Governance

End Teams sprawl. Govern every workspace from creation to retirement.

Governed workspace creation with approval workflows, templates, and lifecycle management.

From $7,500one-time deployment

Get Your Copilot Readiness Score See Pricing

compass://provisioning-engine

Provisioning Request #PRV-2847In Progress

Request Submitted

Marketing Team Site

Project

Manager Approval

Approved by J. Smith

Approved

IT Review

Checking naming policy

Reviewing

Provisioning

Template: Project Site v2

Queued

Handoff & Monitor

Notify owner + lifecycle

Pending

Active Requests

Provisioned (30d)

Archived

156

Overview

Microsoft provides a binary choice for workspace creation: fully open self-service that leads to sprawl, or fully restricted creation that creates bottlenecks and shadow IT. There is no native middle ground.

Compass Provisioning Engine fills this gap with a React web application for guided self-service workspace creation, Azure Logic Apps for multi-level approval workflows, and Python Azure Functions for provisioning execution via Graph API. Users submit workspace requests through a clean web interface that enforces naming conventions, captures metadata, and applies templates. Approvers receive Teams Adaptive Cards or email notifications with Approve/Reject actions powered by Azure Logic Apps. Upon approval, an Azure Function creates the workspace using Graph API with pre-configured permissions, channels, sensitivity labels, and folder structures.

Use Cases

Governed Teams and SharePoint creation
Project-based workspace lifecycle management
Mergers and acquisitions workspace setup
Department onboarding automation

Key Features

React web application for guided workspace request submission

Multi-level approval workflows via Azure Logic Apps (Teams Adaptive Cards + email fallback)

Graph API provisioning: Teams, SharePoint sites, Microsoft 365 Groups with full configuration

Content-rich templates: pre-populated folders, channels, Planner tasks, and default pages

Naming convention enforcement and metadata capture at creation time

Sensitivity label application during provisioning

Lifecycle management: inactivity detection, owner notification workflows, attestation, automated archival

Azure SQL tracking database for complete provisioning audit trail

No Power Automate licensing required - Logic Apps Consumption costs pennies per workflow run

No Power Apps licensing required - React frontend runs on Azure Static Web Apps ($9/month)

Technical Architecture

Deployed in your tenant

Your Microsoft 365 Tenant

React FrontendRequest form

Azure Logic AppsApproval workflows

Python Azure FunctionsProvisioning engine

MS Graph APITeams/SP creation

Azure SQLAudit trail

trigger

compute

api

storage

action

All components run in your Azure subscription

71% of IT leaders report Copilot introduces additional security risks by surfacing overshared content from abandoned workspaces. Provisioning governance ensures every workspace is created with proper permissions and retired when no longer needed - preventing Copilot from surfacing stale, sensitive content.

Ready to deploy Provisioning Engine?

Book a consultation and we will walk through your tenant to show exactly how this product maps to your requirements.

Get Your Copilot Readiness Score See all pricing

Analytics Retention

Power Platform Backup