Microsoft MVP Drew Madelung walks through the Microsoft tools you can use to build your Microsoft 365 provisioning solution.
You have a lot of decisions to make when planning and building your custom Microsoft 365 provisioning solution. There are core decisions that you can learn more about by understanding Microsoft 365 provisioning scenarios before getting started with modern provisioning.
Once you have all your requirements, you need to think about what custom solution you’ll build and why. Establishing these details early in the process will help guide you in designing and building your solution.
Whether you’re using site templates, mixing and matching site templates and PnP provisioning, or using a third-party tool for specific parts, the first step is knowing what your technical options are for implementation.
In this article, I’ll walk through the Microsoft technical options and break them down by the function they would deliver.
If you want to use non-Microsoft tools that may fit your requirements or technical expertise better, that’s fine! You don’t need to use Microsoft technologies for all processes. I see it as an opportunity to expand your toolkit; you can achieve the same goal of a successful and complete provisioning solution for Microsoft 365 collaboration workspaces.
Table of contents
Template creation
Modern Microsoft 365 provisioning is built not by taking exact copies of SharePoint sites or Microsoft Teams but by extracting the configuration from them and making a package.
You then apply that package as part of the creation process after the out-of-the-box site or team has been created. The easiest way to start is with a site or team that’s already been created with all the lists, libraries, and content you want on it.
Then to create a template, you have a few Microsoft options:
- Site Templates (formerly called site designs)
- PnP Provisioning Templates
- Manual scripting
1. Site templates
Site templates can be used when a site is created or applied to an existing modern SharePoint site. A site template is a collection of actions packaged as “site scripts.” An action can be something like creating a library, list, or column. To generate a template, you need to gather all the actions that need to be applied on top of a modern SharePoint team or communication site. Thankfully, Microsoft has published an API to extract these actions that can be consumed via REST, CSOM, and, most commonly, PowerShell.
To extract a site script from an existing SharePoint site using PowerShell, you can use the Get-SPOSiteScriptFromWeb cmdlet and then extract your branding, theme, sharing, and lists. They can then be added back to a site script in your tenant using Add-SPOSiteScript and into a new site template using the -SiteScripts parameter and the Add-SPOSiteDesign cmdlet.
2. PnP provisioning templates
The Microsoft 365 PnP community effort has put together an open-source provisioning engine and framework that allows you to create and apply templates to site collections (site templates) or to provision teams (tenant templates).
Just like extracting a site template, start with an existing SharePoint site and then use it with CSOM or PowerShell to export it. Instead of using the SharePoint Online PowerShell module, you need to use the PnP PowerShell module. Once you’re connected to the site you want to export, you can use the Get-PnPSiteTemplate cmdlet to generate a file that can be saved somewhere and then applied to a different site using the Invoke-PnPSiteTemplate cmdlet.
You can’t, however, export tenant templates the same way. You’ll need to manipulate them manually to a schema file, but this will provision Teams with different configurations on them.
3. Manual scripting
There can be complex situations or very easy situations that don’t require a template or cases where the requirement isn’t supported in the available templating solutions. You can write your own PowerShell script or a collection of API calls that will apply the configurations for the new site or team want, and you can use that as your template option. Starting with the PnP PowerShell modules will give you the most flexibility, but you may also need to use the Teams PowerShell module. If you’re using APIs, you’ll want to concentrate on using the available Microsoft Graph APIs.
Entry point
You need a way to have someone submit a provisioning request, and that will be the entry point of the process. This is most commonly a form that a user can fill out. The values on the form can range from the title to custom information such as business units or types.
From a technology perspective, this one is not always in the Microsoft technology space, but if you’re sticking with Microsoft 365, here are some of the available options:
1. Power Apps
Power Apps is a Microsoft platform that provides business apps that come in multiple flavors such as canvas, model-driven, or portals. These apps could all be used as a front-end form solution. These can be embedded into SharePoint pages, used within the app or mobile app, and added to Teams. Power Apps is a great solution to bring the entry point to users in multiple locations so they can be in-context to create their new collaboration workspace.
2. SharePoint Lists
A SharePoint list is a collection of columns to store, view, and process data. Lists are perfect places to create the columns needed to start a provisioning request. You can then direct your users to the list or put them in a tab in Teams. When users add a new item to the list, they can fill out the metadata, which starts the creation process. Users and admins can then easily reference this for reporting.
3. SharePoint Framework
The SharePoint Framework (SPFx) is a page and web part model that provides support for SharePoint client site development, including custom web parts and custom forms. SPFx is the most flexible solution but also the most customized one. You could build a form as detailed and complex as you need and deploy it to site collections or extend it within Microsoft Teams.
4. Microsoft Forms
Microsoft Forms are very user-intuitive that can capture the information you need and easily integrate it into other solutions. Forms provide built-in data visualization for insights into the requests and can be made available on any device. Overall, a flexible solution but more limited to the user experience of the form entry.
Business processes
Now that we have a template, and we have a way for a user to submit their request to provision a Microsoft 365 collaboration workspace, we need a way to institute the business process for it.
