Automating Site Provisioning and Governance in Office 365

Apr 21, 2020 12:00:00 AM

Site Provisioning is a process of creating SharePoint sites programmatically to meet business requirements. Site Provisioning deeply impacts both governance and site sprawl, and for that reason, it is one of the most important aspects of any Office 365 implementation. Nowadays, with more and more companies adopting Office 365, provisioning becomes increasingly relevant as it helps maintain structure in the digital workplace. This presents a whole new set of challenges for IT and Office 365 administrators as they need to understand what are best methods for provisioning sites, teams and groups? How to ensure new sites, teams and groups fulfill governance criteria? And, finally how to automate the provisioning process? In this article we will address all of these questions.

Table of Contents

How Site Provisioning affects governance

Sites are the main structural element of SharePoint. There are different types of sites that organizations can use as a template to create their custom site structure. They may include classic sites, communication sites, team sites, publishing sites etc. In the previous versions of SharePoint on-premises, creating a new site was somewhat complicated. Nowadays, SharePoint Online lets us create a new site effortlessly through a simple 2-step process which, at least in theory, can be triggered by anyone in the organization. Users just need to navigate to the SharePoint site (/_layouts/15/sharepoint.aspx) and click on “+ Create site” and that’s it.

However, this ease of use creates a problem. If users can create new sites on a whim, even a well-maintained internal site structure will soon turn into a messy, hard to manage bulk.

Before we discuss the solutions, let‘s explain the difference between Site Provisioning processes in SharePoint on-prem and in Office 365.

In SharePoint on-premise, provisioning applies only to sites. However, in Office 365 this process applies to all structural elements of applications that make up the large modern work space: teams and channels in Microsoft Teams, channels in Microsoft Stream, and groups in Office 365. Considering the collaborative nature of all these tools, its easy to imagine that the sheer volume of Team, Channel and Group requests could quickly overwhelm the administrators.

The benefits of automating provisioning in Office 365

There are numerous benefits to automating the provisioning process in Microsoft workplace collaboration apps, but the real game changer here is a truly enforceable governance. In a typical organization, governance policies live in a shared document. Employees refer to it from time to time, however the policies contained within are difficult to enforce across the organization. Keeping your governance documents up to date is rarely enough. By automating site provisioning processes with wizards or workflows, you’re helping employees do their jobs without worrying about non-compliance.

Automated provisioning significantly reduces the chances of a human error. In fact, when automated, site or team provisioning on the front end is as simple as following an intuitive wizard that guides employees through the process, while ensuring business logic.

Here’s how automated provisioning helps your organization:

Sites, teams, channels are created by users in a self-serve system that follows business logic specific to your organization.
Employees follow a step by step wizard that ensures new sites and teams adhere to corporate policies.
Automation decreases the burden on your Office 365 administrators.
The metadata that employees input during the process, helps manage the life cycle of the new site, team or channel. This means that deciding whether a site needs to be kept or retired becomes much easier.
Automated site provisioning allows you to also automatically create reports, audits and site/channel directories.
The process uses established APIs.
Additional functionality (e.g. updating a site life cycle database) can be added easily.

Automated provisioning: Real life example

Here we’ll show you a provisioning process we have been recommending to our clients. This particular process leverages PowerApps and Power Automate (formerly Microsoft Flow).

User requests a site and completes a form wizard filling it with required metadata. This information can include owner, purpose, description, related projects, cost centre, start date, end date, and template.
Application uses the metadata to create a team site based on the selected template.
Information from metadata helps manage the sites in the future. For example, information offered in the cost center is synced with internal accounting systems, end date and is used to ensure that there are no orphaned (or unused) sites. Team site owner becomes responsible for managing the team site’s life cycle.

This approach lets you regain control over your Office 365 by ensuring that all sites, channels and groups follow the prescribed life cycle. By automating the process, you’re ensuring that new sites are added to a corporate site structure and, if needed, to a corporate site directory.

This diagram explains a typical automated site SharePoint provisioning process we recommend:

automated SharePoint site and Teams provisioning for Office 365

While our example focused on provisioning a SharePoint team sites, the same approach can be applied to provisioning Teams, Stream, and Office 365 Groups.

SharePoint site provisioning methods

Our automated provisioning process for Office 365 applications combines a set of provisioning methods that I’ll describe below. You can use each one of these stand-alone methods to provision sites in your organization. However, before you get started with any of them, consider you organization’s particular policies and restrictions to decide what’s the best fit for your organization.

Provisioning a SharePoint Site using the User Interface

There are a couple of ways to do this. The most obvious one is by enforcing Governance and applying settings to your tenant to limit the ways users can create a Team site (with or without an Office 365 Group).

