Site Provisioning is a process of creating SharePoint sites programmatically to meet business requirements. Site Provisioning deeply impacts both governance and site sprawl, and for that reason, it is one of the most important aspects of any Office 365 implementation. Nowadays, with more and more companies adopting Office 365, provisioning becomes increasingly relevant as it helps maintain structure in the digital workplace. This presents a whole new set of challenges for IT and Office 365 administrators as they need to understand what are best methods for provisioning sites, teams and groups? How to ensure new sites, teams and groups fulfill governance criteria? And, finally how to automate the provisioning process? In this article we will address all of these questions.
Table of Contents
Sites are the main structural element of SharePoint. There are different types of sites that organizations can use as a template to create their custom site structure. They may include classic sites, communication sites, team sites, publishing sites etc. In the previous versions of SharePoint on-premises, creating a new site was somewhat complicated. Nowadays, SharePoint Online lets us create a new site effortlessly through a simple 2-step process which, at least in theory, can be triggered by anyone in the organization. Users just need to navigate to the SharePoint site (/_layouts/15/sharepoint.aspx) and click on “+ Create site” and that’s it.
However, this ease of use creates a problem. If users can create new sites on a whim, even a well-maintained internal site structure will soon turn into a messy, hard to manage bulk.
Before we discuss the solutions, let‘s explain the difference between Site Provisioning processes in SharePoint on-prem and in Office 365.
In SharePoint on-premise, provisioning applies only to sites. However, in Office 365 this process applies to all structural elements of applications that make up the large modern work space: teams and channels in Microsoft Teams, channels in Microsoft Stream, and groups in Office 365. Considering the collaborative nature of all these tools, its easy to imagine that the sheer volume of Team, Channel and Group requests could quickly overwhelm the administrators.
There are numerous benefits to automating the provisioning process in Microsoft workplace collaboration apps, but the real game changer here is a truly enforceable governance. In a typical organization, governance policies live in a shared document. Employees refer to it from time to time, however the policies contained within are difficult to enforce across the organization. Keeping your governance documents up to date is rarely enough. By automating site provisioning processes with wizards or workflows, you’re helping employees do their jobs without worrying about non-compliance.
Automated provisioning significantly reduces the chances of a human error. In fact, when automated, site or team provisioning on the front end is as simple as following an intuitive wizard that guides employees through the process, while ensuring business logic.
Here’s how automated provisioning helps your organization:
Here we’ll show you a provisioning process we have been recommending to our clients. This particular process leverages PowerApps and Power Automate (formerly Microsoft Flow).
This approach lets you regain control over your Office 365 by ensuring that all sites, channels and groups follow the prescribed life cycle. By automating the process, you’re ensuring that new sites are added to a corporate site structure and, if needed, to a corporate site directory.
This diagram explains a typical automated site SharePoint provisioning process we recommend:
While our example focused on provisioning a SharePoint team sites, the same approach can be applied to provisioning Teams, Stream, and Office 365 Groups.
Our automated provisioning process for Office 365 applications combines a set of provisioning methods that I’ll describe below. You can use each one of these stand-alone methods to provision sites in your organization. However, before you get started with any of them, consider you organization’s particular policies and restrictions to decide what’s the best fit for your organization.
There are a couple of ways to do this. The most obvious one is by enforcing Governance and applying settings to your tenant to limit the ways users can create a Team site (with or without an Office 365 Group).
In this scenario, after clicking the SharePoint icon in the Office 365 App Launcher (often referred to as the Waffle Icon), the user opens SharePoint in a browser clicks on Create Site.
Our next method is creating an Office 365 Group. User creates an Office 365 Group in Outlook by clicking on the New Group link. Each new Office 365 Group automatically creates a SharePoint site.
