Office 365 Modern Provisioning with Bot, Flow, Azure Function and SharePoint Framework

In this article I’d like to talk about a very common enterprise scenario, where basically a user is able to request a new SharePoint site (Team site, Communications site) or Microsoft Teams by starting a workflow process where a kind of architecture on Azure looks like as below:

Modern Provisioning | Solution Architecture

I decided to share my experience about that by presenting a solution where every user can leverage the capabilities of a Bot, which has a great benefit from my point of view, that it’s everywhere, depending of course from the channels that are enabled:

Leverage the capabilities of a Bot

Featured Channels

This sounds really comfortable from a user experience perspective because basically, the user has not to find the entry point in order to submit the request.
In fact, the user can ask directly to the Bot from the software where is working on, to present his request, that could be for example Teams, Skype, Direct Line (Web App), Cortana, Email and so on.
The Bot will save the request in a SharePoint list by consuming the Microsoft Graph API with the App Only permission, after that through Microsoft Flow the admin will receive an email that a new request should be approved, when the admin will approve it, in automatically will trigger Flow, the latter will call an Azure Function in order to start the provisioning.
When the provisioning process is ended the Azure Function will return a response with an HTTP status 200 to Flow which will notify to the admin and the end user that the SharePoint site or Teams is ready to go.

When to use this pattern?

This sample is suitable when you want to implement a typical enterprise scenario in order to request and approving the creation of a new SharePoint site or Microsoft teams.

Microsoft Teams

SharePoint Framework Extension Bot

Let’s start to build the solution.

1- Setup the Azure AD Application

The Bot makes use of Microsoft Graph API (App Only), you need to register a new app in the Azure Active Directory behind your Office 365 tenant using the Azure portal:

Azure Active Directory Registration

Azure App Registration
  • Go to log in and register a new application assigning a key secret:

    Assigning a key secret

  • Add the Application Permission for Microsoft Graph Read and Write All Groups and Read and write items in all site collections:

    Adding application permission

  • Keep in mind that if you have to work with the user’s context you will need to change the permission in Delegated Permission and of course you will need to change the Bot code in order to handle the sign-in and redirect with the token.

2- Create the Node.js Bot in Azure

The prerequisite is an Azure subscription in order to go forward, therefore create the Azure Node.js Bot:

Azure Node.js Bot


  • Click on build in your Azure Bot page and after “Open online code editor”

    Bot Management > Build

  • Click on build in your Azure Bot page and after “Open online code editor”:

    App Service Editor

  • Replace the content of the files app.js and package.json with the sample contained in VeronicaBot folder (app.js, package.json)
  • The last step regards the configuration, remember to set up properly the variables in the Application Settings:

    Veronica Bot Folder

    Application Settings

3- Create the SharePoint list, tenant properties and the SPFx Application Customizer

The Bot will cover multiple scenarios Teams, Direct Line, Skype, Cortana, Email, Slack…. However, if you plan to make use of Direct Line you can install the SPFx application customizer react-provisioning-bot as scope your tenant or specific site collection.

Configure a Direct Line


Modern approvals in Office 365 with Power Automate and Microsoft Teams
The SPFx reads the following tenant properties bag:


SharePoint Framework Extension Bot

It’s up to you if install it tenant wide or only on a specific site collection.

4- Azure Function

The engine of this solution is a c# Azure Function Modern.Provisioning.Async.Function which makes use of PnP to create a new SharePoint site (Team or Communication) or a new Microsoft Teams according to the user’s request. Just to clarify, the Azure Function uses the admin credentials, the password is encrypted into a Azure Key Vault. In order to consume properly the Azure Function please don’t forget to configure the application settings:

spAdminUsertenant admin email
KeyVaultSecretThe key secret value after having created the key vault
TokenEndpointThe token endpoint that you can retrieve from your Office 365 tenant Azure portal
listNamefor this sample is SitesRequest
ClientIdClient Id App Only registered in order to consume Microsoft Graph and already used by the Bot
ClientSecretClient Secret App Only registered in order to consume Microsoft Graph and already used by the Bot
  • The SharePoint sites are created across PnP
  • The Microsoft Teams are created with Graph

5- Microsoft Flow

Last but not least, there is a Microsoft Flow to implement, which basically performs the following steps:

  • send an email to the admin when a user’s request has been saved in the list SitesRequest
  • When the admin approves the request the Azure Function is called to start the provisioning
  • When the process is concluded an email notify the user that the request has been solved


Microsoft Flow


Every steps is concluded enjoy the entire process now.

The solution is available on Github:

Source code of this solution is also available on the official GitHub of Microsoft SharePoint PnP: 

De Luca, G. (2018). Office 365 Modern Provisioning with Bot, Flow, Azure Function and SharePoint Framework. [online] Available at: [Accessed 22 Mar. 2018].

Share this on...

Rate this Post: