Call Microsoft Graph API as a signed in user with delegated permission in Power Automate or Azure Logic apps using HTTP Connector

If you have a requirement to access graph endpoint as a signed in user/account on an instant/automated/scheduled flow, this blog post will help you with instructions and steps to access the Microsoft graph API with delegated permissions using the

  1. HTTP connector
  2. Invoke an HTTP request connector

There are resources (Presence information, Planner etc) in Microsoft graph which is available only as delegated permissions and not as application permission. Application permissions can be granted only by an administrator but users can register an application with delegated permission (Except All permission) unless the IT team has restricted the app registration by users.

Access Graph API using HTTP connector:

I have used the HTTP connector to generate a token for accessing the Graph API using the OAuth resource owner Password Credentials grant authentication flow supported by Microsoft Identity platform with the User ID and Password. Once we have the access token, the request to the Graph API endpoint will be made. To follow along this post be ready with the following

Pre-Requisites:

  1. Access to HTTP Premium Connector in Power Automate
  2. Access to register Azure AD Application in Azure AD Portal
  3. A service account without MFA enabled
    1. User ID
    1. Password

If you have an account with MFA enabled, then you should be creating a Custom connector. I have written a blog post on creating a custom connector to call Microsoft Graph API for Power Apps and Power Automate.

Azure Active Directory Application:

Register an application in Azure AD and obtain the client id, client secret & tenant id for the registered application. In this example I have added the delegated permission Presence.Read to get the presence information of the service account.

Add the redirect URI for the web http://localhost as shown on the screenshot below.

The Web redirect URI http://localhost/ is required to provide consent for the Azure AD application for the permission scope by the service account. The consent can be provided by an admin to use this application in flow by all users or the consent has to be provided by an individual user. To provide consent by an individual user in this case by the service account, construct the following url using the tenant ID, Client ID and the scope (ex. Presence.Read)

Individual User Consent URL:

https://login.microsoftonline.com/yourtenantID/oauth2/v2.0/authorize?
client_id=azureadappclientid
&response_type=code
&redirect_uri=http://localhost/
&response_mode=query
&scope=https://graph.microsoft.com/Presence.Read

If there are multiple delegated permissions, the scope should be separated by a space (%20)

scope=https://graph.microsoft.com/Presence.Read%20
https://graph.microsoft.com/Sites.Read.all

Now login to Office.com with the service account and enter the above User Consent url on a separate tab for the consent which will bring up a screen similar to the one shown below

Now Click the Accept button to provide consent for the requested permission for the service account. After the Accept button is clicked there will be a message stating that this site cannot be reached or something similar with the url like below on the browser address bar

http://localhost/?code=xxxxxxxxxxxxxxxxxx&session_state=xxxx-xxx-xxx-xx-xxxxx

The consent is provided, to validate the consent login to My Applications link url and the select the Azure AD application from the list and then click Manage your application as shown below

Find below screenshot with consent for Presence.Read permission. To revoke the permission, click Revoke permissions

To provide Admin consent for all the users to use this app in the flow, the URL is

https://login.microsoftonline.com/yourtenantID/adminconsent?client_id=azureadappclientid

Power Automate Flow:

Now we are ready to generate the graph token using the HTTP connector in flow which is a pre-requisite to call the Graph API endpoint. To generate a token in Flow

  1. Store the Client Secret on a String variable
  2. Make the following HTTP request using the HTTP connector

HTTP Method: POST

URI: https://login.microsoftonline.com/yourtenantID/oauth2/v2.0/token

Headers: Content-Type: application/x-www-form-urlencoded

Body:

Replace the client id, service account username and password

client_id=azureadappclientid&username=serviceaccount@yourdomain.com&password=serviceaccountpassword&grant_type=password&client_secret=azureadappclientsecret&scope=Presence.Read%20offline_access

For the client secret and password (only if there is special character), make sure to URL encode using the expression encodeUriComponent(variables(‘clientSecret’)) else the request will fail due to the presence of special characters.

If there is no consent provided by the user/service account for the Azure AD application then the above HTTP request will generate the following error

{“error”:”invalid_grant”,”error_description”:”AADSTS65001: The user or administrator has not consented to use the application with ID ‘xxxxxxx-65xx-47e0-xxxx-xxxxx0bb22′ named AzureADAppName’.

To extract the token from the above request, add the parse JSON action with Content from the HTTP request body and the following schema

{
    "type": "object",
    "properties": {
        "token_type": {
            "type": "string"
        },
        "scope": {
            "type": "string"
        },
        "expires_in": {
            "type": "integer"
        },
        "ext_expires_in": {
            "type": "integer"
        },
        "access_token": {
            "type": "string"
        },
        "refresh_token": {
            "type": "string"
        }
    }
}

Add the Body from the dynamic content from the HTTP – GET Token action to the content of the Parse JSON action

Include the access token when calling the Microsoft Graph API on the Headers sections as shown below. The access_token is from the output of the Parse JSON action

If you run the flow, you can now see the response with the presence information of the service account as shown below

Use Azure Key vault connector to secure the Client Secret & Password information in the flow.

Invoke a HTTP Request connector:

This connector can be used to fetch resources from various web services authenticated by Azure AD including Microsoft Graph in more easier way. Look for the action with the keyword invoke an HTTP request

If it is accessed for the first time, enter https://graph.microsoft.com on both Base and Azure AD resource URI and then click Sign In

Enter the Graph API endpoint on the Url of the request and select the Method

The API is executed in the context of the action’s connection as shown below. In this example it gets the profile information of the serviceaccount

If you get an error similar to { “error”: { “code”: “Forbidden”, “message”: “” } }, then it could be because the connector has a limited set of scopes. Getting Presence information is not supported with this connector as of now. If your scenario requires something more advanced or not currently supported by the connector, please use the �HTTP� connector as shown above or create a custom connector.

Reference:

https://docs.microsoft.com/en-us/graph/auth/auth-concepts#delegated-and-application-permissions

https://ashiqf.com/2021/03/16/call-microsoft-graph-api-in-power-apps-and-power-automate-using-a-custom-connector/

Summary: There are many endpoints available with Microsoft graph which can be leveraged for different use cases. Keep in mind the HTTP connector in Power Automate is Premium, you can also consider using this approach in Azure Logic apps. The access token is valid only for an hour, if you have to call a graph api after an hour from the initial token generation time the token has to be obtained again. Hope you have found this informational & thanks for reading. If you are visiting my blog for the first time, please do take a look at my other blogposts.

Call Microsoft Graph API in Power Apps and Power Automate using a Custom connector

Microsoft graph is the gateway to data and intelligence in Microsoft 365 which connects multiple services like SharePoint, Teams, Planner etc and devices. Microsoft graph has one common endpoint that is RESTful Web API enabling you to access Microsoft Cloud service resources. With that said if you want to communicate with Microsoft Graph Services or any API services, custom connectors can be used to address needs which are not available as prebuilt connectors in Power Apps and Power Automate. The purpose of this blog post is to show how to

  • Create & setup Custom Connector to call Microsoft Graph API
  • Call Microsoft Graph API in Power Apps using custom connector
  • Call Microsoft Graph API in Power Automate using custom connector

Custom connector supports the following authentication types

  • Anonymous (No Authentication)
  • Basic Authentication (UserName & Password)
  • API Key
  • OAuth 2.0

As of the time I am writing this article, custom connector supports only authentication flow Authorization code & not client credentials. If you use OAuth 2.0, it means you can use only delegated permissions & not application permissions as permission type in the custom connector. To be more precise, the logged in user from PowerApps or flow actions/trigger connection user should have access to the resource to be accessed from Microsoft Graph & cannot access the resource as a daemon app (Application Permission). Find below the pre-requisite for the custom connector

  1. Premium Plan (App/user based) for all users intended to use the custom connector in Power Apps or Power Automate. To test the custom connector you can also get a community plan if you do not have a premium plan.
  2. Access to register Application in Azure AD portal

Create & setup Custom Connector to call Microsoft Graph API:

Custom connector can be created from Power Apps maker portal or Power Automate portal. Custom connector created from any of the above-mentioned interfaces can be used in a Power App or Power Automate cloud flow. A custom connector is nothing but a wrapper around a REST API that allows Power Apps or Power Automate and Azure Logic Apps to communicate with that REST API.

Azure Active Directory Application:

To access the Microsoft Rest API there must be an Azure AD app registered with appropriate graph permission intended for the operations through a custom connector. For this example I have registered an AD application with the following delegated permissions

  1. Calendars.Read
    • To display the users recent events in Power Apps gallery control
  2. Sites.Manage.All
    • To create a New list item in SharePoint list from Power Apps and Power Automate
  3. User.Read
    • To display users profile information from an Extension Attribute in Power Apps

Obtain the Client ID from the Overview section of the Azure AD app and create a secret from the Certificates & secrets under Manage blade. Once the secret is created, copy the value to be used in the custom connector.

Add a Web Redirect URI https://global.consent.azure-apim.net/redirect as shown below

The Redirect URI is common and will be created while creating the custom connector. Now we are ready to create the custom connector, go to Power Automate portal and expand Data on the left panel > Custom connectors > + New custom connector > Create from blank

After entering the connector name, you will get the below screen. Do not have the word SharePoint part of your connector name to avoid issues.

Enter graph.microsoft.com on Host and some description about the connector. You can also change the logo to a custom one. Now click Security on the right bottom corner to enter the Azure AD application information for the OAuth 2.0 authentication type. Under the section OAuth 2.0

  • Change the Identity provider to Azure Active Directory
  • Enter the Client id & Client secret of the Azure AD application
  • Leave the Login URL as https://login.windows.net & Tenant ID as common
  • Enter the Resource URL as https://graph.microsoft.com
  • Enter the Scope as Calendars.Read Sites.Manage.All User.Read based on the permissions you have added on the Azure AD app. Leave a space between each permission

After the above information is filled in, click Create connector which will autogenerate the Redirect URL https://global.consent.azure-apim.net/redirect. This is the URL we have added as a Redirect Web URI in the Azure AD application. The connector is now ready to add actions based on Graph API endpoint to

  • Get users recent events from the users default Outlook calendar
  • Create a List item in SharePoint List
  • Get users custom extension attribute from users Active directory profile

Get users recent events from the Outlook calendar:

The Graph API to get the logged in users list of recent calendar events is

Http Request Mode: GET

Request URI: https://graph.microsoft.com/v1.0/me/calendar/events

After the custom connector is created in the above step, now click the Definition tab of the Custom Connector > click + New action which will create the following screen to enter information about the action

After the Summary, Description and Operation ID is entered. Click + Import from sample under the Request section to the enter the Graph API endpoint url https://graph.microsoft.com/v1.0/me/calendar/events.

It is Okay to exclude the url https://graph.microsoft.com since we have provided the information in the Security tab.

Now we are ready to provide default response for the action. To get the request response sample for the graph api endpoint, SignIn to the Graph Explorer with your organizational ID to copy the response of the API request to be used in the custom connector action

After running the query in the graph explorer tool, copy the whole content (CTRL+A) from the Response preview section as shown on the above screenshot. If there is any error related to permissions while executing the http request in the explorer tool, make sure you have consented to the permissions in the Modify permissions tab.

Click + Add default response and then paste the content copied from the graph explorer tool on Body as shown below

Click Import and then click Update connector. Let us add the second action to create a list item in a SharePoint list

Create a List item in SharePoint List:

The graph API to create a List item in a SharePoint List is

Http Request Mode: POST

Request URI: https://graph.microsoft.com/v1.0/sites/siteId/lists/listId/items

You should replace the SiteId and listId in the above URL. Easy way to get the ListId and SiteId is by viewing the Viewing the page source of the SharePoint site with the list open

Request Body:

For this example I have a SharePoint list with a default column Title and a single line of text column by the name Location.

{
  "fields": {
    "Title": "Widget",
    "Location": "Stockholm"
  }
}

Once again click + New action on the Definition tab to add an action for creating a new list item.

After the Summary, Description and Operation ID is entered click + Import from sample under the Request section to the enter the Graph API endpoint url with the Verb now selected as POST and the request body or payload

Click Import. To get the request response sample for the graph api endpoint, go to the graph explorer to copy the request response as shown below for the above POST request to create the list item

Click + Add default response and then add the response copied from the graph explorer tool on the Body section as shown below

Click Import button and then click Update connector. Let us add the second action to read the users active directory profile to extract extension attribute information

Get users custom extension attribute from users Active directory profile:

On my tenant I have added additional properties on extension attribute in Azure AD profile of the user & displayed them on the User profile card using the profile card graph API. The graph API to get the extension attribute information of the user is in Beta as of now

Http Request Mode: GET

Request URI: https://graph.microsoft.com/beta/me

Once again click + New action on the Definition tab to add the third action for getting the users profile information from Azure active directory.

After the Summary, Description and Operation ID is entered click + Import from sample under the Request section to the enter the Graph API endpoint url with the Verb selected as GET

Click Import. Go to the graph explorer to copy the request response for the GET request for https://graph.microsoft.com/beta/me and then click + Add default response to paste the request response copied from the graph explorer tool. Click Import button and then click Update connector. We have till now added three actions which can be tested in the same interface

Test the Action:

To test the different actions added in the connector, click the Test tab and then click + New connection.

You will be prompted to sign in using the Organization ID and provide a consent for the permissions requested as a scope on the custom connector.

After the connection is created, you can test the different actions available as shown below for one of the action CreateListItem in SharePoint

The custom connector creates the Swagger definition, you can also view and update the Swagger definition by turning on Swagger Editor

If you look at the security definitions in the above screenshot for the connector we have created till now, the authentication flow used to authenticate the user is Authorization code which supports only delegated permissions and not application permissions in MS Graph. The Swagger definition file can be downloaded from interface shown below

The Swagger definition file can be used to re-create the custom connector by clicking the Down arrow and then by clicking Import an OpenAPI file. On the popup window enter the Connector Name and select the downloaded Swagger file to recreate the connector after filling in information on the Security tab.

You download the Swagger definition file of the custom connector with the above mentioned actions from this github link.

Call Microsoft Graph API in Power Apps using custom connector:

To call a custom connector in Power Apps, the first step is to add the connector to the Power App by the app maker. Click Data on the left panel and then click the button Add data > look for the connector by the name > Click the connector name to create a connection.

Once the connection is created & added, you will be able to use it in the different controls added to the app

I added the following controls to

  1. Label – To display the Extension attribute of the user from the action GetUserProfile
  2. Gallery – To display the users recent calendar events from the action
  3. Button – To create new item on the list and to get information from Graph about the user calendar events and to get the users AD profile

A Button control to load the data from Microsoft Graph GET actions GetUserProfile &  GetMyEvents on a context variable.

UpdateContext({userProfileData:'NameoftheConnector'.GetUserProfile(),userCalendarEvents:'NameoftheConnector'.GetMyEvents().value})

Once we have the data loaded on the context variable using the OnSelect button click event, the data can be displayed on different controls. Use the graph explorer tool to validate the response of the request and to help with display the data on a control. Find below the response for the me endpoint which provides the profile information of user including the extension attribute.

To display the Extension attribute1 information on a label control, the code is

userProfileData.onPremisesExtensionAttributes.extensionAttribute1

I have added a gallery control to display the calendar events. First step is to bind the gallery control to the context variable (userCalendarEvents) using Items property of the control

Items: userCalendarEvents

On the gallery control fields

field1: ThisItem.subject

field2: ThisItem.organizer.emailAddress.name

For constructing the above formula (Field1 and Field2) for displaying the information on the different fields in the control, graph explorer response preview will help you

I have added a button control to create the list item using the action CreateListItem with the following formula on the OnSelect event

'NameoftheConnector'.CreateListItem({fields: {Title: "Mohamed Ashiq Faleel",Location:"Sunbyberg"}});

Reference: https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/functions/function-json

Once the Power App is shared with other users

  • Connecter will be shared along with the app
  • The user has to create a connection to the Custom Connector & provide consent for the Graph permission (User.Read Sites.Manage.All Calendars.Read) for the first time
  • The users of the app should have premium license (App/user based)

Call Microsoft Graph API in Power Automate using custom connector:

To use a custom connector by a user in a flow Instant/Scheduled/Automated, it

  • Must be shared to the user by the custom connector Owner/creator
  • Premium license for the flow user
  • Consent to be provided for the graph permissions. The consent can be individual or admin consent

Add the action to the flow by clicking Custom and then select the custom connector as shown below

Now select the action

It will ask you to Sign In to create the connection and there will be a prompt to provide consent to the permission for the AD application for the first time as shown below

Enter the parameter values to create the list item

Summary: Microsoft Power Apps and Power Automate are great and simple to get started with no code. If you are a pro developer and want to extend the capabilities with Microsoft Graph & other external/custom RESTFul API’s you can do so with the custom connector. Hope you have found this informational & thanks for reading. If you are visiting my blog for the first time, please do take a look at my other blogposts.

Send email from a common mailbox in Power Automate using Microsoft Teams email address or Shared Mailbox

Power Automate cloud flows are widely used to automate many business processes and Email is one of most widely used action to send out notifications. Having said that, there will be definitely request to send the email from a generic address instead of the flow creator email address or the email action’s connection owner email address as shown below:

By default, the from Address of the mail generated from Power Automate uses the Flow creator email address as shown above under My connections. To send an email from generic email address, you can

  1. Create a Shared mailbox in exchange online (No license required) and grant access to the flow creator and then use any of the following action in the flow
    • Send an email
    • Send an email from a shared mailbox
  2. Use an existing Microsoft 365 group in
    • Send an email

Setup Shared Mailbox in Exchange Online & Power Automate email actions:

Find steps below to create a shared mailbox in Exchange online & provide delegated permission (Send as) to the flow creator.

  1. Sign into Exchange Admin center. Go to Recipients > Shared and then click New Add Icon. Enter the Name, email address & domain for the shared mailbox and then click Create.
  1. Open the newly created mailbox which opens the mailbox details pane as shown below. Click Manage mailbox delegation.
  1. To use the action Send an email from a Shared Mailbox in the flow
    • Grant Read and manage  and Send As permissions by clicking Edit button>Add permissions and then select the user (Flow Creator) you want to grant permissions to.
  1. Find the flow action for reference
  1. To use the action Send an email in the flow. Grant Send As permissions by clicking Edit button>Add permissions and then select the user (Flow Creator) you want to grant permissions to.
  1. It takes approximately an hour for the permissions to be reflected so as to use in the Power Automate action.

Microsoft 365 group in Send an Email action:

If you have a Microsoft 365 group or a Microsoft Team, you can use the mailbox associated to group in Microsoft Flow for sending the email (Send as). Microsoft Teams creates a Microsoft 365 group whenever a team is created. Let us see how to enable a M365 group in order to use in Power Automate action Send an email action by providing Send as permissions to the flow creator or the email action’s connection owner. Find steps below to grant Send as permissions

  1. Sign into Exchange Admin center. Go to Recipients > Groups and then click the Microsoft 365 group you wish to be used in the flow. Go to Settings>Click Edit manage delegates
  1. Add the Flow creator email address and grant Send as permission
  1. Save changes

Tip:

By default, the Microsoft 365 group are not capable to receiving emails from external senders. To enable it Check the box as shown on the above picture “Allow External senders to email this group”

If the permissions are not set right, you might get any of the following message in the flow

  • You are not authorized to send mail on behalf of the specified sending account
  • Specified folder not found. The error could potentially be caused by lack of access permissions. Please verify that you have full access to the mailbox

Summary:

To send an email from third party application you can use the trigger “When a HTTP request is received” with the email action. This trigger generates an anonymous API endpoint which could be used on applications to trigger the flow. Hope you have found this informational. If you are visiting my blog for the first time, please do look at my other blogposts.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

Trigger an Azure Webjob from Power Automate

On this post let us see how to trigger or run a WebJob from Power Automate. WebJob is a powerful service in Azure keeping in mind the supported file types or programs it can run. Before proceeding with the instructions to call a WebJob in Power Automate, let us see some basics of an Azure WebJob. WebJobs is a feature of Azure App Service that enables you to run a program or script in the same instance of the Azure web app with no additional cost. As of now it is not supported in App service plan for Linux. There are two types of WebJobs

  1. Continuous WebJob
    • Starts immediately when the WebJob is created. To keep the job from ending, the program or script typically does its work inside an endless loop.
    • Runs on all instances that the web app runs on. You can optionally restrict the WebJob to a single instance.
  2. Triggered WebJob
    • Starts only when triggered manually or on a schedule based on CRON expression.
    • Runs on a single instance that Azure selects for load balancing.

