Create Workflow
Build automated workflows to orchestrate complex IT operations across Microsoft 365. Define triggers, conditions, and actions to automate repetitive tasks, enforce policies, and respond to events without manual intervention.
Note: Workflows execute against Microsoft Graph API with proper permissions. Complex workflows may require additional API permissions to be configured in your app registration.
Workflow Components
Triggers
Events that start workflow execution. Can be scheduled, event-driven, or manually initiated.
- Schedule (cron)
- User created/modified
- Group membership change
- License threshold
- Webhook event
Conditions
Logic that determines if actions should execute. Filter and route workflow based on data.
- If/else branching
- Data comparisons
- Group membership checks
- Attribute matching
- Time-based conditions
Actions
Operations performed when conditions are met. Actions can call APIs, send notifications, or update data.
- User management
- License assignment
- Group operations
- Send email/Teams
- Call external API
Trigger Types
Scheduled Triggers
Run workflows on a time-based schedule using cron expressions:
0 9 * * 1-5— Every weekday at 9 AM0 0 1 * *— First day of each month0 */4 * * *— Every 4 hours0 8 * * 1— Every Monday at 8 AM
Event Triggers
React to changes in Microsoft 365 via Graph subscriptions:
| Event | Resource | Use Case |
|---|---|---|
| User Created | /users | Onboarding automation |
| User Updated | /users/{id} | Attribute change response |
| Group Member Added | /groups/{id}/members | Role-based provisioning |
| Device Enrolled | /deviceManagement/managedDevices | Device setup automation |
Manual Triggers
Start workflows on-demand via button click or API call. Useful for operations that require human judgment to initiate.
Available Actions
User Management
- Create user
- Update user attributes
- Reset password
- Enable/disable account
- Delete user
- Set manager
Group Management
- Create group
- Add/remove members
- Add/remove owners
- Update group settings
- Delete group
License Management
- Assign license
- Remove license
- Modify service plans
- Check license availability
Notifications
- Send email
- Post Teams message
- Create Teams channel
- Webhook callback
Security
- Block sign-in
- Revoke sessions
- Require MFA registration
- Add to security group
Custom Actions
- HTTP request
- Execute script
- Set variable
- Delay/wait
- Loop over collection
Workflow Editor
Build workflows visually with drag-and-drop or use YAML configuration:
Visual Designer
- Drag-and-drop actions
- Visual condition builder
- Connection mapping
- Live preview
YAML Configuration
name: new-user-onboarding
trigger:
type: event
resource: /users
changeType: created
actions:
- type: assignLicense
sku: ENTERPRISEPREMIUM
- type: addToGroup
groupId: "{department}-users"
- type: sendEmail
to: "{userEmail}"
template: welcomeError Handling
Retry Policy
Configure automatic retries for transient failures. Set max attempts, backoff strategy, and retry conditions.
Error Actions
Define fallback actions when primary action fails. Send notification, log to external system, or execute compensation logic.
Timeout Handling
Set execution timeouts per action and workflow. Long-running operations can be cancelled or retried.
Best Practices
- Test in a non-production tenant — Validate workflow logic before deploying to production environments
- Use conditions to prevent duplicates — Check if action already performed before executing (idempotency)
- Log important decisions — Add logging actions at key points for troubleshooting and audit
- Monitor execution patterns — Set up alerts for unusual execution volumes or failure rates
API Reference
GET /api/automation/workflows— List all workflowsPOST /api/automation/workflows— Create new workflowPUT /api/automation/workflows/:id— Update workflow configurationPOST /api/automation/workflows/:id/run— Manually trigger workflow executionGET /api/automation/workflows/:id/executions— Get workflow execution history