IT-Governance is an important topic, especially in large organizations. In an agile and evergreen world, as it can be found with Microsoft 365 services, Governance becomes an integral part which needs to be monitored and updated on a regular basis. At Microsoft Ignite conference, we showed the "Groups Governance Toolkit" with a bunch of useful tools to regulate and monitor for Office 365 Groups and Microsoft Teams. Everything we showed at Ignite is open source and built with out of the box tools within Microsoft 365 and Azure.
In this blog series, we will now show the step-by-step guidance how to implement that toolkit with Microsoft 365 and Microsoft Azure. Let's start with an overview what topics we cover in this blog article series.
The background
Our team for this toolkit at atwork consists of Martina Grom, Christoph Wilfing and Toni Pohl. So, this article series is a joint effort. The idea for the "Groups Governance Toolkit" project came from consulting real-world enterprise customers. We see daily that there is a big need for governance for enterprise customers, to control the provisioning of new groups and teams and to monitor Office 365 Groups and Microsoft Teams in operations. Just to mention, when we write about "Groups", we mean Microsoft Office 365 Groups and Microsoft Teams – an Office 365 group is the base for other Office 365 services as Planner and Teams, see Office 365 Groups and Microsoft Teams and Learn about Office 365 Groups. Our approach is to stay with user self-service while bringing additional monitoring and governance into the process.
Functionality
Currently, the Groups Governance Toolkit covers these scenarios:
- Provision a new Office 365 Group or Team with a manager approval workflow
- Show ownerless (orphaned) groups - Groups that do not comply with the organization's policies of having at least 2 owners (or one)
- Show groups with external users - Inform group owners about guest users to decide if their access is still required
- Groups statistics - An interactive Power-BI dashboard with group details at a glance for monitoring
As a quick preview, the groups statistics delivers an overview about the existing Office 365 groups and Microsoft Teams as well as Yammer enabled groups in a tenant. You can filter that to get insights into the groups usage within your tenant.
We plan to extend the toolkit, stay tuned…
The Groups Governance Toolkit is also integrated in the next update of our Office 365 AddOn-solution Delegate365.
Requirements and tools
To follow these steps, you need to have a Global Admin of an Office 365 tenant and an active Azure subscription. For the use of Power-BI, you need to have a Power-BI license and for sending emails, a user with a mailbox is required. We use SharePoint Online for the provisioning list, the email file templates and Microsoft Flow for implementing the workflow. In Azure, we are using Logic Apps and Azure Functions. To make the toolkit easy to adapt, we implemented the code parts with PowerShell. So, a basic understanding of PowerShell and how the Microsoft Graph API works helps, but it is not required to modify the code samples, they can be used as provided.
What we used out-of-the-box:
- Office 365 tenant with a Global Administrator
- Azure subscription
- Power BI
- SharePoint Online
- Microsoft Flow
- Azure Logic Apps
- Azure Functions
- PowerShell (can be done with C# as well)
- Microsoft Graph API
All sources can be found at my GitHub.
Doing the work, accessing the groups, is done with Microsoft Graph, our key to access data in Office 365.
Here, we are currently using the v1 endpoint and the Beta endpoint of Microsoft Graph. So, in future, some calls or the result of the Beta endpoint will be replaced by v1 methods and might change a little bit, but the functionality we are using for our samples will still be available.
Articles
To present the toolkit in a easy to consume format, we split the project in multiple small parts and we will provide the code samples in Martina's public GitHub repository. The next article covers the first scenario: How to develop a self-service group provisioning solution with SharePoint, Flow and Azure Functions. Then, the statistics functions and with the use of Logic Apps, Azure Functions and Power BI will follow.
We hope you like this article series and the information provided here is useful for your organization. In case of questions, pls. contact us.