Azure App: Onboarder v2

Azure App: Onboarder v2

The first version of our Azure App: Onboarder offered an automated way for us to provision new Microsoft 365 users automatically, As with any new product it has several points of failures:

  • The trigger action is via Email and needs to be sent from and to specific email addresses with a particular subject.

  • The body format always needs to be the same.

  • There is no error handling.

  • No duplicate handling, in the previous app, the email format is , if a new hire has the same name as a current employee it will cause an error.

  • And many other possible issues.

That’s the goal for today: to improve the Onboarder App as much as possible to make it more efficient and with fewer possible errors.

Let’s start:

Workflow

The new workflow for our Logic App will be the following:

  1. We will have a Microsoft Forms Form where the HR () will fill out and send the new hire information.

  2. That Form will trigger a Power Automate App that will receive, parse the Forms data and send it via email to .

  3. The Logic App will receive the email and start the process.

  4. The Name, Last name, Position, and Personal email will be extracted from the email body.

  5. Since the email format is: , we implemented a way to detect if an email already exists: a token will be generated and will be used to query the existing emails.

  6. Based on the previous result we will have two possible results:

    1. True (Email already exists): The new user will be created with the format: name + first letter of the last

    2. False (Email doesn’t exist): The new user will be created with the format:

  7. Next, the user will be added to a Microsoft 365 Group based of their position.

  8. Notifications emails will be sent to: HR and IT (with the data to create the new user).

  9. A welcome email will be sent to the user’s personal email with the data for them to sign in.

Microsoft Forms

The first step will be to implement a Form, this way the HR personnel can access the Form link and fill it out easier and faster.

Navigate to: Microsoft Forms

Let’s create a new form called Onboarding with the following fields:

  • Name

  • Last Name

  • Position

  • Email

Now let’s go to settings and let’s define who can send responses, for this case we will add (HR Manager):

With that, our Form will be created.

Microsoft Power Automate

Now we will create a Power Automate action to receive the Form data and send an email to

Let’s proceed:

Navigate to: Power Automate

Select Automated Cloud flow:

Set the options:

Flow name: Send form reply to

Flow trigger: When a new response is submitted

Then select Create:

Let’s create an Action:

When a new response is submitted

We will connect this action with our Microsoft 365 Admin then we can pull up the Form Id (Onboarding) created previously.

Then let’s create another action called Get response details:

  • Form Id: Onboarding

  • Response Id: the response Id from the Onboarding Form

Finally, let’s create a Send an email (V2) action with the following parameters:

  • to:

  • Subject: Onboarding

  • Body:

    • Name: Name field from the Form

    • Last Name: Last Name field from the Form

    • Position: Position field from the Form

    • Email: Email field from the Form

  • From (Send as):

  • NOTE: Whichever account we use to connect this action to M365 will need to have Send As permissions on the From (sending email)

With this, an email from will be sent to with the subject Onboarding containing all form data and then the Logic App process of the Onboarding will start.

Improving Logic App

Now let’s make some modifications to the Onboarder Logic App to catch and handle duplicate users.

After GetEmail action let’s create two more actions:

HTTP-GetToken:

This is to get the Authorization Token needed for the next action

Create an HTTP action called HTTP-GetToken:

For parameters:

  • URI:

    •             https://login.microsoftonline.com/8ddb1f21-a6e7-4059-bf41-a02552acf3fc/oauth2/v2.0/token
      
  • Method: POST

  • Headers: Content-Type / application/x-www-form-urlencoded

  • Body:

    • it should be in x-www-form-urlencoded format with the following fields:

    • client_id: retrieved from the previously created App Registration

    • client_secret: retrieved from the previously created App Registration on the Certificate and Secrets section

      •             client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials&scope=https://graph.micr
        

Then let’s create another HTTP action to check if there is an email already created with the same data:

HTTP-CheckDuplicateEmail

For parameters:

  • URI:

    •   concat(
          'https://graph.microsoft.com/v1.0/users?$filter=mail eq ''', 
          toLower(outputs('GetName')), 
          '@beyondbaremetal.com'''
        )
      
  • Method: GET

  • Headers: Authorization / Bearer (Authorization Token from the previous Action)

After that let’s create two actions to Initialize a Variable:

  • UserID:

  • UserEmail:

After that, let’s create a Condition:

It will evaluate whether the HTTP GET returned any value the possible results are:

True: It means it returned a value so the email already exists in our Microsoft 365 tenant.

Then It will create the user and for the email account, it will set it as: name + first name of the last .

Everything is the same as the previous post but for the User Principal Name:

concat(
    toLower(trim(first(split(split(string(outputs('HTML_to_Text')), 'Name: ')[1], '\n')))),
    toLower(substring(trim(first(split(split(string(outputs('HTML_to_Text')), 'Last Name: ')[1], '\n'))), 0, 1)),
    '@beyondbaremetal.com'
)

Next:

  • Usage Location: set to US

  • A Microsoft 365 Business Standard license will be assigned to the new user

  • UserID: will be set to the recently created User ID.

  • UserEmail: will be set to the recently created User Email.

False: It means it didn’t return any value so the email does not exist in our Microsoft 365 tenant.

The user will be created as:

Next:

  • Usage Location: set to US

  • A Microsoft 365 Business Standard license will be assigned to the new user

  • UserID: will be set to the recently created User ID.

  • UserEmail: will be set to the recently created User Email.

The next step is Add user to Group:

For this one the workflow will be the same, we have a Switch action where will evaluate the Position and it will be added to: IT, HR, Finance, or Marketing Group based on the value.

For each case will provide the UserID and the Group ID

For example with the Add to IT Group Action:

We will repeat the same for other cases/groups.

Finally, it’s time to send the Emails:

Send Welcome Email:

Same action as before but now we will use the variable UserEmail for the user’s email address

Send Email to IT:

Same as the previous step using the variable UserEmail:

Send confirmation Email to HR:

Same as the previous email actions.

Testing

Let’s test and see how we can review the new workflow:

Teddy will access the Form link:

Let’s enter the following data:

Once the Form is sent, we can check the Power Automate action:

As we can see the email was sent successfully with the data we passed on the Form

Let’s now go to the OnboarderV2 Logic App and see the Run history:

As we can see it detected a duplicate Email (because another user is already named Yael Amari with email: )

So it went through the True side of the condition:

This means it created a user with the format: name + first letter of last name @beyondbaremetal.com:

It’s added to the Marketing Group and Emails are sent:

The user receives an email with their information:

IT gets the Email notification about creation and to provision the Domain account:

HR Receives the Email confirmation:

Conclusion

In this post we’ve improved the Azure App: Onboarder by implementing Microsoft Forms and Power Automate in the workflow. We also implemented a way to detect and mitigate emails that already exist in the tenant by adding a new email format.

With this, the overall app has become easier, more friendly to use and more resilient to errors or issues.

Stay tuned for more content.

Thanks for reading!

Link to the series 👉 beyondbaremetal.hashnode.dev/series/beyond-..