Good governance is critical if you’re using this method, as members of an Office 365 Group can soft delete a group (sometimes by accident). Without safeguards in place, the IT department won’t know this happened. To prevent this situation, you can set up a requirement to evaluate Office 365 Group deletions before they can be permanent. The deleted group is retained but not visible for 30 days from the deletion date. You can view and manage the deleted Office 365 groups that are available to restore by signing into the Azure AD Admin Center.
Lastly, a SharePoint Admin can create a site in the new SharePoint Admin Center.
Using the Create Group API in Microsoft Graph will result in the creation of either an Office 365 Group. By default, an Office 365 Group is integrated with a bundle of Office 365 services. Currently, the Create Group API does not have the option to enable Microsoft Teams. If you require to include Microsoft Teams in your provisioning process, then you will need to execute an additional API in Microsoft Graph to enable Microsoft Teams on an Office 365 Group. When provisioning using the Microsoft Graph approach, you are creating a Team site via the creation of an Office 365 Group.
If you’re looking for a more scalable Site Provisioning process, REST API Operations is one worth considering. With REST API Operations you create a SharePoint site based on a defined Site Template.
Some of the most used site templates are Team sites and a Communication sites, but you can also apply other templates to provision a site using REST API Operations.
Another way to provision a site in SharePoint is by installing the Core library, which is available as a NuGet Package. This method allows to develop the provisioning of a team site programmatically. You can get your core library NuGet packages for your SharePoint version below:
Like PnP CSOM Core Component, SharePoint developers can also provision sites using PnP PowerShell. With this approach, you create a PowerShell script to apply a provisioning template to a site.
You can automate either of these approached with the help Power Automate (previously known as Flow), Logic Apps, Azure Functions, and/or Web Jobs. Power Automate and Logic Apps are best for simple site provisioning operations, whereas Azure Functions and Web Jobs work well for more complex site provisioning operations. Here are some examples of complex site provisioning operations:
DevFacto has developed solutions that are constructed using all of the approaches listed above. One of our recent solutions developed for a client, calls APIs from Microsoft Graph and REST Operations automated via Microsoft Power Automate. Microsoft Graph is used to provision the Office 365 Group (which includes a site) and then the site is customized by calling additional REST Operations.
This method allows to enable Microsoft Teams on the Team site. To accomplish that, we included it in the provisioning process by calling Microsoft Graph again. You can do that too by applying “/team” at the end of the URI to enable Teams to an Office 365 Group. Optionally, you can customize the Team by modifying the Body property (see next screenshot) with additional channels to be created, installation of apps, pinned tabs using delegated permissions, and defining Member/Guest/Fun/Messaging/Discovery settings for the new Microsoft Teams team.
Site Scripts and Site Designs are used to apply site artifacts and security principals to a site. You can determine the exact actions to be executed in the Site Scripts and Site Designs. Initiate Discovery workshops by analysing the business requirements of particular groups within your organization.
Alternatively, users can apply a site design to a site through the SharePoint UI.
Whether your organization is new to Office 365 or has been using it for quite some time, you will need a provisioning process to ensure that new sites, teams, channels and groups are created in an orderly fashion. There are many good ways to manage the provisioning process, including low-tech ones. Some smaller organizations can get away with using their established IT ticketing system and that’s completely fine. However, growing needs and complexity drive other organizations to automating the provisioning process as it significantly improves efficiency and significantly reduces management costs.
Automated provisioning ensures that governance rules are followed, while greatly improving application security and user experience. It also provides you with a wealth of metadata that’s collected during the provisioning process making it easier to maintain and administrate sites, channels, teams and groups well into the future.
Automating the provisioning processes requires an upfront development investment. However, you can significantly reduce the associated costs by leveraging the tools you already have. Power Platform (PowerApps and Power Automate) apps we used in our example are included in most Office 365 subscriptions. What’s more, these tools come with many preconfigured low-code and no-code elements that fit together like LEGO bricks to give you more flexibility and more custom experience.
Looking to get started with automating your Office 365 provisioning process? Get in touch.