Displaying a percentage with two decimal places in Power Automate

image

In this section from my Power Automate I initialise two variables (currentscore and maxscore) with values using the Set variable action. I want a third variable, sspercentage, to be equal to:

(currentscore) / (maxscore) * 100

that is, a percentage but with only two decimal places. To do that I need to use the following formula in the Set variable 3 action:

formatNumber(mul(div(variables(‘currentscore’),variables(‘maxscore’)),100),’0.00′,’en-US’)

which you will note, if you look carefully, actually results in sspercentage being a string not a float!

(div(variables(‘currentscore’),variables(‘maxscore’))

handles the division

mul(div(variables(‘currentscore’),variables(‘maxscore’)),100)

multiples the division by 100 to get the percentage value.

The 0.00 in the formula is the actual formatting that you can adjust if you need and the en-US is the language format for the number. The Microsoft reference is for the formatnumber function is here:

https://docs.microsoft.com/en-us/azure/logic-apps/workflow-definition-language-functions-reference#formatNumber

The end result looks like:

image

If the formatnumber function is not used then the result contains a lot of numbers after the decimal place and remains of type float, which I would only need if I wanted to display the value of Pi!

Incentivising Microsoft Teams contributions with Power Automate

One of the most important parts of technology adoption is incentivising people. One simple way to do this is to acknowledge their contributions in Microsoft Teams. I’ve spoken about this before using something like:

Custom Praise badges in Microsoft Teams

The challenge there is, that this is a manual process. How can the same be achieved the same kind of thing using automation I recently wondered?

What if you could automatically determine the number of chat messages that someone posted into Microsoft Teams, and then acknowledge the highest contributors with a custom ‘thank you’ message? Here’s how I managed to do just that using the Microsoft Graph and Power Automate.

The core information needed about messages posted in Microsoft Teams will come the Microsoft Graph, specifically:

getTeamsUserActivityUserDetail

The first step in this process will be to create an Azure AD application in the tenant, which I have detailed previously:

https://blog.ciaops.com/2019/04/17/using-interactive-powershell-to-access-the-microsoft-graph/

the credentials for this Azure AD application will then need to be uploaded into Azure Key Vault as I have covered here:

Uploading Graph credentials to Azure Key Vault

You’ll also need to set the API permissions for this application to :

image

Reports.Read.All

 You’ll need to trigger your Flow the way that suits you. Typically you’d schedule it to run on the first of each month. You’ll then need to use the Get secret action from the Azure Key Vault as shown above. You should also note that this is a premium connectors, so you’ll need an appropriate Power Platform license to use this.

image

Next, will be the HTTP action that also a premium connector. The URI to use here will be:

https://graph.microsoft.com/beta/reports/getTeamsUserActivityUserDetail(period=’D30’)?$format=application/json

The D30 parameter determines how many previous days to consider. Valid options for the number of days is 7,30, 90, 180 according to the documentation.

The security parameters come from the Azure Key Vault Get secret actions.

image

The data returned from this HTTP action will be in JSON format, so that is fed into the Parse JSON action as shown above.

One tricky things about parsing json is to get the right schema. When I first attempted this I received this error:

“message”: “Invalid type. Expected String but got Null.”,

After some digging I found that sometimes the lastactivitydate parameter returned a string or NULL value. Thus, I need to modify the original JSON for that parameter to accommodate both potential results:

“lastActivityDate”: {
     “type”: [
         “string”,
         “null”
     ]
},

Here the whole working JSON schema I used:

{
     “type”: “object”,
     “properties”: {
         “value”: {
             “type”: “array”,
             “items”: {
                 “type”: “object”,
                 “properties”: {
                     “reportRefreshDate”: {
                         “type”: “string”
                     },
                     “userId”: {
                         “type”: “string”
                     },
                     “userPrincipalName”: {
                         “type”: “string”
                     },
                     “lastActivityDate”: {
                         “type”: [
                             “string”,
                             “null”
                         ]
                     },
                     “isDeleted”: {
                         “type”: “boolean”
                     },
                     “deletedDate”: {},
                     “assignedProducts”: {
                         “type”: “array”
                     },
                     “teamChatMessageCount”: {
                         “type”: “integer”
                     },
                     “privateChatMessageCount”: {
                         “type”: “integer”
                     },
                     “callCount”: {
                         “type”: “integer”
                     },
                     “meetingCount”: {
                         “type”: “integer”
                     },
                     “meetingsOrganizedCount”: {
                         “type”: “integer”
                     },
                     “meetingsAttendedCount”: {
                         “type”: “integer”
                     },
                     “adHocMeetingsOrganizedCount”: {
                         “type”: “integer”
                     },
                     “adHocMeetingsAttendedCount”: {
                         “type”: “integer”
                     },
                     “scheduledOneTimeMeetingsOrganizedCount”: {
                         “type”: “integer”
                     },
                     “scheduledOneTimeMeetingsAttendedCount”: {
                         “type”: “integer”
                     },
                     “scheduledRecurringMeetingsOrganizedCount”: {
                         “type”: “integer”
                     },
                     “scheduledRecurringMeetingsAttendedCount”: {
                         “type”: “integer”
                     },
                     “audioDuration”: {
                         “type”: “string”
                     },
                     “videoDuration”: {
                         “type”: “string”
                     },
                     “screenShareDuration”: {
                         “type”: “string”
                     },
                     “hasOtherAction”: {
                         “type”: “boolean”
                     },
                     “urgentMessages”: {
                         “type”: “integer”
                     },
                     “postMessages”: {
                         “type”: “integer”
                     },
                     “replyMessages”: {
                         “type”: “integer”
                     },
                     “isLicensed”: {
                         “type”: “boolean”
                     },
                     “reportPeriod”: {
                         “type”: “string”
                     }
                 },
                 “required”: [
                     “reportRefreshDate”,
                     “userId”,
                     “userPrincipalName”,
                     “lastActivityDate”,
                     “isDeleted”,
                     “deletedDate”,
                     “assignedProducts”,
                     “teamChatMessageCount”,
                     “privateChatMessageCount”,
                     “callCount”,
                     “meetingCount”,
                     “meetingsOrganizedCount”,
                     “meetingsAttendedCount”,
                     “adHocMeetingsOrganizedCount”,
                     “adHocMeetingsAttendedCount”,
                     “scheduledOneTimeMeetingsOrganizedCount”,
                     “scheduledOneTimeMeetingsAttendedCount”,
                     “scheduledRecurringMeetingsOrganizedCount”,
                     “scheduledRecurringMeetingsAttendedCount”,
                     “audioDuration”,
                     “videoDuration”,
                     “screenShareDuration”,
                     “hasOtherAction”,
                     “urgentMessages”,
                     “postMessages”,
                     “replyMessages”,
                     “isLicensed”,
                     “reportPeriod”
                 ]
             }
         }
     }
}

image

I filtered the results produced to firstly remove users with zero messages and then I removed specific users (in this case me) from the results using the two Filter action shown above.

image

One of the limitations I found during this development process was that Flows are not very good at sorting information. It would have been nice if I could have just sorted my results from largest to smallest. I solved this but firstly creating a temporary variable into which I would store the highest number of chat messages. I then looped through all the remaining results using the Apply to Each action shown above, and set this variable to the greatest value found throughout the results.

image

I then employed another Filter action again to remove any results that didn’t match this maximum value.

The next challenge came when considering external users, who have a UPN in the format of:

user_domain.com#EXT#tenant.onmicrosoft.com

Turns out the the Power Automate lookup actions don’t seem to work using these type of UPNs, they only work with an email address apparently!

image

To solve this, I now created two more variables to use when extracting the external users email address.

image

I need to extract and create a user email address before using it in the Search for users (V2) action. To do this I used two functions inside two Set variable actions. The first is:

slice(items(‘Apply_to_each_2’)?[‘userPrincipalName’],0,lastIndexOf(items(‘Apply_to_each_2’)?[‘userPrincipalName’],’#EXT’))

which removes anything from the #EXT and beyond. This typically leaves the format of:

user_domain.com

The second function is:

replace(variables(‘EmailAddress’),’_’,’@’)

that replaces the underscore character with an “at” symbol. The output after both of these functions complete is the users full email address which I can then feed into the Search for users (V2) action to locate my user(s).

image

Now that I have the user information I can use it with the Get an @mention token for a user action and then post a message with that @mention and anything else into the Team to publicly recognise the user(s) using the Post message in a chat or channel action.

image

The end result is a nice message, like shown above, that acknowledges the user(s) for their contribution in the Microsoft Team. Best part is that now it is automated it’ll do all the hard work for you going forward!