Supported file types for scripts or programs:

The following file types are supported:

  • .cmd, .bat, .exe (using Windows cmd)
  • .ps1 (using PowerShell)
  • .sh (using Bash)
  • .php (using PHP)
  • .py (using Python)
  • .js (using Node.js)
  • .jar (using Java)

Check here the documentation from Microsoft to choose between Flow, Logic Apps, Functions & Webjobs for your automation services with comparisons against each other. If you are using a Function app with a Consumption plan your function can run only to a max of 10 mins. If you have a long running task on a webjob, set this property in the App service Application setting from the Configuration blade as shown below

The above setting is to avoid idling out if there is no CPU activity. The IDLE timeout setting is set to 1 hour in the above screenshot.

Azure WebJobs SDK:

There is a Powerful Azure WebJobs SDK which simplifies the task of writing background processing code that runs in WebJobs. It makes it easier to write code that reads or writes from Azure Storage account and it also facilitates to trigger the WebJob if there is any new data on the queue, blob, table, service bus for an event driven architecture. Azure functions is built on the WebJobs SDK. If you set your web app to run continuous or scheduled (timer-trigger) WebJobs, enable the Always on setting on your web app’s Azure Configuration page to ensure that the WebJobs run reliably. This feature is available only in the Basic, Standard, and Premium tiers of the App service plan.

Create and Deploy a WebJob:

To call a WebJob from Power Automate, let us create a Triggered WebJob (.Net Framework) from Visual Studio. There is a also support for .NET Core console apps as WebJobs. Refer this documentation from Microsoft to create a WebJob from Visual Studio. In Visual studio there is a template to create a WebJob project as shown below

This is how the VS project looks like

The Program.cs has the code to ensure that the Job will be running continuously, for this case it is not required comment or remove the code which is highlighted. The Functions.cs has the code to pick up the message from the Storage Queue (Event-Driven) through the WebJobs SDK runtime, the WebApp must set to Always on to make it work. For this example, it is not required since it is going to be a triggered Job so the file Functions.cs can be deleted.

If you have any arguments to be passed from Power Automate, you can access it on your code as shown below

To deploy the WebJob, right click the project and select Publish. If there is no publish profile yet, create one or export it from Azure WebApp and then Publish. To know more about the Publish settings In the Publish tab, choose Edit as shown below

The WebJob will be now in Azure. Go to your Azure WebApp or App Service and click WebJobs under the settings blade to find the WebJob deployed from Visual Studio. Find the WebJob in the Azure portal

WebJobs API endpoint for the WebJob:

There are API endpoints available for the Azure WebJob which will be used for triggering the WebJob from Power Automate. Go through the following documentation for more details on the list of available endpoints:

https://github.com/projectkudu/kudu/wiki/WebJobs-API

To Trigger or Start a WebJob, you should have the Webhook URL from the Azure Portal. To get the URL, click Properties after selecting the WebJob as shown below

Copy the Web hook URL, User Name and Password to be later used in Power Automate. Let us trigger the WebJob from Postman client using the above information

Method: Post

URL: https://yourappname.scm.azurewebsites.net/api/triggeredwebjobs/webjobname/run

Authorization Type: Basic Auth

User Name and Password copied from the Portal

This will trigger the Job.

If there are parameters to be passed, the API would be like

https://youwebappname.scm.azurewebsites.net/api/triggeredwebjobs/youwebjobname/run?arguments={arg1} {arg2}

Trigger from Power Automate:

Till now we have the WebJob published in Azure, can we call an API in Power Automate. Yes, it is possible with the help of the Premium action HTTP as shown below

Voila! The WebJob has been triggered from Power Automate.

Summary: On this post we have seen how to call a WebJob using PowerAutomate. There is also a trigger to calla  Flow from a PowerApp, which could be used to start the WebJob. Hope you have found this informational & helpful. Let me know any feedback or comments on the comment section below

Collect response from multiple users with Adaptive Card in Teams using Power Automate

This post is in response to a comment in one of the most viewed article from my blogsite to post an Adaptive card to an user in Teams using PowerAutomate. Assume we have a use case for using Adaptive card for collecting response from n number of users based on the data from an Excel, SQL database etc. The response must be unique for users so there has to be separate instance of Adaptive card flow to each user since the flow has to wait till it gets response from the user.

To handle this scenario, we are going to create two flows

  1. Flow 1 – Send Adaptive card to collect response: This flow creates an adaptive card to collect response from each user
  2. Flow 2 – Microsoft Teams User Details: The main flow which has the user details

For this example, I will be storing the user details on an Array variable but you can dynamically generate user details or based on the data from various datasources like Excel, Database etc. Let us go ahead and create the flows

Flow 1 – Send Adaptive card to collect response

This flow will be called from flow 2 to create the Adaptive card for the team user to collect response.

Step 1: Create an Instant flow with trigger type “When a HTTP request is received” and select the method type to Post by clicking Show advanced options. Now click Use sample payload to generate schema under the section Request Body JSON Schema and the enter the following data for the team user email address and click Done to generate the schema

{
“Email”:”user@domain.onmicrosoft.com”
}

The email address of the Teams user will be passed from Flow 2 on the request body.

Step 2: Add the action Post an Adaptive card to a Teams user and wait for a response. The only change is for the field Recipient which should be Email (request body json schema) from the dynamic content of the trigger When a HTTP request is received.

Step 3: Add Create item for collecting the Team user response to the SharePoint list. Refer to the blogpost Adaptive card to an user in Teams using PowerAutomate for detailed explanation.

Step 4: Saving the flow automatically generates the HTTP POST URL, the URL will be used in the Flow 2. The complete flow should be looking like the below

We are now good to create the second flow from where the Adaptive card collect response flow will be triggered from.

Flow 2 – Microsoft Teams User Details:

This flow is the primary flow which triggers the Flow 1 for the posting the adaptive card to multiple team users.

Step 1: Create an Instant flow with the trigger type “Manually trigger a flow” and add a Array variable to store the user email address for sending the Adaptive card to collect response from multiple users.

Step 2: Add the Parse JSON action to parse the email address from the array variable and then click Generate from sample

Paste the array data as given below and click Done to automatically generate the schema for us. Then for the Content parameter in the action, select Teams Users (array variable) from the dynamic content.

[
{
“Email”: “user1@domain.onmicrosoft.com”
},
{
“Email”: “user2@domain.onmicrosoft.com”
}
]

Step 3: Add a compose action and the select the email attribute from the Parse JSON output to automatically generate a Apply to each loop as below

Step 4: Add the HTTP action to make a Post request to the HTTP url created from the first flow to post an Adaptive Card to the teams user. Find the parameters below

Method: Post

URI: HTTP Request flow URL (when a HTTP request is received) copied from the Flow 1

Headers: Key: Content-Type Value: application/json

Body:

{

  “Email”: Output of JSON Parse action (Email)-to be replaced

}

Authentication: None

This should now create Adaptive card to collect responses from multiple users irrespective of the users response to the Adaptive card.

