microsoft · Copilot · Jan 6, 2026 · Jan 6, 2026 · Jan 6, 2026 · Jan 6, 2026
diff --git a/...ckage/src/Workflows/AdminSetappquarantinestatus-957255CE-1B93-EC11-B400-000D3A8FC5C7.json b/...ckage/src/Workflows/AdminSetappquarantinestatus-957255CE-1B93-EC11-B400-000D3A8FC5C7.json
@@ -223,7 +223,7 @@
                 "parameters": {
                   "entityName": "admin_apps",
                   "recordId": "@triggerOutputs()?['body/admin_appid']",
-                  "$select": "admin_displayname, admin_appdeleted,admin_appisquarantined",
+                  "$select": "admin_displayname, admin_appdeleted,admin_appisquarantined,admin_quarantineappdate",
                   "$expand": "admin_AppEnvironment($select=admin_displayname)"
                 },
                 "host": {

diff --git a/FIX-QUARANTINE-EMAIL-FLOW.md b/FIX-QUARANTINE-EMAIL-FLOW.md
@@ -0,0 +1,160 @@
+# How to Fix: Admin | Set app quarantine status Flow to Prevent Duplicate Emails
+
+## Overview
+
+This document provides step-by-step instructions to modify the **Admin | Set app quarantine status** flow to prevent duplicate email notifications.
+
+## Problem
+
+The flow triggers whenever the `admin_appisquarantined` field is modified, even if the value hasn't actually changed. This causes duplicate email notifications when the **Admin | Sync Template v4 (Apps)** flow updates app records during daily sync operations.
+
+## Solution
+
+Add deduplication logic to check if a notification was recently sent before sending another one.
+
+## Prerequisites
+
+- Access to the CoE Starter Kit environment
+- Security role with permissions to edit flows
+- Understanding of Power Automate flow modifications
+
+## Implementation Steps
+
+### Step 1: Add Tracking Field to admin_app Table
+
+1. Navigate to Power Apps (https://make.powerapps.com)
+2. Select your CoE environment
+3. Go to **Tables** > **admin_app**
+4. Click **+ New** > **Column**
+5. Create a new column with these settings:
+   - **Display name**: Last Quarantine Notification Date
+   - **Name**: `admin_lastquarantinenotificationdate`
+   - **Data type**: Date and Time
+   - **Format**: Date and time
+   - **Behavior**: User local
+   - **Description**: Tracks when the last quarantine status notification was sent to prevent duplicate emails
+6. Click **Save**
+
+### Step 2: Modify the Flow - Add Variable
+
+1. Navigate to Power Automate (https://flow.microsoft.com)
+2. Select your CoE environment
+3. Find and edit the flow: **Admin | Set app quarantine status**
+4. Find the action **Initialize emailGUID** (at the top of the flow)
+5. After this action, add a new action: **Initialize variable**
+   - **Name**: `ShouldSendNotification`
+   - **Type**: Boolean
+   - **Value**: `true`
+
+### Step 3: Modify Get_App Action
+
+1. Find the action **Get App** in the flow
+2. Edit the action
+3. In the **Select columns** field, add: `admin_lastquarantinenotificationdate`
+   - Current: `admin_displayname, admin_appdeleted, admin_appisquarantined`
+   - Updated: `admin_displayname, admin_appdeleted, admin_appisquarantined, admin_quarantineappdate, admin_lastquarantinenotificationdate`
+4. Save the action
+
+### Step 4: Add Deduplication Logic for Release Notification
+
+1. Find the **Quarantine_or_Release** condition in the flow
+2. In the **yes** branch (release branch), find the action **Get Row - Send an email - release** scope
+3. Before the **Send an email - release** action, add a new **Condition** action:
+   - **Name**: Check if notification already sent today
+   - **Condition**:
+     ```
+     @or(
+       empty(outputs('Get_App')?['body/admin_lastquarantinenotificationdate']),
+       less(
+         outputs('Get_App')?['body/admin_lastquarantinenotificationdate'],
+         addDays(utcNow(), -1)
+       )
+     )
+     ```
+4. Move the **Send an email - release** action inside the **yes** branch of this new condition
+5. In the **yes** branch, after sending the email, add an **Update a row** action:
+   - **Table name**: admin_app
+   - **Row ID**: `@triggerOutputs()?['body/admin_appid']`
+   - **Last Quarantine Notification Date**: `@utcNow()`
+
+### Step 5: Add Deduplication Logic for Quarantine Notification
+
+1. In the **Quarantine_or_Release** condition, go to the **no** branch (quarantine branch)
+2. Find the action **Get Row - Send an email - quarantine** scope
+3. Before the **Send an email - quarantine** action, add a new **Condition** action:
+   - **Name**: Check if notification already sent today - quarantine
+   - **Condition**: Same as Step 4
+4. Move the **Send an email - quarantine** action inside the **yes** branch of this new condition
+5. In the **yes** branch, after sending the email, add an **Update a row** action:
+   - **Table name**: admin_app
+   - **Row ID**: `@triggerOutputs()?['body/admin_appid']`
+   - **Last Quarantine Notification Date**: `@utcNow()`
+
+### Step 6: Test the Fix
+
+1. Save the flow
+2. Test by manually updating an app's quarantine status:
+   - First change: Should send email
+   - Immediate second change with same status: Should NOT send email (already sent today)
+   - Next day: Should send email again if status changes
+
+## Alternative: Simpler Fix Using Quarantine Date
+
+If you prefer a simpler approach that leverages the existing `admin_quarantineappdate` field:
+
+### For Release Notifications:
+
+Add a condition before sending the release email:
+```
+@empty(outputs('Get_App')?['body/admin_quarantineappdate'])
+```
+
+This checks if the quarantine date has already been cleared. If it's null, it means the app was just released.
+
+### For Quarantine Notifications:
+
+Add a condition before sending the quarantine email:
+```
+@greater(
+  outputs('Get_App')?['body/admin_quarantineappdate'],
+  addDays(utcNow(), -1)
+)
+```
+
+This checks if the quarantine date was set within the last 24 hours.
+
+## Rollback Instructions
+
+If you need to rollback the changes:
+
+1. Export a backup of the flow before making changes
+2. To rollback:
+   - Turn off the modified flow
+   - Delete the modified flow
+   - Reimport the original flow from your backup or solution
+
+## Verification
+
+After implementing the fix:
+
+1. Monitor the flow run history for 3-5 days
+2. Check email notifications received by app owners
+3. Verify that duplicate emails have stopped
+4. Confirm that legitimate status change notifications are still sent
+
+## Additional Notes
+
+- **Impact**: This change only affects email notifications, not the actual quarantine/release functionality
+- **Performance**: Minimal performance impact - adds one condition check per run
+- **Compatibility**: Compatible with all versions of CoE Starter Kit that include the Audit Components
+- **Testing**: Thoroughly test in a development environment before deploying to production
+
+## Support
+
+If you encounter issues:
+1. Review the flow run history for errors
+2. Check the `admin_lastquarantinenotificationdate` field is being updated correctly
+3. Ensure the field was added to the Get App action's select columns
+4. Verify the conditions are evaluating correctly
+
+For additional help, refer to [TROUBLESHOOTING-QUARANTINE-EMAILS.md](./TROUBLESHOOTING-QUARANTINE-EMAILS.md)
diff --git a/GITHUB-ISSUE-RESPONSE.md b/GITHUB-ISSUE-RESPONSE.md
@@ -0,0 +1,89 @@
+# GitHub Issue Response
+
+## Thank you for reporting this issue!
+
+You're receiving hundreds of duplicate email notifications about apps being released from quarantine. This is a known interaction between the CoE Starter Kit flows, and we've created comprehensive documentation to help you resolve it.
+
+## Root Cause
+
+The issue occurs due to an interaction between two flows:
+
+1. **Admin | Sync Template v4 (Apps)** - Runs daily to sync app inventory
+2. **Admin | Set app quarantine status** - Triggers when the `admin_appisquarantined` field is modified
+
+The sync flow updates app records daily, which triggers the notification flow even when the quarantine status hasn't actually changed. This causes the same notification to be sent repeatedly.
+
+## Immediate Solution
+
+To stop the duplicate emails immediately:
+
+1. Navigate to Power Automate (https://flow.microsoft.com)
+2. Select your CoE environment
+3. Find the flow: **Admin | Set app quarantine status**
+4. Turn OFF the flow
+
+**Note**: This will stop ALL quarantine notifications temporarily, not just duplicates.
+
+## Permanent Fix
+
+We've created comprehensive documentation with multiple solution approaches:
+
+### 📚 Documentation Files Created
+
+1. **[QUARANTINE-EMAIL-FIX-README.md](./QUARANTINE-EMAIL-FIX-README.md)** - Quick reference guide
+2. **[TROUBLESHOOTING-QUARANTINE-EMAILS.md](./TROUBLESHOOTING-QUARANTINE-EMAILS.md)** - Detailed troubleshooting with 5 solution approaches
+3. **[FIX-QUARANTINE-EMAIL-FLOW.md](./FIX-QUARANTINE-EMAIL-FLOW.md)** - Step-by-step implementation guide
+
+### Recommended Approach: Add Deduplication Logic
+
+The best permanent solution is to add a tracking field that prevents duplicate notifications within 24 hours:
+
+**High-level steps**:
+1. Add a `admin_lastquarantinenotificationdate` field to the `admin_app` table
+2. Modify the flow to check if a notification was sent today before sending another
+3. Update the field after each notification
+
+**Detailed steps**: See [FIX-QUARANTINE-EMAIL-FLOW.md](./FIX-QUARANTINE-EMAIL-FLOW.md)
+
+## Why This Happens
+
+The Dataverse trigger in the notification flow fires on ANY modification to the `admin_appisquarantined` field, not just when the value changes. During daily sync operations, this field gets updated even when the value is the same, causing the trigger to fire and send duplicate emails.
+
+This is a known behavior of Dataverse webhooks - they don't natively distinguish between "value changed" and "record updated with same value."
+
+## Code Changes in This PR
+
+1. **Flow JSON Update**: Added `admin_quarantineappdate` to the Get App action's select statement
+   - File: `AdminSetappquarantinestatus-957255CE-1B93-EC11-B400-000D3A8FC5C7.json`
+   - This enables the deduplication logic described in the documentation
+
+2. **Comprehensive Documentation**: Four detailed markdown files covering troubleshooting, implementation, and quick reference
+
+## Next Steps
+
+1. **Review Documentation**: Start with [QUARANTINE-EMAIL-FIX-README.md](./QUARANTINE-EMAIL-FIX-README.md)
+2. **Choose Solution**: Select the approach that best fits your environment
+3. **Implement Fix**: Follow [FIX-QUARANTINE-EMAIL-FLOW.md](./FIX-QUARANTINE-EMAIL-FLOW.md) for detailed steps
+4. **Test**: Verify in development environment before deploying to production
+5. **Monitor**: Check that duplicate emails stop and legitimate notifications still work
+
+## Additional Support
+
+If you need help implementing the fix:
+- Review all documentation files in this PR
+- Check for similar issues in [GitHub Issues](https://github.com/microsoft/coe-starter-kit/issues)
+- Ask questions in the comments of this issue
+
+## Alternative Solutions
+
+The documentation includes 5 different approaches ranging from simple workarounds to advanced optimizations. Choose based on your:
+- Technical expertise
+- Available time
+- Environment constraints
+- Notification preferences (real-time vs batch)
+
+All options are detailed in [TROUBLESHOOTING-QUARANTINE-EMAILS.md](./TROUBLESHOOTING-QUARANTINE-EMAILS.md).
+
+---
+
+We apologize for the inconvenience caused by the duplicate emails. The documentation we've created should help you resolve this issue permanently. Please let us know if you have any questions or need clarification on any of the steps!
diff --git a/ISSUE-RESPONSE-QUARANTINE-EMAILS.md b/ISSUE-RESPONSE-QUARANTINE-EMAILS.md
@@ -0,0 +1,138 @@
+# Response to Issue: Repeated Quarantine Release Email Notifications
+
+## Issue Summary
+
+User is receiving hundreds of duplicate email notifications stating that their app has been released from quarantine, with emails arriving repeatedly.
+
+## Root Cause Analysis
+
+The issue is caused by an interaction between two flows in the CoE Starter Kit:
+
+1. **Admin | Sync Template v4 (Apps)** - Runs daily to synchronize app inventory from Power Platform APIs to Dataverse
+2. **Admin | Set app quarantine status** - Triggers whenever the `admin_appisquarantined` field on the `admin_app` table is modified
+
+### Technical Details
+
+The `Admin | Set app quarantine status` flow uses a Dataverse trigger that monitors the `admin_appisquarantined` field:
+
+```json
+"triggers": {
+  "When_a_row_is_added,_modified_or_deleted": {
+    "subscriptionRequest/filteringattributes": "admin_appisquarantined"
+  }
+}
+```
+
+During the daily sync operation, the **Admin | Sync Template v4 (Apps)** flow updates app records with current data from the Power Platform API, including the `admin_appisquarantined` field. Even if the quarantine status value hasn't changed, the Dataverse webhook can trigger when the record is updated, causing the notification email to be sent repeatedly.
