Contents

Get ALL SharePoint sites info using an App Registration (in EntraID) and Power Automate

 

Imagine the possibilities when you can call an API; You’re not “stuck” to only whatever is built for you. Of course, you need to expand your skills a bit on the “developer side”, but it’s really worth it. I, for one, am on the “admin side”, but the more I work with the Power Platform or even PowerShell, the more I can see the amazing solutions I can build! 😊

With that being said, in today’s post we’re going to look at how to get all the SharePoint sites (aka Site Collections) in your tenant, using an App Registration in EntraID, and Power Automate. Let’s do this!
 

App Registration

App registrations (AppReg) are really powerful. You can create an app in EntraID directly, or with PowerShell (i.e.: using the PnP PowerShell module).

By being really powerful, it means you need to be careful with not only the permissions you give that app, but also what type of permissions: Delegated permissions or Application permissions.

For this blog post, we’re going to use Application permissions with Certificate to authenticate in our flow. The API permission will be for SharePoint and have Sites.FullControl.All.

The certificate is also uploaded under Certificates & secrets for that Application (left navigation).

👉 Application permissions are used for unattended operations. This means that we don’t need to have a user interacting with whatever process you’re trying to start/schedule. Always be careful when creating Application permissions, and respect the least privileges best practice.

Creating AppReg & Certificate
Microsoft provides helpful documentation on how to create your AppReg and self-signed certificate in this article: Granting access via Azure AD App-Only.
 

What Else Do We Need?

On top of the AppReg, our flow will need:

  • Tenant ID
  • Client ID (aka AppID, once created)
  • Pfx (in Base64 once created)
  • Password (from the certificate - more on that later!)

Those are the requirements for the HTTP connector in Power Automate. Just be aware at the time of writing, this is a premium connector.
 

Power Automate

Let’s open Power Automate and create our flow. For demo purposes, I’ll use a manual trigger, but you’ll want to create a scheduled or maybe automated flow for business processes.

Next, look for the HTTP action, and configure like this:

  • URI: https://{YOUR-TENANT-NAME}.sharepoint.com/_api/v2.0/sites
  • Method: GET
  • Headers: Accept and then application/json;odata=verbose

 

In the Authentication section of the HTTP action, enter the following:

  • Authentication Type: select Active Directory OAuth
  • Tenant: {YOUR-TENANT-ID}
  • Audience: https://{YOUR-TENANT-NAME}.sharepoint.com
  • Client ID: {YOUR-APP-ID}
  • Credential Type: select Certificate
  • Pfx: {YOUR-EXTREMELY-LOOOOONG-Base64-VALUE}
  • Password: Your password for the private key when the certificate was created
     

Now, if you can save the flow, you’re on the right track! Let’s run it, and if all goes well, you should have the list of your sites.

/images/powerplatform-screenshots/get-all-sites-app-reg-power-automate-img1.png
 

/images/powerplatform-screenshots/get-all-sites-app-reg-power-automate-img2.png
 

Certificate Password
Remember earlier when I said “more on that later” when talking about the Password for the certificate as one of the prerequisites? At the time of writing, it seems that the OLD DESIGNER is requiring it as mandatory (and rightly so), but the NEW DESIGNER is not!
 

Conclusion

App registrations are super powerful and convenient. But be careful with the (level of) permissions you give them! With that particular flow, you could build on top of it to automate your governance and create fantastic reports.
 

Thanks for reading! 🙂