Summary: On this post we have seen how to send adaptive card to multiple teams users using Power automate. There should be a question? Why cannot we use a Child flow concept to call the Adaptive card from the parent flow using the action Run a Child Flow available in Power platform solutions. Since we are using a For Each loop in Flow 2 Step 3 it will go to the next loop only if the first user responds to the adaptive card since there will be an action Respond to a PowerApp or flow at the end of a child flow (must have in child flow). We will have to keep in mind about the action (HTTP) and triggers (When a HTTP request is received) used in this flow are Premium. Let me know any feedback or comments on the comment section below

Create Tile view card for custom List item image attachments using PowerAutomate & JSON row view formatting

In Modern SharePoint lists you can display list item content in a more modern way using the Tiles view layout. If you have very big list with multiple columns along with picture columns you get a horizontal scroll bar on the list view, the Tiles view can solve this issue since the content will be displayed on the tile card where you can design the layout of the tile card to display the different list column values.

There are many blog posts & PnP Samples which will help you to create a Tiles view using JSON row formatting. If you are new to JSON row formatting, I recommend you to go through this link from Microsoft. Microsoft has recently brought in interface to format the list item row & do conditional formatting by creating rules based on column values

On this blog post, lets see how to create Tiles view as shown above for the Images stored as attachments in the list item. If you add an attachment to list item in SharePoint list, the attachments are stored in the following path

https://domain.sharepoint.com/sites/SiteName/Lists/ListName/Attachments/ItemID/attachmentName.extension

Components used in this blog post

  1. Power Automate Flow: To get the path of the attached file (Image file in this case), we will be creating an automated Flow which gets triggered on List item creation to get the path of the image & update it to the custom hyperlink list column (ProductPhotoHL).
  2. JSON: To create a Tile view layout using list row view formatting.

Pre-Requisites:

  • Create a SP List by the name ProductInformation with the following columns
    1. Title: Single line of text
    2. ProductPhotoHL: Hyperlink (to the image)
    3. ProductPhotoPic: Picture (to the image)
    4. ProductPrice: Number
    5. Features: Multiple lines of text
  • Couple of list items with Images as attachments after the Power automate flow is created
    1. Only images as attachments
    2. Not more than one image as an attachment

Power Automate to get the path of the Image attachment URL:

Create an automated flow with Trigger When an item is created and configure the trigger to the ProductInformation list. Add the Get Attachments action connected to the Product Information list & for Id parameter it should the List item Id (ID) selected using the dynamic content from the trigger When an item is created.

Now with the above action we have the attachment URL of the image, this must be updated to the list column ProductPhotoHL & ProductPhotoPic of the ProductInformation list in order to be displayed in the Tile view. To create the above shown Tile view ProductPhotoPic (Picture) is not required but I’ve used it show you that we can create a Thumnail of the image on the default list view using the Picture column ProductPhotoPic. By the time I am writing this post the Power Automate action Update item is not capable to update a column with Picture as a DataType but it can update a HyperLink column. Action Send an HTTP request to SharePoint to make HTTP requests to any SharePoint Rest endpoints, I’ve used this action to update the ProductPhotoPic (Picture) column as below

I’ve said this on the pre-requisite section that there should not be more than one attachment. In the Body of the HTTP request, the Url parameter for the ProductPhotoHL & ProductPhotoPic gets only the first attachment URL from the previous action “Get attachments” AbsoluteUri as dynamic content. To get the first attachment URL you can use any of the following formula from the expression

  • first(body(‘Get_attachments’))?[‘AbsoluteUri’]
  • body(‘Get_attachments’)?[0]?[‘AbsoluteUri’]

I’ve used the function first() to get the first item from the array. The flow is ready, add couple of items to the list by filling in information only for Title, ProductPrice, Features & a Image as an attachment. The flow gets triggered which will update the ProductPhotoHL & ProductPhotoPic with the image attachment url. You can download the flow template from the following GitHub repo link.

Create Tiles View layout using JSON:

I’ve used the sample from PnP List view formatting samples to create items in tile layout for images. On the sample JSON I’ve updated the column ProductPhoto to ProductPhotoHL. The updated JSON is available here for download. Now copy the JSON & go to the List view & click on the down arrow (All Items)>Format current view>Advanced mode as shown below

The Apply formatting to should be set to Entire Row & paste the JSON to box as shown on the picture and then Save it.

Now you will have another layout by the name Tiles added to the existing layouts List & Compact List as shown below, select it

Now its time to see the need for the column ProductPhotoPic of datatype Picture, with the default layout you can see the thumbnail of the image added as an attachment

Summary: There are many samples available in PnP Github repo for List Row View & Column view formatting. In document & picture libraries the Tiles view layout are added by default, there is also a Column by the name Thumbnail in a Picture library. You can display a Thumbnail view of Images in PowerApps gallery for the Images stored in Document library, go through this link for more information. If you are storing images on a seperate document library & not as an attachment, the url of the image can be added on the HyperLink column. Hope you find this interesting & helpful.

Convert Outlook Email with embedded images to PDF using PowerAutomate

Recently I’ve came across a business case with need to automate the conversion of Outlook email messages with embedded images to PDF document. This could be done manually on Outlook client using Microsoft Print to PDF or browser Print if opened using Outlook on the Web. This process can be automated with the help of PowerAutomate trigger When a new email arrives and actions Export Email, Convert File, Create file but if an email has an embedded image or HTML content it will not work as of now. There are Third party connectors in Power Automate from Muhimbi, Plumsail which might have this functionality but I’ve not tested those yet. PowerAutomate action Export Email converts the email to .eml file.

An EML file is an email message containing the content of the message, along with the subject, sender, recipient(s), and date of the message in plain text format. Once you have the .eml file change the file extension from .eml to .txt where you can see the content. If there is any embedded image it will stored in the Base64 format. You can also change the .eml file extension to .mht and open it directly in Internet Explorer

For this blogpost I’ve used third party API service from ConvertAPI to convert Email message to PDF, they have REST API endpoints to convert Word, Excel, PowerPoint, HTML, PDF and Image formats. There is also a Free Plan with ConvertAPI where you get 1500 seconds API execution time if you sign up.

You can also create your own API service hosted in Azure for conversion with the .NET libraries like iTextSharp, GroupDocs, PDFSharp etc. Let’s go ahead & create flow to

  1. Convert Email to PDF – Without Embedded image
  2. Convert Email to PDF – With Embedded image

The above two flows packages can be downloaded from Github repo.

Convert Email to PDF – Without Embedded image:

Power Automate connector OneDrive for Business has an action Convert file (preview) converts files to different formats such as PDF, HTML, JPG etc. This connector can be used to convert a simple email with out an embedded image.

Step 1: Create a flow with Automated trigger When a new email arrives & configure the trigger parameters by clicking Show advanced options.

