{"id":110971,"date":"2018-08-23T10:52:12","date_gmt":"2018-08-23T17:52:12","guid":{"rendered":""},"modified":"2025-06-11T08:07:15","modified_gmt":"2025-06-11T15:07:15","slug":"automate-flow-governance","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/power-automate\/automate-flow-governance\/","title":{"rendered":"Advanced | Flow of the Week: Automating Microsoft Flow Governance &#8211; Using Microsoft Flow"},"content":{"rendered":"<p><strong>Introduction<\/strong><\/p>\n<p>Enterprise Security and Governance is an important topic for many organizations. Microsoft continues to make investments that allow customers to implement PowerApps and Flow and be confident that they have their bases covered from a governance perspective. Much like Microsoft Flow empowers users to build powerful workflow and automation solutions, we want to empower administrators with the same capabilities to support their needs. In this blog post we are going to explore a scenario that describes how you can automate governance activities by taking advantage of the Office 365 Management API.<\/p>\n<p><strong>Overview<\/strong><\/p>\n<p>A scenario that we will walk through in this post is the ability to detect when specific events exist within a flow definition so that we can detect these events and provide pro-active governance against it. For example, some organizations would like to avoid users forwarding emails externally. Microsoft Exchange can block these scenarios through transport rules. But, using cloud workflow tools (including more than just Flow) you generally break down these actions into more discrete events. For example, I can receive an email and send an email within the same flow. Independently, these actions may not be perceived as forwarding an email, but from a functional perspective, they achieve the same result.<\/p>\n<p>In order to detect these events, we will depend upon the Office 365 Security and Compliance logs which will capture events related to creating, editing or deleting a flow. In a previous blog <a href=\"https:\/\/preview.flow.microsoft.com\/en-us\/blog\/accessing-office-365-security-compliance-center-logs-from-microsoft-flow\/\" target=\"_blank\" rel=\"noopener\">post<\/a>, we discussed how we can poll the Office 365 Security and Compliance PowerShell Webservice looking for these events. In this blog post, we are going to use an event-driven approach where we will create a webhook and have events sent to a Microsoft Flow endpoint. Once Microsoft Flow receives this event, we will go fetch additional details of the event. We will then parse these events and perform some logic to determine if a condition exists that warrants action, including stopping the flow that is a concern.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.png\" style=\"width: 600px; height: 420px;\"\/><\/p>\n<p><strong>Pre-requisites<\/strong><\/p>\n<p>In this blogpost, we will be interacting with the Office 365 Management API and the Microsoft Flow Management connector. As a result, there are specific requirements for accessing these capabilities:<\/p>\n<table border=\"1\" cellpadding=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td style=\"width:234px;\">\n<p><strong>Office 365 Management API<\/strong><\/p>\n<\/td>\n<td style=\"width:390px;\">\n<ul>\n<li>Global Administrator Access<\/li>\n<li>Azure AD Application<\/li>\n<li>Get Office 365 tenant admin consent<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width:234px;\">\n<p><strong>Flow Management Connector<\/strong><\/p>\n<\/td>\n<td style=\"width:390px;\">\n<ul>\n<li>Global Administrator or Environment Admin<\/li>\n<li>Microsoft Flow P2 license<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Azure AD Application<\/strong><\/p>\n<p>The first thing that we need to do is create an Azure AD Application that we will use when calling the Office 365 Management API. For this blog post we are going to try to focus on the Microsoft Flow components as much as possible. For additional information on the Office 365 Management API, please see the following <a href=\"https:\/\/docs.microsoft.com\/en-us\/office\/office-365-management-api\/get-started-with-office-365-management-apis\">post<\/a>.<\/p>\n<p>To create an Azure AD Application:<\/p>\n<ol>\n<li>Navigate to the <a href=\"https:\/\/portal.azure.com\/\" target=\"_blank\" rel=\"noopener\">Azure Portal<\/a><\/li>\n<li>Select <strong>Azure Active Directory<\/strong> and then <strong>App registrations<\/strong><\/li>\n<li>Create a <strong>New application registration<\/strong><\/li>\n<li>Provide a <strong>Name <\/strong>for your application, <strong>Application type<\/strong> of <strong>Web app\/API <\/strong>and a<strong> Sign-on URL.<\/strong><\/li>\n<\/ol>\n<p><strong>Note:<\/strong> The Sign-on URL is an arbitrary value. You can even put a value of http:\/\/localhost<\/p>\n<ol>\n<li value=\"5\">Once the application has been created, you can click on <strong>Settings<\/strong> to further configure.<\/li>\n<li value=\"6\">Click on <strong>Properties<\/strong> and make a note of the <strong>Application ID<\/strong> as you will require it in a future step.<\/li>\n<li value=\"7\">While on the <strong>Properties<\/strong> screen, ensure the <strong>Multi-tenanted <\/strong>option is set to <strong>Yes.