An example of Teams governance solution using Power Platform

Recently I implemented a solution for a customer that helps them to better govern their Teams workspaces. In this post I’ll introduce the features of the solution with very little technical details.

Team worskpace ordering

As in many organizations, creating new Teams via Teams client is disabled for employees. In our case whenever an employee want’s to have a new Teams workspace created, he/she uses a PowerApps app. The app consists of three screens.

Screen #1 is used to select a category for the new Teams workspace.

image

After clicking on any of the category icons, the user is directed to screen #2 that requires him to fill in some details of the Teams worskpace to be created.

image

Here is an explanation of the fields the user must fill in:

Template – This is the template Teams workspace that will be used as a base when the new workspace is cloned for the user. Available templates depend on the selected category 

Publicity – This selection controls whether the Teams workspace is visible to non-members

Needed for – This is very important piece of information in terms of governance. Basically user must estimate for how long he will be needing the workspace. I’ll cover in a bit what happens when the Teams workspace is closing in its retention date. The selected period is converted into retention date so that holiday season is taken into account: if the retention date is during holiday season, it is automatically extended

Title and description – Self-explanatory fields

Enable guests – Wheter the owner (= the user creating the request) can invite external guests to the Teams workspace

Members – The user can use this to have specific colleagues to be added automatically as members to the new Teams workspace. Both the requestor and the members are informed via e-mail when the Team is ready so they can start collaborating rightaway – no extra steps required from the owner to add members after creation

After the user proceeds with the request, he’s taken to a real-time status page.

image
image

Retention date handling

Whenever there is 30 days to any Team’s retention date, an adaptive card and a message mentioning the owner is sent to Team’s General channel.

image

Any member of the Teams workspace can now extend the retention date by one, three or six months simply by clicking on the one of the three buttons on the adaptive card. After the date is extended, the team is notified:

image

If the retention date is not extended, the Teams workspace is archived when the date is reached. Basically this means that the workspace is switched to read-only mode but it is still accessible by its members.

What’s under the hood?

I’ll be quite brief with the technical details of the solution. Basically the solution consists of the following components.

SharePoint list for workspace orders

This list collects all the Teams workspace orders. Each list item is also used to manage the status of the corresponding Team (e.g. whether the workspace is archived or not).

SharePoint list for Team templates

This is a list that is maintained manually. It contains an entry for each Teams workspace that is desired to be available as a template for the user to choose from. 

PowerApps app for ordering 

Introduced earlier in adequate detail.

Flow for processing orders

This Flow is a bit more complex and I’ll spend a little more time to go through it. The major steps in the Flow are:

  1. Clone the Team workspace based on the template selection made by the user. This is done via https://graph.microsoft.com/v1.0/teams/{Team ID}/clone Graph API endpoint
  2. Wait for the cloning to be done. This step uses a delay and a periodic call to Location URL returned by the clone request
  3. Get created Team information via https://graph.microsoft.com/v1.0/teams/{GroupId}
  4. Add selected members to the team via POST to https://graph.microsoft.com/v1.0/groups/{GroupId}/members/$ref. Each members needs to added individually. If the current individual being processed is the requestor, add it as an owner to the team via https://graph.microsoft.com/v1.0/groups/{GroupId}/owners/$ref. NOTE: It is really important that the individual is first added as a member and only after that as the owner – otherwise the user is granted owner permissions only after a couple of hours
  5. Enable/disable guest access via https://graph.microsoft.com/v1.0/groups/{GroupId}/settings
  6. Update tab configurations. Now this one is pretty awesome! Cloning the team at step #1 does clone all the channels and tabs, but the tabs are left unconfigured. For example, if you have Website tab, the cloned tab does not by default have the Website app configured to show the same URL as the source tab. So, what this step does, it iterates each channel and each tab and reads the original configuration (Coversation, Files and Wiki tabs are skipped) from the template Team’s corresponding tab and updates the target Team’s tab configuration! 
  7. In the final step, we simply send an e-mail to the owner and to the members of the Team with the link to the newly created team

Although there are multiple steps introduced above and specifically granting member access takes some time, it typically only takes about 1-2 minutes for the Flow to complete – so not that bad after all 🙂 Throughout the whole Flow run the SharePoint list item status information is updated so that the requestor can follow the process if he so wishes as displayed in earlier screenshot.

Flow for sending an adaptive card regarding the upcoming retention date

As I mentioned, a notification to Team’s General channel is sent when there is only 30 days left to the retention date. So I have a fairly simple Flow workflow with daily recurring trigger. The Flow collects all the items from the SharePoint list that satisfy the filter criteria (retention date and current status) and sends an adaptive card to the channel by using Post your own adaptive card as the Flow bot to a channel (Preview) action.

The adaptive card contains, amongst other things, three buttons each of which are actually links that take the user to another Flow with a HTTP Request trigger with some URL parameters. I’ll introduce that next, but the URL is similar to the one below.

https://%5B…%5D.logic.azure.com/workflows/%5B…%5D/triggers/manual/paths/invoke/[team-id]/extend/6?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=[…]

Flow for extending the retention period

As seen with the previous section, the user who’s extending the retention date is taken to a Flow endpoint with a HTTP Request trigger. The flow is really simple – it basically updates the SharePoint list item’s retention date and posts a confirmation message to General channel. 

The HTTP trigger uses the relativePath property to read target Team ID, operation identifier (here always extend) and number of months to extend the date by.

Finally the Flow returns an HTTP Response that basically closes user’s browser window and sends a confirmation notification to General channel.

image

Flow to archive teams that have reached their retention date

This one is really simple: just make a POST Graph API call to https://graph.microsoft.com/v1.0/teams/{Team ID}/archive and the Teams workspace gets archived.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s