Full support for GCC High and DoD.

Addition of reporting functionality. Specifications TBC.

• Creation of a separate 'Admin' Power App to update settings for Provision Assist, Site Types etc.
• Alternative to update the list items in the SharePoint site.

Description

In part 7, the join hub site does not find the hubsite, it says No Hubsites found - please clink 'Next'.
All settings have been successfully done professionally according to the deployment guide.

Steps to reproduce

Just deploy it you will see

Expected results

Users can see our Intranet hub site and they can select it.

Actual Results

No Hubsites found - please clink 'Next'

Solution component

Power App

Operating system (environment)

Windows

Additional Info

Unfortunately the Provisioning Assistant could not find our Hubiste:

By the way the hub site + the Hub sites's ID appears in the sharepoint list

Microsoft Graph Data Connect (MGDC) integration.

Develop a MGDC report which compliments Provision Assist.

Functionality TBC

Description

The flow "Check Space Availability" only works if shared with the users as "run-only", but this is not mentioned.
In step 7 the sharing of the flows is only mentioned for changing and viewing flow runs to admin users, but not normal app users.

If the flow is not shared, there will be an error when checking for space availability with the verify button:

I troubleshooted this, if you give the app user permissions as run-only user it works.
But what is the correct way to do this? Should it be shared to the user/group or the sharepoint site?

And should the connection be set as "Use this connection" or "Provided by run-only user"?:

Steps to reproduce

1. Launch App as an normal user
2. Try to verify the name of the collab space

Expected results

Flow runs without sharing (as described in the deployment guide)

Actual Results

Flow only runs with sharing

Solution component

Power Automate Flows

Operating system (environment)

Windows

Additional Info

No response

Description

When choosing the collaboration space type, it says at the bottom: "To learn more about the different types, click the video icon."
However, there is no video icon shown. Where should it be in the App?

Steps to reproduce

1. Launch Power App
2. Fill in information and progress to step 2 Recommendation Screen
3. Try to find the video icon

Expected results

There should be a video icon displayed.

Actual Results

There is no video icon displayed.

Solution component

Power App

Operating system (environment)

Windows

Additional Info

No response

Support for provisioning Teams private channels. TBC what this will look like.

Suggestion

when creating a request would be good to allow user to set expiration date or set that default will be per policy

• Functionality to apply sensitivity labels to M365 groups using App based auth is currently not available.
• Monitor for when this is released and update Provision Assist accordingly.

https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-beta&tabs=http#example-2-apply-sensitivity-label-to-a-microsoft-365-group

Description

Scipt fails at Applying provisioning template... to the SharePoint site.

Tried amending the wait timeout in the script from 60 to 120 and even 180 seconds - in each case it fails at this point with:

Failed to configure the SharePoint site {0} The remote server returned an error: (404) Not Found.
At C:\provision-assist-m365\Source\Scripts\deploy.ps
1:682 char:9

•     throw('Failed to configure the SharePoint site {0}', $_.Excep ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (System.Object[]:Object[]) [], RuntimeException
  • FullyQualifiedErrorId : Failed to configure the SharePoint site {0} The remote server returned an error: (404) Not Found.

When timeout was set to 120 seconds or greater I am able to see the site being created in the SharePoint admin centre prior to the timeout error

Steps to reproduce

Expected results

site should be configured by the script

Actual Results

Script fails and I have a partial deployment - site is created but not configured.

Solution component

Deployment Script

Operating system (environment)

Windows

Additional Info

No response

• Remove the requirement to use ACS.
• Investigate an alternative method to check for deleted sites in the SPO tenant recycle bin in the 'CheckSiteExists' Logic App (this requires ACS).

Update the ProcessProvisionRequest logic app to use the MS Graph when this functionality is released (roadmap ID 124843). This will allow removal of ACS.

Hi! We have also some strange issue with external sharing. When we follow the form like this

The outcome is all the time "external sharing required" "No"

Do you know why it dont change to "yes"?

Best Regards

• Update the Azure automation components of Provision Assist to use a Managed Identity instead of the ACS model.
• The ClientId and ClientSecret variables will be removed from the automation account.
• Each runbook will be updated to use a managed identity which will automatically be provisioned by the deployment script.
• The managed identity will be granted the Sites.FullControl.All role.

Include the option of running the cmdlet to bypass admin consent for the Power App into the deployment script.

Functionality to enable creation of Planner 'Plans' (when available in MS Graph APIs).

Further enhance the solution into a more complete governance solution by implementing a process to notify IT and Site Owners when key changes have been made to a space that was provisioned through Provision Assist.

For example, Owners and Members changed or deleted.

The frontend for this may form some kind of dashboard using a SharePoint list as a backend,

• Add a button in the Space Already Exists adaptive card that gets sent to the user to allow them to contact the owner of the site.
• Use the SharePoint REST APIs to retrieve this information in the CheckSiteExists Logic App.

Suggestion

We would love a quick option within the List "Provisioning Request Setting" with the option to disable the Choose Template screen, so that no template will be used.

Hi!

I have just one question regarding the sensitivity labels when we choose “Team site”, we can not see the option “sensitivity label” in the request form?

They are working good with Teams team and o365 groups in the form.

Best Regards

• A 'V2' Power App with a completely new design.
• It will be responsive by default and will support mobile devices - both when embedded in Teams and when executed as a standalone Power App.

An early screenshot can be seen below.

Description

The action "Split Users string" fails with the following error:

InvalidTemplate. Unable to process template language expressions in action 'Split_Guest_Users_string' inputs at line '0' and column '0': 'The template language function 'split' expects its first parameter to be of type string. The provided value is of type 'Null'. Please see https://aka.ms/logicexpressions#split for usage details.'.

It seems like the value is empty.

Steps to reproduce

1. Run Logic app "ProcessGuests" manually
2. Check Logic app run details

Expected results

Logic app gets executed successfully.

Actual Results

Logic app is running on error.

Solution component

Power App

Operating system (environment)

Windows

Additional Info

Suggestion

To enhance the Provision Assist to stay up to date, I would like to request an enhancement of the creation a Viva Engage Community by switching to the Microsoft Graph API. Can this be implemented?

Classic route of creating a community in Viva Engage currently implemented in the Provision Assistant solution

The provision-assist-m365 documentation describes in Step 12 (Optional): Enable provisioning of Viva Engage Communities the old way of creating a community in Viva Engage, e.g. by referencing the previous product name Yammer and using the classic developer functionality of requesting the creation of a Yammer App Token during deployment of the solution. A great enhancement will be the use of the modern way of creating a Viva Engage Community by interacting with the Microsoft Graph API.

Suggested modern route of creating a community in Viva Engage to be implemented in the Provision Assistant solution

As described in the Microsoft Learn Documentation for Microsoft Graph at Use the Microsoft Graph API to work with Viva Engage (preview) under the /beta version of the the Microsoft Graph functionality is available to create a Viva Engage Community. The implementation steps including the App Registration in Microsoft Azure is described and depicted in Tech Community Blog Introducing the Community Creation API for Viva Engage on Microsoft Graph Beta. The following picture shows a community in Viva Engage created via the Microsoft Graph API.

Important: The Viva Engage API in Microsoft Graph is only supported for Viva Engage networks in native mode. You can't use this API to manage legacy or external Viva Engage networks.

Description

When importing the ProvisionAssist_1_1_0_0_managed.zip, it comes as an unmanaged solution and not managed.
Is this a problem?

Steps to reproduce

1. Import solution
2. Select ProvisionAssist_1_1_0_0_managed.zip
3. Check Type

Expected results

ProvisionAssist_1_1_0_0_managed.zip should come as managed

Actual Results

ProvisionAssist_1_1_0_0_managed.zip comes as unmanaged

Solution component

Power App

Operating system (environment)

Windows

Additional Info

No response

• Form should ask whether personal data will be stored.
• This should set a risk flag if external sharing is also required.

Provision Assist Viva Connections card

Creation of a Viva Connections card which will include the following functionality (TBC):

• Ability to view # of your requests on the card
• Quick view to view status and comments for your requests - links to open created collaboration spaces
• Ability to launch the Power App from the card and quick view

Description

Deployment script overwrites the resource group if it already exists, we should prompt whether they want to overwrite it and if not, we should not overwrite/do not run New-AzResourceGroup otherwise if there are tags required on the resource group by policy it will fail.

Steps to reproduce

As above

Expected results

As above

Actual Results

As above

Solution component

Deployment Script

Operating system (environment)

Windows

Additional Info

No response

Suggestion

We are looking at using this as a full workflow solution. Would be good to allow name changes and deletions from this app.

• Add all relevant fields (ones that have values) to the 'Space Approval' adaptive card.
• Currently we only display a handful of the fields and the remainder have to be viewed in the SharePoint list.

Monitor for the List teamTemplates - Microsoft Graph beta | Microsoft Learn endpoint to be released into v1.0 and update the logic app accordingly. It is currently using the Beta endpoint.

Hi!

We have some issues:

1. When we try to import the latest versions it says just "unmanaged" and we cant import it over managed solution. But we have removed the old solution and imported the latest and that one gets unmanaged all the time. Maybe this is non issue or is it?
2. Regarding the latest version, we still have issues to label the SP sites and we cant invite external users? When we look at the site it is just empty on sensitivity and the external settings are set to "only people in your organization".
   
3. In the latest version we also have some issue when we try to search users or owners in the form. We can see some of them but we cant click and search? Now we installed the 1.0.0.1 version and there it seems to work. Best Regards

Suggestion

We would like to have the option to auto approve all requests.
Maybe to make it work faster without the need to implement it into some setting, just give some info how to edit the Flow to auto approve it, so skipping the steps of Approvals (or add some actions in the Flow to set the SharePoint list items Status to approved automatically).