<\/strong><\/li>\n<li value=\"8\">Click on <strong>Reply URLs<\/strong> and add a value. For this value you can provide an arbitrary URL, but having it resolve will simplify an upcoming step. For my example, I just used my blog <a href=\"http:\/\/www.middlewareinthecloud.com\/\">http:\/\/www.middlewareinthecloud.com<\/a><\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/2-replyURLs.png\" style=\"width: 650px; height: 366px;\"\/><\/p>\n<ol start=\"9\" style='font-weight: 400; font-style: normal; font-size: 13.008px; font-family: Tahoma, \"Helvetica Neue\", Arial, Helvetica, sans-serif;'>\n<li style=\"font-size: 13.008px;\">Next, click on\u00a0<strong style=\"font-size: 13.008px;\">Required permissions<\/strong><\/li>\n<li style=\"font-size: 13.008px;\">Click on\u00a0<strong style=\"font-size: 13.008px;\">Add \u2013 Select an API \u2013 Office 365 Management API<\/strong><\/li>\n<li style=\"font-size: 13.008px;\">Next, set the permissions as illustrated below.<\/li>\n<\/ol>\n<p style=\"font-size: 13.008px; text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/3-selectAPI.png\" style=\"width: 572px; height: 694px;\"\/><\/p>\n<ol start=\"12\">\n<li>We now need to need to obtain a <strong>Key<\/strong> which can be achieved by clicking on <strong>Keys<\/strong>.<\/li>\n<li>Provide a <strong>Description<\/strong>, <strong>Duration<\/strong> and click <strong>Save<\/strong>. Once you have done this, a <strong>Key Value<\/strong> will be generated. Copy this value for future use.<\/li>\n<li><strong>Save <\/strong>and exit.<\/li>\n<\/ol>\n<p><strong>Note: <\/strong>If your key contains special characters like &#8216;\/&#8217; and &#8216;+&#8217;, you will get an invalid key error when you try to create a token in a subsequent step. These values need to be encoded and any online URL encoding website should be able to encode these values for you.<\/p>\n<p><strong>Get Office 365 tenant admin consent<\/strong><\/p>\n<p>In the Office 365 documentation, it calls out \u201ca tenant admin must explicitly grant your application these permissions in order to access their tenant&#8217;s data by using the APIs\u201d. As a result, a tenant admin must call the following URL in order to grant consent. In addition, the URL will return an authorization code that we will need in a future call.<\/p>\n<p>Within this URL, there are two placeholders that we need to populate with information from our Azure AD application. When it comes to \u201c<strong>{your_client_id}\u201d <\/strong>this is referring to the <strong>Application ID<\/strong> that we recorded when creating our Azure AD application. The <strong>\u201c{your_redirect_url}\u201d<\/strong> placeholder refers to the <strong>Reply URL<\/strong> that we also provided when creating the Azure Ad application.<\/p>\n<p><a href=\"https:\/\/login.windows.net\/common\/oauth2\/authorize?response_type=code&amp;resource=https%3A%2F%2Fmanage.office.com&amp;client_id=%7byour_client_id%7d&amp;redirect_uri=%7byour_redirect_url%7d\">https:\/\/login.windows.net\/common\/oauth2\/authorize?response_type=code&amp;resource=https%3A%2F%2Fmanage.office.com&amp;client_id<strong>={your_client_id}<\/strong>&amp;redirect_uri=<strong>{your_redirect_url}<\/strong><\/a><\/p>\n<ol>\n<li>With our URL formulated, we can use a web browser to make this call. Upon successfully calling this URL, you will be prompted with a consent dialog.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/4-consent.png\" style=\"width: 532px; height: 784px;\"\/><\/p>\n<ol start=\"2\">\n<li>Upon Accepting the terms, your <strong>Reply URL<\/strong> web page should be displayed.<\/li>\n<\/ol>\n<p><strong>Create Microsoft Flow Listener<\/strong><\/p>\n<p>With our Azure AD App created and consent granted to use the Office 365 Management API we are now going to create our webhook subscription within Office 365. But, before we do that we need to be able to provide a URL that can be called whenever there are events published from the O365 Management API. We will now create our flow and then we can use the URL that is provided as part of our HTTP trigger when configuring our webhook subscription.<\/p>\n<ol>\n<li>Create a <strong>Flow from blank<\/strong> and add an <strong>HTTP Trigger<\/strong><\/li>\n<li>Since we want a typed message that we can be used within our flow, we can provide a JSON Schema payload of an event we can expect to receive from the O365 Security and Compliance Center.<\/li>\n<\/ol>\n<pre>\n{\n    \"type\": \"array\",\n    \"items\": {\n        \"type\": \"object\",\n        \"properties\": {\n            \"clientId\": {\n                \"type\": \"string\"\n            },\n            \"contentCreated\": {\n                \"type\": \"string\"\n            },\n            \"contentExpiration\": {\n                \"type\": \"string\"\n            },\n            \"contentId\": {\n                \"type\": \"string\"\n            },\n            \"contentType\": {\n                \"type\": \"string\"\n            },\n            \"contentUri\": {\n                \"type\": \"string\"\n            },\n            \"tenantId\": {\n                \"type\": \"string\"\n            }\n        },\n        \"required\": [\n            \"clientId\",\n            \"contentCreated\",\n            \"contentExpiration\",\n            \"contentId\",\n            \"contentType\",\n            \"contentUri\",\n            \"tenantId\"\n        ]\n    }\n}\n\n\n<\/pre>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/5-HttpTrigger.png\" style=\"width: 554px; height: 330px;\"\/><\/p>\n<p>\u00a0<\/p>\n<ol start=\"3\">\n<li>Next, we will add<strong> 3 Compose<\/strong> actions where we will store our values for <strong>client id<\/strong>, <strong>client key<\/strong> and <strong>tenant.<\/strong> For both <strong>client id<\/strong> and <strong>client key <\/strong>you should have these values from when you created your Azure AD application. Your <strong>tenant id<\/strong> can be retrieved by following one of these <a href=\"https:\/\/docs.microsoft.com\/en-us\/onedrive\/find-your-office-365-tenant-id\" target=\"_blank\" rel=\"noopener\">approaches<\/a>.<\/li>\n<\/ol>\n<p><strong>Note:<\/strong> We chose to use <strong>Compose<\/strong> actions instead of variables as there is less of a performance hit and these are values that we will not need to further manipulate.<\/p>\n<ol start=\"4\">\n<li>Our next step is to retrieve an auth token that we can use to retrieve event details from the O365 Security and Compliance Center. We will use the values that we captured in our <strong>Compose<\/strong> actions and construct a <strong>URI<\/strong> that includes our <strong>Tenant ID<\/strong>. Our <strong>Header<\/strong> will include a <strong>Content-Type<\/strong> of <strong>application\/x-www-form-urlencoded.<\/strong> Lastly, we need to provide key\/value pairs that include our <strong>Client ID<\/strong>, <strong>Client Secret<\/strong>, <strong>Resource<\/strong> and <strong>Grant Type<\/strong>.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/7-GetToken.png\" style=\"width: 549px; height: 309px;\"\/><\/p>\n<p style=\"text-align: center;\">\u00a0<\/p>\n<ol start=\"5\">\n<li>We need to use the token that is returned in downstream actions so we will add a <strong>Parse JSON<\/strong> action that can will use this HTTP response as an input. The following <strong>Schema<\/strong> can be used to give our response a message shape.<\/li>\n<\/ol>\n<pre style=\"margin-left: 40px;\">\n{\n \"type\": \"object\",\n \"properties\": {\n  \"token_type\": {\n   \"type\": \"string\"\n  },\n  \"expires_in\": {\n   \"type\": \"string\"\n  },\n  \"ext_expires_in\": {\n   \"type\": \"string\"\n  },\n  \"expires_on\": {\n   \"type\": \"string\"\n  },\n  \"not_before\": {\n   \"type\": \"string\"\n  },\n  \"resource\": {\n   \"type\": \"string\"\n  },\n  \"access_token\": {\n   \"type\": \"string\"\n  }\n }\n}\n<\/pre>\n<p>\u00a0<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/8-tokenresponse.png\" style=\"width: 550px; height: 299px;\"\/><\/p>\n<ol start=\"6\">\n<li>Our HTTP Trigger will only provide us with a message that describes the event that occurred inside the Office 365 Security and Compliance Center. It won\u2019t provide us with actual details about the event. To get the actual details about the event we need to make a subsequent call to the Office 365 Management API to get the details. We will accomplish this by using the HTTP Action and performing a GET request to the URI that was provided as part of the inbound message. The expression that we can use to retrieve this value is <strong>triggerBody()[0]?[&#8216;contentUri&#8217;]<\/strong>. We also need to provide an <strong>Authorization<\/strong> Header that includes a <strong>Bearer<\/strong> token that is retrieved from our previous <strong>Parse Token Response<\/strong> action. In addition, we need to specify a <strong>Content-Type<\/strong> of <strong>application\/json.<\/strong><\/li>\n<\/ol>\n<p style=\"text-align: center;\"><strong><strong><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/9b-HTTPReequest.png\" style=\"width: 600px; height: 343px;\"\/><\/strong><\/strong><\/p>\n<p style=\"text-align: center;\">\u00a0<\/p>\n<ol start=\"7\">\n<li>We now need to parse our response from the Office 365 Management API so we can explore the results. Once again we will use the Parse JSON action and this time we will provide the following schema:<\/li>\n<\/ol>\n<pre>\n{\n \"type\": \"array\",\n \"items\": {\n  \"type\": \"object\",\n  \"properties\": {\n   \"CreationTime\": {\n    \"type\": \"string\"\n   },\n   \"Id\": {\n    \"type\": \"string\"\n   },\n   \"Operation\": {\n    \"type\": \"string\"\n   },\n   \"OrganizationId\": {\n    \"type\": \"string\"\n   },\n   \"RecordType\": {\n    \"type\": \"integer\"\n   },\n   \"ResultStatus\": {\n    \"type\": \"string\"\n   },\n   \"UserKey\": {\n    \"type\": \"string\"\n   },\n   \"UserType\": {\n    \"type\": \"integer\"\n   },\n   \"Version\": {\n    \"type\": \"integer\"\n   },\n   \"Workload\": {\n    \"type\": \"string\"\n   },\n   \"ObjectId\": {\n    \"type\": \"string\"\n   },\n   \"UserId\": {\n    \"type\": \"string\"\n   },\n   \"FlowConnectorNames\": {\n    \"type\": \"string\"\n   },\n   \"FlowDetailsUrl\": {\n    \"type\": \"string\"\n   },\n   \"LicenseDisplayName\": {\n    \"type\": \"string\"\n   },\n   \"RecipientUPN\": {\n    \"type\": \"string\"\n   },\n   \"SharingPermission\": {\n    \"type\": \"integer\"\n   },\n   \"UserTypeInitiated\": {\n    \"type\": \"integer\"\n   },\n   \"UserUPN\": {\n    \"type\": \"string\"\n   }\n  },\n  \"required\": [\n   \"CreationTime\",\n   \"Id\",\n   \"Operation\",\n   \"OrganizationId\",\n   \"RecordType\",\n   \"ResultStatus\",\n   \"UserKey\",\n   \"UserType\",\n   \"Version\",\n   \"Workload\",\n   \"ObjectId\",\n   \"UserId\",\n   \"FlowConnectorNames\",\n   \"FlowDetailsUrl\",\n   \"LicenseDisplayName\",\n   \"RecipientUPN\",\n   \"SharingPermission\",\n   \"UserTypeInitiated\",\n   \"UserUPN\"\n  ]\n }\n}\n\n<\/pre>\n<p>\u00a0<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/9-ParseLogEvent.png\" style=\"width: 549px; height: 303px;\"\/><\/p>\n<ol start=\"8\">\n<li>The <strong>Parse Log Event<\/strong> can retrieve multiple events from Office 365. As a result, we need to loop through the <strong>Body<\/strong> that is returned from the <strong>Parse Log Event<\/strong>. This loop will get added as soon as we use a data element from the Parse Log Event output.<\/li>\n<li>Since Microsoft Flow events are captured within <strong>Audit.General<\/strong> Content Type inside of Office 365 Security and Compliance Center, will now want to perform some logic that will focus on Microsoft Flow <strong>CreateFlow <\/strong>and <strong>EditFlow <\/strong>events. To accomplish this, we will add an advanced condition that includes an <strong>or <\/strong>statement that looks for either <strong>CreateFlow<\/strong> or <strong>EditFlow<\/strong> events.<\/li>\n<\/ol>\n<p style=\"text-align: center;\">@or(equals(items(&#8216;Apply_to_each_2&#8217;)[&#8216;Operation&#8217;], &#8216;CreateFlow&#8217;),equals(items(&#8216;Apply_to_each_2&#8217;)[&#8216;Operation&#8217;], &#8216;EditFlow&#8217;))<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/11-condition.png\" style=\"width: 549px; height: 128px;\"\/><\/p>\n<ol start=\"10\">\n<li>Next, we want to see if the Office 365 Outlook Connector is being used within this Flow that created the audit event. We can achieve this by seeing if the <strong>FlowConnectorNames<\/strong> attribute (within the Parse Log Event) <strong>contains Office 365 Outlook.<\/strong><\/li>\n<\/ol>\n<p style=\"text-align: center;\"><strong>\u200b<img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/12-containsO365.png\" style=\"width: 581px; height: 156px;\"\/><\/strong><\/p>\n<ol start=\"11\">\n<li>If the list of connectors does include the Office 365 Outlook connector then we want to further explore whether the <strong>Forward Email<\/strong> action is being used since that is the action that we want to prevent our users from using. In order to determine if a <strong>Flow Definition<\/strong> does contain the <strong>ForwardEmail <\/strong>action we need to capture the <strong>Environment ID<\/strong> and <strong>Flow ID<\/strong>. To get the <strong>Environment ID<\/strong> we will use a <strong>Compose Action<\/strong> and use an expression to parse it from the <strong>FlowDetailsUrl<\/strong> attribute that can be found within <strong>Parse Log Event \u2013 Body <\/strong>array. The expression we want to use is:<\/li>\n<\/ol>\n<p style=\"text-align: center;\">substring(replace(item()?[&#8216;FlowDetailsUrl&#8217;],&#8217;https:\/\/admin.flow.microsoft.com\/environments\/&#8217;,&#8221;),0,indexOf(replace(item()?[&#8216;FlowDetailsUrl&#8217;],&#8217;https:\/\/admin.flow.microsoft.com\/environments\/&#8217;,&#8221;),&#8217;\/&#8217;))<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/12-GetEnvironment.png\" style=\"width: 549px; height: 121px;\"\/><\/p>\n<ol start=\"12\">\n<li>We will use a similar approach to retrieve the <strong>Flow ID<\/strong>, but our expression will be:<\/li>\n<\/ol>\n<p style=\"text-align: center;\">replace(substring(item()?[&#8216;FlowDetailsUrl&#8217;],lastIndexOf(item()?[&#8216;FlowDetailsUrl&#8217;],&#8217;\/&#8217;),sub(length(item()?[&#8216;FlowDetailsUrl&#8217;]),lastIndexOf(item()?[&#8216;FlowDetailsUrl&#8217;],&#8217;\/&#8217;))),&#8217;\/&#8217;,&#8221;)<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/13-Replace.png\" style=\"width: 547px; height: 100px;\"\/><\/p>\n<ol start=\"13\">\n<li>In an upcoming step, we want to add our <strong>Principle Id<\/strong> as an owner of this flow that we want to inspect so that we can retrieve the flow definition. To obtain our <strong>Principle ID<\/strong> we can use the <strong>Office 365 Users<\/strong> connector and the <strong>Get my profile (V2) <\/strong>action to provide this attribute.<\/li>\n<li>We can use the <strong>Id <\/strong>returned from the <strong>Get my profile (V2) <\/strong>action with our outputs from the <strong>Get Environment<\/strong> and <strong>Get Flow ID<\/strong> compose actions to add our account as an owner of this flow.<\/li>\n<\/ol>\n<p style=\"text-align: center;\">\u00a0<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/14-modifyowner.png\" style=\"width: 548px; height: 467px;\"\/><\/p>\n<ol start=\"15\">\n<li>Being an owner of the flow is important so that we can retrieve the flow definition to determine whether or not the Forward Email action is being used. We can retrieve the flow definition by using the Flow Management connector and using the <strong>Get Flow<\/strong> action. Once again we need to use the outputs from the <strong>Get Environment<\/strong> and <strong>Get Flow ID<\/strong> compose actions as inputs to this action.