Hi,

I've been struggling to get the Logic app to run properly and have narrowed it down to the step "Check if SharePoint site exists".

it comes up with this error
"message": "The client '4897ab15-b614-499a-b89c-31cd3e0a3' with object id '4897ab15-b614-499a-b89c-31cd3e0a3' does not have authorization to perform action 'Microsoft.Automation/automationAccounts/jobs/write' over scope '/subscriptions/038fcd6a-1503-4adb-87f1-3ab20c84ff28/resourceGroups/Rg-provisionteams-app/providers/Microsoft.Automation/automationAccounts/teamsautomate-auto/jobs/0169ee4a-ffe3-4fa5-98f2-24230d683e9f' or the scope is invalid. If access was recently granted, please refresh your credentials."

I am testing this in a lab environment using a single service account that has the GA roles and an E3 licence. I have checked and the account has owner permissions on the subscription.

The account can happily open up the SharePoint admin screen and Teams as I've been using it to create and deploy the teams-app-request flows.

What am I missing?

regards

Simon

I found out that this part is adding service principal account to group that was created and then trying to post message to Teams team that was created.
The problem is that Teams and synchronizing members from underlain group on unpredictable frequency.
So it can happen that this account will not appear in team at all and then the logic app will fail. Even there is wait for 3 minutes.

I highly suggest to add this principal directly to team, then everything should work smoothly.

Parse team owners JSON:

Parse team owners json is failing when validating the schema

Originally posted by @neimadpc in #26 (comment)

Since we can't pull request a wiki page, i suggest my changes here :

1. Specify how to install import excel module;
2. Specify tenant ID in second position
3. Specify missing tenant ID parameter in deploy.ps1 command sample

Deployment Page below

Prerequisites

To begin, you will need:

• Power Apps Studio
• Power Automate
• Azure Subscription with Global Administrator access level
• Service account (used by Logic Apps to post welcome message with Teams user access permission)
• SharePoint
• Office 365 Groups connector
• A copy of the Request-a-team app zip package

Step 1: Set up SharePoint and Azure resources

Please follow below steps to create new SharePoint site and lists:

• Download the whole solution folder from GitHub

• Open the PowerShell in administrator mode and navigate to deploy.ps1 in your local machine.

• Before running the script, some installations are needed for the user who is running the script for the first time. Please find the steps below :

  • In the above-navigated path in PowerShell,run the command "Set-ExecutionPolicy -ExecutionPolicy unrestricted". This command will allow the user to run deploy.ps1 as execution policy is restricted by default. You can change it to restricted again after successful deployment.
  • Install Azure CLI module by running the command below :
    "Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'"
  • Close the PowerShell window and open it again in administrator mode. Go to the path of deploy.ps1 script file.

• Execute the following script (make sure to replace tenant name and site name with actual values)

• Install ImportExcel module (it imports excel data to lists) :
  "Find-Module -Name ImportExcel | Install-Module"

The script requires the following parameters:

• TenantName - Name of the tenant to deploy to (excluding onmicrosoft.com) e.g. contoso

• TenantId : This will be asked as a parameter when you run the script. (If you are not sure how to get Tenant ID, please check Azure Active Directory in Azure Portal. Under Manage, click Properties. The tenant ID is shown in the Directory ID box.)

• RequestsSiteName - Name of the SharePoint site to store the requests, can include spaces (URL/Alias automatically generated). If the site exists, it will prompt to overwrite and will apply the provisioning template.

• RequestsSiteDesc - Description of the site that will be created above.

• ManagedPath - Managed path configured in the tenant e.g. 'sites' or 'teams' (no forward slash).

• SubscriptionId - Azure subscription to deploy the solution to (MUST be associated with the Azure AD of the Office 365 tenant that you wish to deploy this solution to.)

• Location - Azure region in which to create the resources. The internal name should be used e.g. uksouth. See Valid Azure Locations.

• ResourceGroupName - Name for a new resource group to deploy the solution to - the script will create this resource group.

• AppName - Name for the Azure AD app that will be created e.g. Request-a-team.

• ServiceAccountUPN - UPN of Service Account to be used for the solution - used to connect the Logic App API connections. Service account is nothing but an Office 365 user who has Teams licenses enabled. Refer Assign a Teams license to know more details.

• UseMSGraphBeta - Deploys a version of the provisioning logic app which uses solely the beta endpoint for the Microsoft Graph (provides the ability to create private channels when cloning teams and creating teams from your own defined templates). Otherwise the 1.0 endpoint will be used. Defaults to FALSE.

