Let’s talk about low code low cost teams governance. Only a couple of years old and Microsoft Teams is already the biggest chat based collaboration tool out there. Similar to SharePoint there is a lot of things you might need to consider regarding governance of the tool before releasing it to the business. Prefix or Suffix, Privat or Public, what about external users.  In this post I’ll will be sharing some of the things you can implement yourself using low code approach with SharePoint, Flow and Teams PowerShell.

Goal:

Create a “low code low cost” solution using Out of the Box services in Office 365 and Azure, to simplify the operational task managing Teams. This will allow endusers the ability to create Teams as needed and at the same time give IT the means to  control prefix/suffix, external sharing settings.

Please remember that Governance is an ongoing process that should be updated and changed as your business adopts the tools. It’s like a house, if you look after it and give it a paint job now and then it will look great all the time if not then it will slowly look less nice and a major renovation will cost a lot more.

Below is my top 5 governance actions for Teams:

1. Limit who can create Groups | by default everyone(250) | Admins (500 K)
2. Implement Prefix/Suffix in teams alias
3. Private, Public, Org-wide,
4. Manage External guest invitation
5. Automatic provisioning of Teams

Honorable mentions:

• Using dynamic membership in Azure AD | Requires Azure AD P1
• Monitor teams usage
• Backups retention outside of Office 365
• Teams Expiration Policy

Technology involved:

A valid Microsoft Office 365 and Azure subscription

MS Flow | Is a service that helps you create automated workflows between your favorite apps and services to synchronize files, get notifications, collect data and more

SharePoint Online | SharePoint helps you create portals as intranet, extranet to securely collaborate and share information

Azure Automation | An Azure service used to configure and automate operational tasks across Azure and on-premises environment

PnP PowerShell | Community driven SharePoint Patterns and Practices (PnP) contains a library of PowerShell commands (PnP PowerShell) that allows you to perform complex provisioning and artifact management actions towards both SharePoint on-premises and Online.

PowerShell, PowerShell, PowerShell | PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes.

Steps involved:

• Creating MS SharePoint list to collect relevant information about the new Team
• Create your PowerShell Runbook in Azure Automation
• Create MS Flow to send web hook data to Azure Automation runbook
• Test your solution

Creating the SharePoint List:

The SharePoint list itself should contains relevant data that you will need to provision the site, the list could be create in any SharePoint site as long as users have access to add new items to it.

Example:

Title | mandatory text field

Owner | mandatory people field

Allow External Access | mandatory yes/no field to verify if the should be allowed to be shared externally or not

Teams created | free text field to write back to the list if something fails during provisioning, this field can be hidden in the form using PowerApps

Creating the Automation account and webhook:

Please refer to this post of mine, where you will find details on how to create a Automation Account, PowerShell Runbook and Flow webhook.

Microsoft Flow data:

Your Flow should should at least send the following variables to Azure Runbook webhook:

TeamsName: the alias of the team, you can spesify any prefix/suffix or id’s as needed, this alias have to be unique, as it is used as email address and SharePoint site URL

TeamsDisplayName: the title of the Team

TeamsOwner: the person who owns the Team

siteURL: this is the variabel of the site where the list above resides

listName: this is the name of the list above

listItemID: this is the id the the list item the runbook will write back the SharePoint Link and Provisioning status to

allowGuestAccess: the is the yes/no response if the Team should allow external of not, if No we disable the external sharing option for this Team

Azure Automation PowerShell Runbook:

The code to the whole runbook can be seen here: https://github.com/JimmyHang/msTeamsProvisioning/blob/master/msTeamsProvisioning.ps1

The steps innvolved in the code is as follows:

1. The runbook reads the parameters from our Flow webhook above
2. Creates a new Team, using Teams PowerShell version 1, this module needs to be imported to the automation accounts first reference here: https://docs.microsoft.com/en-us/powershell/module/teams/?view=teams-ps
3. The runbook then creates channel folders in the destination SharePoint site, we do this in order to be able to pre-upload document templates to the channels
4. The runbook then updates the list item with relevant status

Thats all, have fun with Microsoft Teams, 😉

Reference:

Hang, J. (2019). Low code low cost Teams Governance. Available at: https://hangconsult.com/2019/08/28/low-code-low-cost-teams-governance/ [Accessed: 25th September 2019].