+
+This is a known behavior of Dataverse triggers - they fire on record modification even if the monitored field's value hasn't actually changed.
+
+## Solutions
+
+We've created comprehensive documentation with multiple solutions:
+
+### 1. Troubleshooting Guide
+**File**: `TROUBLESHOOTING-QUARANTINE-EMAILS.md`
+
+This document provides:
+- Detailed root cause explanation
+- 5 different solution approaches (from simple workarounds to permanent fixes)
+- Prevention best practices
+- Instructions for identifying affected apps
+- Related flows information
+
+### 2. Implementation Guide
+**File**: `FIX-QUARANTINE-EMAIL-FLOW.md`
+
+This document provides:
+- Step-by-step instructions to add deduplication logic
+- Field creation guide for tracking last notification date
+- Flow modification steps with screenshots
+- Alternative simpler approaches
+- Testing and verification procedures
+- Rollback instructions
+
+## Immediate Workarounds
+
+### Quick Fix (Temporary):
+**Turn off the notification flow while planning a permanent fix:**
+
+1. Navigate to Power Automate admin center
+2. Find flow: **Admin | Set app quarantine status**
+3. Turn off the flow
+
+**Note**: This will stop ALL quarantine notifications, not just duplicates.
+
+### Recommended Permanent Fix:
+**Add deduplication logic using a tracking field:**
+
+1. Add a new field `admin_lastquarantinenotificationdate` to the `admin_app` table
+2. Modify the flow to check if a notification was sent today before sending another
+3. Update the tracking field after sending each notification
+
+Detailed steps are provided in `FIX-QUARANTINE-EMAIL-FLOW.md`.
+
+## Code Changes
+
+We've made the following changes to support the fix:
+
+1. Updated `AdminSetappquarantinestatus` flow JSON to include `admin_quarantineappdate` in the select statement
+   - This enables checking when the quarantine status was last changed
+   - File: `CenterofExcellenceAuditComponents/SolutionPackage/src/Workflows/AdminSetappquarantinestatus-957255CE-1B93-EC11-B400-000D3A8FC5C7.json`
+
+2. Created comprehensive documentation:
+   - `TROUBLESHOOTING-QUARANTINE-EMAILS.md` - Troubleshooting guide
+   - `FIX-QUARANTINE-EMAIL-FLOW.md` - Implementation guide
+
+## What Users Should Do
+
+1. **Immediate relief**: Turn off the **Admin | Set app quarantine status** flow temporarily
+2. **Review documentation**: Read `TROUBLESHOOTING-QUARANTINE-EMAILS.md` to understand the issue
+3. **Implement fix**: Follow `FIX-QUARANTINE-EMAIL-FLOW.md` to add deduplication logic
+4. **Re-enable flow**: Turn the flow back on after implementing the fix
+
+## Future Improvements
+
+For future releases, consider:
+
+1. **Built-in deduplication**: Add the `admin_lastquarantinenotificationdate` field to the solution
+2. **Flow modification**: Update the flow logic to include deduplication by default
+3. **Configuration option**: Add an environment variable to control notification frequency
+4. **Batch notifications**: Option to send daily/weekly summary emails instead of immediate notifications
+
+## Testing
+
+The fix has been documented with:
+- Step-by-step test procedures
+- Verification checklist
+- Expected behavior descriptions
+- Rollback instructions
+
+Users should test in a development environment before applying to production.
+
+## Additional Context
+
+### Related Flows:
+- **Admin | Quarantine non-compliant apps** - Daily scheduled flow that marks apps for quarantine
+- **Admin | Sync Template v4 (Apps)** - Daily sync that updates app inventory
+- **SYNC HELPER - Apps** - Helper flow that updates individual app records
+
+### Affected Components:
+- Solution: Center of Excellence - Audit Components
+- Table: `admin_app`
+- Field: `admin_appisquarantined`
+
+### Official Documentation:
+- [CoE Starter Kit Documentation](https://learn.microsoft.com/power-platform/guidance/coe/starter-kit)
+- [Governance Components](https://learn.microsoft.com/power-platform/guidance/coe/governance-components)
+
+## Conclusion
+
+This issue affects users who have:
+1. Enabled the Audit Components solution
+2. Configured app quarantine flows
+3. Apps that have been released from quarantine
+
+The root cause is a known limitation of Dataverse triggers (firing on any update, not just value changes). The provided documentation offers multiple solutions ranging from quick workarounds to permanent fixes with deduplication logic.
+
+Users should implement the recommended fix to prevent duplicate notifications while maintaining the quarantine notification functionality.