• IsEdu - Specifies whether the current tenant is an Education tenant. If set to true, the Education Teams Templates will be deployed. These will be skipped if set to false or left blank.

>.\deploy.ps1 -TenantName "M365x023142" -TenantID "xxxxxxxx-xxxx-xxx-xxxxxxxxxxx" -RequestsSiteName "Request a team app" -RequestsSiteDesc "Used to store Teams Requests" -ManagedPath "sites" -SubscriptionId 7ed1653b-228c-4d26-a0c0-2cd164xxxxxx -Location "westus" -ResourceGroupName "teamsgovernanceapp-rg" -AppName "Requestateamapp" -ServiceAccountUPN "[email protected]" -UseMSGraphBeta $false -IsEdu $false

The script will prompt for authentication during execution. Please login using a Global Administrator account except for the prompts below.

When the script asks for the Service Account password, please enter the password for your Service Account created earlier.

When the message "LOGIC APP CONNECTIONS AUTHORIZATION" is displayed, login to any authentication prompts using the Service Account specified above.

When the script has completed a "DEPLOYMENT COMPLETED SUCCESSFULLY" message will be displayed.

• After running the script, SharePoint site, Logic Apps, Azure AD app and required API connections will get created.

• Navigate to newly created SharePoint site and click on Site Content located at the left menu bar and confirm if there are 3 SharePoint lists created successfully (Teams Requests, Teams Templates and Team Request Settings).

• Register Azure AD app as a SharePoint add-in (this is required for the solution to check if the requested Team exists before creation) -

Register Azure AD app as a SharePoint add-in

• Navigate to the following page in the SharePoint Admin Center - https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx and enter the following information (replace contoso with the name of your tenant):

App Id: Application ID of the Azure AD app (Locate the Azure AD app created by the deployment script in Azure Active Directory and copy the Application ID).

• Click 'Lookup'

• In the 'App Domain' text box, enter a suitable domain.

In the App's Permissions Request XML text box, enter the following XML -

<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> </AppPermissionRequests>

• Click 'Create'

Note:

• If PowerShell script breaks during deployment, check if the resource group and SharePoint site is created. If created, please consider deleting them before running the script again.

• Please make sure to click on each SharePoint list to see all columns are created, as the same will be linked with Power Apps.

• Please copy the name of the site as it will be used in further steps.

• Please share the SharePoint site to all Request-a-team application users by adding them as members a group or individually.

Step 2: Create Admin group

Please ignore this step from 1-7 if you already have a team of admins(who have the privilege to manage approval and rejection of team creation requests) and continue with #8.

1. Open Teams desktop app or open https://teams.microsoft.com/go#

2. Click on the Teams tab in the left menu bar

3. Click on Join or create team > click Create team button

4. Select Build your team from scratch > Select Private

5. Provide Team name and description > Click Next

6. After that a popup will open where you need to add members in your created team. Add all the members and then close the popup.

7. Confirm if a new team is created successfully.

8. Next to the team name, click on the "..." and select "Get link to team".

   [[Images/Teamid1.png|Create Team]]

9. Click on "Copy" to copy the link to clipboard.

   [[/Images/Teamid2.png|Copy Team ID]]

10. Get the groupID and channelID query string value as shown below:

    [[/Images/ChangeChannelId.png|Get Channel ID from query string]]

tip: you can try online decoder to decode channel ID

11. Copy the groupId and channelId as it will be used in further steps.

12. Navigate to Team Request Settings list and edit TeamsTeamID and TeamsChannelID rows and In the 'value' column of these rows, add the copied groupID and channelID under TeamsTeamID and TeamsChannelID respectively.

    [[/Images/TeamIdChannelId.png|Set Team ID and Channel ID in settings]]

Step 3: Set up Power Apps

1. Navigate to Power Apps. Click here

2. Click on Apps in the left side pane and click on Import canvas app.

   [[/Images/step1.png|Request a team step 1]]

3. Download the package zip file and click Import.

   [[/Images/step2.png|Request a team step 2]]

4. Under Related resources, you will be required to change the SharePoint connections. Click on wrench icon for SharePoint connection > Create new (you will be redirected to a new tab) > Click on SharePoint > switch back to main tab > click Refresh list > select name > Save.

5. Click on Import button.

   [[Images/step3.png|Request a team set up step 3 for import]]

Configuring Power App

1. Click on Open app link when zip package is successfully imported. You will be redirected to Power Apps portal.

2. Click on Open menu at the left side > Power Apps > Request-a-team App which you have imported.

3. The app will request your permission to use all the listed data connections.

   [[/Images/permission.png|Request a team Permission]]

4. Once the app opens, in the horizontal menu, click on View and select Data sources.
   **Remove the three existing demo SharePoint connections by clicking on "..." and remove **. This ensure that the dummy SharePoint connections are removed and the app is ready to connect with the SharePoint site.

