Take control of your Microsoft Teams environment part 7

In part 6 we added an approval flow right within Teams, but in this post it’s time to cover what happens when an approval is granted. Let’s provision a team!

Graph3

There are many ways to provision a new team, you could obviously do it manually from within the Teams client, an admin could do it using the Teams Admin Center, there’s the New-Team PowerShell cmdlet, and more.

Since we’re creating an automated process, there are other tools more suited for the task at hand. I know there are great examples out there using Azure Automation, however, since we’re starting to get familiar with Microsoft Flow, let’s see if we can’t use that.

From before we know there are built-in actions to post messages in Teams, post adaptive cards, we can get messages, and even list or create channels. There is however, at the time of writing, no action to create a new team.

Instead we use an HTTP action against Microsoft Graph.

Microsoft Graph is the gateway to data and intelligence in Microsoft 365, and provides a unified programmability model that you can use to access data across Office 365, the Enterprise Mobility + Security suite and more.

In order to connect to Graph we need to authenticate, which is done using an Azure AD application with Group.ReadWrite.All permissions (please see Lee Ford’s blog post on Using Flow with Graph API for instructions on how to create the application).

You might remember that we initialized a few variables back in part 5? Well, we’re finally going to need them. We’ll need to enter the client secret and the app id in the appropriate variables…
variables

…as well as the tenant id, which is easily found over at whatismytenantid.com.

switch.png

You might remember from part 2 that we had four options for team type. To apply different logic based on the input from the request form, we’ll use a Switch action.

Case project team.png

We’ll switch on Team type, and for this example the one we called Project team. So if the team type equals ‘Project team, the HTTP action will trigger.

HTTP Project team.png

We’ll need to authenticate with Graph, so we’ll choose Active Directory OAuth in the Authentication box, then https://login.microsoft.com as the Authority. We’ll also finally make use of the variables mentioned above, we’ll specify that the Audience is https://graph.microsoft.com and then finally set the Credential Type to Secret.

There are three ways to provision a new team using Graph, we can Teamify an existing Group, we can clone an existing team or we can use a template (beta). For our project team we’ll use clone.

When you clone a team in the Teams client or using Graph, you have the option to clone apps, tabs, channels, settings and/or members.

In order to clone a team we need a team to use as source. Just create a new team using the Teams client, then add tabs, channels etc. to fit your purpose. When you’re happy with the result, fetch the GroupId to specify in the URI. The URI should be in the following format: https://graph.microsoft.com/v1.0/teams/{GroupId}/clone

We’ll also need some JSON in the body, to specify display name, description, what parts to clone and the visibility.

At the time of writing, the mailNickname attribute was ignored.

New project team.png

That’s it, as soon as the request is approved, a new team is provisioned, copied of the source team created earlier. In this example you can see there’s a channel called Example channel already present in the team.

One thing to note is that when we clone a team, the user account performing the clone, is actually the one added as an owner. In this scenario that would be a service account, not the person actually requesting the team. Let’s see in a later blog post if we can’t get that sorted out.

A project team would most likely also benefit from a predefined folder structure, don’t you agree? Well it looks like we still have plenty more to cover, so stay tuned for more.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s