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/15-GetFlow.png\" style=\"width: 551px; height: 133px;\"\/><\/p>\n<ol start=\"16\">\n<li>We are going to inspect the flow definition for a <strong>swaggerOperationId<\/strong> that is equal to <strong>ForwardEmail<\/strong> but before we do that we need to cast the json flow definition to a string. We can do this by using the following expression: <strong>string(body(&#8216;Get_Flow&#8217;)[&#8216;properties&#8217;][&#8216;definition&#8217;]).<\/strong> Once we have it cast, we can see if it <strong>contains<\/strong> <strong>&#8220;swaggerOperationId&#8221;:&#8221;ForwardEmail&#8221;<\/strong>.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/16-IfYes.png\" style=\"width: 600px; height: 112px;\"\/><\/p>\n<ol start=\"17\">\n<li>If the flow definition does include the <strong>ForwardEmail<\/strong> action then we want to perform some additional steps in the <strong>If yes <\/strong>branch.<\/li>\n<li>As you have seen, the <strong>Environment ID<\/strong> is an attribute that we have used within this flow. But, we have not used the <strong>Environment Name<\/strong>, since it isn\u2019t a data attribute that is available to us at this point. However, we can access this attribute by using the <strong>List My Environments<\/strong> action that is part of the <strong>Flow Management<\/strong> connector.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/17-ListEnvironments.png\" style=\"width: 650px; height: 125px;\"\/><\/p>\n<ol start=\"19\">\n<li>By calling the <strong>List My Environments <\/strong>action, all of the environments that our user has access to will be returned. Since we cannot filter using the existing connector, we can add a <strong>Filter array<\/strong> action and filter on the <strong>Environment Name <\/strong>attribute by comparing it to the<strong> Environment ID<\/strong> that we have previously captured.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/18-FilterArray.png\" style=\"width: 546px; height: 146px;\"\/><\/p>\n<ol start=\"20\">\n<li>Since the <strong>Filter array<\/strong> action will return a list of items that match our criteria, we will want to access the first instance using an expression <strong>body(&#8216;Filter_array&#8217;)[0]?[&#8216;properties&#8217;]?[&#8216;displayName&#8217;]<\/strong> which will take the first index of our array. Since <strong>Environment IDs<\/strong> are unique, this approach is safe.<\/li>\n<li>With our <strong>Environment Display Name<\/strong> now available, we can pass this attribute and others into an approval that we will use to determine whether or not any corrective action is required. In addition, we will include the <strong>Flow Display Name, Environment ID, User UPN<\/strong> (from Parse Log Event) and <strong>Connectors Used <\/strong>(from Parse Log Event).<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/21-StartApproval.png\" style=\"width: 600px; height: 428px;\"\/><\/p>\n<ol start=\"22\">\n<li>Next, we will wait for an approval by adding a condition to our flow. Provided the <strong>Response<\/strong> is equal to <strong>Approve<\/strong> we will use the <strong>Stop Flow <\/strong>action that is part of the <strong>Flow Management<\/strong> connector to stop that flow.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/21b-StopFlow.png\" style=\"width: 700px; height: 274px;\"\/><\/p>\n<p>To view the entire flow, please click on the following <a href=\"https:\/\/procsi.blob.core.windows.net\/blog-images\/Automate-Governance\/29-entireflow.png\" target=\"_blank\" rel=\"noopener\">link<\/a>.<\/p>\n<p>\u00a0<\/p>\n<p><strong>Creating Office 365 Management API Webhook<\/strong><\/p>\n<p>With our flow now complete, there is something that we need to do before we create our Webhook subscription. We need the URL that is part of our <strong>HTTP Request Trigger <\/strong>which we can copy by clicking on the following icon.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/20-copyURL.png\" style=\"width: 548px; height: 322px;\"\/><\/p>\n<p>To complete the next couple steps we are going to need to call the Office 365 Management APIs and as a result will benefit from a tool called <a href=\"https:\/\/www.getpostman.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Postman<\/strong><\/a><strong>.<\/strong><\/p>\n<p>We need to generate an access token that we can use to create our Webhook subscription. To do this, we need access to our <strong>Code<\/strong> that is returned from our consent call.<\/p>\n<ol>\n<li>To obtain this code populate <strong>client_id <\/strong>and<strong> redirect_uri <\/strong>with your values and enter this into a web browser.<\/li>\n<\/ol>\n<p style=\"margin-left: 31.5pt;\"><a href=\"https:\/\/login.windows.net\/common\/oauth2\/authorize?response_type=code&amp;resource=https%3A%2F%2Fmanage.office.com&amp;client_id=%7byour_client_id%7d&amp;redirect_uri=%7byour_redirect_url%7d\" target=\"_blank\" rel=\"noopener\">https:\/\/login.windows.net\/common\/oauth2\/authorize?response_type=code&amp;resource=https%3A%2F%2Fmanage.office.com&amp;client_id<strong>={your_client_id}<\/strong>&amp;redirect_uri=<strong>{your_redirect_url}<\/strong><\/a><\/p>\n<ol start=\"2\">\n<li>When the webpage resolves, there will be a query parameter called <b>code\u00a0<\/b>returned in the URL. Copy this value for use in the next step.