Step 2: Add the action Export email with Message Id from the output of the previous action. This action creates the .eml file

Step 3: Add the action Create file from the connector OneDrive for Business. Select the Folder path from your One drive, Enter the File Name for the .eml file & the File Content should be Body from the output of the action Export email (Previous). Find the screenshot below

Step 4: Add the action Convert file from the connector OneDrive for Business with Id from the output of the previous action Create File.

Step 5: Add the action Create file from the connector OneDrive for Business. This step is for storing the PDF file back to the OneDrive. Select the Folder path from your One drive to store the PDF file, Enter the File Name for the PDF file & the File Content should be File content from the output of the action Convert file. Find screenshot below

Note: The storage location I’ve chosen is Onedrive, you can choose SharePoint, Azure blob etc. Based on the need you can choose to delete the .eml files after the file conversion is done.

Convert Email to PDF – With Embedded image:

As already said the previous flow will not convert an email with embedded image as expected. Be ready with the API endpoint from ConvertAPI to convert email to PDF. The endpoint will have the secret as a query string shown as below

https://v2.convertapi.com/convert/eml/to/pdf?Secret=yoursecretkeyfromconvertapi

Note: On this flow I will be using the .eml file generated from the previous flow.

Step 1: Create a flow with Instant trigger Manually trigger a flow.

Step 2: Add the action Get file content from the connector OneDrive for Business. Select the .eml file which has the embedded image from the storage location i.e the file from OneDrive.

Step 3: Add the action Compose from the connector Data Operation. This step is to convert in to base64 representation a requirement for the convert API to work. On the Inputs file go to the expression editor and add the function base64(file content from the previous action get file) for converting .eml to base64.

Step 4: Add the action HTTP (Premium) from the connector HTTP to make a POST request to the API convert API endpoint.

Method: POST

URI: https://v2.convertapi.com/convert/eml/to/pdf?Secret=yoursecretkeyfromconvertapi

Headers:

Key: Content-Type

Value: application/json

Body: You can generate this from the ConvertAPI site by uploading a .eml file on the site. Once this data is added to the HTTP action Body parameter change the Data parameter should be the Output of the previous action Compose – Convert to Base64

{
  "Parameters": [
    {
      "Name": "File",
      "FileValue": {
        "Name": "myemailfile.eml",
        "Data": "@{outputs('Compose_-_Convert_to_Base64')}"
      }
    }
  ]
}

Step 5: Add the action Parse JSON from the connector Data Operation. This step is to parse the response of the HTTP POST action to the ConverAPI endpoint. You can generate the scheme by copying from the Flow run history for the HTTP action output. The schema will be look like

{
    "type": "object",
    "properties": {
        "ConversionCost": {
            "type": "integer"
        },
        "Files": {
            "type": "array",
            "items": {
                "type": "object",
                "properties": {
                    "FileName": {
                        "type": "string"
                    },
                    "FileExt": {
                        "type": "string"
                    },
                    "FileSize": {
                        "type": "integer"
                    },
                    "FileData": {
                        "type": "string"
                    }
                },
                "required": [
                    "FileName",
                    "FileExt",
                    "FileSize",
                    "FileData"
                ]
            }
        }
    }
}

Step 6: Add the Compose action to convert the base64 data to binary to create the PDF from the HTTP request response. Select the filedata from the Output of the Parse JSON action which will automatically create a Apply to each since the Files is an array. Then add the following to the inputs of the of the compose action

base64toBinary(items(‘Apply_to_each’)?[‘FileData’]).

Now add the Create file action from the connector OneDrive for Business as shown below. The parameter File content should be output of the Compose action. PFB the screenshot of the flow actions

Now its time to test the flow, run the flow & check your OneDrive for the PDF file. PFB the screenshot of the PDF file with embedded image

Summary: I am not vouching to use the ConvertAPI service for converting the email to PDF. Just a sample for a use case where you get some knowledge on different actions usage & some information on the .eml file which Microsoft has used for storing email content. If its going to be heavily used or if the data is secure, then I advise you to create a REST API endpoint of your own hosted in Azure for the conversion. Hope you find this post useful & informational. Let me know if there is any comments or feedback by posting a comment below.

Batch SharePoint requests [GET, POST, PATCH, DELETE] in PowerAutomate and MS Graph

Batching helps you in optimizing the performance of your application by combining multiple requests into a single request. SharePoint Online & MS Graph APIs supports the OData batch query option. Batch requests MUST be submitted as a single HTTP POST request to the batch endpoint of a service as below for

The request body of the above POST request must be made up of an ordered series of query operations [GET] and/or ChangeSets [POST or PATCH or DELETE]. You can have different combination of change sets.

In this blog post, I am going to show you how to batch multiple SharePoint requests for Creating, Reading, Updating & Deleting List items in

  1. PowerAutomate
  2. MS Graph

Pre-Requisites:

Have the following items ready to follow along this post

  1. SharePoint Site
    1. Site Id [GUID of the Site]
    2. Create a SharePoint List by the Name EmployeeInformation with the schema
      1. Title [Default]
      2. Location [Custom: Single Line of Text]
    3. List Id [GUID of the above list]
  2. Graph Explorer to test the Graph batching

Batch SharePoint requests in PowerAutomate:

If there is a requirement for multiple requests to be performed in SharePoint from your flow, the batch request with SharePoint Online REST API helps in reducing the execution time of your flow by combining many operations into a single request to SharePoint. Create an Instant Flow with trigger “Manually trigger a Flow” and the action Send an HTTP request to SharePoint to send the batch requests.

Lets now prepare the parameters to be passed for the Send an HTTP request to SharePoint action:

Site Address: https://mydevashiq.sharepoint.com/sites/test77

Method: POST

Headers:

  • Key: accept Value: application/json;odata=verbose
  • Key: content-type Value: multipart/mixed; boundary=batch_cd329ee8-ca72-4acf-b3bf-6699986af544

The boundary specification with batch_guid used on the content type header can be any random guid. In the request body the batch_guid will be used. To understand more about the OData batch operation, go through this documentation.

Body:

The request body given below is for reading all the items [GET], creating a list item, deleting an existing item & updating an existing item on the EmployeeInformation List using REST API endpoints. A ChangeSet (random guid) is used to group one or more of the insert/update/delete operations and MUST NOT contain query operations [GET]. For the query operation there must be separate batch as per the example below

--batch_cd329ee8-ca72-4acf-b3bf-6699986af544
Content-Type: application/http
Content-Transfer-Encoding: binary

GET https://domain.sharepoint.com/sites/sitename/_api/web/lists/GetByTitle('EmployeeInformation')/items?$select=Title,Location HTTP/1.1
Accept: application/json;odata=nometadata

--batch_cd329ee8-ca72-4acf-b3bf-6699986af544
Content-Type: multipart/mixed; boundary="changeset_64c72699-6e7c-49c4-8d9b-6b16be92f7fc"
Content-Transfer-Encoding: binary

--changeset_64c72699-6e7c-49c4-8d9b-6b16be92f7fc
Content-Type: application/http
Content-Transfer-Encoding: binary

POST https://domain.sharepoint.com/sites/sitename/_api/web/lists/GetByTitle('EmployeeInformation')/items HTTP/1.1
Content-Type: application/json;odata=verbose

{
    "__metadata": {
      "type": "SP.Data.EmployeeInformationListItem"
    },
    "Title": "Mohamed Shaahid Faleel",
    "Location": "England"
}

--changeset_64c72699-6e7c-49c4-8d9b-6b16be92f7fc
Content-Type: application/http
Content-Transfer-Encoding: binary

DELETE https://domain.sharepoint.com/sites/sitename/_api/web/lists/GetByTitle('EmployeeInformation')/items(37) HTTP/1.1
If-Match: *

--changeset_64c72699-6e7c-49c4-8d9b-6b16be92f7fc
Content-Type: application/http
Content-Transfer-Encoding: binary

PATCH https://domain.sharepoint.com/sites/sitename/_api/web/lists/GetByTitle('EmployeeInformation')/items(30) HTTP/1.1
Content-Type: application/json;odata=nometadata
If-Match: *

{
    "Title": "Mohamed Faleel",
    "Location": "USA
}

--changeset_64c72699-6e7c-49c4-8d9b-6b16be92f7fc--

--batch_cd329ee8-ca72-4acf-b3bf-6699986af544--

Once the above action is executed the response can be parsed to get the required information if you’ve used a GET request as per this documentation from Microsoft. PFB the screenshot of the action

The request body can be generated dynamically based on the requirement.

Batch SharePoint requests in MS Graph:

As we have done batching using the SharePoint REST APIs, in a similar manner you can combine multiple requests in one HTTP call using JSON batching for MS Graph. Here I will use the MS Graph explorer to test the batch request. Find the request parameters

Endpoint URL: https://graph.microsoft.com/v1.0/$batch

Method: POST

Body:

I’ve used the Site Id and List Id for the EmployeeInformation list to construct the SP endpoint URL’s as per the documentation for Creating, Reading, Updating & Deleting SP list items.

{
    "requests": [
      {
        "id": "1",
        "method": "POST",
        "url": "/sites/{77b3a8c8-549f-4848-b82c-8bb6f4864918}/lists/{2f923934-d474-4473-8fc0-3486bd0c15c5}/items",
         "body": {
          "fields":{"Title":"Test from Graph","Location":"Oslo"}
        },
        "headers": {
          "Content-Type": "application/json"
        }
      },
      {
        "id": "2",
        "method": "GET",
        "url": "/sites/{77b3a8c8-549f-4848-b82c-8bb6f4864918}/lists/{2f923934-d474-4473-8fc0-3486bd0c15c5}/items"
      },
      {
        "id": "3",
        "url": "/sites/{77b3a8c8-549f-4848-b82c-8bb6f4864918}/lists/{2f923934-d474-4473-8fc0-3486bd0c15c5}/items/44",
        "method": "PATCH",
        "body": {
            "fields":{"Title":"Mohamed Ashiq Faleel","Location":"Stockholm"}
        },
        "headers": {
          "Content-Type": "application/json"
        }
      },
      {
        "id": "4",
        "url": "/sites/{77b3a8c8-549f-4848-b82c-8bb6f4864918}/lists/{2f923934-d474-4473-8fc0-3486bd0c15c5}/items/50",
        "method": "DELETE"
      }
    ]
  }

On a same way you can batch different APIs endpoint from MS Graph. JSON batching also allows you to sequence the requests. Find below the screenshot from Graph explorer

Graph explorer also generates code snippets for the different programming languages

JavaScript Code snippet

Summary: On this post we have seen how to batch SharePoint requests using PowerAutomate & MS Graph. Microsoft has used request batching on many first party features. Hope you have found this informational & helpful in some way. Let me know any feedback or comments on the comment section below

Create/Delete a SharePoint custom theme using PowerAutomate

In a modern SharePoint site you can create custom themes using PowerShell, REST API & CSOM. In this blogpost I will show you how to create themes using PowerAutomate. The following REST endpoints are available

There is an online Theme Generator tool that you can use to define new custom themes. At the time of writing this post, the endpoints are open to everybody & not just to the SharePoint tenant admins which seems to be quite buggy. Laura Kokkarinen has written a very detailed blog post about this topic. I’ve got the inspiration to write about this topic from John Liu who has recently recorded a video about this. Find screenshot from the Theme generator tool:

Once you have defined the theme from the tool, click on the Export theme button on the Right top corner of the tool to export the theme as a code block in JS, JSON & PowerShell. In this case, click JSON & Copy the generated block

{
  "themePrimary": "#50AFC6",
  "themeLighterAlt": "#f7fcfd",
  "themeLighter": "#def1f6",
  "themeLight": "#c3e6ee",
  "themeTertiary": "#8ecddd",
  "themeSecondary": "#61b8ce",
  "themeDarkAlt": "#489eb3",
  "themeDark": "#3c8597",
  "themeDarker": "#2d626f",
  "neutralLighterAlt": "#faf9f8",
  "neutralLighter": "#f3f2f1",
  "neutralLight": "#edebe9",
  "neutralQuaternaryAlt": "#e1dfdd",
  "neutralQuaternary": "#d0d0d0",
  "neutralTertiaryAlt": "#c8c6c4",
  "neutralTertiary": "#d9d9d9",
  "neutralSecondary": "#b3b3b3",
  "neutralPrimaryAlt": "#8f8f8f",
  "neutralPrimary": "gray",
  "neutralDark": "#616161",
  "black": "#474747",
  "white": "#ffffff"
}

Flow for Creating or adding the Theme to the tenant:

Let’s create an instant flow with trigger Manually trigger a flow to add a theme to the tenant. Add two Compose actions as shown below

The first compose action is the actual definition copied from the theme generator tool

{
  "palette" : 
JSON block copied from the Theme generator tool
}

The second compose action has the name of the theme & its stringified JSON from the output of the previous compose action. To convert the JSON to string add a string expression on the dynamic content pane

{
"name":"My first Custom theme created using FLOW", 
"themeJson": @{string(outputs('Compose_-_Custom_Theme_Pallete'))}
}

Now add the action Send an HTTP request to SharePoint with the following parameters

Site Address: https://domain.sharepoint.com/sites/sitename

Method: POST

URI: /_api/thememanager/AddTenantTheme

Headers:

Key: Accept

Value: application/json;odata.metadata=minimal

Body: Output of the Second compose action (Compose – Theme Name)

Now you are ready to test the flow. Once its successful you can apply the custom theme to the site

Click cog wheel on the site to select the theme by selecting the Change the look link

For deleting the theme, add the action Send a HTTP request to SharePoint with the following parameters

Site Address: https://domain.sharepoint.com/sites/sitename

Method: POST

URI: /_api/thememanager/DeleteTenantTheme

Headers:

Key: Accept

Value: application/json;odata.metadata=minimal

Body: { “name”:”the name of your custom theme” }

Summary: Hope you find this post useful & informational. Let me know if there is any comments or feedback below.