The moral of the story here is that Power Automate combined with the Microsoft Graph can achieve just about anything you want. Yes, it does a little bit of setting up with an Azure AD application, Keyvault and so on but they are typically only once off. There is also some advanced techniques when it comes to the JSON parameters but once you start working with, it becomes easier. In short, none of that should put you off from what is possible with the Microsoft Cloud environment and putting the technology to work for you to give you more freedom and improve your business processes.

Offboarding devices from Microsoft Defender for Business using Power Automate

Recently, I wrote an article to make offboard from Microsoft Defender for Business easier:

Offboarding devices from Microsoft Defender for Business using an API with PowerShell

Because this offboarding process utilises an API we can use that with other services such as Power Automate.

Before devices can be offboarded, a list needs to be created that can be accessed by Power Automate. Refer to this article:

Get a list of devices from Defender for Business into a SharePoint list

for details about creating an inventory of devices saved to a SharePoint Online list.

image

The summary of the Flow to do this device offboarding process is shown above.

image

Once the Flow has been triggered I grab the Azure AD application credentials from the Azure Key Vault. I’ve covered off how to create an Azure AD application here:

https://blog.ciaops.com/2019/04/17/using-interactive-powershell-to-access-the-microsoft-graph/

and using a PowerShell script I wrote here:

https://blog.ciaops.com/2020/04/18/using-the-microsoft-graph-with-multiple-tenants/

Getting the Azure AD application credentials into an Azure Key Vault can be done manually or by using this scripted process I’ve covered previously:

Uploading Graph credentials to Azure Key Vault

Once they are in the Azure Key Vault they are easy to access securely using the Flow action Get secret as shown above.

image

Next comes the Get items action as shown above. This filters the list of devices using a column called Offboard and returns items that have this as Yes (or = 1 for Power Automate).

image

A new variable is then created and the initial API offboarding URL is saved into it. This will later be appended with the actual device number that is being offboarded which is required by the API.

image

For each item that was returned from the filtered list of devices (i.e. those that been selected to offboard),

image

the offboarding API URL needed to be extended to include the unique Device ID from the returned results and the string /offboard.

image

Thus URL now needs to be ingested by the HTTP action as shown above. It is important that the body contain the following JSON:

{
   “Comment”: “Offboard machine by automation”
}

This was taken from the documentation:

Offboard machine API

The other access parameters come from Azure AD application that were extracted from Azure Key Vault earlier on in the Flow.

image

Because the return from the HTTP action can vary, we now need to have a Switch action as shown above.

image

In the top right hand corner of the Switch action, select the ellipse (three dots) and then Configure run after from the menu that appears.

image

Because the result from the HTTP action could be 400 (i.e. failure or BadRequest) we still want the Flow to proceed. If the Switch action is not used the Flow will fail like so:

image

Using the Switch action and selecting both the is successful and has failed options shown above, will allow the Flow to continue on.

image

If the HTTP action does return a BadRequest, the left hand side Case condition is met. For any other return, the right hand side Case condition will be executed.

In the case of a return status code = 400, the body of the returned JSON will be parsed and the field Result will updated in the device list for that item with the Message information taken from the JSON results.

In the case of any other return code the following will be executed:

image

Once again, there could a variety of different returned status codes from the HTTP action, however here I’ll just have a single condition to see if it is successful (status code = 201) and for anything else the results will be updated to the Result field for the device in question.

image

The last action required, after the Switch, is to reset the URL variable back to the original string in case there are other devices that have been selected to offboard. Failing to do this will result in an incorrect API URL for every device after the first match.

image

What this offboarding process looks like in practice would therefore be to select which devices to offboard from the SharePoint list, by setting the Offboard column to be Yes, as shown above.

image

Once the offboard Flow has been run, the results for those selected devices are found in the Result column and Offboard column has been reset to be No for each of these, as shown above.

image

If you set the Offboard column to Yes again for this device and re-rerun the offboarding Flow,

image

the Flow runs successfully, even though a base request resulted  during the HTTP action and the information from that is captured and stored in the Result field as shown above.

There are edge case conditions this Flows doesn’t accommodate. This is normally due to the correct information not being fully populated in the portal. This typically happens in the short period you create or add add a device to Defender for Endpoint. It is simple enough to add these checks in the Flow, but for the sake of simplicity that are not included here.

This whole process again demonstrates the flexibility and capability combining APIs with Power Automate can provide. Remember, you can set this whole process up to work across multiple tenants, it doesn’t have to be restricted to just the tenant you are on. Using Power Automate allows you to easily extend a solution to maybe include email notifications, updates into a Microsoft Team and more.

So these are some ways you can offboard devices from Microsoft Defender for Business:

Via a local script

Using Endpoint Manager and Intune

Using PowerShell

and using Power Automate as detailed here.

Celebrating anniversaries with Power Automate

A very common requirement is to remind people about anniversaries. In a business this could take the form of birthdays or commencement dates. It could, however, just as easily be any sort of event that happens on a certain date.

Previously, I’ve shown how to:

Send recurring tweets using Microsoft Flow

However, in this case, instead of simply rotating through a list of posts we want to match today’s date to a date on a list and then broadcast the message that corresponds to that date entry.

image

The starting point for this process is to create a reference list containing the dates and details you wish to share. I recommend that easiest place to do this is in a SharePoint list, as shown above. Of course, this list can contain as much detail and additional columns as you wish, but for this, I’ll keep it simple and just have two fields. It is important that you have at least one column (here Dateoption) that refers to the current year in which that item will be displayed.

image

For simplicity, I have also configured my date column in the SharePoint list to exclude time and display in standard format as shown above. There is nothing stopping you using Date & Time if you wish, it just makes the filtering a little more complex later in this process.

You’ll then want to create a Power Automate Flow that looks like this:

image

It all starts with a Recurrence action that will trigger this process once a day like so:

image

If you select the Show advanced options in this action like so:

image

You can set an exact time when this Recurrence action will be triggered (say 10am). However, since this example is a daily anniversary, we only need to trigger it at any time during the day.

image

We now need our process to determine what the current date is and we can do this using the Current time action as shown above.

image

Next, add the Convert time zone action. There are two reasons for adding this action. Firstly, the Current time action returns today’s date in UTC which may cause issues if you are not in that time zone like me. Thus, I want the current time BUT I want it as a local value (i.e. to reflect the actual time in Sydney, Australia), thus the Source and Destination time zone field settings.

The second reason for the Convert time zone action is so the time value is in the right format for a comparison test later on in the process. Thus, the Format string field should be set to yyyy-MM-dd as shown.

Now, I need to add the Get items action to actually go and look at what is in my SharePoint list.

image

In this action I enter the Site Address and List name, however I also expand the advanced options to reveal the Filter Query field as shown.

image

The Filter Query field will limit the items returned by this action to only those that match the filter. Thus, I want the returned items to only be those that match today’s date, which I have correctly formatted and stored in the Converted time action result. Thus, I want to compare the date field from my SharePoint list (here Dateoption) to the Converted time result. It is important to note that I have enclosed Converted time result in single quotes (‘) to convert the value to a string for comparison. It is very important that you do that, otherwise you’ll get errors when your Flow runs.

image

With the values that the Get Items action returns you’ll need to perform a number of steps. For this you use the Apply to each action as shown above.

image

In the case of this example, I’m simply going to post the text from the Title field in the SharePoint list that matches today’s date into a chat message as shown above. Again, this action could be anything you want, in fact, I’ll talk about how I use this with Twitter later on. For now the expectation is that if there is a match in the SharePoint list for today’s date, then the text for that entry will appear in a Teams chat message.

image

We need to do one more thing before we are finished here. As this is an anniversary calendar, we want to increment the current item for today and have it reoccur on the same date next year. To do that we use the Add to time action as shown by adding 12 months to the result date we have determined as shown above.

image

Before the new date can be added back to the SharePoint list it needs to be formatted correctly. This is achieved using the Compose action as shown using the following expression:

formatDateTime(body(‘Add_to_Time’),’yyyy-MM-dd’)

You’ll notice that that date format yyyy-MM-dd is the same as the one we set in Convert time zone action earlier.

image

All that remains is to use the Update item action to update the item in the SharePoint list with the new date entry just composed. As shown above, the same SharePoint site and list is selected, along with the item ID and Title but the Dateoption field is set to contain our new formatted date output from the previous action.

You can now save your Flow and run a manual test.

image

If I look at the chat in my Team I see the expected message that matches the item Title field in the original SharePoint list.

image

Also looking at my original SharePoint list I see that the date of today’s item has been incremented twelve months as shown.

image

One of the ways that I use this process with Twitter is to regularly post anniversary dates around ANZAC participation from World War One, which are taken from my site ANZACS in France.

