Home > Appendices > Appendix A - Table of Supported Workflow Scope and Actions > Table of Supported Dynamic Workflow Scope and Actions > Overview
Export to PDFTable of Supported Dynamic Workflow Scope and Actions
Table of Supported Trigger Events
The table below details the supported conditions that you can specify for a workflow.
*Note: Currently, for the File access event, only access to the following file types can be detected: MP3, WAV, CSV, DAT, GIF, JPEG/JPG, PNG, PS, PSD, SVG, TIF/TIFF, PPS, PPT, PPTX, XLS, XLSM, XLSX, AVI, MKV, MP4, MPG/MPEG, WMV, DOC/DOCX, PDF, TXT.
If the file path contains the following content, the file access cannot be detected: .js, .xss. /_catalogs/theme/, /_catalogs/masterpage/, /SiteAssets/, /User Photos/, /Style Library/.
| Trigger event | Scope | Description | Condition |
|---|---|---|---|
| User administration activities -Create/Invite user, Block user, | Tenant/Domain | The workflow will be triggered when the tenant that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities -Create/Invite user, Block user, | Container | The workflow will be triggered when the container that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities -Create/Invite user, Block user, | Role | The workflow will be triggered when the target user’s role falls into the configured scope. | Matches any of these |
| User administration activities -Create/Invite user, Block user, | User type | The workflow will be triggered when the target user type falls into the configured scope. | Equals |
| User administration activities -Create/Invite user, Block user, | Department | The workflow will be triggered when the department that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities -Create/Invite user, Block user, | Company name | The workflow will be triggered when the company name of the target user falls into the configured scope. | Matches any of these |
| User administration activities -Create/Invite user, Block user, | Office | The workflow will be triggered when the office of the target user falls into the configured scope. | Matches any of these |
| User administration activities -Create/Invite user, Block user, | City | The workflow will be triggered when the city of the target user falls into the configured scope. | Matches any of these |
| User administration activities -Create/Invite user, Block user, | Country or region | The workflow will be triggered when the country or region of the target user falls into the configured scope. | Matches any of these |
| User administration activities -Create/Invite user, Block user, | Manager | The workflow will be triggered when the manager of the target user falls into the configured scope. | Equals |
| User administration activities -Create/Invite user, Block user, | Licenses assigned | The workflow will be triggered when the licenses assigned to the target user fall into the configured scope. | Matches any of these |
| User administration activities – Delete user | Tenant/Domain | The workflow will be triggered when the tenant that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities – Delete user | Container | The workflow will be triggered when the container that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities – Delete user | Role | The workflow will be triggered when the target user’s role falls into the configured scope. | Matches any of these |
| User administration activities – Delete user | User type | The workflow will be triggered when the target user type falls into the configured scope. | Equals |
| User administration activities – Delete user | Department | The workflow will be triggered when the department that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities – Delete user | Company name | The workflow will be triggered when the company name of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Delete user | Office | The workflow will be triggered when the office of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Delete user | City | The workflow will be triggered when the city of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Delete user | Country or region | The workflow will be triggered when the country or region of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Delete user | Manager | The workflow will be triggered when the manager of the target user falls into the configured scope. | Equals |
| User administration activities – Block user | Tenant/Domain | The workflow will be triggered when the tenant that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities – Block user | Container | The workflow will be triggered when the container that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities – Block user | Role | The workflow will be triggered when the target user’s role falls into the configured scope. | Matches any of these |
| User administration activities – Block user | Department | The workflow will be triggered when the department that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities – Block user | Company name | The workflow will be triggered when the company name of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Block user | Office | The workflow will be triggered when the office of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Block user | City | The workflow will be triggered when the city of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Block user | Country or region | The workflow will be triggered when the country or region of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Block user | Manager | The workflow will be triggered when the manager of the target user falls into the configured scope. | Equals |
| User administration activities – Update user | Tenant/Domain | The workflow will be triggered when the tenant that the target user is in falls into the configured scope. | Matches any of these |
