It’s common to use the ‘When an item is created or modified’ trigger when creating Flows for SharePoint with Power Automate. This can be a very chatty trigger as every change can result in the Flow executing. Users can utilize Conditions, Scopes, and Run After settings within the Flow logic to determine if they should really act on an item. This still results in yet another unhelpful entry within the Run History.
Leveraging Trigger Conditions offers the option to check Trigger Properties and additional logic to determine if the Flow should run at all. Users can continue to use the same Trigger while streamlining both Flow logic and Run History.
Trigger Conditions are found by selecting the menu from the three dots or ellipsis in the upper right-hand corner of the Trigger Card. Once there, look to Settings, then at the bottom, Trigger Conditions. Users can add more than one Condition and that the Trigger will only run when the Conditions of which at least one must evaluate as True.
Since the Dynamic Content menu isn’t available at this point, users must use the available Functions. Whatever expression is entered should return a Boolean value. A non-Null value like an Object or Number won’t allow the Flow to run at all.
| Expression | Result Type | Valid Condition |
| @add(1, 0) | Integer | No |
| @true | Boolean | Yes |
| @equals(1, 1) | Boolean | Yes |
| @json(triggerBody()) | Object | No |
Note that List One which has two Content Types with differing Fields. Item has only the Title column and Item 2 adds the Example column.
| Content Type | Fields |
| Item | Title |
| Item 2 | Title, Example |
Normally, users would have no means of filtering processed items within the Trigger with When an item is created or modified as no OData filtering is provided. By using the following Trigger Condition, users can ensure Flow doesn’t process any items where Example is missing data.
Two Compose actions are added to show the values of the Content Type and Example properties of the triggering items. When the Test functionality is used, three scenarios can be run:
Item Content Type:
Create a new Item which has only the Title column; no processing should occur.
Item 2 Content Type Without Example Value:
Create a new Item 2 which has both Title and Example columns, complete only the Title; no processing should occur.
Item 2 Content Type With Example Value:
Create a new Item 2 which has both Title and Example columns, complete both; the Test should now fire and process the Trigger.
Here are the results showing the Item 2 Content Type and the text from the completed Example field:
Alternately, we could use the Content Type itself as the Trigger Condition:
@equals(triggerBody()?[‘{ContentType}’]?[‘Id’], ‘0x0100ACFF228D0E467842B04850DDAE19C31C00BBAE74759D28534CB0A8EEAFC9908541’)
Trigger Conditions can be grouped to create complex AND/OR logic. While adding multiple conditions acts as an AND, where all must be True, there is no UI method for OR. Adding @false as a secondary condition illustrates this as if we run a Test — it will never trigger.
Fortunately, Microsoft has provided both and() and or() logical comparison functions, allowing the introduction of OR in a single condition.
@or(equals(triggerBody()?[‘{ContentType}’]?[‘Id’], ‘0x0100ACFF228D0E467842B04850DDAE19C31C00BBAE74759D28534CB0A8EEAFC9908541’), not(equals(triggerBody()?[‘Example’], null)))
With this condition, the Flow would fire only if either the Content Type is Item 2 OR Example isn’t empty. This would run anytime the Content Type was Item 2, regardless of the value for Example, as well as for any other Content Type so long as Example isn’t empty. Tests do not fire when the Trigger Condition isn’t met, which means no more Run History entries when no real processing occurs.
Condition Breakdown:
@: Allows the use of a Function within an Expression (anytime it isn’t entered via the Dynamic Content / Expression menu).
or(<expression1>, <expression2>, …): Return true when at least one expression is true. Return false when all expressions are false.
equals(‘<object1>’, ‘<object2>’): Return true when both are equivalent. Return false when not equivalent.
not(<expression>): Return true when the expression is false. Return false when the expression is true.
[, ], and ?: These operators are used to navigate data structures. In addition to accessing indexes in an array, the square brackets also allow access to Properties or Keys.
For users currently filtering on Trigger properties with Action Cards, it’s recommended to use Trigger Conditions instead. Users can even leave your existing logic in place as a matching condition would ensure that the same values are passed. They work particularly well in instances where Flow may trigger itself, such as updating a column value when a List Item is modified. In organizations with complex Flows or a large inventory, Trigger Conditions can cut down on Nesting Depth, Actions Per Flow, and Flow Executions — all of which contribute to staying within service limits and getting the most value from your subscriptions.
Are your powers users confident about the security of their content in Teams? A constant point of contention for power users are uninvited guests or unfamiliar users found within an Office 365 group, team, or site the power user owns. This persistent issue negatively impacts adoption and needs to be addressed. Surprisingly enough, SharePoint admins usually wind up being one of the root causes. Let’s investigate why.
Currently, in SharePoint Online, support staff with the SharePoint Administrator role must grant themselves Owner rights before they can access a site, team, or modify group membership. Admins that perform this action show up on the modern permissions display panel and in the O365 group causing concern amongst the site owners who quickly feel that they have no control over the access of their content.
So what are these admins up to?
Most SharePoint setups today use this method to perform system maintenance. In some cases, support may be performing a change request or resolving an issue.
6 Steps To Secure Access
These headaches can be alleviated by one Office 365 Group, a few updates, and a little scripting. Just follow the below steps:
- In the Office 365 Admin Center, create a “SharePoint Administrators” Office 365 Group and add all your SharePoint Support staff to it as “members” (Owner rights don’t seem to be as effective in this scenario).
- Request temporary Global or User Management Administrator rights.
- Run a PowerShell script to add “yourself” as an owner to all group connected SharePoint sites (Requires Global or User Management Administrator rights).