5. Search for SharePoint created during deployment and select.

   [[/Images/edit1.png|Edit SharePoint connection]]

6. Enter the newly created SharePoint URL in pop-up window (it is same as provided for -RequestsSiteName parameter in deployment script)

   [[/Images/edit2.png|Enter SharePoint site URL]]

7. Choose 'Teams Requests', 'Teams Templates', 'Team Request Settings' lists and connect it.

   [[/Images/edit3.png|Select Teams Template]]

8. On app 'OnStart' function, paste the groupId of the admin group which you have created and saved the id before.

   [[/Images/AppStart.png|Power Apps OnStart]]

Step 4: Set up Power Automate

1. Navigate to https://flow.microsoft.com using an account with 'Maker' permissions.
2. Click My Flows > Import.
3. Browse to the file location of the provided flow package - TeamRequestApproval.zip.
4. Update the Outlook Office 365, SharePoint and Approvals connection to use an existing connection or create new ones. Under Related resources, you will be required to change the connection. Click on wrench icon for SharePoint connection > Create new (you will be redirected to a new tab) > Click on SharePoint > switch back to main tab > click Refresh list > select name > Save.
5. Click Import.

Configuring Flows

1. Navigate to My Flows.

2. Edit the Team Request Approval flow.

3. Update SharePoint site address for step s“When a team request item is submitted” and “Teams Request Site”.

4. Replace admin’s email id if there is no admins team for application.

5. Click Save

6. Repeat the above process for the Check Team Availability flow. Update the SharePoint site address for steps

   • Check if site exists -SP API and
   • Check site exists response > Check for existing requests matching URL

7. Open Azure portal and under new resource group, search Logic App (Process team request). Edit Logic App to confirm

   • SharePoint site address:

   [[/Images/LogicAppStep1.PNG|Logic Apps step]]

   [[/Images/LogicAppStep2.PNG|Logic Apps step 2]]

   • You can change the Interval and Frequency in first step When an item is created or modified in order to process team requests at given interval. It will execute to read all Approved team requests to create SharePoint. The default setting is 1 week.

Step 5: Share Power Apps and SharePoint site

1. Admin needs to share the app to all individuals who will be using the app.

2. Open https://make.preview.powerapps.com/

3. Go to Apps menu in the left menu bar and you will be able to see the app you have imported.

   [[/Images/Share11.png|Power Apps menu bar]]

4. Click on 3 dots (Options) for your app and click on Share.

5. Enter the group name meant for users in the popup and click on Share. You can also add additional members if needed. This is required to allow members to access Request-a-team App.

6. Share the SharePoint site to all members

   • Admin also needs to share the SharePoint site to all individuals who will be using the app. For giving access of SharePoint site, please follow below steps:

   • Go to SharePoint site created during deployment > click on Settings icon at top right corner > click on the "Site permission":

   [[https://github.com/OfficeDev/microsoft-teams-apps-associateinsights/wiki/Images/sharesharepointsite-part1.png|Share SharePoint Site]]

   • Click on "Advanced Permissions settings".

   • Click on the Grant Permission option from top menu bar and search the user name or type the email address of the user to whom you want to share the site.

   [[https://github.com/OfficeDev/microsoft-teams-apps-associateinsights/wiki/Images/sharesharepointsite-part2.png|Share SharePoint Site]]

   Note: Every user accessing the app for the first time will be prompted to provide permissions to the App to access the SharePoint source. User should click on 'Allow' to proceed ahead.

Step 6: Install Teams Package

1. Open https://make.preview.powerapps.com/

2. Go to Apps menu in the left menu bar and you will be able to see the app you have imported.

3. Click on 3 dots (Options) for your app and click on Add to Teams.

   [[/Images/Export1.png|Export application]]

4. Click on Download App in the popup to download a zip package.

Step 7: Adding app to Teams

1. Go to Teams > Apps (in the left menu) > Upload a Custom App.

2. Select the downloaded zip package from the previous step.

3. Click on Add > Add to a team in the popup.

4. Select a team or channel name.

5. Click on Setup a tab.

   [[/Images/install1.png|Set up as a tab]]

6. The description for the app will be shown in the popup, click on Save.

7. You will be able to see the app in the tab.

   [[/Images/install2.png|Application in Teams]]

There are additional modules needed to install prior running script deploy that are not mentioned :

Install-Module -Name WriteAscii
Install-Module SharePointPnPPowerShellOnline
Install-Module ImportExcel

The above error is occurring at "btnNextAddMembers.OnSelect" ---------------------------

If(('cmbOwners._1'.Selected.Email='cmbOwners._2'.Selected.Email)&&(CountRows('cmbOwners._1'.SelectedItems)>0),Set(Varowandmemnotclash,false),Set(Varowandmemnotclash,true));
If((CountRows('cmbMembers.'.SelectedItems)>0)&&(CountRows('cmbOwners._1'.SelectedItems)>0),If('cmbOwners._1'.Selected.Email=First('cmbMembers.'.SelectedItems).Email||'cmbOwners._1'.Selected.Email=Last('cmbMembers.'.SelectedItems).Email||'cmbOwners._2'.Selected.Email=First('cmbMembers.'.SelectedItems).Email||'cmbOwners._2'.Selected.Email=Last('cmbMembers.'.SelectedItems).Email,Set(Varowandmemnotclash,false),Set(Varowandmemnotclash,true)));
If(CountRows('cmbOwners.'.SelectedItems)<1||(CountRows('cmbOwners._1'.SelectedItems)<1),Set(BNReviewAndSubmit,false)&&Set(BNMembership,true),If(CountRows('cmbOwners.'.SelectedItems)>0&&(CountRows('cmbMembers.'.SelectedItems)<=2)&&Varowandmemnotclash,UpdateContext({ScratchlocalStep:ScratchlocalStep+1})&&Set(BNReviewAndSubmit,true)&&Set(BNMembership,false)));
If(CountRows('cmbOwners.'.SelectedItems)=2&&(CountRows('cmbMembers.'.SelectedItems)<=2)&&(CountRows('cmbOwners._1'.SelectedItems)>0)&&(CountRows('cmbOwners._2'.SelectedItems)>0)&&Varowandmemnotclash,Patch('Teams Requests',LookUp('Teams Requests',RowKey=srowkey),{Owners:'cmbOwners.'.SelectedItems},{Members:'cmbMembers.'.SelectedItems},{Stage:{'@odata.type':"#Microsoft.Azure.Connectors.SharePoint.SPListExpandedReference",
Value:"Requirements"}}));
If(CountRows('cmbOwners.'.SelectedItems)>0&&(CountRows('cmbMembers.'.SelectedItems)<=2)&&(CountRows('cmbOwners._1'.SelectedItems)>0)&&(CountRows('cmbOwners._2'.SelectedItems)<=0)&&Varowandmemnotclash,Patch('Teams Requests',LookUp('Teams Requests',RowKey=srowkey),{Owners:'cmbOwners._1'.SelectedItems},{Members:'cmbMembers.'.SelectedItems},{Stage:{'@odata.type':"#Microsoft.Azure.Connectors.SharePoint.SPListExpandedReference",
Value:"Requirements"}}));

At the is step, it errors with: Validation failed. The schema validation failed.

For both validation I receive this errors, even app is registered to AAD and permissions granted it is not working.

Get-PnPTenantSite : The remote server returned an error: (403) Forbidden. At line:24 char:17 + $site = Get-PnPTenantSite -Url $siteUrl + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (:) [Get-PnPTenantSite], WebException + FullyQualifiedErrorId : EXCEPTION,SharePointPnP.PowerShell.Commands.GetTenantSite

Get-PnPTenantRecycleBinItem : The remote server returned an error: (403) Forbidden. At line:27 char:20 + $binItem = Get-PnPTenantRecycleBinItem | Where-Object Url -eq ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (:) [Get-PnPTenantRecycleBinItem], WebException + FullyQualifiedErrorId : EXCEPTION,SharePointPnP.PowerShell.Commands.RecycleBin.GetTenantRecycleBinItems

I imported flow, but only have Team Request Approval flow, not Check Team Availability flow.

I have added the app to my team but it isn't working correctly:-
I click to create a team from scratch and I am asked for the privacy setting, Team Name and Description. Once completed the Next button doesn't become clickable. After clicking check availability I get an error in the top panel

CheckTeamAvailability.Run failed: { "error": { "code": 502, "source": "europe-001.azure-apim.net", "clientRequestId": "c64641e0-085f-4ce0-b598-5c8f2949ff11", "message": "BadGateway", "innerError": { "error": { "code": "NoResponse", "message": "The server did not received a response from an upstream server. Request tracking id '08586128545305279791333618999CU67'." } } } }

I chose the Location as australiaeast in the initial script as we are in NZ but this isnt where my tenant resides

I did find the deployment a bit menacing

Many thanks
Yvonne

I create the request from within the Team or the PowerApp. and it shows as Pending approval.
But I wait for the request and it is not sending any. not to the Admin email or to the Team Channel.
I have added the Team ID in the Variable and also the Channel ID, also fill out the Admin Email Variable. But not getting any notification trying from this different scenarios.
I've also tried to change the condition, such change the value it looks to just 1, tryin to drive the execution for the admin email but it just does not send the adaptive card.