| User administration activities – Update user | Role | The workflow will be triggered when the target user’s role falls into the configured scope. | Matches any of these |
| User administration activities – Update user | User type | The workflow will be triggered when the target user type falls into the configured scope. | Equals |
| User administration activities – Update user | Department | The workflow will be triggered when the original and new department that the target user is in falls into the configured scope. | Any |
| User administration activities – Update user | Department | The workflow will be triggered when the original and new department that the target user is in falls into the configured scope. | Matches |
| User administration activities – Update user | Company name | The workflow will be triggered when the company name of the target user falls into the configured scope. | Matches any of these |
| User administration activities – Update user | Office | The workflow will be triggered when the original and new offices of the target user falls into the configured scope. | Any |
| User administration activities – Update user | Office | The workflow will be triggered when the original and new offices of the target user falls into the configured scope. | Matches |
| User administration activities – Update user | City | The workflow will be triggered when the original and new city of the target user falls into the configured scope. | Any |
| User administration activities – Update user | City | The workflow will be triggered when the original and new city of the target user falls into the configured scope. | Matches |
| User administration activities – Update user | Country or region | The workflow will be triggered when the original and new country or region of the target user falls into the configured scope. | Any |
| User administration activities – Update user | Country or region | The workflow will be triggered when the original and new country or region of the target user falls into the configured scope. | Matches |
| User administration activities – Update user | Manager | The workflow will be triggered when the manager of the target user falls into the configured scope. | Equals |
| User administration activities – Update user | Job title | The workflow will be triggered when the original and new job title of the target user falls into the configured scope | Any |
| User administration activities – Update user | Job title | The workflow will be triggered when the original and new job title of the target user falls into the configured scope | Matches |
| User administration activities – Update user | Licenses assigned | The workflow will be triggered when the original and new licenses assigned to the target user fall into the configured scope | Any |
| User administration activities – Update user | Licenses assigned | The workflow will be triggered when the original and new licenses assigned to the target user fall into the configured scope | Matches |
| Membership change – Add user to Team | Tenant/Domain | The workflow will be triggered when the tenant or domain of the Team falls into the configured scope. | Matches any of these |
| Membership change – Add user to Team | Container | The workflow will be triggered when the container that the Team is in falls into the configured scope. | Matches any of these |
| Membership change – Add user to Team | User type | The workflow will be triggered when the user type of the newly added member falls into the configured scope. | Equals |
| Membership change – Add user to Group | Group type | The workflow will be triggered when the type of the Group with new member added falls into the configured scope.*Note: Currently, only Microsoft 365 Groups can trigger a dynamic workflow when a new member is added. | Equals |
| Membership change – Add user to Group | Tenant/Domain | The workflow will be triggered when the tenant or domain of the Group falls into the configured scope. | Matches any of these |
| Membership change – Add user to Group | Container | The workflow will be triggered when the container that the Group is in falls into the configured scope. | Matches any of these |
| Membership change – Add user to Group | User type | The workflow will be triggered when the user type of the newly added member falls into the configured scope. | Equals |
| Membership change – Add user to SharePoint site | Tenant/Domain | The workflow will be triggered when the tenant or domain of the site falls into the configured scope. | Matches any of these |
| Membership change – Add user to SharePoint site | Container | The workflow will be triggered when the container that the site is in falls into the configured scope. | Matches any of these |
| Membership change – Add user to SharePoint site | User type | The workflow will be triggered when the user type of the newly added member falls into the configured scope. | Equals |
| Membership change – Add user to Group team site | Tenant/Domain | The workflow will be triggered when the tenant or domain of the site falls into the configured scope. | Matches any of these |
| Membership change – Add user to Group team site | Container | The workflow will be triggered when the container that the site is in falls into the configured scope. | Matches any of these |
