Guest Access Series: Inviting a Specific Domain into a Specific Team — Gathering Team’s Domain Information

Identifying and inventorying Teams and their sites allow-domain list

Michael Mukalian
4 min readNov 12, 2021

There are a couple ways that one can leverage the script created in the prior article. In this instance, we’re going to leverage a combination of a Dataverse table to hold the information, and then a workflow to fill that table.

Teams Information in Dataverse

In this instance we only keep track of a couple/few columns of information to support this solution. Below is that information. Leverage this to create a table in the Dataverse database in the relevant environment.

  1. Team Id / Unique Identifier / Required
  2. Name / Text / Required
  3. Team SPO Allow Domains / Text / Optional
  4. Team SPO Url / URL / Optional

The result of the above will be a simple table to hold the information of a team (name, id, delimited string of domains, the team SPO site URL).

Filling up the Table

We’re going to use a Power Automate Flow to run once-a-day, that just adds information to the table. The image below displays the entirety of the flow, and some of it looks familiar based on our previous articles, but let’s call out a couple things that are specific for this solution.

Entire flow to value our table with Team and domain information

URL Variable: GetTeamGroupsUrl

We create a string variable to hold the initial query. Specifically, this query looks for office 365 groups that were created as part of the Teams provisioning process. In this instance, we’re only querying two pieces of information: the Team Id and its displayName

Continue to Loop Through all the Groups

We use the variable above to check its length, and continue to make the call to get additional groups. But wait, this sounds like an infinite loop? Well, when you make the above call to return your groups, you may also get as part of the response a value for odata.nextLink. This is a specific endpoint to call to get the next page of groups, because we can’t return the world in the first call. We update the value of the variable w/that nextLink URL, and continue again. Specifically, our check in the loop is the length of the variable’s value. If it’s greater than 0 then we have a nextLink. If not, we’re done our loop.

Get the Team’s SharePoint Site URL

As we continue through the collection of groups returned, we need to get the SPO site URL behind the group, as that’s key to getting the domain list. We call the Graph, using the endpoint for Groups, using the Group ID we’re currently on,

Get the SPO Site’s Domains

Now we can leverage the PowerShell runbook we created previously, and it’s really simple to do so. We leverage the Azure Automation Connector to create a job, wiring it up to our runbook, and then we get that job’s output, specifically the string of domains. Note we pass in the SPO site URL as the runbook’s expected parameter.

Upsert the Team with the Gathered Information

Now that we have all of the relevant information we can insert/update it in our table. This is done simply with the Dataverse connector.

Prepare for the Next Set

As we called out earlier, if you have a lot of groups being returned in the first call, the call will be paginated, and respond with the proper endpoint to call to gather the next set of groups. We place this value into our GetTeamsGroupsUrl variable, and then start the loop again.

Rinse & Repeat

This process runs once-a-day. Your mileage may vary and you may want to run it more often than that and that’s ok. This is just an example.

Now that we have our underlying foundation for the validation of emails to invite, let’s do a run-through of how to invite a guest in to the team. On to the next article!



Michael Mukalian

Covering the Microsoft Modern Workplace as a Technical Architect at the Philadelphia Microsoft Technology Center in Malvern.