I have run the deploy.ps1 script and it finished without any errors but on verifying the SharePoint site creation, teh site was created but there are no lists under site Content.

Do I have to rerun the install or can I create the lists manually?

If I have to rerun the script so I have to delete anything?

InvalidTemplate. Unable to process template language expressions in action 'Set_SiteExists_variable' inputs at line '1' and column '3986': 'The template language function 'bool' was invoked with a parameter that is not valid. The value cannot be converted to the target type.'.

I am experiencing an issue where once a team is approved within the app. The flow will kick off but will not finish or fail. I cant pinpoint exactly where the error is -- since it has been running non stop (over the weekend) and when I tried again this morning its the same thing. It seems like it does not make it to the logic app, so I would imagine it is somewhere in this part of the flow it is failing:

Any help would be greatly appreciated!!!

Implemented this application in our environment. It is working very good. Only one issue-> it is not sending rejected email if we reject the request from app dashboard and flow is still running. If we reject the request from adaptive cards it is sending the reject email. Looks like the problem is at "Check if we are posting to teams". It is stopping at this step if we reject the request.
Thank in advance for suggestions.

I just ran the script and unfortunately the SharePoint list is empty :-(
I get an error during the script but it finished as supposed to.

The CheckSiteExist.ps1 script fails with the error:
Cannot contact site at the specified URL https://XXXX-admin.sharepoint.com/. The app principal does not exist.

This will always return false.

I believe that the AppId/AppSecret combination doesn't work and a certificate is required for this type of connection.

The flow Check Team Availability is missing in the zip. It's not located under /deployment/Flows nor anywhere else. Could you please add it? Otherwise the app can't run properly as PowerApps needs the site to be checked before being able to continue in the process.

** update **
Realized that it's already included in the .zip from the other flow when imported.
Sorry, can only close and not delete this issue.

This app is awesome.. but why restrict it to Teams? This would be a great way to deal with automating the creation of any Office 365 Group for any app. Especially for those of us with Office 365 Group creation restricted in the tenant.

If you could ask, what app are you requesting a group for.. Planner? Teams? and then send the request for approval and if approved automatically create the Office 365 Group and assign the correct owner etc.. That would be super useful. Respecting group naming policies would be ideal.

With the creation of Office 365 Groups restricted, this would really help deal with the issue in a seamless and pleasant way. Otherwise we are left to building our own custom ways of dealing with the issue and that just kind of sucks. This would be more of a turnkey option that many people could benefit from.

If you can accomplish this, please do.

The solution is working fine for us with new requests. We would like to use existing Teams as templates. Can you explain which values we need to fill in the Teams Templates list item?
Teams Name: testTeam

Logic App: missing Team Id: which value is required for Team Id? Entering the GroupId value isn't working.

Fails when it attemps to create group.

Error:
{
"error": {
"code": "Request_BadRequest",
"message": "Object '[ResourceType=User,Id=xxxxx,ChangedProperties=[],NonDefaultProperties=[INTERNAL_SingleResourceQuery]]' referenced from '[ResourceType=Group,Id=xxxxxx,ChangedProperties=[DisplayName,Description,GroupType,MailEnabled,MailNickname,SecurityEnabled,CreatedByAppId,IsPublic],NonDefaultProperties=[INTERNAL_EnableF14M1SchemaEnumTypes,visibility]]' can only be present once as an add/remove change.",
"innerError": {
}
}
}

Hi,

I have a issue, after I approve a request, the logic app is never running.
I can see that the flow is completing as expected.

But nothing more is happening.

I have set it up to run every minutes (in the test phase). And that's working, but every EVALUATION is skipped.

Is there anywhere I can check something with permissions regarding the Logic App?

