The first version of our Azure App: Onboarder offered an automated way for us to provision new Microsoft 365 users automatically, As with any new product it has several points of failures:
The trigger action is via Email and needs to be sent from and to specific email addresses with a particular subject.
The body format always needs to be the same.
There is no error handling.
No duplicate handling, in the previous app, the email format is name@beyondbaremetal.com, if a new hire has the same name as a current employee it will cause an error.
And many other possible issues.
That’s the goal for today: to improve the Onboarder App as much as possible to make it more efficient and with fewer possible errors.
Let’s start:
Workflow
The new workflow for our Logic App will be the following:
We will have a Microsoft Forms Form where the HR (teddy@beyondbaremetal.com) will fill out and send the new hire information.
That Form will trigger a Power Automate App that will receive, parse the Forms data and send it via email to onboarding@beyondbaremetal.com.
The Logic App will receive the email and start the process.
The Name, Last name, Position, and Personal email will be extracted from the email body.
Since the email format is: name@beyondbaremetal.com, we implemented a way to detect if an email already exists: a token will be generated and will be used to query the existing emails.
Based on the previous result we will have two possible results:
True (Email already exists): The new user will be created with the format: name + first letter of the last name@beyondbaremetal.com
False (Email doesn’t exist): The new user will be created with the format: name@beyondbaremetal.com
Next, the user will be added to a Microsoft 365 Group based of their position.
Notifications emails will be sent to: HR and IT (with the data to create the new user).
A welcome email will be sent to the user’s personal email with the data for them to sign in.
Microsoft Forms
The first step will be to implement a Form, this way the HR personnel can access the Form link and fill it out easier and faster.
Navigate to: Microsoft Forms
Let’s create a new form called Onboarding with the following fields:
Name
Last Name
Position
Email
Now let’s go to settings and let’s define who can send responses, for this case we will add teddy@beyondbaremetal.com (HR Manager):
With that, our Form will be created.
Microsoft Power Automate
Now we will create a Power Automate action to receive the Form data and send an email to onboarding@beyondbaremetal.com
Let’s proceed:
Navigate to: Power Automate
Select Automated Cloud flow:
Set the options:
Flow name: Send form reply to onboarding@beyondbaremetal.com
Flow trigger: When a new response is submitted
Then select Create:
Let’s create an Action:
When a new response is submitted
We will connect this action with our Microsoft 365 Admin then we can pull up the Form Id (Onboarding) created previously.
Then let’s create another action called Get response details:
Form Id: Onboarding
Response Id: the response Id from the Onboarding Form
Finally, let’s create a Send an email (V2) action with the following parameters:
Subject: Onboarding
Body:
Name: Name field from the Form
Last Name: Last Name field from the Form
Position: Position field from the Form
Email: Email field from the Form
From (Send as): teddy@beyondbaremetal.com
NOTE: Whichever account we use to connect this action to M365 will need to have Send As permissions on the From (sending email)
With this, an email from teddy@beyondbaremetal.com will be sent to onboarding@beyondbaremetal.com with the subject Onboarding containing all form data and then the Logic App process of the Onboarding will start.
Improving Logic App
Now let’s make some modifications to the Onboarder Logic App to catch and handle duplicate users.
After GetEmail action let’s create two more actions:
HTTP-GetToken:
This is to get the Authorization Token needed for the next action
Create an HTTP action called HTTP-GetToken:
For parameters:
URI:
https://login.microsoftonline.com/8ddb1f21-a6e7-4059-bf41-a02552acf3fc/oauth2/v2.0/token
Method: POST
Headers: Content-Type / application/x-www-form-urlencoded
Body:
it should be in x-www-form-urlencoded format with the following fields:
client_id: retrieved from the previously created App Registration
client_secret: retrieved from the previously created App Registration on the Certificate and Secrets section
client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials&scope=https://graph.micr
Then let’s create another HTTP action to check if there is an email already created with the same data:
HTTP-CheckDuplicateEmail
For parameters:
URI:
concat( 'https://graph.microsoft.com/v1.0/users?$filter=mail eq ''', toLower(outputs('GetName')), '@beyondbaremetal.com''' )
Method: GET
Headers: Authorization / Bearer (Authorization Token from the previous Action)
After that let’s create two actions to Initialize a Variable:
UserID:
UserEmail:
After that, let’s create a Condition:
It will evaluate whether the HTTP GET returned any value the possible results are:
True: It means it returned a value so the email already exists in our Microsoft 365 tenant.
Then It will create the user and for the email account, it will set it as: name + first name of the last name@beyondbaremetal.com.
Everything is the same as the previous post but for the User Principal Name:
concat(
toLower(trim(first(split(split(string(outputs('HTML_to_Text')), 'Name: ')[1], '\n')))),
toLower(substring(trim(first(split(split(string(outputs('HTML_to_Text')), 'Last Name: ')[1], '\n'))), 0, 1)),
'@beyondbaremetal.com'
)
Next:
Usage Location: set to US
A Microsoft 365 Business Standard license will be assigned to the new user
UserID: will be set to the recently created User ID.
UserEmail: will be set to the recently created User Email.
False: It means it didn’t return any value so the email does not exist in our Microsoft 365 tenant.
The user will be created as: name@beyondbaremetal.com
Next:
Usage Location: set to US
A Microsoft 365 Business Standard license will be assigned to the new user
UserID: will be set to the recently created User ID.
UserEmail: will be set to the recently created User Email.
The next step is Add user to Group:
For this one the workflow will be the same, we have a Switch action where will evaluate the Position and it will be added to: IT, HR, Finance, or Marketing Group based on the value.
For each case will provide the UserID and the Group ID
For example with the Add to IT Group Action:
We will repeat the same for other cases/groups.
Finally, it’s time to send the Emails:
Send Welcome Email:
Same action as before but now we will use the variable UserEmail for the user’s email address
Send Email to IT:
Same as the previous step using the variable UserEmail:
Send confirmation Email to HR:
Same as the previous email actions.
Testing
Let’s test and see how we can review the new workflow:
Teddy will access the Form link:
Let’s enter the following data:
Once the Form is sent, we can check the Power Automate action:
As we can see the email was sent successfully with the data we passed on the Form
Let’s now go to the OnboarderV2 Logic App and see the Run history:
As we can see it detected a duplicate Email (because another user is already named Yael Amari with email: yael@beyondbaremetal.com)
So it went through the True side of the condition:
This means it created a user with the format: name + first letter of last name @beyondbaremetal.com:
It’s added to the Marketing Group and Emails are sent:
The user receives an email with their information:
IT gets the Email notification about creation and to provision the Domain account:
HR Receives the Email confirmation:
Conclusion
In this post we’ve improved the Azure App: Onboarder by implementing Microsoft Forms and Power Automate in the workflow. We also implemented a way to detect and mitigate emails that already exist in the tenant by adding a new email format.
With this, the overall app has become easier, more friendly to use and more resilient to errors or issues.
Stay tuned for more content.
Thanks for reading!
Link to the series 👉 beyondbaremetal.hashnode.dev/series/beyond-..