Post

Provision a Team in Microsoft Teams using Power Apps and Power Automate
It’s best practice from a security point of view to disable users from creating security groups or Microsoft 365 groups. Users can create security groups in Azure portals, API or PowerShell by default.

It’s best practice from a security point of view to disable users from creating security groups or Microsoft 365 groups. Users can create security groups in Azure portals, API or PowerShell by default. The below setting will also prevent users from creating teams in Microsoft Teams as this will create a Microsoft 365 group.

image

In this post we will be creating a Power App and workflow to allow users to create teams on our terms. We will be letting users choose what type of Team they need and it will be provisioned. At the end I’ll be listing a few best practices regarding usability and security of this solution.

Prevent users from creating teams

The first step is preventing users from creating teams by switching the option to create groups to “No”. The user is able to create teams by default.

image

Switching the slider will show the following for users when trying to create a team

image

Create your Power App / Power Automate flow

You can create a Power App to you liking. I’ve just create a simple app with a few buttons.

image

The Power Automate flow is just as simple which will create a Team and add a user to this team.

image

Clicking on the button will create the default team

image

Best practices

Control and naming conventions

Adding an approval to the flow will give administrators control on which Teams are being created. Using the app you can use your own naming convention to know which teams have been created and filter based on them.

Service Account

Run / create the flow using a non-personal (service) account. This will make sure that the application will stop working when the account who created it is deleted.

Logic apps

This flow is created directly from the Power App where it’s also possible to use an Azure Logic App. This allows administrators additional monitoring. The behaviour of the logic app can be exported to a Log Analytics Workspace. An alert can also be created should the Logic App or an action in the Logic App fail.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Archive