Output from the evaluation:
{ "statusCode": 202, "headers": { "Transfer-Encoding": "chunked", "Retry-After": "15", "X-SharePointHealthScore": "0", "X-MS-SPConnector": "1", "X-SP-SERVERSTATE": "ReadOnly=0", "DATASERVICEVERSION": "3.0", "SPClientServiceRequestDuration": "154", "SPRequestGuid": "e1fca2e3-214e-4e9d-b99f-f54c59af3cba", "request-id": "e1fca2e3-214e-4e9d-b99f-f54c59af3cba", "MS-CV": "46L84U4hnU65n/VMWa88ug.0", "Strict-Transport-Security": "max-age=31536000", "X-FRAME-OPTIONS": "SAMEORIGIN", "Content-Security-Policy": "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com;", "MicrosoftSharePointTeamServices": "16.0.0.20127", "X-Content-Type-Options": "nosniff", "X-MS-InvokeApp": "1; RequireReadOnly", "Timing-Allow-Origin": "*", "x-ms-apihub-cached-response": "true", "Cache-Control": "max-age=0, private", "Date": "Tue, 09 Jun 2020 15:41:08 GMT", "Location": "https://logic-apis-westeurope.azure-apim.net/apim/sharepointonline/a3445a69d1ef48858edb7cb98008e14d/datasets/https%253A%252F%252F"TENANT".sharepoint.com%252Fsites%252FTeamsRequestPortal/tables/Teams%2520Requests/onupdateditems?triggerstate=ZGF0ZXRpbWU9MjAyMC0wNi0wOVQxNTo0MTowM1o%3d", "P3P": "CP=\"ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI\"", "X-AspNet-Version": "4.0.30319", "X-Powered-By": "ASP.NET", "Content-Type": "application/json; charset=utf-8", "Expires": "Mon, 25 May 2020 15:41:08 GMT", "Last-Modified": "Tue, 09 Jun 2020 15:41:08 GMT", "Content-Length": "142" }, "body": { "status": 202, "message": "\r\nclientRequestId: e1fca2e3-214e-4e9d-b99f-f54c59af3cba\r\nserviceRequestId: e1fca2e3-214e-4e9d-b99f-f54c59af3cba" } }

Sorry, had a really tough time completing the install, here's what I found and resolved

1. Script failed at the PnPTemplate, even though the current PnPPowershell had just been installed. I think it needs a new PS Session after installed. Once I sorted it I could re-run the script.
2. After installing the powerapp, when opening it the O365 user connector would not authenticate, I added it to another app which worked, then it would work in the imported powerapp.
3. For some reason the runbook wouldn't work, again PnP failing to get a token. It seems that the client secret was not correct, maybe because the initial script ran more than once? I regenerated a client secret and applied it to the runbook and in the logic app.
4. In the powerapp the controls to select owners wouldn't work, the IsSearchable property was set to false and had to be changes to true on all controls.

I've read the closed issues with the same behavior so I've maked sure I have the updated version of the logical app where serviceaccount is added as owner during the team creation.

I can see that the team is created and the serviceaccountuser is still there as the owner.

I cant figure out why this is happening. any ideas?

The deployment guide states that the Sharepoint site must be shared with anyone who will use that app but does not discuss required permissions. In testing, it appears that Contribute is sufficient for requestors. So far admins are Owners. I have not tested minimums for admins. We only have a small group who will be approving requests and they know better than to delete anything from the site.

Hitting the following error in the Logic App when it triggers at the Create job to check if site exists action.

Error is as follows...

{
"statusCode": 403,
"headers": {
"Pragma": "no-cache",
"x-ms-failure-cause": "gateway",
"x-ms-request-id": "fdad6c49-38a4-4c02-8fd6-129a6f923883",
"x-ms-correlation-request-id": "fdad6c49-38a4-4c02-8fd6-129a6f923883",
"x-ms-routing-request-id": "AUSTRALIASOUTHEAST:20200507T223701Z:fdad6c49-38a4-4c02-8fd6-129a6f923883",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-Content-Type-Options": "nosniff",
"Timing-Allow-Origin": "*",
"x-ms-apihub-cached-response": "false",
"Connection": "close",
"Cache-Control": "no-cache",
"Date": "Thu, 07 May 2020 22:37:01 GMT",
"Content-Length": "581",
"Content-Type": "application/json",
"Expires": "-1"
},
"body": {
"error": {
"code": "AuthorizationFailed",
"message": "The client '7704ba6c-b602-4adf-ae7f-90ade0c68091' with object id '7704ba6c-b602-4adf-ae7f-90ade0c68091' does not have authorization to perform action 'Microsoft.Automation/automationAccounts/jobs/write' over scope '/subscriptions/2ebbbbd3-8a21-489d-910b-1cec4818f6d3/resourceGroups/M365TeamsDeployment/providers/Microsoft.Automation/automationAccounts/teamsautomate-auto/jobs/7beeabea-2347-4ed3-b461-2451c41ac364' or the scope is invalid. If access was recently granted, please refresh your credentials."
}
}
}

Check if SharePoint site exists > Set SiteExists variable:

InvalidTemplate. Unable to process template language expressions in action 'Set_SiteExists_variable' inputs at line '1' and column '3759': 'The template language function 'bool' was invoked with a parameter that is not valid. The value cannot be converted to the target type.'.

