Advanced | Flow of The Week: Retrieving Office 365 Message Center and Service Health Notices using Microsoft Flow
Hello Flow Fans!
This weeks post comes from Antonio Maio from Protiviti, inc.
Antonio Maio is an enterprise architect with over 20 years of experience in enterprise application architecture, information security, cybersecurity practices and systems, software development and team leadership. Antonio is an Associate Director and Senior Enterprise Architect with Protiviti. Based in Canada, he has been awarded a Microsoft Most Valuable Professional (MVP) award for 7 consecutive years, from 2012 to 2018, specializing in Microsoft SharePoint Server, Office 365 and Office Services. His background includes implementing large scale SharePoint and Office 365 environments, information security technologies, and information governance best practices. His experience with Microsoft SharePoint and Office 365 extends over the last 12 years. Be sure to Follow him on Twitter and check out his blog www.trustsharepoint.com
To automate critical business processes in Office 365 using Microsoft Flow, we typically need to call cloud-based services in order to retrieve data. Calling these services often requires us to use the HTTP connector and action, and as a result, provide our TenantID, along with an App’s ClientID and SecretID in the Flow. This blog post will provide a detailed walkthrough of configuring these required parameters when calling cloud services using the HTTP connector. We’ll use a recently released Flow template as an example, which retrieves data from the Office 365 Message Center and Service Health dashboards.
Using the Office 365 Message Center
A common recommended strategy for managing and maintaining an enterprise-class Office 365 environment is to designate a “service owner” for your corporate Office 365 tenant. The service owner’s role usually includes staying up to date with changes and new capabilities that are coming to Office 365, and being proactive about determining the best way to roll out those changes to the organization’s user community. One of the best tools available to help service owners stay up to date with Office 365 features and changes is the Office 365 Message Center. The Office 365 Message Center is a dashboard available in the Office 365 Admin Center (Health > Message Center) which hosts messages from Microsoft about new features, planned changes to features or service issues within the Office 365 environment.
There are several ways to stay up to date with messages posted to the Message Center. For example, the Message Center allows you to get push notifications from the Office 365 Admin App, or in the Message Center you can select to have a weekly email with posted announcements sent to up to 2 users or to a group.
A great way to have Office 365 Message Center announcements sent directly to your inbox, in a weekly summary format, and to even customize the list that’s sent, is to use Microsoft Flow. The Microsoft Flow team has recently released a new Flow template called “Email me a weekly summary of Office 365 Message Center notices” that gets you started. Although this template works very similarly to the built in Message Center feature of sending a weekly digest email, using Flow has the advantage of allowing you to customize the weekly email to either send it to more than 2 people (without using a Group) or to highlighting updates or service outages related to only specific services you might be interested in. For example, you could send emails that alert your Exchange team to Exchange Online specific updates, or your SharePoint team to SharePoint Online specific updates, and so on. You could even automatically register service outages with your internal governance and security tools for alerting and auditing purposes.
This template will actually send a weekly summary email containing all Office 365 Message Center notices and all Service Health issues posted in the last week to your Office 365 tenant.
It relies on two connectors (Office 365 Outlook and Office 365 Users) and calls to the Office 365 Service Communications API. So once those two connections are established, the template is actually fairly easy to setup and use. It does however require the user to fill out three parameters that might be confusing to some, so we’ll walk through how those parameters are configured here so that you can quickly get up and running with this Flow template.
When you first create the template, it looks like this:
Notice, here are those three variables right out the gate that you need to provide: TenantID, ClientID, and SecretID.
Provide the TenantID
First you need to provide your Office 365 TenantID. This is not your tenant name or your domain. This is a globally unique identifier (GUID) that uniquely identifies your Office 365 tenant. There’s 2 ways to retrieve your Office 365 tenant ID:
- From the Azure Active Directory Admin Console
- Log into the Office 365 Admin Center as a Global Administrator, click Admin Centers in the left-hand menu, and click Azure Active Directory; alternatively, you could log into http://portal.azure.com with your Office 365 global admin credentials.
- In the Azure Administration Console, click Azure Active Directory, and under Manage click Properties
- Find the value listed in the Directory ID field and that’s your TenantID.