| Membership change – Add user to Group team site | User type | The workflow will be triggered when the user type of the newly added member falls into the configured scope. | Equals |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Tenant/Domain | The workflow will be triggered when the tenant that the target user is in falls into the configured scope. | Matches any of these |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Container | The workflow will be triggered when the container that the target user is in falls into the configured scope. | Matches any of these |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Role | The workflow will be triggered when the target user’s role falls into the configured scope. | Matches any of these |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | User type | The workflow will be triggered when the target user type falls into the configured scope. | Equals |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Sign-in device | The workflow will be triggered when the sign-in device falls into the configured scope. | Contains |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Sign-in device | The workflow will be triggered when the sign-in device falls into the configured scope. | Does not contain |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Sign-in application | The workflow will be triggered when the sign-in application falls into the configured scope. | Contains |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Sign-in application | The workflow will be triggered when the sign-in application falls into the configured scope. | Does not contain |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Sign-in location | The workflow will be triggered when the sign-in location, including city, state or province, and country or region, of the target user falls into the configured scope. | Contains |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Sign-in location | The workflow will be triggered when the sign-in location, including city, state or province, and country or region, of the target user falls into the configured scope. | Does not contain |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | IP address | The workflow will be triggered when the IP address of the target user falls into the configured scope. | Within |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | IP address | The workflow will be triggered when the IP address of the target user falls into the configured scope. | Outside |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Company name | The workflow will be triggered when the company name of the target user falls into the configured scope. | Matches any of these |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Department | The workflow will be triggered when the department of the target user falls into the configured scope. | Matches any of these |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Office | The workflow will be triggered when the office of the target user falls into the configured scope. | Matches any of these |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | City | The workflow will be triggered when the city of the target user falls into the configured scope. | Matches any of these |
| Suspicious User activities – Failed sign-in*Note: A Microsoft Entra ID P1 or P2 license is required to detect this trigger event. | Country or region | The workflow will be triggered when the country or region of the target user falls into the configured scope. | Matches any of these |
| Suspicious User activities - File access | Tenant | The workflow will be triggered when the tenant of the accessed file falls into the configured scope. | Matches any of these |
| Suspicious User activities - File access | Container | The workflow will be triggered when the container that the accessed file is in falls into the configured scope. | Matches any of these |
| Suspicious User activities - File access | Sensitivity level | The workflow will be triggered when the sensitivity level of the accessed file falls into the configured scope. | Equals |
| Suspicious User activities - File access | Operator user type | The workflow will be triggered when the user type of the user who accessed the file falls into the configured scope. | Equals |
| Suspicious User activities - File access | Operator role | The workflow will be triggered when the role of the user who accessed the file falls into the configured scope. | Matches any of these |
| Suspicious User activities - File access | Operator IP | The workflow will be triggered when the IP address of the user who accessed the file falls into the configured scope. | Equals |
| Suspicious User activities - File access | Operator IP | The workflow will be triggered when the IP address of the user who accessed the file falls into the configured scope. | Does not equal |
| Suspicious User activities - File access | Operator IP | The workflow will be triggered when the IP address of the user who accessed the file falls into the configured scope. | Within |
| Suspicious User activities - File access | Operator IP | The workflow will be triggered when the IP address of the user who accessed the file falls into the configured scope. | Outside |
| Suspicious User activities - File access | Operator domain | The workflow will be triggered when the domain of the user who accessed the file falls into the configured scope. | Matches any of these |
| Suspicious User activities - File access | Operator domain | The workflow will be triggered when the domain of the user who accessed the file falls into the configured scope. | Matches none of these |
| Suspicious User activities - Password reset/change | Tenant/Domain | The workflow will be triggered when the tenant of the user whose password has been reset/changed falls into the configured scope. | Matches any of these |
| Suspicious User activities - Password reset/change | Container | The workflow will be triggered when the container of the user whose password has been reset/changed falls into the configured scope. | Matches any of these |
| Suspicious User activities - Password reset/change | Role | The workflow will be triggered when the role of the user whose password has been reset/changed falls into the configured scope. | Matches any of these |
| Suspicious User activities - Password reset/change | Operator domain | The workflow will be triggered when the domain of the user who resets/changes others’ passwords falls into the configured scope. | Matches any of these |
