A true story about the power of Microsoft Flow to get your Office 365 Tenant into trouble.

In early 2019, AskMeWhy was the victim of a Microsoft Flow attack on the company’s Office 365 tenant. Based on this anecdote, we want to raise awareness of the dangers of business automation with Microsoft Flow and to show what it can mean to make the technology available to users in the business.

It was a gray day in the winter of 2017. Actually, nothing unusual in Zurich. Specifically, Microsoft had recently released Flow to automate business tasks in Office 365 and the inauguration of Donald Trump as the 45th President of the United States was imminent.

What does President Trump have to do with Microsoft Flow?

At AskMeWhy, we live by the motto “Eat your own food”. The idea of ​​searching social media platforms for contributions and hashtags for a specific company and to publish positive contributions directly on the SharePoint corporate intranet was rated as useful and wanted to be tested.

So, I sat down at my workplace to get some experience with Microsoft Flow. For this I created a Flow, which searches Twitter tweets for a hashtag, checks the found article via Microsoft Cognitive Services for «Sentiments», and publishes the found article with a sentiment over 80 in a SharePoint list in our AskMeWhy Tenant.

Microsoft Cognitive Services or “Microsoft AI” offers a web service that analyzes texts and returns a value between 0 and 100. I rated “sentiments” worth over 80 as positive.

My first Flow was created shortly and I was waiting for entries in the SharePoint list. I waited … and waited … nothing came. I quickly realized that I would have to adjust the hashtag I was looking for in Twitter to get results in a short time. When searching for a current hashtag, I found what I was looking for and changed it to “Trump” in the Flow. Shortly after restarting the Flow I got first results – despite testing the sentiment to a value over 80. Flow worked and did its job. I was able to complete the topic and follow my daily business.

11 Million SharePoint List entries!

As part of our “Dog Food Program”, we at AskMeWhy work with our project and team workplace for Office 365 “Seamless“. In Fall 2018, our engineers migrated our project workspaces to new SharePoint Sites to take advantage of the latest SaaS release. Actually, this worked fine, with one exception. There was a SharePoint site with a big list. “Guilty” can be quickly identified in a small business and so it was, that I had be identified as responsible for the now 11 million entries in the SharePoint list – my Trump Flow did a great job.

“The list can be deleted,” I told the Engineers. Easier said than done, because the SharePoint list with 11 million entries could not be deleted. “We do it by powershell script,” the answer came back. After 3 days, lots of attention and reboots after timeouts, 900’000 Trump list entries were deleted. “We delete the site collection,” the engineers said, which also worked. We were back on track.

Why is our SharePoint search so slow?

A few weeks ago, four months after the Trump list and the Site Collection were deleted, we noticed that our SharePoint search was slow. A search query took up to 15 seconds or more. We initially suspected the error in the code of Seamless. After a short analysis we realized, that the classic SharePoint search on our Office 365 tenant was just as slow or even no results were found. You guess it right. When we searched Trump” many results were returned. The Trump list was deleted, but the search index still contained the 11 million list entries.

After a short internal discussion, we contacted Microsoft Office 365 Support with a request to reset our search index. After two weeks and several phone calls (for reasons of compliance MS Support is not allowed to use either MS Teams or Skype) the search index was successfully reset. The seamless search and the classic SharePoint search deliver now results under 3 seconds.

What’s the moral?

  • Microsoft Flow is a strong candidate for cross-platform business automation
  • Microsoft Flows may be independently created and executed by employees provided the service is provided through License Activation. As a result, MS Flow employees should be offered only if they have the necessary know-how and effects known.
  • The productive Office 365 tenant should not be used for testing.
  • Deleting site collections and lists does not automatically delete the entries in the SharePoint Search Index
  • Last but not least, Microsoft Flows can be paused by the user.