In this scenario, after clicking the SharePoint icon in the Office 365 App Launcher (often referred to as the Waffle Icon), the user opens SharePoint in a browser clicks on Create Site.
App Launcher Office 365

Our next method is creating an Office 365 Group. User creates an Office 365 Group in Outlook by clicking on the New Group link. Each new Office 365 Group automatically creates a SharePoint site.

Create a New group in Outlook

Good governance is critical if you’re using this method, as members of an Office 365 Group can soft delete a group (sometimes by accident). Without safeguards in place, the IT department won’t know this happened. To prevent this situation, you can set up a requirement to evaluate Office 365 Group deletions before they can be permanent. The deleted group is retained but not visible for 30 days from the deletion date. You can view and manage the deleted Office 365 groups that are available to restore by signing into the Azure AD Admin Center.

Lastly, a SharePoint Admin can create a site in the new SharePoint Admin Center.

create a site in the SharePoint Admin Center

Provisioning using Microsoft Graph

Using the Create Group API in Microsoft Graph will result in the creation of either an Office 365 Group. By default, an Office 365 Group is integrated with a bundle of Office 365 services. Currently, the Create Group API does not have the option to enable Microsoft Teams. If you require to include Microsoft Teams in your provisioning process, then you will need to execute an additional API in Microsoft Graph to enable Microsoft Teams on an Office 365 Group. When provisioning using the Microsoft Graph approach, you are creating a Team site via the creation of an Office 365 Group.

Provisioning using REST API Operations

If you’re looking for a more scalable Site Provisioning process, REST API Operations is one worth considering. With REST API Operations you create a SharePoint site based on a defined Site Template.

SharePoint Admin Center - Site Template

Some of the most used site templates are Team sites and a Communication sites, but you can also apply other templates to provision a site using REST API Operations.

Provisioning using PnP CSOM Core Component

Another way to provision a site in SharePoint is by installing the Core library, which is available as a NuGet Package. This method allows to develop the provisioning of a team site programmatically. You can get your core library NuGet packages for your SharePoint version below:

Provisioning using PnP PowerShell

Like PnP CSOM Core Component, SharePoint developers can also provision sites using PnP PowerShell. With this approach, you create a PowerShell script to apply a provisioning template to a site.

You can automate either of these approached with the help Power Automate (previously known as Flow), Logic Apps, Azure Functions, and/or Web Jobs. Power Automate and Logic Apps are best for simple site provisioning operations, whereas Azure Functions and Web Jobs work well for more complex site provisioning operations. Here are some examples of complex site provisioning operations:

Enabling web parts or custom actions (SPFx extensions)
Creation of pages
Creation of Content Types and Columns

Automated Site Provisioning – The DevFacto Solution

DevFacto has developed solutions that are constructed using all of the approaches listed above. One of our recent solutions developed for a client, calls APIs from Microsoft Graph and REST Operations automated via Microsoft Power Automate. Microsoft Graph is used to provision the Office 365 Group (which includes a site) and then the site is customized by calling additional REST Operations.

Power Automate - Create O365 Group

This method allows to enable Microsoft Teams on the Team site. To accomplish that, we included it in the provisioning process by calling Microsoft Graph again. You can do that too by applying “/team” at the end of the URI to enable Teams to an Office 365 Group. Optionally, you can customize the Team by modifying the Body property (see next screenshot) with additional channels to be created, installation of apps, pinned tabs using delegated permissions, and defining Member/Guest/Fun/Messaging/Discovery settings for the new Microsoft Teams team.

Power Automate -Enable Teams

Site Scripts and Site Designs are used to apply site artifacts and security principals to a site. You can determine the exact actions to be executed in the Site Scripts and Site Designs. Initiate Discovery workshops by analysing the business requirements of particular groups within your organization.

ower Automate -Apply Site Designs

Alternatively, users can apply a site design to a site through the SharePoint UI.

SharePoint Site Provisioning-Apply Site Design

Summary

Whether your organization is new to Office 365 or has been using it for quite some time, you will need a provisioning process to ensure that new sites, teams, channels and groups are created in an orderly fashion. There are many good ways to manage the provisioning process, including low-tech ones. Some smaller organizations can get away with using their established IT ticketing system and that’s completely fine. However, growing needs and complexity drive other organizations to automating the provisioning process as it significantly improves efficiency and significantly reduces management costs.

Automated provisioning ensures that governance rules are followed, while greatly improving application security and user experience. It also provides you with a wealth of metadata that’s collected during the provisioning process making it easier to maintain and administrate sites, channels, teams and groups well into the future.

Automating the provisioning processes requires an upfront development investment. However, you can significantly reduce the associated costs by leveraging the tools you already have. Power Platform (PowerApps and Power Automate) apps we used in our example are included in most Office 365 subscriptions. What’s more, these tools come with many preconfigured low-code and no-code elements that fit together like LEGO bricks to give you more flexibility and more custom experience.