Multiple ways to access your On-premise data in Microsoft 365 and Azure

If your organization is using a hybrid cloud environment, this post will shed some light to integrate on-premise resources with Microsoft 365 & Azure services. Hybrid integration platforms allows enterprises to better integrate services and applications in hybrid environments (on-premise and cloud). In this blog post, I will write about the different services & tools available with in Microsoft Cloud which allows you to connect or expose your On-premises data or application in Office 365. There are still many enterprise organizations on Hybrid mode due to various factors. It can be a challenging task to integrate your on-premises network but with right tools & services in Office 365 & Azure it can be easier. Find below the high-level overview & some references on how to

  1. Access your on-premise data in Power Platform & Azure Apps (Logic Apps, Analysis Services & Azure Data factory)
  2. Programmatically access your on-premise resources in your Azure Function app
  3. Access on-premise resources in Azure automation account
  4. Expose your on-premise Application or an existing WEB API in Office 365 cloud

Access on-premise data in Power Platform & Azure Apps (Logic Apps, Analysis Services & Azure Data factory):

The on-premises data gateway allows you to connect to your on-premises data (data that isn’t in the cloud) with several Microsoft cloud services like Power BI, Power Apps, Power Automate, Azure Analysis Services, and Azure Logic Apps. A single gateway can be used to connect multiple on premise applications with different Office 365 applications at the same time.

At the time of writing, with a gateway you can connect to the following on-premises data over these connections:

  • SharePoint
  • SQL Server
  • Oracle
  • Informix
  • Filesystem
  • DB2

To install a gateway, follow the steps outlined in MS documentation Install an on-premises data gateway. Install the gateway in standard mode because the on-premises data gateway (personal mode) is available only for Power BI.

Once the data gateway is installed & configured its ready to be used in the Power platform applications.

  1. PowerApps
  2. PowerAutomate
  3. PowerBI

The other catch the gateway is not available for the users with Power Automate/Apps use rights within Office 365 licenses as per the Licensing overview documentation for the Power Platform. Data gateways can be managed from the Power Platform Admin center.

Shane Young has recorded some excellent videos on this topic for PowerApps & PowerBI.

To use in

  1. Azure Logic Apps
  2. Azure Analysis service
  3. Azure Data Factory

create a Data Gateway resource in Azure.

High Availability data gateway setup:

You can use data gateway clusters (multiple gateway installations) using the standard mode of installation to setup a high availability environment, to avoid single points of failure and to load balance traffic across gateways in the group.

No need to worry about the security of the date since all the data which travels through the gateway is encrypted.

Data gateway architecture:

Find below the architecture diagram from Microsoft on how the gateway works

I recommend you to go through On-premises data gateway FAQ.

Integration Service Environment:

As per the definition from Microsoft an integration service environment is a fully isolated and dedicated environment for all enterprise-scale integration needs. When you create a new integration service environment, it’s injected into your Azure Virtual Network allowing you to deploy Logic Apps as a service in your VNET. The private instance uses dedicated resources such as storage and runs separately from the public global Logic Apps service. Once this logic apps instance is deployed on to your Azure VNET, you can access your On-premise data resources in the private instance of your Logic Apps using

  • HTTP action
  • ISE-labeled connector for that system
  • Custom connector

For the pricing of ISE, refer this link.

Programmatically access your on-premise resources in your Azure Function app

As you all know Azure Functions helps in building functions in the cloud using serverless architecture with the consumption-based plan. This model lets the developer focus on the functionality rather than on infrastructure provisioning and maintenance. Okay let’s not more talk about what a Function app can do but let us see on how to connect to your on-premise resources (SQL, Biztalk etc) within your function.

During the creation of a Function app in Azure, you can choose the hosting plan type to be

  • Consumption (Serverless)
  • Premium
  • App Service plan

Consumption based plan is not supported for the on-premise integration so while creating the app the hosting plan has to either premium or app service based plan & the Operating system has to to be Windows. On-premise resources can be accessed using

  1. Hybrid Connections
  2. VNet Integration

Hybrid Connections:

Hybrid Connections can be used to access application resources in private networks which can be on-premise. Once the Function app resource is created in Azure, go to Networking section of the App service to setup & configure. Go through the documentation from Microsoft for the detailed instructions to set this up.

How it works:

The Azure Hybrid Connection represents a connection between Azure App Service and TCP endpoint (host and port) of an on-premise system. On the diagram below Azure Service Bus Relay receives two encrypted outbound connections. One from the side of Azure App Service (Web App in our case) and another from the Hybrid Connection Manager (HCM). HCM is a program that must be installed on your on-premise system. It takes care of the integrations between the on-premise service (SQL in this case) with Azure Service Bus Relay.

Once the setup is done, you can create a connection string in Appsettings.json file or from Azure function app interface of your function app. After this you can access the data in your function app code.

I’ve found a couple of interesting blogs about this setup.

VNet Integration:

In the Networking features of the App service, you can add an existing VNET. An Azure Virtual Network (VNet) is a representation of your own network (private) in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription.

In Azure Vnet you can connect an on-premise network to a Microsoft VNet, this has been documented from Microsoft here. Once there is integration between your Azure Vnet & on-premise network and the VNet is setup on your function app you are set to access on-premise resources in your function app.

Access on-premise resources in Azure automation account:

Azure Automation is a service in Azure that allows you to automate your Azure management tasks and to orchestrate actions across external systems from right within Azure. Hybrid runbook worker feature allows you to access on-premise resources easily. The following diagram from Microsoft explains on how this feature works

I’ve written a blogpost recently about this feature for automating on-premise active directory.

Expose your on-premise Application or an existing WEB API in Office 365 cloud:

Azure Active Directory’s Application Proxy provides secure remote access to on-premises web applications (SharePoint, intranet website etc). Besides secure remote access, you have the option of configuring single sign-on. It allows the users to access on-premise applications the same way they access M365 applications like SharePoint Online, PowerApp, Outlook etc. To use Azure AD Application Proxy, you must have an Azure AD Premium P1 or P2 license.

How it works:

The following diagram from Microsoft documentation shows how Azure AD and Application Proxy works

Find below documentations on how to

  1. Add an on-premises application for remote access through Application Proxy in Azure Active Directory
  2. Secure access to on-premises APIs with Azure AD Application Proxy
  3. Use Azure AD Application Proxy to publish on-premises apps for remote users
  4. Deploy Azure AD Application Proxy for secure access to internal applications in an Azure AD Domain Services managed domain

Once the connector service is installed from your Azure AD application proxy, you can add an on-premise app as shown below

The above step will register an application with App registrations.

Summary: I’ve given some overview about the different services & tools to connect & integrate on-premise resources with Microsoft cloud. Hope you like this post & find it useful. Let me know any feedback or comments on the comment section below