Invalid Azure Location. Please provide a valid location. See this list - https://azure.microsoft.com/en-gb/global-infrastructure/locations/
At C:\Apps\Teams
Request\microsoft-teams-apps-requestateam-master\microsoft-teams-apps-requestateam-master\Deployment\Scripts\deploy.ps1:609 char:9

•     throw "Invalid Azure Location. Please provide a valid locatio ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (Invalid Azure L...ture/locations/:String) [], RuntimeException
  • FullyQualifiedErrorId : Invalid Azure Location. Please provide a valid location. See this list - https://azure.microsoft.com/en-gb/g
    lobal-infrastructure/locations/

For the location I have tried:
North Central US
northcentralus

Central US
centralus

Service account is nothing but an Office 365 user who has all the rights the same as admin and has a minimum of E3 license.

Do we really want a service account with admin rights? What roles are needed to this account to function?

I'm getting the below errors:

Site Creation - Site is NOT created
Error occured while creating of the SharePoint site: There is currently no connection yet. Use Connect-PnPOnline to connect.
Connect-PnPOnline : Invalid URI: The hostname could not be parsed.
At C:\Users\Jesslyn\Desktop\microsoft-teams-apps-requestateam-master\Deployment\Scripts\deploy.ps1:649 char:15

• $pnpConnect = Connect-PnPOnline $requestsSiteUrl -UseWebLogin

•           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Connect-PnPOnline], UriFormatException
  • FullyQualifiedErrorId : System.UriFormatException,SharePointPnP.PowerShell.Commands.Base.ConnectOnline

THEN
Connect-PnPOnline : Invalid URI: The hostname could not be parsed.
At C:\Users\Jesslyn\Desktop\microsoft-teams-apps-requestateam-master\Deployment\Scripts\deploy.ps1:642 char:15

• $pnpConnect = Connect-PnPOnline -Url $tenantAdminUrl -UseWebLogin

•           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Connect-PnPOnline], UriFormatException
  • FullyQualifiedErrorId : System.UriFormatException,SharePointPnP.PowerShell.Commands.Base.ConnectOnline

Notes on above. - Would this have anything to do with our company name having an apostrophe?

Hi

Thought make you aware, there is a similar project on PnP for provisioning - https://github.com/pnp/tutorial-workspace-provisioning

Whilst there are clear differences, there maybe some learning with these contributors that might help stabilize the solution.

Hi,

During installation I am seeing an error while applying the PnP template.

Error shown is:
Error occured while configuring the SharePoint site: Cannot find an overload for "Load" and the argument count: "1".

Hi,

When checking for availability of a team the check ignores Underscore in the Team name

e.g. DPT_Telecoms gets condensed to DPTTelecoms

We already have a large number of teams which follow a naming convention with an underscore and want to avoid Accidental Duplicates as well as maintaining the naming convention.

At this time the admins/approvers cannot see all app requests. After some testing the admin can only see a request they put in themselves. How are admins added for this app?

{
"statusCode": 400,
"headers": {
"request-id": "e153380c-d4c8-443f-84ff-9751ad927ae2",
"client-request-id": "e153380c-d4c8-443f-84ff-9751ad927ae2",
"x-ms-ags-diagnostic": "{"ServerInfo":{"DataCenter":"Central US","Slice":"SliceC","Ring":"2","ScaleUnit":"001","RoleInstance":"AGSFE_IN_4"}}",
"Strict-Transport-Security": "max-age=31536000",
"Cache-Control": "private",
"Date": "Mon, 01 Jun 2020 01:52:24 GMT",
"Content-Length": "663",
"Content-Type": "application/json"
},
"body": {
"error": {
"code": "Request_BadRequest",
"message": "Object '[ResourceType=User,Id=29b77a92-0cf7-4e07-ba36-da083dc20145,ChangedProperties=[],NonDefaultProperties=[INTERNAL_SingleResourceQuery]]' referenced from '[ResourceType=Group,Id=56ad2c2b-f44c-422b-8f2e-e5baa98a09f9,ChangedProperties=[DisplayName,Description,GroupType,MailEnabled,MailNickname,SecurityEnabled,CreatedByAppId,IsPublic],NonDefaultProperties=[INTERNAL_EnableF14M1SchemaEnumTypes,visibility]]' can only be present once as an add/remove change.",
"innerError": {
"request-id": "e153380c-d4c8-443f-84ff-9751ad927ae2",
"date": "2020-06-01T01:52:24"
}
}
}
}

Check Team Availability flow zip is not in the package I downloaded.

