web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Pls help architecturin...
Power Automate
Unanswered

Pls help architecturing my solution: perform checks on Azure AD users, security groups, and email DLs

(0) ShareShare
ReportReport
Posted on by ralfbergs 2

Hi there.

I'm looking into automating some security and compliance checks by means of "Power Automate." Pls note that I have zero clue about any of "Power Automate" or "Power Apps," and I'm not a "Windows guy," so please consider that in your response.

My requirements:

  1. Solution should run automatically and periodically, like once a week or month.
  2. I would like to be able to also trigger the execution manually.
  3. It should be non-interactive.
  4. To get started it seems I need an "environment" (starting with "sandbox" probably). I'm not an admin, how can I even find out how to contact our admins? We're a huge enterprise, so I can't just walk "to the IT guys," because I have no clue where they are sitting. They may even be on a different continent. 😉
  5. It seems I need to "connect" to Azure AD to retrieve the desired info about users, security groups, email DLs. Do I need a "connector" for that? I also would like to optionally run an action on objects in Azure AD, like remove users from a security group (that I own).
  6. I would like to be able to send email to a list of recipients with a body that I would assemble within my application logic. Which connector would be required, if any?

I believe the first 3 criteria point to "Power Automate?"

What would really help me is a list of "buzzwords" of technology I should look into to build my solution, like programming languages I could use, "services" or "components" (like "connectors") I need to use as one of the "big building blocks" requires to build my solution, etc.

Once I have that "big picture" in front of my eyes, I should be able to "walk on my own."

If there is a tutorial for people who want to accomplish the above, pointers to it would be very welcome.

Many thanks for your help.

Kind regards,

Ralf

Categories:
Building flows
I have the same question (0)
  • grantjenkins Profile Picture
    grantjenkins 11,063 Moderator on at

    My suggestion would be to find out who in your company looks after Power Platform (Power Apps and Power Automate). Then go through what you're looking to achieve with them. They will hopefully guide you as to what's possible (they would have locked down stuff), and how you can move forward.

     

    For the trigger you would be looking to use a Recurrence which can run on a schedule and allow you to run the flow ad-hoc.

     

    You might be looking to use Microsoft Entra ID (previously called Azure AD) to do what you're asking. However, I'd think given you're in a large company, your IT team likely wouldn't allow you to modify groups directly from Power Automate.

     

    With regards to the Power Platform Environment - that would depend on how your Power Platform have setup your overall architecture, so a discussion to be had with them.

  • ralfbergs Profile Picture
    ralfbergs 2 on at

    Thanks for your response, Grant.

    How can I find out who is responsible in our organization? Is there a place in the Power Platform where I can look this up as a user?

    Just for my understanding (because I'm a security guy I would like to fully understand these things), why would they have locked down things to disallow modifying security groups (SG) from Power Automate? Is this more risky compared to other ("traditional?") means?

    Or are you saying that ordinary (non-admin) users should be unable to modify SGs at all, regardless how -- which could make sense. (OTOH "application owners" who own a certain application could be enabled to modify their own SG, if that's possible in Azure AD... I know that I can modify my own email DLs...)

    Thanks again.

  • grantjenkins Profile Picture
    grantjenkins 11,063 Moderator on at

    I'd probably contact your IT Service Desk and ask them who looks after the Power Platform. Hard to know without understanding your company structure.

     

    I'd say the Power Platform Team likely haven't locked down Power Automate with regards to managing AD users/groups, but IT may have locked down in general from a governance perspective. In our company even group owners may not be able to update the group membership - would still require logging a request via our Service Desk and routed to the owner for approval (the process is auto-approved if the owner is the one requesting). However, your company may allow owners to fully manage their own groups, in which case all good.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Haque Profile Picture

Haque 592

#2
Valantis Profile Picture

Valantis 340

#3
11manish Profile Picture

11manish 284

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans