Building PnP Provisioning notifier Bot

What we're going to build in this post:

  1. Azure web job, which is triggered by a queue message from a custom site template (previously known as site design). The job uses PnP Framework to provision a new site based on the PnP template.
  2. MS Teams bot, which pushes notifications to the configured channel about the provisioning state.

As usual, for such "code-behind posts", the sources are available under GitHub here

High-level overview

This is how the approximate solution looks like:

Cosmos database contains notification settings. It includes channel id (the channel, which receives notifications about provisioning state), service URL (we use this URL to send proactive messages to, can be obtained from bot activity), and tenant id (optional). PnP provisioning reads the database and proactively pushes notifications using bot credentials to all configured channels. More...

SP Formatter: Form Layouts support!

SP Formatter is a Chromium (supports Chrome and Edge) extension, which makes SharePoint Column, View and Form Layout JSON formatting a lot easier and faster. 

The most notable features: 

  • Live Preview as you type
  • Rich Intellisense (suggestions) based on JSON schema, including CSS styles, "@" tokens (@currentField, etc.), "$" (to insert field values)
  • VSCode integration mode - see the live preview of your formatting JSON as you type in VSCode
  • Easy and fun to use

Recently SP Formatter was updated and received Form Layouts support. More...

Configure Postman to be easily used with any Azure AD protected API (SharePoint, Graph, custom etc.)

As a developer, how many times have you had a need to test different Microsoft 365 APIs? For me, this is a fairly frequent task. Most often it's SharePoint REST API or MS Graph. Every time you should think about the authentication part because all of those APIs are protected. With MS Graph explorer it's simple, however, you cannot test any other API except the MS Graph. Also, sometimes you have access to different customers environments or tenants and it's not that simple to easily switch between them, handle authentication, and so on.

I ended up testing everything in Postman using a generic approach, which works for any Azure AD-protected resource. This approach uses OAuth2 Auth code grant flow (or Resource Owner Password Credential flow, ROPC, also covered in this post), it stores tokens and automatically renews access tokens for a resource if this particular token is expired. This approach involves custom Azure AD app registration for Postman, Postman's environments feature, environment and collection-level variables, pre-request scripts. 

Read further below to find out how I configured it. My approach is not a silver bullet, but at least it works for me. You can grab some ideas and adapt them to your requirements. More...

Call Azure AD secured Azure function from Logic App or another Function with Managed Identity

Sometimes you have a need to call an Azure Function with Azure AD enabled authentication from Logic App or from another Function or Azure Web App. For example, you have an API for your SPFx solution and also have a requirement to build a Logic App, which uses some methods from the web API. In that case, you should somehow perform the authentication to call your Azure AD protected function. You can easily solve this problem with Managed Identity

Let's see how it works in practice. More...

How to use Remote Event Receivers with .NET Core (or .NET 5) and PnP.Framework

In June 2020, a .NET Standard version of SharePoint CSOM was released. It means that now we can build projects for SharePoint, that target multiple platforms. At the beginning of 2021, a .NET Standard version of PnP-Sites-Core was also released (with a brand new name PnP.Framework and an updated codebase). However, there are some limitations in the .NET Standard version of SharePoint CSOM. Especially the lack of Remote Event Receivers (RER). The whole namespace was dropped. In some cases, you cannot replace RER with Webhooks without loss of functionality. Sometimes you just need RER or you're upgrading your code and cannot migrate RERs to webhook, since that's expensive. 

So, let's bring support of Remote Event Receivers back to .NET Core \ .NET 5+.

The source code sample for this blog post is available at GitHub here (the master branch contains code for .NET Core, if you're looking .NET 5 sample, use net5 branch). More...

How-to: Call SharePoint REST API with application permissions from Azure Logic App with Azure Key Vault and Managed Identity

If you have a need to interact with SharePoint API from Power Automate \ Logic Apps, most likely you would select SharePoint connector, which uses user identity for authentication. However, it's also possible to connect to SharePoint REST API with application permissions and certificate authentication. It's fairly easy if you have an Azure Key Vault. 

Here is what steps needed. More...