Team @mention in private channels using Microsoft Graph in Power AutomateFlow Microsoft 365 Microsoft Teams
If you are trying to perform an action in Power Automate and find that out-of-the-box actions do not suffice, perhaps using Microsoft Graph in an HTTP call will get the job done.
I recently had a requirement to @mention the team in a team private channel. It is possible to do an @mention to an individual but what if you want to notify everyone in the team channel about an important event?
Here is where Microsoft Graph using delegated permissions can get the requirement across the line. Kudos to Laura Kokkarinenn on her great blog for pointing me towards Microsoft Graph.
This solution does require two Premium actions, the Key Vault and HTTP. Whilst the Key Vault is recommended for security it is not essential but the Premium HTTP is required.
The first requirement is setting up an Application Registration in Azure Active Directory to use for OAuth 2.0 authentication in your HTTP Graph calls.
Create a new application:
Give it a meaningful name and go with the default choices, then select Register. On the next screen where you choose Call APIs. You will get a default User.read, select Add a permission and on the next screen select Microsoft Graph.
Then, depending on the requirements on your solution, Delegated or Application permissions. In my particular case to be able to use Channel.Message.Send, this was only available as a Delegated Permission.
Select the permissions the application needs:
Now that you have an application with the requisite permissions, create a client secret.
At this point when the client secret displays, copy the ‘Value’ column as this will be obscured when you next view the secret details.
Important: copy this key as you will need this in the Azure Key Vault to use in the Power Automate solution. If you write it down somewhere, ensure it is encrypted/protected.
Go back to the Overview tab for your new application and note the Directory (tenant) ID and the Application (client) ID.
The Client Secret, and the Service Account (non-MFA) account password for use in the Power Automate solution are sensitive information, we would recommend setting up a Key Vault and storing the sensitive information in the Key Vault Secrets. Power Automate has actions to access the Key Vault but these are Premium actions.
Create your new Power Automate Workflow, with a manual trigger, then setup variables for:
The first three, TenantID, ClientID and ClientSecret you already have noted from the Azure AD Application.
Finding the TeamGUID is most easily obtained from the Teams Admin Centre, click on the Team and the GUID is in the browser address bar. Similarly, clicking on the channel will show the ChannelGUID in the address bar. Typically in the format of 19:[email protected].
Set up a new Connection to the Azure Key Vault which will allow you to use the Out-of-the-box workflow Actions to get the keys for the remaining two variables.
Now that we have our variables all set up, with secret encoded using a Compose and channelGUID we will use an HTTP Graph call to obtain a valid access token.
Note : this again is a Premium action.
Use an HTTP POST action to:
As always with an HTTP request, run the workflow once now so that you can get the output schema from a successfully run.
Use the Body JSON to generate your schema
Lastly, add Bearer as a prefix to your token.
Important that there is a space between the word Bearer and the token.
Add any logic your solution requires and to post an @Mention to the whole Team in your Private Channel use an HTTP POST as follows.
Authorization : <variables(AuthorizationHeaderValue>
“content”: “<at id=\”0\”><variables(‘ChannelName’)></at><p>YOUR MESSAGE TO THE TEAM</p>”,
This will then generate the message posted to the team such that all the members of that channel will get an alert.
If you have any difficulty with the formatting of the JSON in the body, it is always worth using https://developer.microsoft.com/en-us/graph/graph-explorer to test your syntax.