ID and Client Secret. We will also update them with the respective values which we had noted down previously.
To ensure that there is business approval, let’s add a Start and Wait for Approval action so that the newly created team creation request will go through a business validation approval process.
Based on the approval status, we will check the Outcome value of the Approval action and set the Content Approval Status column in the SharePoint List to Approve/Reject
Note: Ensure that the list has Content Approval Enabled from the List Settings – > Versioning Settings
In case the approval has been obtained, we will perform the Team Creation within the same Yes block of the condition for which we have added an HTTP action. Though we can use the Create Team action, the flexibility of modifying the team creation parameters is very less with that action and hence we will go with the trusted HTTP action where we will invoke the Graph API and mention the needed Authentication and Body Settings.
We will be issuing a Post request to the below URL for creating the teams: https://graph.microsoft.com/v1.0/teams
The body of the request will contain the parameters needed for the team creation, based on the official documentation for Creating the Team using Application Permissions, we have built the body as below where we have mentioned the Team Display Name, Description, Owner, and a few of the Member Settings that need to be used while team creation.
| { “template@odata.bind”: “https://graph.microsoft.com/v1.0/teamsTemplates(‘standard’)”, “displayName”: “@{triggerOutputs()?[‘body/TeamName’]}”, “description”: “@{triggerOutputs()?[‘body/TeamDescription’]}”, “members”: [ { “@@odata.type”: “#microsoft.graph.aadUserConversationMember”, “roles”: [ “owner” ], “user@odata.bind”: “https://graph.microsoft.com/v1.0/users(‘@{triggerOutputs()?[‘body/OwnerMailID’]}’)” } ], “memberSettings”: { “allowCreateUpdateChannels”: @{triggerOutputs()?[‘body/allowCreateUpdateChannels’]}, “allowDeleteChannels”: @{triggerOutputs()?[‘body/allowDeleteChannels’]}, “allowAddRemoveApps”: @{triggerOutputs()?[‘body/allowAddRemoveApps’]}, “allowCreateUpdateRemoveTabs”: @{triggerOutputs()?[‘body/allowCreateUpdateRemoveTabs’]}, “allowCreateUpdateRemoveConnectors”: @{triggerOutputs()?[‘body/allowCreateUpdateRemoveConnector’]} } } |
Thus, we have added the implementation logic to the flow the completed cloud flow would look like below:
Test the flow
So as to test the flow, we will create a request in the list by creating a new item and filling the fields as:
This will trigger the flow and sent out approval to the approver
On successful approval, the team would get created
Summary
Thus, we saw how to automate the Team Provisioning process using a SharePoint List, Power Automate, and Microsoft Graph which will reduce the IT overhead as well as the turnaround time.