Description

aunching Azure sign-in...
az : WARNING: A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the
web browser. If no web browser is available or if the web browser fails to open, use device code flow with az login --use-device-code.
At C:\provision-assist-m365-Latest\Source\Scripts\createazureadapp.ps1:133 char:13

• $cliLogin = az login

•         ~~~~~~~~
  

  • CategoryInfo : NotSpecified: (WARNING: A web ...e-device-code`.:String) [], RemoteException
  • FullyQualifiedErrorId : NativeCommandError

Steps to reproduce

1.Execute createazureadapp.ps1 file
2.
3.

Expected results

App should have been created in Azure AD

Actual Results

Solution component

Deployment Script

Operating system (environment)

Windows

Additional Info

Unable to execute createazureadapp.ps1 powershell

• Addition of full error handling in the main provisioning logic app.
• Need to handle all possible errors and log to the planned Activity log/notify the user and IT when it fails.

Support the OOTB hub site approvals functionality.

• When a user requests to join a hub site, the OOTB approval request should be used. Currently we join a hub site regardless.

Description

When using translated labels, the UI border of collab space choosing screen is changing.

Using original labels (en):

Using translated labels (de):

Steps to reproduce

1. Translate labels
2. Paste the .json into the component
3. Launch app with browser setting of tranlated labels
4. Progress to Step 2 Recommendation screen

Expected results

UI border should not be affected by translated labels and look the same.

Actual Results

UI border should is affected by translated labels and does not look the same.

Solution component

Power App

Operating system (environment)

Windows

Additional Info

No response

Support for 'Dark mode' when app is pinned and accessed in Teams.

Support for high contrast theme when the app is pinned and accessed in Teams.

Addition of multilingual support to the Provision Assist frontend. This will work as follows:

• User browser language/locale automatically picked up when the Power App is embedded in Teams. All text in the app will display in the users' language.
• If the app is open outside of Teams, a configurable setting in the 'Settings' list will allow an admin to set a default language.
• A Power Apps component will be used for the translation.
• Translations will be based on a JSON file/template so you can easily amend/translate to your desired language.

Initial language support will be French and Dutch.

Description

Within the Power App, the thumbnails and videos are not displayed:

Steps to reproduce

1. Start the app
2. Fill out first page requirements
3. Check collaboration spaces

Expected results

Preview thumbnails and videos are displayed

Actual Results

Preview thumbnails and videos are not displayed

Solution component

Power App

Operating system (environment)

Windows

Additional Info

No response

Update the ProcessProvisionRequest logic app to use the new endpoint to create teams from non US locale templates (when released into v1.0).

List definitions - Microsoft Graph beta | Microsoft Learn.

• Add the ability to capture a GEO in which to provision teams/groups. Potentially using the Microsoft Graph API.
• List of GEOs in the settings list OR if retrieve the users' geo automatically when they request a team or group and create the area in that GEO.

TBC about how we would do the SharePoint site creation in the correct GEO.

See - Provisioning in a multi geo tenant – delaware – Digital Workplace (wordpress.com)

Description

found that install kept failing when the azure cli tries to login - got several ssl errors
issue was with certs but adding to chain did not fix it.

had to run following powershell

& "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe" -m pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pip-system-certs

Steps to reproduce

1 run either createazureadapp or deploy scripts
2.
3.

Expected results

continues without error

Actual Results

error

Solution component

Power App

Operating system (environment)

Windows

Additional Info

No response

• Support for auto retention policies where sites/groups/teams etc. are added into a policy based on a condition.
• Currently we only apply a retention label at the library level.
• Exchange PowerShell will be needed to add the sites into a policy.

Description

When creating a request as a user with full control over sharepoint site, the verify works fine. When doing as a visitor with read access on request list, clicking verify does nothing and in errors
CheckSpaceAvailability.Run failed: Connection not configured for this service.

have validated that flows are shared with end user

Additionally in teams, the template screen only shows the description and no image

Steps to reproduce

1.create a new request
2.Use any type
3. enter name
4. click verify

Expected results

on clicking verify would get response

Actual Results

nothing but error CheckSpaceAvailability.Run failed: Connection not configured for this service.

Solution component

Power App

Operating system (environment)

Windows

Additional Info

No response

• Concept of an 'Activity log'.
• Log all activity in Provision Assist e.g. Request submitted > Provisioning > External users being invited etc.
• Similar to the concept of the 'Workflow History List' that used to exist in SharePoint On-premises.

Suggestion

We would love a quick option within the List "Provisioning Request Setting" with the following options:

• Option to skip data classification (step 3)
• Set default data classification
• Set default visibility (e.g. always private for Teams)

Support for 'Connected templates' (TBC what this functionality will look like).