Menu Close

Enable Whistleblowing in your Office365


PowerApps can participate in organization modernization in many ways. And I’d like to show you some example. Imagine following scenarios:

  • You’ve seen how a colleague sends confidential documents to his private email. Or…
  • By accident, you heard two colleagues talking about “dorabianiu” at the expense of the health of patients by ordering unnecessary radiological examinations. Or…
  • In the network, one of your colleagues has published an offensive text that hits the brand of the company in which you work. Or…
  • You and a few colleagues from work are the object of mobbing and microaggressive behaviors

I hope you don’t know what I’m writing about but unfortunately many of the above situations really happened: example1, example2, example3.

Such incidents may put significant questions marks on your organization reputation, reliability and honesty followed by financial penalties depending on the seriousness of the offense. So to protect your organization Microsoft provides multiple different tools such as Azure RMS (Azure Rights Management), DLP (data loss prevention) and retention policies. But non of those tools gives you an easily accessible way to pass on information concerning wrongdoing in safe and anonymous manner. That inspired me to create a solution that will fill the gap.

Enable whistleblowing

72 per cent of Canadian survey respondents recognize cyber crime as a risk, many still don’t fully understand the potential impact a cyber breach can have on the business

Financial Post article

The original article of the above quote also noticed that enabling whistleblowing allow for early identification of issues and is critical for ability to manage risk. That inspired me to create a solution integrated with O365 that will respect user anonymity – at least on the data access level.

I’m a huge fun of PowerApps but unfortunately they do not allow for guest access (at least not yet! ?) and I was wondering if that’s hard limitation. Maybe there is some workaround? There must be. And with a small help of Microsoft Flow I was able to create a solution that:

  • Allow for anonymized creation of new submission
  • View, Edit ones submissions in anonymized manner
  • Correspond with assigned admin in anonymized manner
  • As Admin you can access all submissions as well as filter submissions by status (i.e. only those submissions that waits for your action)

Power Whistleblowing app – user view

This is animated view – If gif is not animating click here

Another view (this time just a screenshot)

Power Whistleblowing app has also an admin view

This is animated view – If gif is not animating click here

Power Whistleblowing architecture

The architecture of above solution is simple:

  1. PowerApp gets information from a user and pass to flow. On this stage everything is personalized. We know who send what.
  2. Flow pass over HTTP request to another flow with parameters of newly created item (for submission it’s: Title, Description, Category; for Comment it’s: Author GUID, Submission GUID, Comment). This is the moment where we lost all context information (except data that are essential for the business logic) and imply anonimization
  3. For newly created submission we need to generate Author GUID (I’ll explain later what is its role) and pass it back to first Flow.
  4. For newly created submissions the Flow expects the Author GUID and pass it back to PowerApps app
  5. Both for new submission and new comment all information are saved in SharePoint Online impersonated as Service Account. We don’t know who is original creator of the record, we only have some Author GUID

Why do we need Author GUID?

Author GUID is the new credentials for submitter to:

  • Check status of his submissions
  • View all his submissions
  • Leave a comment in any of the submissions (to correspond with the admin)

I find this solution really useful for an organization – what do you think? Leave me a comment! Oh and also feel free to ask freely on any other topics i.e.:

  • How to create HTTP connected Flows
  • Is it possible to build admin panel with vertical tabs (yep, it’s tricky ?)
  • How to build Regular Expression to check GUID cohesion

I don’t bite but do drink beer. You can also catch me on my fb, twitter, linkedIn or PowerUsers forum.

Just in case you want to:

  • Deploy this solution on your environment
  • Customize it for your own needs
  • Create new solution based on this one

Contact me and I will help you

…Oh, and I have a small gift for all of you that read until now – you can download this solution here. Sharing is Caring. Enjoy!

Related Posts


  1. Monzer

    Hello Mike,
    I am newbie to the world of Power Platform.
    I bumped into your page as i was looking for a whistleblowing solution using PowerApps.
    I have downloaded the package however, I have not been able to start testing it due to following reasons:

    1. I do not have the structure for the sharepoint lists though they show in the Data section
    2. I am not sure what “https://URL.OF.YOUR.HTTP.FLOW.REQUEST.TRIGGER” should refer to.

    I have tried finding a manual to implement it, unfortunately I was unable to find any.
    I hope you could assist.


  2. Andreas Schröder

    I have adopted this nice solution and changed it a little bit: I replaced the HTTP-Call of a subflow with some direct HTTP Sharepoint actions, where i can write the “Created by” and “Edited by” fields to contain a service accounts name – so anonymity is provided also.
    To do so I had to call another http sharepoint action, to set these fields to not be “readonly” anymore.
    Afterwards I just had to find out the numeric id of my service user, for which I used another Sharepoint HTTP request and write into “AuthorId” and “EditorId” within the final post call.

  3. Robert

    Hi Mike.

    I’ve downloaded zip file of your solution. When I try to import this I get an error: The solution file is invalid.

    Can you help me please?


    • Michał Guzowski

      Hm, The solution is pretty old now. I would need to update it but I’ll be able to do it next month at the earliest.

        • Michał Guzowski

          Unfortunately no improvement so far. Too much work for now. How important and urgent is this topic for you?

          • Iannis

            Hi there,

            Did you get a chance to update the solution? I am also interested in using such thing but I don’t have any experience with PowerApps or Flow.


          • Michał Guzowski

            Unfortunately no, not yet Iannis. However you’re another person asking for this, so I’m going to add “updating whistleblowing app” to my August’s tasks. I’ll do it and post it on my blog. So stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked *