Category Archives: Office 365

Microsoft Flow, Office 365, SharePoint

Configure settings for access requests and sharing using Microsoft Flow and REST

I’m currently building a solution for provisioning Microsoft Teams for a customer, using Microsoft Flow. I don’t have the privilege to use Azure, PowerShell, CSOM or JavaScript in their environment – so I have to stick with the built in connectors and use various REST endpoints in SharePoint Online and Microsoft Graph.

In Microsoft Teams (and in Office 365 groups), you need to be an Owner to add a new Member. However, members of the associated SharePoint team site can add people to the site.

site-permissions-share-site-only

We wanted to align the membership management between SharePoint and Teams, and set out on a path to solve this task. I started looking into the access request settings of the site, and all boxes are enabled by default for a Team site associated with Microsoft Teams.

access-requests-settings-default

There are several examples on how to use PowerShell or JavaScript to modify these settings, but I found no examples on how to use SharePoint’s REST APIs. Luckily I found a comment somewhere on Stack Exchange mentioning that you can use MERGE to modify a property on various SharePoint endpoints. So armed with this knowledge I found out that I could use the /_api/Web endpoint to configure the MembersCanShare property and RequestAccessEmail property.

  • To uncheck Allow members to share the site and individual files and folders you simply set MembersCanShare to false.
  • To uncheck Allow access requests you simply set RequestAccessEmail to “” (empty string)

Now we miss one important ingredient for using this endpoint to change the web object, and that is the MERGE method.

Add the following HTTP headers to your request:

{
  "accept": "application/json;odata=verbose",
  "content-type": "application/json;odata=verbose",
  "X-HTTP-Method": "MERGE"
}

And POST the following JSON payload:

{
  "__metadata":{"type":"SP.Web"},
  "MembersCanShare": false,
  "RequestAccessEmail":""
}

Here’s how you can use the “Send an HTTP request to SharePoint” action in Microsoft Flow.

flow-rest-disable-access-requests-and-member-sharing

If you want to uncheck “Allow members to invite others to the site members group…“, you can use the /_api/Web/AssociatedMemberGroup endpoint to configure the AllowMembersEditMembership property the same way.

Add the same HTTP headers as mentioned above and POST the following JSON payload to the endpoint:

{
  "__metadata": {
    "type": "SP.Group"
  },
  "AllowMembersEditMembership": false
}

prevent-members-from-managing-membership

That’s it! Your access request settings should now look like this!

access-requests-settings-modified

 

 

Standard
Microsoft Flow, Office 365, Yammer

Governing Yammer groups using Microsoft Flow

I’m currently helping a customer to rollout Yammer to ~4,000 employees across the world. The goal is to improve knowledge sharing and communication across locations, projects and departments. Microsoft Teams is also on the roadmap, and will be rolled out later this year.

where-to-start-the-communication

We have tailored Microsoft’s “Where to start the conversation” message and our strategy is to use Yammer for internal communication only and use public groups to better address the vision about breaking down the silos. We even defined a KPI for number of private vs public Yammer groups.

Unfortunately, it is currently not possible in Yammer to proactively enforce the policies to:

  • prevent who can create groups
  • prevent creation of external groups
  • prevent creation of private or public groups

We decided instead to reactively govern Yammer groups using Microsoft Flow and Yammer REST APIs. Now, there is a built-in Yammer connector in Flow, but the current functionality doesn’t support our requirements. We decided to build two flows, one for governing external groups and one for private groups. Each flow runs on a daily schedule.

Flows

The flow that governs private groups, emails the private group owners with a message that they need to open or delete their group. The screenshot below shows the effect on private groups after one week of running the flow.

private group log

The flow that governs external groups, emails the external group creators and delete their group.

Account for running the flows and accessing the Yammer APIs

  • The account can be a cloud only account and doesn’t need any admin roles in Office 365.
  • The account must be licensed for Yammer to use the APIs, for Outlook to send emails and SharePoint for logging purposes.
  • The account must be a Verified admin in Yammer to delete or get details about groups the account isn’t member of.

Register a Yammer application and create an access token

  1. Goto https://www.yammer.com/client_applications and sign-in with the verified admin account.
  2. Click “Register New App”, fill in the required fields and click “Continue”. You only need to think about the Redirect URI, as you’re mainly interested in the generated client id and secret in addition.

    Register New App

  3. Next go to https://www.yammer.com/oauth2/authorize?client_id=YOUR_CLIENT_ID_HERE&response_type=code&redirect_uri=https://localhost
  4. Click “Allow” to grant the app to access Yammer on the account’s behalf.

    Allow the app to act on your behalf

  5. Now, extract the code appended to your redirect URI from the browser’s address bar.

    https://localhost/?code=CODE_TO_EXTRACT_HERE

  6. Next go to https://www.yammer.com/oauth2/access_token.json?client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&code=CODE_YOU_EXTRACTED_FROM_REDIRECT_URI
  7. Extract the access_token from the JSON in the response from above and send it in the Authorization header when invoking the REST endpoints.

{
“access_token”:{
…,
“token”:”THIS_IS_THE_ACCESS_TOKEN”,
…,
“expires_at”:null
},
“user”:{…},
“network”:{…}
}

Yammer API endpoints used in the flows
These are the REST endpoints we used in our flows.

  • Get the Yammer groups, 50 per page
    GET https://www.yammer.com/api/v1/groups.json?page={page}
  • Get group creator
    GET https://www.yammer.com/api/v1/users/{creator_id}.json
  • Get group admins
    GET https://www.yammer.com/api/v1/groups/{id}/members.json
  • Delete group
    DELETE https://www.yammer.com/api/v1/groups/{id}
  • Set content mode
    POST https://www.yammer.com/api/v1/supervisor_mode/toggle

You can access documentation about the REST API on Yammer Developer Center
https://developer.yammer.com/docs

Implementing the flows

The flows both starts with a scheduled trigger and a set of actions for variable initialization

flow - init variables

Content mode is then set to private for access to groups the account is not member of.

set content mode to private

The Yammer groups endpoint doesn’t support the HTTP connectors built-in pagination, so a Do Until loop is used to handle pagination of the groups that are returned 50 at-a-time.

groups pagination

Then we union the groups and paginate before moving on to parsing and filtering the groups.

groups union

This is how we filter for private groups

filter private groups

And this is how we filter for external groups. Be aware that external groups are also private (just in case you want to process both private and external groups in same Flow)!

filter external groups

We process the private groups in a Apply-to-each loop, get the members of the group and filter for group admins.

process private groups

How we filter for group admins

filter for group admins

Next we send an email to all private group administrators in a Apply-to-each loop.

email to private group admins

The final steps of the flow sets the private content mode back to default and logs the number of private and total groups to a SharePoint list. The numbers are needed for the KPI measures.

set content mode and log to sharepoint

For each external group, we get the creator, send the person an email and delete the group.

get group creator and delete group

Measuring success

We believe that using Microsoft Flow will help us reach our business goals. We have defined a strategy and success plan for knowledge sharing, and defined KPIs for measuring progress and realization of these goals.

Yammer measurement plan

I have shown you how to manage Yammer groups using Microsoft Flow and Yammer REST APIs. Don’t stop here! Start exploring other opportunities and use your favorite REST API to manage what’s important for you and your business.

Happy flowing!

Standard
Office 365, Search, SharePoint

Add Search to your Office 365 app launcher

At Puzzlepart we’re all about Office 365, and despite all the negative talk lately, Yammer is our go-to place for knowledge sharing and staying updated.

But Yammer got good company by Office 365 Sites, Wikis, Blogs, Videos, OneDrive, Delve and last but not least……… search.

Now, I would argue that having a search box in the Office 365 suite bar across all of the workloads would have been the ideal solution for quick information discovery and retrieval.

Unfortunately Microsoft doesn’t support that, but luckily there is an alternative way. Yes, you can customize the Office 365 app launcher and add a shortcut to your SharePoint Online search center.

Here’s how you do it:

  1. Open your Company Profile in your Office 365 Admin center
  2. Select Custom tiles and add a custom tile using the plus (+) icon
  3. Specify Tile name, URL, Description and Image Url.
    search-tile-app-launcher
  4. Next, select your tile in your My Apps and click Pin to app launcher
    search-tile-app-launcher-pin
  5. Voilá. Your shortcut to search is ready.

    search-tile-app-launcher2.PNG

Microsoft has made detailed instructions on how to customize the app launcher here

https://support.office.com/en-us/article/Add-custom-tiles-to-the-My-apps-page-and-app-launcher-1136115a-75af-4497-b693-640c4ce70bc6#

Standard