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/23-URL.png\" style=\"width: 744px; height: 35px;\"\/><\/p>\n<p><strong style=\"font-size: 13.008px;\">Note: <\/strong>At the end of the URL returned from the web browser, there may be a <strong style=\"font-size: 13.008px;\">session_state<\/strong> query parameter also returned. This value is <strong style=\"font-size: 13.008px;\">not<\/strong> required and should <strong>not <\/strong>be included in the next step.<\/p>\n<ol start=\"3\">\n<li>We now need to construct an HTTP request that we will send to <a href=\"https:\/\/login.windows.net\/common\/oauth2\/token\">https:\/\/login.windows.net\/common\/oauth2\/token<\/a> that looks like the following image that will provide us with an <strong>access_token<\/strong> that we will use when creating our webhook. As part of this request we will need to provide data from our Azure AD application that we previously created including <strong>client_id<\/strong>, <strong>client_secret <\/strong>and our <strong>redirect_uri.<\/strong> In addition to these values, we also need to include a <strong>resource<\/strong> of <strong><a href=\"https:\/\/manage.office.com\/\">https:\/\/manage.office.com<\/a>, <\/strong>a <strong>grant_type<\/strong> of <strong>authorization_code <\/strong>and our <strong>code<\/strong> from our previous step.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/22-PostmanToken.png\" style=\"width: 600px; height: 311px;\"\/><\/p>\n<ol start=\"4\">\n<li>Next up is creating our Webhook subscription. To do this we will need to copy out the <strong>access_token<\/strong> from our response. Inside of <strong>Postman<\/strong>, open a new tab and construct a new <strong>POST<\/strong> request to\u00a0<a href=\"https:\/\/manage.office.com\/api\/v1.0\/%7byour_tenant_id%7d\/activity\/feed\/subscriptions\/start?contentType=Audit.General\" target=\"_blank\" rel=\"noopener\">https:\/\/manage.office.com\/api\/v1.0\/<strong>{your_tenant_id}<\/strong>\/activity\/feed\/subscriptions\/start?contentType=Audit.General<\/a><\/li>\n<\/ol>\n<p><strong>Note:<\/strong> We are including a query parameter of <strong>contentType<\/strong> that has a value of <strong>Audit.General<\/strong>. As mentioned previously, the flow events show up under this content type.<\/p>\n<p>The <strong style=\"font-size: 13.008px;\">Headers<\/strong> that we need to include are <strong style=\"font-size: 13.008px;\">Authorization <\/strong>that has a value of <strong style=\"font-size: 13.008px;\">Bearer<\/strong> <strong style=\"font-size: 13.008px;\">&lt;access_token&gt;<\/strong>.<strong style=\"font-size: 13.008px;\">\u00a0<\/strong>Recall this is the <strong style=\"font-size: 13.008px;\">access_token<\/strong> from our previous step. We also want to provide a <strong style=\"font-size: 13.008px;\">Content-Type<\/strong> of <strong style=\"font-size: 13.008px;\">applicatiion\/json.<\/strong><\/p>\n<p style=\"text-align: center;\"><strong style=\"font-size: 13.008px;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/24-headers.png\" style=\"width: 700px; height: 92px;\"\/><\/strong><\/p>\n<p>We aren\u2019t quite done yet. We also need to provide a <strong>Body<\/strong> where we will include our <strong>Flow Request URL<\/strong> and a value for <strong>authId.<\/strong><\/p>\n<pre>\n{\n \"webhook\" : {\n  \"address\": \"Enter your Flow Request URL here\",\n  \"authId\": \"Enter an arbitrary value here\",\n  \"expiration\": \"\"\n }\n}\n<\/pre>\n<ol start=\"5\">\n<li>When we submit this request, we can expect to receive a response like the one below which indicates that our webhook has been created successfully.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/25-webhookresponse.png\" style=\"width: 600px; height: 190px;\"\/><\/p>\n<p>\u00a0<\/p>\n<p><strong>Testing<\/strong><\/p>\n<p>We are now ready to test!!! To test our new governance process, we will sign into Microsoft Flow with a different user account. We will subsequently create a new flow the includes an Outlook Trigger and has a Forward Email action<strong>. <\/strong><\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/26-flow.png\" style=\"width: 700px; height: 348px;\"\/><\/p>\n<ol>\n<li>Upon saving this flow, an event will be raised within the Office 365 Security &amp; Compliance Center within approximately 20 minutes and our webhook subscription will be invoked.<\/li>\n<li>We should now have an approval waiting for us.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/27-Approval.png\" style=\"width: 800px; height: 369px;\"\/><\/p>\n<ol start=\"3\">\n<li>We will go ahead and approve this request. When we do, we will see that this flow has been stopped from further processing.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/28-disabledflow.png\" style=\"width: 700px; height: 88px;\"\/><\/p>\n<p style=\"text-align: center;\">\u00a0<\/p>\n<p><strong>Conclusion<\/strong><\/p>\n<p>In this blog post we explored some powerful capabilities that exist within the Office 365 Management APIs and the Flow Management Connector. Using the combination of these two platforms allows for a customized governance experience. This allows organizations to build governance solutions on top of what Microsoft already provides out of the box.<\/p>\n<p>In addition to the scenario that we just built, this solution can be extended to support other scenarios that you want to govern, including other connectors or actions that you want to restrict.<\/p>\n<p>\u00a0<\/p>\n<p><strong style='font-style: normal; font-size: 13.008px; font-family: Tahoma, \"Helvetica Neue\", Arial, Helvetica, sans-serif;'>Other Considerations<\/strong><\/p>\n<ul>\n<li>In this post we described how to receive events from the Office 365 Security and Compliance Center using a webhook approach. There are also options to use a polling approach like we covered in a previous blog <a href=\"https:\/\/preview.flow.microsoft.com\/en-us\/blog\/accessing-office-365-security-compliance-center-logs-from-microsoft-flow\/\" target=\"_blank\" rel=\"noopener\">post<\/a>.<\/li>\n<li>We only covered one scenario where we parsed our flow definition. If you wanted to build a more comprehensive parsing solution, you can build an Azure Function and pass the flow definition into the function where your logic is executed.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Enterprise Security and Governance is an important topic for many organizations. Microsoft continues to make investments that allow customers to implement PowerApps and Flow and be confident that they have their bases covered from a governance perspective. Much like Microsoft Flow empowers users to build powerful workflow and automation solutions, we want to empower administrators with the same capabilities to support their needs. In this blog post we are going to explore a scenario that describes how you can automate governance activities by taking advantage of the Office 365 Management API.<\/p>\n","protected":false},"author":349,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","ms-ems-related-posts":[],"footnotes":""},"audience":[3378],"content-type":[],"job-role":[],"product":[3474],"property":[],"topic":[3445,3435,3443],"coauthors":[2910],"class_list":["post-110971","post","type-post","status-publish","format-standard","hentry","audience-it-professional","product-power-automate","topic-management-and-governance","topic-operations","topic-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Advanced | Flow of the Week: Automating Microsoft Flow Governance - Using Microsoft Flow - Microsoft Power Platform Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Advanced | Flow of the Week: Automating Microsoft Flow Governance - Using Microsoft Flow - Microsoft Power Platform Blog\" \/>\n<meta property=\"og:description\" content=\"Enterprise Security and Governance is an important topic for many organizations. Microsoft continues to make investments that allow customers to implement PowerApps and Flow and be confident that they have their bases covered from a governance perspective. Much like Microsoft Flow empowers users to build powerful workflow and automation solutions, we want to empower administrators with the same capabilities to support their needs. In this blog post we are going to explore a scenario that describes how you can automate governance activities by taking advantage of the Office 365 Management API.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/power-automate\/automate-flow-governance\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Power Platform Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-23T17:52:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-11T15:07:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.png\" \/>\n<meta name=\"author\" content=\"Kent Weare\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kent Weare\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/author\/keweare\/\",\"@type\":\"Person\",\"@name\":\"Kent Weare\"}],\"headline\":\"Advanced | Flow of the Week: Automating Microsoft Flow Governance &#8211; Using Microsoft Flow\",\"datePublished\":\"2018-08-23T17:52:12+00:00\",\"dateModified\":\"2025-06-11T15:07:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/\"},\"wordCount\":2973,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.png\",\"keywords\":[\"Governance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/\",\"name\":\"Advanced | Flow of the Week: Automating Microsoft Flow Governance - Using Microsoft Flow - Microsoft Power Platform Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.png\",\"datePublished\":\"2018-08-23T17:52:12+00:00\",\"dateModified\":\"2025-06-11T15:07:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.webp\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.webp\",\"width\":2158,\"height\":1512,\"caption\":\"diagram\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Advanced | Flow of the Week: Automating Microsoft Flow Governance &#8211; Using Microsoft Flow\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/\",\"name\":\"Microsoft Power Platform Blog\",\"description\":\"Innovate with Business Apps\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization\",\"name\":\"Microsoft Power Platform Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2020\/03\/Microsoft-Logo-e1685482038800.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2020\/03\/Microsoft-Logo-e1685482038800.png\",\"width\":194,\"height\":145,\"caption\":\"Microsoft Power Platform Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/person\/a66d308251aebf9036a1e62c6bc2cd20\",\"name\":\"Kent Weare\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=gcd0a495c06c9934b159bd99f16922ecd\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=g\",\"caption\":\"Kent Weare\"},\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/author\/keweare\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Advanced | Flow of the Week: Automating Microsoft Flow Governance - Using Microsoft Flow - Microsoft Power Platform Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/","og_locale":"en_US","og_type":"article","og_title":"Advanced | Flow of the Week: Automating Microsoft Flow Governance - Using Microsoft Flow - Microsoft Power Platform Blog","og_description":"Enterprise Security and Governance is an important topic for many organizations. Microsoft continues to make investments that allow customers to implement PowerApps and Flow and be confident that they have their bases covered from a governance perspective. Much like Microsoft Flow empowers users to build powerful workflow and automation solutions, we want to empower administrators with the same capabilities to support their needs. In this blog post we are going to explore a scenario that describes how you can automate governance activities by taking advantage of the Office 365 Management API.","og_url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/power-automate\/automate-flow-governance\/","og_site_name":"Microsoft Power Platform Blog","article_published_time":"2018-08-23T17:52:12+00:00","article_modified_time":"2025-06-11T15:07:15+00:00","og_image":[{"url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.png","type":"","width":"","height":""}],"author":"Kent Weare","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kent Weare","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/author\/keweare\/","@type":"Person","@name":"Kent Weare"}],"headline":"Advanced | Flow of the Week: Automating Microsoft Flow Governance &#8211; Using Microsoft Flow","datePublished":"2018-08-23T17:52:12+00:00","dateModified":"2025-06-11T15:07:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/"},"wordCount":2973,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.png","keywords":["Governance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/","name":"Advanced | Flow of the Week: Automating Microsoft Flow Governance - Using Microsoft Flow - Microsoft Power Platform Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.png","datePublished":"2018-08-23T17:52:12+00:00","dateModified":"2025-06-11T15:07:15+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.webp","contentUrl":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-solution.webp","width":2158,"height":1512,"caption":"diagram"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/23\/automate-flow-governance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/"},{"@type":"ListItem","position":2,"name":"Advanced | Flow of the Week: Automating Microsoft Flow Governance &#8211; Using Microsoft Flow"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/","name":"Microsoft Power Platform Blog","description":"Innovate with Business Apps","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization","name":"Microsoft Power Platform Blog","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2020\/03\/Microsoft-Logo-e1685482038800.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2020\/03\/Microsoft-Logo-e1685482038800.png","width":194,"height":145,"caption":"Microsoft Power Platform Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/person\/a66d308251aebf9036a1e62c6bc2cd20","name":"Kent Weare","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=gcd0a495c06c9934b159bd99f16922ecd","url":"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=g","caption":"Kent Weare"},"url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/author\/keweare\/"}]}},"bloginabox_animated_featured_image":null,"bloginabox_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Power Platform Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/posts\/110971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/comments?post=110971"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/posts\/110971\/revisions"}],"predecessor-version":[{"id":128686,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/posts\/110971\/revisions\/128686"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/media?parent=110971"}],"wp:term":[{"taxonomy":"audience","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/audience?post=110971"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/content-type?post=110971"},{"taxonomy":"job-role","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/job-role?post=110971"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/product?post=110971"},{"taxonomy":"property","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/property?post=110971"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/topic?post=110971"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/coauthors?post=110971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}