- Using PowerShell
- Launch Windows PowerShell as Administrator
- Install Azure PowerShell Module by running the following cmdlet at the prompt:
Install-Module -Name AzureRM
- Now run the following cmdlet at the prompt:
Login-AzureRmAccount
- You will be asked to login to your Office 365 global administrator account, and then the TenantID will be displayed in the output to the PowerShell window.
Once you have your TenantID, enter it in the first variable card presented in the Flow, titled “Initialize TenantID variable”.
Provide your ClientID and SecretID
In order to provide a ClientID and SecretID, you’ll need to first register an App in the Azure Active Directory:
- Log into the Office 365 Admin Center as a Global Administrator, click Admin Centers in the left-hand menu, and click Azure Active Directory; alternatively, you could log into http://portal.azure.com with your Office 365 global admin credentials.
- In the Azure Administration Console, click Azure Active Directory, and under Manage click App Registrations
- Click the +New Application Registration button
- Enter any name for your App such as Office365ServiceCommunicationsAPI (must be a minimum of 4 characters)
- Select Web App / API for the Application Type since this is a web application
- Enter an arbitrary URL made up from your application name, such as http://Office365ServiceCommunicationsAPI
- Click Create at the bottom of the panel
Once the App has been created, several IDs will be shown for your App. The Application ID represents the ClientID we need. Copy and save that value to use in our Flow.
Click the Settings button on this page, and then click the Keys menu item.
In the Passwords screen, enter any name for your key (maximum 16 characters) and select a Duration, after which it will expire (I typically select 1 or 2 years). Then click Save.
Once saved, the key (or SecretID in our case) will be displayed in the value field.
Note: The Azure portal will only display the Key value, or the SecretID, at the time when it is initially generated. You cannot navigate back to this page and retrieve the SecretID again later.
Copy and save that value to use in our Flow. Be sure to keep your ClientID and SecretID saved privately and securely.
Grant Required Permissions to Your App
Once you have created the App and saved the ClientID and SecretID, we need to grant permissions to our app so that our Flow can access the Service Communications API. We do this in the Azure portal using the following steps:
- In the Settings page for your App, click Required Permissions
- In the Required Permissions page, click +Add then click 1 Select an API
- Select Office 365 Management APIs and click Select
- Click 2 Select Permissions and then select all Application Permissions and Delegated Permissions
- Click Save
All of the permissions for the Office 365 Management APIs require an administrator to explicitly grant these permissions to the App. This is done by entering a carefully constructed URL in the browser, logging in as an Office 365 global administrator and clicking Accept to grant the selected permissions to the App.
- Enter the following URL into a new browser window:
https://login.windows.net/common/oauth2/authorize?response_type=code&resource=https%3A%2F%2Fmanage.office.com&client_id={ClientID}&redirect_uri={ReplyURL}
Note: the {ClientID} in the URL and the {ReplyURL} values in the URL must be replaced with the values configured in your App.
For example, your URL might look like this:
- Login with the Office 365 global administrator credentials
- Click Accept on the following screen which appears to grant the permissions listed to your App:
Complete and Run our Flow
Now that we have the ClientID and SecretID from our newly created app, and we’ve created required permissions to the App, let’s:
- Copy the ClientID value into the Flow tile titled “Initialize ClientID variable”
- Copy the SecretID value into the Flow tile titled “Initialize SecretID variable”
The template will then call Get Access Token to retrieve a bearer token, which will be used in a subsequent call to the services communication endpoint.
The template will then parse the token, and ultimately call a GET method in the Office 365 Service Communications API endpoint within the ‘Get Office 365 messages tile’.
This is done using the HTTP connector and action, and the TenantID, ClientID, SecretID and permissions we configured were required in order to enable the Flow to securely make that call. Calling cloud service endpoints typically follow a similar pattern to the process shown in this post.
Once those 3 values are provided, you can save your Flow and its ready to run and test! All other parameters are set with appropriate defaults so that you can immediately receive an HTML formatted email with a digest of the recently issued Office 365 Message Center and Service Health notices. You can use the Flow as is, or make further modifications to it like filtering the output for specific services of interest, directing multiple emails to various service owners throughout your organization, or automatically raising alerts through internal security and governance tools when service health issues may affect critical business processes. These types of Flows can help your Office 365 service owner or your internal security and governance teams to stay up to date with what’s new and what’s going on now in Office 365!
Thanks for reading! Please leave your comments below!