The idea is that that the Flow checks this list of dates and then tweets out the text in the Title field if there is a match. Then it increments the PostDate field twelve months ready for next year. You’ll also see that I have added another custom column that records the original date of action just so I can filter and sort easily. Feel free to follow @ANZACSIF to be reminded of these dates.

As I initially mentioned, I believe there are plenty of applications for this type of process in a business. The most common ones I would suggest are for staff birthday and anniversary reminders. The great thing is that with Power Automate it is easy to modify this process to suit whatever need to have. It also makes it easy to edit the events and more if you need to because all you need to do is modify the SharePoint list that this process uses.

The possibilities are endless thanks to the Power Platform.

Power Automate ODATA filter failure when field named ‘Date’

image

So, I was doing some testing with a new Flow in Power Automate. What I wanted it to do was, at a recurring time each day, look for today’s date in a list of SharePoint items and then display other values from any matching record in a Team’s chat. To prototype this out I created a very simple list with two columns, as shown above, Title and Date. Remember, the Title field is generally created for you by default when you create a basic SharePoint List.

image

In Power Automate I used a SharePoint Get Items action as shown above to get the information I wanted. To filter down to the data I used on ODATA query like:

Date eq ‘2021-12-31’

to test. Problem was, as shown above, I was getting no results that were feeding through to the next Apply to each action that followed directly after.

There were no errors indicated in my Flow. I tried a number of different format options and so on, trying to work out what the issue was.

image

The issue turned out to be the name of the field – Date – I had created in my SharePoint List! Once I created a new column called Dateoption with the same format, and entered the same data into it and removed the offending Date column, it successfully filtered data as expected and passed the result to the following Apply to each action as you can see above.

The moral of the story is that you should probably avoid naming your fields with any ‘reserved’ programming commands like ‘Date’ as I did. Make it something unique like ‘Datefield’ or whatever. Just don’t use a common term like ‘Date’ as I did or you might struggle to troubleshoot as I did here.

Hopefully, this will save you wasting the amount of time I did to solve this that you can better spend on creating your Flow!

Power Platform product release

pexels-clem-onojeghuo-175711 (1)

I am please to announce the inaugural product release from the CIAOPS Patron Power Platform Community:

Power Automate Drink Ordering System

This is a PDF document that takes your step by step through creating an automated process for bulk ordering of drinks. This solution was developed to solve the challenge or ordering many drinks at events, however it could be used for much more mundane things such as preparing complimentary drinks when guests attend a business.

This project can also be seen as a great way to start learning the Microsoft Power Platform by creating a real world process using Power Automate (Microsoft Flow). The information provided run to over 130 pages and includes screen shots and easy to follow instructions.

To celebrate the release of this inaugural product, it is being offered at a special 75% discount which you can take advantage of here:

https://directorcia.gumroad.com/l/lDekX/foundation

This special offer is available for the first 25 purchases! So if you are interested in getting your hands dirty with the Microsoft Power Platform, here’s a great opportunity to get started.

Look out for more projects coming soon from the CIAOPS Patron Power Platform Community.

Getting Message Center information into Teams

Recently, I wrote the following article:

Syncing M365 Message Center to Microsoft Planner

which took you through the process of getting Message Center information into Microsoft Planner. as good as that it is, the best place for that information should really be in Teams. The reason? With Teams people can ‘chat’ about the topics which adds far more value for an organisation in my opinion.

The good news is that it is very easy to not only sync messages with Microsoft Planner but also have them displayed in Microsoft Teams. It is all accomplished using Power Automate.

image

Create a new Flow and use the When a new task is created trigger as shown above. You’ll then need to configure this trigger action to point to the same Microsoft Plan into which you have already set up to sync with the Microsoft Message Center.

image

The next action should Get task details as shown above. You’ll need this to actually read the notes from each task, which contains the details of each item from the Message Center.

image

In my case, I save the Description field from the task into a string variable using the Initialize variable action as shown. I then use a number of separate Compose actions to search and replace text inside that variable to tidy up and format the Description field for posting into a Teams chat.

For example I remove the /r/n characters and replace them with the HTML line feed tag </br> using the following expression:

replace(variables(‘description’),decodeUriComponent(‘%0D%0A’),'</br>’)

image

Once I have the Description field formatted the way I want it then I use the Post a message (V3) action as seen above. The Title of the new task from Planner is the subject of the thread and the body is my now nicely formatted Description field, which is the data from the Message Center item.

SNAGHTML210e1093

You can see the result in a channel in Microsoft Teams above. Now others can easily add their reactions, comments and generally collaborate far easier than within Microsoft Planner.

I think having the Message center information delivered to Microsoft Teams make a lot of sense since it is a place more people will be spending more of their time generally. However, getting the Message Center information into Microsoft Teams still requires the sync configuration to a Plan first. However, once that is done, Power Automate allows you to achieve just about anything!

Using Defender for Endpoint API and Power Automate

I recently detailed:

Using Defender for Endpoint API and PowerShell

to produce this type of output

image

which is all well and good but does lack some flexibility when it comes to output as well as being something you need to manually initiate. There is way to deliver more using Power Automate.

To do this you’ll still need to complete the initial steps from the previous article and create an Azure AD app in the destination tenant and save the access information. This basically allows access to the destination tenant to extract data. However, now, rather than embedding that sensitive information inside a public script and having the credentials ‘in the open’, they can be securely stored in Azure Key Vault. This will provide a secure repository for the Azure AD app credentials while still allowing them to be readily accessible by service like Power Automate. To use Azure Key Vault you will need a paid Azure subscription.

image

In a nutshell, we want to create a basic Flow in Power Automate like that shown above. In this case it is initiated manually but it could just as easily be triggered on a schedule using the Recurrence action in Flow. Next, the required parameters are grabbed from the Azure Key Vault.

image

When you are building this Flow, if you see a dialog like shown above, it means you don’t have a Power Automate license that includes the ability to use Premium connectors like Azure Key Vault and HTTP. Licensing the Power Platform is beyond the scope of this article but, if you see that dialog you’ll probably need to purchase a stand alone license of Power Automate to gain access to the required premium connectors.

image

You construct the HTTP action as shown above, using the parameters from the Azure Key Vault to access the Azure AD app via the API URL:

https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesByMachine

that will return a list of vulnerabilities exactly like the PowerShell script did in JSON format.

image

After parsing the JSON output from the HTTP action that executes the API request, the results are mapped to a simple SharePoint list as shown.

image

Thanks to the magic of SharePoint, you get results that look like the above, which is vulnerabilities by machine, or

image

vulnerabilities by severity above, thanks to the ability to easily sort lists in SharePoint.

You’ll also notice that conditional column formatting has been applied to to highlight the severity. Yet another benefit SharePoint lists provide.

So the basis of all of this is an Azure AD app with the appropriate permissions inside a tenant that you wish to obtain information from. From there you can use an API request using PowerShell or Power Automate or whatever, to pull the desired information. The easily way to format that information is to send the results to SharePoint, as done here, to slice and dice as well as display the information any way you want.

This output could as easily have been sent to Power BI, Power Apps, an email, or any other service in Microsoft 365. That’s the benefit of using the Power Platform and things like Flow to get the information. Now the possibilities are endless.

A few important point to note about this:

1. You are in control of the permissions and credentials for obtaining the information using the API. You are not surrendering or trusting these to a third party to access the source data.

2. Credentials are save in Azure Key vault which ensure they are secure and access is controlled by you.

3. You can use this technique with just about any API to import information. All you need is the API URL and the appropriate permissions inside the Azure AD app.

4. You can extract information from multiple tenants into a single source tenant if you wish, you are not limited to just pulling information from the tenant where the Flow was created.

5. The extracted data can be mapped to any Microsoft 365 service. Here it was to SharePoint as that is the easiest, but it could just as well be sent to any Microsoft 365 service. This provides a huge amount of flexibility.

6. You can modify, enhance, extend, etc the Flow at any stage to suit any changing needs.

7. The Flow and the process it executes lives inside you Microsoft 365 tenant and is subject to all the compliance and security options that Microsoft provides here.

8. You can trigger the data extraction to happen on a scheduled basis of your choice with Flow easily.

I see lots and lots of benefits of using this process to regularly pull information from any tenant on just about anything and report it in what ever way you wish. It puts you in control of the whole process, and most importantly, the security of executing this, which in a world moving to zero trust, is a huge benefit.

Hopefully, this will inside you to start playing around with the possibilities when it comes to API and Power Automate.