- Add “yourself” as an owner to all other Team and Communication sites (not group connected) via the SharePoint Admin Center: https://[TenantName]-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/siteManagement
- Run another PowerShell script to add the “SharePoint Administrators” Office 365 Group to the “Site Collection Administrators” section of all sites.
- Run a final PowerShell script to remove your personal account’s access from the sites and the Office 365 Groups minus the “SharePoint Administrators” Office 365 Group.
That’s it! Your support staff now have Full Control access to all sites so that they can perform their daily duties without:
- Disrupting the end-users by showing up in the Owners section and/or Office 365 Group.
- Needing to add and remove themselves to make SharePoint changes.
Likewise, you can and should use this same process in tangent with a “SharePoint Service Accounts” Office 365 Group. Otherwise, whenever your Flow or analysis service account or job needs to access something, it will take additional steps to manually grant it access.
The Final Touch
Make adding these groups part of your manual and/or automated site creation process.
Interested in diving deeper on secure internal and external collaboration? Reach out to our team here to set up a free consultation call.
Recently, we came across a problem with a constructed Microsoft Flow that takes incoming emails to a Shared Mailbox and posts the information into a SharePoint list. The Flow picks up on attachments and stores those as attachments in the list item created.
The issue: the majority of people include the company logo in their signature, but the name of the file itself would vary, so there was no way to easily filter out the logo in order to not store it as an attachment. This is where the Azure Custom Vision Intelligence came in – you can easily customize your own computer vision models that fit with your unique use cases.
Here are a few examples of labeled images and how Custom Vision can do the work once it’s set up properly.
Custom Vision Intelligence Overview and Setup
Custom Vision Artificial Intelligence allows you to train an AI to perform certain actions.
In this instance, we will be training our Custom Vision AI to recognize the Timlin Enterprises logo. It will tag the images fed to the AI as being the logo or not being the logo. We can trigger the Custom Vision AI and feed it the image we are curious about in a Microsoft Flow.
To start, navigate to https://www.customvision.ai and sign in or create an account*. Once signed in, we will want to create a New Project. Simply click on “New Project” and fill out the prompt as shown.
*Note: The account you use should be linked to an Azure Subscription that it has access to. Also, in our example, our Resource Group was already created and set to the F0 Plan (Free Plan). During the original creation process of a new Resource Group in Custom Vision AI, it only allows you to create a new resource group under the S0 plan. If you want to avoid any costs, be sure to switch the plan for this resource group to F0 after creation (this will be shown later on in this post). In addition, the resource group must remain as the South Central US location as the functionality we are using is only available in this location currently.
Once you’ve created the project, you want to start off by creating two tags on the left-hand side. One tag can be called “Timlin Logo” and the other can be called “Not Timlin Logo” to keep everything simple. The “Not Timlin Logo” will be marked as negative as images that fall in this category are the opposite of what we are looking for in the logo.
In order to have enough data for your workflow, the AI will require a minimum of 5 images per tag you create. What you want to do is give the AI between 5 and 10 images that either is or look like the Timlin Logo and 5-10 images that look nothing like it. An easy way to do something like this would be to take the logo and slice it into different quadrants (as shown below). Upload each of these spliced sections as separate images into the AI and assign them the “Timlin Logo” tag.
Spliced Images
Spliced Images in Custom Vision AI
Tags
Next, we will want to feed it the Negative images. You can use any image that does not resemble the logo. In this example, I’ve used some stock Office logo images (as shown below).
Training Our Custom Vision Intelligence
Now that you have your sample data, we can start to Train our AI. To start this process, navigate to the “Train” button at the top left-hand corner.
You are then given two options: Fast Training and Advanced Training. What you are looking for is rather unique and easily identifiable, so you can simply use the “Fast Training” process.
If you were training an AI on hundreds or thousands of images to identify a very particular object/set of objects, you may look into using the Advanced Training process which will train the AI over a specified period of time. For now, select “Fast Training”, navigate to “Train” and wait for the training process to complete. If all went well, you should get your two tags with (most likely) a 100% precision rate in identifying whether an image is the logo or not.
You can test this with other images that aren’t in your sample pool as well. If you click on “Quick Test” you can feed the AI a separate image and ensure that the proper tag is being pulled back. For example, if I feed it the last screenshot referenced in this post, I should receive “Not Timlin Logo” back (as seen below).
Triggering Custom Vision Intelligence from Microsoft Flow
Triggering your Custom Vision AI from Flow and feeding it an image to test is very straight forward.
You can start by creating a new Instant Flow (one we can trigger manually). In this example, you will use a file stored in a library in our SharePoint tenant.
To do so, you first get the file content by using the “Get file content using path” function in Flow.
Now that you have access to the file and its content, you can add the action to determine the tags.
Search for and add the “Predict tags from image” action in Flow. You first need to configure the Custom Vision connection. Give the connection a name and your prediction key (found on the settings page of your Custom Vision application). Once that has been configured, the action itself will request your Project ID, which can be found from the Settings page of your Custom Vision AI project, the Image Content (which is the File Content stored in the last action) and you can also input an Iteration ID if no default is set.
To find the Iteration ID, you can access the “Performance” tab within Custom Vision AI, click on an iteration and copy the “Iteration id” value into the Flow Action.
The completed Flow action will look like the one below.
When run, the Flow should trigger the Custom Vision AI and give you a JSON output that you can use for any future conditions with probabilities assigned to them.
With this, you will have completed your first Custom Vision Intelligence setup with Microsoft Flow integration.
If you have any questions on the setup, or anything else related to Microsoft Flow, let us know. Our team of Microsoft experts is available to help you!
