Scope

In this article we are going to demonstrate how Microsoft Azure and Office 365 can help you to perform automation tasks on a SharePoint tenant.

In this scenario our aim was to keep all site collections of a SharePoint Online tenant up to date with a set of business requirements.

Common Set of Site Columns

Every site on the Office 365 needed to have common site columns:

  • all document libraries needed to contain a set of site columns allowing the users to tag documents with a common set of metadata; this would help improve the search experience and include documents scattered across the whole tenant into a search solution with refiners;
  • the site columns needed to be translated in all supported languages of the organisation; all these languages needed to be enabled at site level as well;
  • the site columns needed to be presented in a specific sort order to the editors.

Common Site Classification

Every site of the Office 365 tenant needed to be organized into these categories:

  • application sites: sites containing some sort of business process or workflow;
  • team sites: collaboration environments;
  • info sites: communication environments.

Since the tenant had been in use for several years, categories would not necessarily match one-to-one with the site templates of SharePoint – a site made with the team site template could be used either as an info site or a collaboration site, also info sites could be a mixture of modern Team sites and classic Team sites, including the ones which are tied to an Office 365 Group or to MS Teams.

Finally, there had to be some form of monitoring of these changes by a power user or, summarizing all changes performed during a defined time frame (eg. last 7 days).

Technical solution

The common set of columns were defined in a “Content Type Hub”, a special type of site collection that pushes its content types and site columns to all sites created on the same tenant; this would offer the benefit of administrating all these columns in a single location.

The common site classification was implemented with a “Site Property Bag”, a custom property assigned to every site on the tenant; as opposed to other classification schemes (like Office Group classification), this would offer the advantage of classifying both legacy site templates like Publishing Sites and modern site templates like Group sites with the same structure.

Now we needed a way to deploy these features whenever a new site of document library was created on the tenant.

The solutions that first came in mind to apply these features were site provisioning (at site creation) and library templates (at app creation). These have however drawbacks that could not easily be solved:

  • the user can choose the wrong site or app template, so this approach is error-prone;
  • content type hub publishing never occurs immediately after site creation, so the site columns can only be added at a later stage, not at site provisioning.

Another approach would be to apply these changes on a scheduled basis, via a solution that frequently checks if the site columns have been propagated. Since we already had a set of Powershell scripts performing some of these tasks for on demand changes, we looked at a way to reuse all these in a scheduled process. Here is where Azure Automation came into play.

Azure Automation

Azure Automation can be described as “Powershell in the cloud”. It can perform all tasks and IT Pro or Dev usually executes on his desktop, running scripts on any target platform – be it Azure, Office 365 or any third party environment

Azure Automation was initially introduced to facilitate maintenance on infrastructure environments (typically starting and/or stopping Virtual Machines on Azure). Since SharePoint Online has an API that can be managed remotely with Powershell cmdlets, Azure Automation can also perform all the necessary tasks for our needs.

The main building blocks of our Azure Automation solution were going to be:

Runbooks

These are the containers with the scripts performing the maintenance tasks; to improve maintainability, we divided them in a parent script receiving the optional startup parameters, and several child scripts that perform specific sub tasks.

Runbooks can be started from Office 365 with MS Flow (more on that in the next chapter), but they can also be exposed as webhooks and started with an HTTP request or remotely started with Powershell from your desktop.

Modules

Modules are a handy way to package some extra’s required for your runbooks, in our case:

  • the CSOM client dlls  and the System.Web dll needed for some of the tasks
  • a CSV containing all translations for our site columns
  • script files with helper functions common to all scripts (for logging, sending messages, error handling, …)

All these files are packaged in a zipfile that is uploaded to the Modules environment and loaded during the execution of a Runbook.

To access the files contained in the Module you uploaded, you can make use of the ModuleBase property which will retrieve the path of your module in the Azure sandbox.

Credentials

Credentials allow you to store a username and password in a secured way, so you don’t have to store them in clear text in your Runbook.

Once these components were implemented, we needed a way to schedule their execution and allow a power user to launch them on demand, optionally for a specific site collection. Here is where MS Flow comes into play.

MS Flow

MS Flow is an automation platform that uses HTTP Connectors to connect to external online and on-premises data sources and executes a process with their data on a triggered or scheduled basis.

In our scenario MS Flow was used to create 3 workflows:

  • the first Flow is triggered by a daily schedule, it executes the Azure Automation runbook, checking all site collections for compliancy with the structure of sites and site columns;
  • the second Flow is triggered by a PowerApps button and form, it allows any enduser to launch the Azure Automation runbook on demand, if a site collection is provided, it will only check the provided site collection;
  • the last Flow is triggered by a weekly schedule, it checks all changes performed by the runbook  (more on that in the next paragraph) and mails a summary to a user.

The final part of our solution was to enable communication between Azure Automation and MS Flow in asynchronous way, since our changes are performed daily or on demand, while we needed a weekly report on the activities. For that reason Azure Service Bus was added to the solution.

Azure Service Bus

Azure Service Bus is an asynchronous messaging platform allowing separate applications to exchange data via a message queue, even when one application is offline, making it the ideal messaging solution for decoupled cloud services.

In our solution, every time a document library is updated with the required columns, a message is added to a queue by the Powershell script. That message is then picked up by an MS Flow instance running on a weekly basis. After all the current messages have been processed, a summary is sent by mail and the messages are removed from the queue.

Currently, there is now way to add messages to the Azure Service bus with the client API from a Runbook, you have to rely on REST calls. To pick the messages, you can use the MS Flow connector for Azure Service Bus, and on our tenant there seemed to be a bug preventing the Connector to retrieve more than 1 message at a time.

Solution Architecture

Cost

A final note on the cost of the solution.

Running MS Flow is free for F users (formerly Kiosk users) executing 750 runs per month and for E users executing 2000 runs per month. Above that amount you will need a paid Flow plan. Avoid useless triggers for a flow that won’t complete, since every start of a flow counts against the quota.

Executing Azure Automation Runbooks is free for the first 500 minutes, after that the cost is 0.002 EUR / minute. Our advise is to finetune the maintenance script so they perform the minimal amounts of work, so for instance check at site level if all required elements are available before recursing through all subsites and lists and consuming unnecessary runtime.

Sending and retrieving messages on Azure Service Bus counts as “brokered connections”, the first 1000 per month are free, after that the price declines from 0.026 per connection to 0.013 depending on the amount of connections. Limit the amount of messages to the minimum required for you business needs, tracing and informative messages should be stored in other repositories (like the Azure Automation Logs).

Conclusion

The combination of Azure “Paas” services and Office 365 “Saas” services allow to set up powerful and complex automation jobs. Azure Automation is an ideal solution to perform automated tasks in a reliable way in the cloud, MS Flow allows easy interaction with Azure for business users, while Azure Services Bus sits as a communication bridge between them.

Reference

Azure Automation Integration Modules

https://docs.microsoft.com/en-us/azure/automation/automation-integration-modules

Authoring Integration Modules for SMA

https://blogs.technet.microsoft.com/orchestrator/2014/06/11/authoring-integration-modules-for-sma/

How to Invoke Azure Service Bus Queue RESTful API via PowerShell

https://gallery.technet.microsoft.com/How-to-Invoke-Azure-e377956e