With the current set of connectors, I am able to build a flow that can list groups where I am the owner, list their members, and remove disabled user accounts from the group. If you would like to see such a flow, let me know.
But, what I am missing is to list all Office 365 groups in the tenant and do the same as above using a service account with a "Groups administrator" role assigned in AzureAD.
I have looked at LogicApp but the set of connectors for this purpose is quite similar.
Can you give me a tip on how to list all Office 365 groups without being an owner of those?
Thx in advance
Mike
I've been able to follow the blog post below and list all AAD Groups:
I managed to create a demo flow, based on a previous template I had, that lists all groups in my organisation:
The API can only return a maximum of 999 items. There may be a way to get more results, but my AAD has less than 999 groups. See: Handling Pagination with the MS Graph API in Logic Apps and Power Automate
if you need to get more than 999 items - but this is not something I have yet had to implement.
I'm using Azure Key Vault to keep API keys and other secrets secure. For testing you will need to paste in the secret for the HTTP action.
The TenantID
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
Client ID (Application ID):
Hope this helps.
Ellis
____________________________________
If I have answered your question, please mark the post as Solved.
If you like my response, please give it a Thumbs Up.
Thank you @ekarim2020 for a very detailed response.
This looks like a way to go.
I can see that using Graph API I can list groups (https://graph.microsoft.com/v1.0/groups?$filter/groupTypes eq 'unified'), list their owners and members, and even remove members.
This way all I need from PowerAutomate or Logic App is to check if the user/member is enabled or not using Get user profile (V2) from Office 365 Users connector. And even the last part can be replaced with Graph API.
I prefer to use the available connectors and actions where possible. If these can't do what I need or it's going to be a lot more work and complexity that can be avoided, I'll look at using Graph API calls.
There is also the following Office 365 Groups action:
This returns a maximum of 100 items. Using a graph API call with HTTP action has so far provided what I need.
Ellis
I am actually on the lookout for a flow that will run a check on the members' mailtips and highlight those that are disabled for me ot remove/delete.
IF you have anything like this, would be interested to read.
Sorry, I didn't understand sentence about mailtips:
@metrognome wrote:I am actually on the lookout for a flow that will run a check on the members' mailtips and highlight those that are disabled for me ot remove/delete.
IF you have anything like this, would be interested to read.
Ellis
Sorry, I didn't understand sentence about mailtips:
@metrognome wrote:I am actually on the lookout for a flow that will run a check on the members' mailtips and highlight those that are disabled for me ot remove/delete.
IF you have anything like this, would be interested to read.
Ellis
Mailtips is basically one option of the Outlook/O365 connector and basically mailtip returns either the out of office of a user or a warning that the mailbox is no longer operational (discontinued, deleted or full).
It is a "quick and dirty" shortcut to check for an accounts's status and (especially in flows) bypass people when their out of office is active.
See if the following post helps:
Determine users out of office status based on mailtips - Automatic Replies on or not
And the following extract from a flow:
Also, the Search for users can return the account enabled status for each account:
Ellis
User | Count |
---|---|
95 | |
47 | |
21 | |
19 | |
18 |
User | Count |
---|---|
137 | |
53 | |
42 | |
40 | |
28 |