| Suspicious User activities - Password reset/change | Operator domain | The workflow will be triggered when the domain of the user who resets/changes others’ passwords falls into the configured scope. | Matches none of these |
| Suspicious User activities - Password reset/change | Department | The workflow will be triggered when the department of the user whose password has been reset/changed falls into the configured scope. | Matches any of these |
| Suspicious User activities - Password reset/change | Company name | The workflow will be triggered when the company name of the user whose password has been reset/changed falls into the configured scope. | Matches any of these |
| Suspicious User activities - Password reset/change | Country or region | The workflow will be triggered when the country or region of the user whose password has been reset/changed falls into the configured scope. | Matches any of these |
| Power Platform > Create workspace | Tenant | The workflow will be triggered when the tenant in which the workspace is created falls into the configured scope. | Matches any of these |
| Power Platform > Create workspace | Container | The workflow will be triggered when the container in which the workspace is created falls into the configured scope. | Matches any of these |
| Power Platform > Create workspace | State | The workflow will be triggered when the status of the created workspace falls into the configured scope. | Matches any of these |
| Power Platform > Create workspace | Contacts | The workflow will be triggered when the contacts of the created workspace falls into the configured scope. | Equals |
| Power Platform > Create workspace | Contacts | The workflow will be triggered when the contacts of the created workspace falls into the configured scope. | Contains |
| Power Platform > Create workspace | Workspace OneDrive | The workflow will be triggered when the workspace OneDrive of the created workspace falls into the configured scope. | Equals |
| Power Platform > Create workspace | Workspace OneDrive | The workflow will be triggered when the workspace OneDrive of the created workspace falls into the configured scope. | Contains |
| Power Platform > Create workspace | Template app enabled | The workflow will be triggered when the template app enable status of the created workspace falls into the configured scope. | Matches any of these |
| Power Platform > Create workspace | App updates by contributors | The workflow will be triggered when the contributor’s app update setting of the created workspace falls into the configured scope. | Matches any of these |
| Power Platform > Create connection | Specific connector | The workflow will be triggered when the newly created connection is of a connector in the configured scope. | Matches any of these |
| Power Platform > Create connection | Premium tier connector | The workflow will be triggered when the newly created connection is or is not of a premium tier connector. | Yes/No |
| Power Platform > Create canvas app | Tenant | The workflow will be triggered when the tenant in which the app is created falls into the configured scope. | Matches any of these |
| Power Platform > Create canvas app | Container | The workflow will be triggered when the container in which the app is created falls into the configured scope. | Matches any of these |
| Power Platform > Create canvas app | Display name | The workflow will be triggered when the display name of the created app falls into the configured scope. | Contains |
| Power Platform > Create canvas app | Canvas app type | The workflow will be triggered when the canvas app type of the created app falls into the configured scope | Matches any of these |
| Power Platform > Create canvas app | Environment | The workflow will be triggered when the environment in which the app is created falls into the configured scope. | Matches any of these |
| Power Platform > Create canvas app | Environment type | The workflow will be triggered when the type of environment in which the app is created falls into the configured scope. | Matches any of these |
| Power Platform > Create canvas app | Creator | The workflow will be triggered when the creator of the app is any specified user. | Contains |
| Power Platform > Create canvas app | Creator status | The workflow will be triggered when the creator of the app is in a specific status. | Matches any of these |
| Power Platform > Create canvas app | Creator’s department | The workflow will be triggered when the creator of the app is in a specific department. | Equals |
| Power Platform > Create canvas app | Creator’s department | The workflow will be triggered when the creator of the app is in a specific department. | Contains |
| Power Platform > Create canvas app | App owner | The workflow will be triggered when the owner of the app is any specified user. | Contain |
| Power Platform > Create canvas app | Owner status | The workflow will be triggered when the owner of the app is in a specific status. | Matches any of these |
| Power Platform > Create canvas app | Owner user type | The workflow will be triggered when the owner of the app is a guest or member. | Equals |
| Power Platform > Create canvas app | With co-owner | The workflow will be triggered when the app has or has no co-owner. | Equals |
| Power Platform > Create canvas app | Co-owner | The workflow will be triggered when the co-owner of the app is any specified user. | Contain |
| Power Platform > Create canvas app | Co-owner disabled | The workflow will be triggered when the co-owner of the app is or is not disabled. | Equals |
| Power Platform > Create canvas app | Co-owner user type | The workflow will be triggered when the co-owner of the app is a guest or member. | Matches any of these |
On this page