One of the most common scenarios for a custom provisioning solution is to add an approval and send custom emails. That’s not available out of the box, so you’ll need to use a different tool. You can choose a Microsoft automation tool, with the options being either Power Automate or Azure Logic Apps. Both are workflow services that can integrate into entry point solutions like Power Apps, SharePoint, and forms like connecting to more than 300 other connectors depending on your provisioning requirements.
Let’s say you want to integrate with Service Now to create a request to be tracked; we can use that connector within either workflow solution.
Power Automate provides a user-friendly focused experience:
…while Azure Logic Apps provides more complex development tools, DevOps, and monitoring if required:
Good to know:
- Power Automate is built on top of Logic Apps. They share the same workflow designer and connector options.
- Power Automate is built more for business users, while Logic Apps is built for developers and IT professionals.
- Cost is a core difference when deciding between the two options for your provisioning solution. Power Automate is a per-user license, while Logic Apps is consumption-based. Due to this scenario, you’ll usually see Logic Apps used as a solution. But this is a big “it depends” scenario based on your organization’s size, skillset, and comfort level with each tool.
With either solution, you’ll have a way to create approvals, send emails, and do any other requirements identified as part of your custom provisioning solution.
Power automate can streamline all sorts of processes in Microsoft 365. Here are 6 Power Automate examples to level up your Microsoft 365 management game.
Technical provisioning
After someone approves the creation of the collaboration workspace, we need a way to create it, apply our template, and do any other customization required. This provisioning can be done using Power Automate or Logic Apps, depending on your requirements, but if you have a more advanced scenario, you’ll want to look at other solution options such as Azure Functions and Azure Automation.
Both solutions have a consumption cost based on how often they’re triggered, but it starts in pennies for consumption, and site provisioning is normally not an extremely high transaction count, so the cost is assumed to be minimal.
Azure Functions
Azure Functions is a serverless computer solution that will let you trigger and run code in Azure. It’s useful in a provisioning scenario; you can make calls to deploy templates or run the manual scripting templates you created before in many development languages. Functions are coded first, and you can group them to scale out your provisioning, depending on the different modules or actions you perform. For example, if you needed to create the site, apply a PnP template, and perform actions that were unsupported in the template after you could build these out with custom development in functions. Functions can also be used with PowerShell if you’re more comfortable with that.
Azure Automation
If you really want to use PowerShell but use the cloud, then Azure Automation is your solution.
Even though Azure Automation is considered an Infrastructure-as-a-Service (IaaS) solution, you can also use it to run PowerShell cmdlets like PnP, SharePoint, and Teams.
So, if you have created templates using some of the options here and want to package a full provisioning solution together in PowerShell and then call it from your business process solution, you’ll want to try Azure Automation.
Which one should you choose?
The decision about technical provisioning falls back on your requirements and comfort level as the implementer of the custom provisioning solution.
You can use either Azure Functions or Azure Automation, but you should go with the one you’re most comfortable with.
Both are consumption-based; you could track, monitor, and alert so you can have comfort in successfully provisioning your new collaboration workspaces.
Plan for administration
You can’t forget the “why” when building your custom provisioning solution, which usually stems from requirements for better governance.
To have good governance in place, you need a way to track, report, and visualize it. If you’re adding custom metadata to a provisioning process, then you need to be able to see the outcome of the collaboration workspaces being created. You don’t want to try replicating the Teams and SharePoint admin centers to view sites and teams but expand on that.
How can you visualize the number of teams created by a specific business unit? Are there templates that are more popular than others? What percentage of users are requesting collaboration workspaces?
By planning for and building an administration layer, you can help paint the picture of the process and the outcomes. SharePoint lists are one of the easiest solutions; you can add items to a list during creation. Once that data is added to a SharePoint list, you can visualize it with Power BI.
As you have already made decisions on what you’re looking to gain with this custom provisioning solution, you can show it off to your boss and anyone who questioned why this would be an important solution to implement.
Faster Provisioning: Third-party solutions
A third-party solution like ShareGate can be included in your arsenal regarding provisioning and Microsoft 365 management. ShareGate’s workspace provisioning feature offers a simple experience for end users to create what they need, with your governance policies built right in.
ShareGate’s custom provisioning templates allow users to create and manage their own teams and sites following your rules for workspace creation. You and your IT team can request approval per template if needed, but it’s totally optional. So, no need to worry about approving every new team or site. Templates are automatically rolled out to your users through the integrated app, saving you time and taking the complexity out of customizing and managing your templates.
Using your advanced Microsoft 365 provisioning toolkit
There are a lot of Microsoft technologies you can use as part of your custom provisioning solution. You don’t need to use all of them; each has its strong points. Use what works best for you!
That’s a wrap on our Microsoft 365 provisioning blog series! Hopefully, we’ve covered everything you need to know to feel more at ease building out your modern Microsoft provisioning solution and making an educated technology decision for your solution. Remember, make sure you and your organization are comfortable with the technologies before implementing them to achieve sustainable success.