WHen I use the tool (everything appeared to deploy correctly) I get an error on the screen where you submit your request.

It doesn't fill in the owners and members elements.

The error is ...

The requested operation is invalid. Server Response: Teams Requests failed: The specified user i:0#.f|membership|[email protected] could not be found. clientRequestId: 2c6265d6-dc0b-4f77-b6a9-6dd17640e549 serviceRequestId: 2c6265d6-dc0b-4f77-b6a9-6dd17640e549

Our UPNs are different to our email addresses - do we need extra steps to look up the user UPN from AzureAD?

Get the following when the Logic App is attempting to trigger
Swagger not found for connector '/subscriptions/2ebbbbd3-8a21-489d-910b-1cec4818f6d3/providers/Microsoft.Web/locations/Australia Southeast/managedApis/sharepointonline'

The deployment completed successfully, without any errors.
Following the document I tried to edit the Logic app to adjust the SharePoint site collection settings

When I tried to edit: Update status to Team Creation, the following message appears:
Swagger not found for connector '/subscriptions/c499ec5d-3ce0-4cb3-ac54-XXXXXXf/providers/Microsoft.Web/locations/West Europe/managedApis/sharepointonline'

Any ideas what went wrong?

Documentation states to check for created columns in the 3 sharepoint lists, which there are.

Step 2:12 - Navigate to Team Request Settings list and edit TeamsTeamID and TeamsChannelID rows and In the 'value' column of these rows, add the copied groupID and channelID under TeamsTeamID and TeamsChannelID respectively.

There are no rows created to edit.

I am trying to get the classification option to show in the app, but changing the value in "Teams request settings" has no effects on the controls in the app.

After manuelly setting visibility i get them to appear, but the images are missing and the dropbox had the worng height.

Is the classification options not implemented in the app yet, or am i doing something worng?
Can't find anything in the Wiki posts either.

I'm getting the following on the script:
The term 'get-azlocation' is not recognized as the name of a cmdlet
The term 'connect-azaccount' is not recognized as the name of a cmdlet

Is this because this requires Azure-RM cmdlets? If so, is there any plan to update it to current AZ Module?

Thanks!

deploy.ps1 relies on the "az" command being present in the current PATH, which is not true until after rebooting the system following the installation of the Azure CLI module.

If you follow directions as posted, the script will fail with the following error:

### AZURE AD APP CREATION ###
Creating Azure AD App - 'Request-a-team'...
Error occured while creating an Azure AD App: The term 'az' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or 
if a path was included, verify that the path is correct and try again.

Hi,
thank you for sharing this great deployment method. It´s very valuable.
But let me just ask this question: Is my assumption right that every user who should be able to run this "request a teams" app must have a per user license for PowerApps? (Alternatively the per app license). The reason why we have to assign the license is because we´re using premium connectors in Logic Apps where PowerApps is the trigger.
Regards
Jakob

Hi Alexc, I ran into errors creating the SharePoint site. Here is the console output:

AZURE AD APP CREATION FINISHED

Get-AzureADDirectorySetting : The term 'Get-AzureADDirectorySetting' is not recognized

TEAMS REQUESTS SITE CREATION

Creating Teams Requests SharePoint site...
Error occured while creating of the SharePoint site: The term 'Get-PnPTenantSite' is not recognized...

REQUESTS SPO SITE CONFIGURATION

Configuring SharePoint site...
Applying provisioning template...
Error occured while configuring the SharePoint site: The term 'Apply-PnPProvisioningTemplate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Everything else was fine.

thanks.

Originally posted by @fidoly in #20 (comment)

When following the deployment guide it fails to provision the template to the sharepoint site the script creates. I get the following error:

"Error occured while configuring the SharePoint site: Für "Load" und die folgende Argumenteanzahl kann keine Überladung gefunden werden: "1".

All other steps seem to suceed flawless.

When running deploy.ps1 I am prompted to authorize the Logic App connections with the service account. When prompted for modern authentication I provide the service account email address, however, it then takes me to the organization login page (we use third-party SSO) and it authenticates under my account.

Workaround so far has been to grant service account role permission on the resource group. Then when logged in as service account go to each of the API connections and reauthorize.