Ebook

16 Microsoft 365 Tasks Easily Automated with Workflow

Below is the resource content that will be visible after form successful submission.

Introduction

How many manual tasks must an Office 365 admin slog through, boring them to tears and resulting in errors they get blamed for, before crying ‘Uncle!’?

This pain stops by figuring out how to do a task perfectly, then automating it through a workflow so it is repeatable perfectly and safely. Then do the same for all your repeatable tasks. By automating admin tasks through workflow, which include updates to the on-premises Active Directory environment, IT administrators save hours of manual effort each week – time better spent for more productive and satisfying endeavors.

Even better, everyone can use the same workflow and do the task perfectly. No more going to the onboarding expert or scratching your head when that person leaves the company! Now common Office 365 (now called Microsoft 365) admin tasks can be easily delegated – even to non-IT pros. This is the beauty of delegated administration.

Get to Work on Workflow

Microsoft 365 doesn’t come with administrative workflows built-in. Fortunately, CoreView provides a workflow solution so easily created, customizable IT admin process steps can be run automatically from the CoreView workflow engine – often in one click. These automations can reach towering levels of complexity, as many different steps are chained together and performed in the appropriate and exact sequence.

All M365 management actions can be accomplished through a workflow, including custom PowerShell scripts, opening the door to unlimited automation scenarios. In fact, CoreView’s myriad workflow templates include automations for Account Management, License Management, and Security Compliance – as well as custom actions.

Workflow is critical for one CoreView customer. “We view CoreView as experts in the field that can guide us to the most pertinent parts of the M365 ecosystem and integrate best practices into workflows,” said Tobin M. Cataldo, Executive Director – Jefferson County Library Cooperative.

Automating the Automation

There are two types of workflows designed to automate the actual kick off of the workflows – truly automating the automation. These are:

Report-Based Workflows

Workflows can be directly executed from reports. If you have a report of a risky user, a workflow can automatically perform pre-determined actions to take care of the situation.

Event-Based Workflows

Instead of taking action based on the report of a risky user, a workflow can kick off when there is a risk event, such as an attack on a user.

Security

1. Simple and Superior Security

Dealing with security alerts, as well as creating security policies and insuring compliance require the creation and performance of complex repetitive tasks. That is, without workflow. Workflows make protecting the environment orders of magnitude easier. For instance, CoreView may detect that someone downloaded 1,000 files from OneDrive when they shouldn’t. With a workflow, an admin can automatically disable their account.

2. Dealing with Risky Users – Security Orchestration, Automation and Response (SOAR)

Microsoft 365 includes risk reports showing what events IT should look into, and in many cases, which users may have been compromised. Here is an example of a four-step workflow to use in such a case:

  • Wipe user session
  • Disable user
  • Quarantine device
  • Notify IT Security

3. Event-Based Password Management

The new way to handle passwords is to not require regular expiration and resets – but only change passwords when there is a risk alert. While risk or event-based password changes are a great idea, execution isn’t so easy. “What CoreView has, which is completely unique in the industry, is we know that you’re on that risk report, and we can schedule the changes: Since you’re on it, I’m going to wipe your user session. In other words, log you out of all your applications. I’ll reset your password, notify the help desk, and notify IT security that Joe User was on a high-risk report for impossible travel, and please check A, B, and C before you re-initialize his account,” explained CoreView Solution Architect Matt Smith.

4. Event-Based Password Management

Like passwords, MFA can be dealt with based on risk events. “IT should enable risk-based multi-factor authentication activation. If you’re at risk, IT will make you authenticate. CoreView takes this a step further, which is part of our workflow. IT can wipe user sessions. Because a user token is good for eight hours by default, should IT allow the user to keep pounding on it for eight hours? No, IT should log them out right now, because they showed up on a high-risk report. An admin can block the account and notify IT security and the help desk because you showed up on an impossible travel report or on a malware on a device report, something like that,” Smith explained.

5. Keeping M365 Safe from Sketchy Mobile Devices with Workflow

Mobile devices are a prevalent M365 endpoint, so security here is paramount. In fact, managing, tracking and fixing Apple iOS and other device issues can be automated through CoreView workflows.

Case in point is a recent iOS vulnerability. To handle this, CoreView admins were given a workflow to identify iPhones with an older OS, or still using the IOS Mail App, and update iOS or move users off the iOS Mail App.

Knowing that these iOS MailDemon attacks are in the wild with millions of non-updated iPhones and countless folks using the iOS Mail App, CoreView co-founder David Mascarella rushed out a KPI to identify and delineate the issue, and an automated workflow that solves the problem tout de suite.

“I created a policy that identifies the devices affected by this vulnerability. If we select the policy that dives into the data, the system will automatically target the users that are affected. We do that by targeting all users with mobile devices, with the operating system equal to iOS, with the versions that do not include 13.5,” Mascarella explained.

The KPI and workflow then suggests management actions an operator can perform in order to disassociate these mobile devices from the tenant, and also run a workflow. “When you run the workflow, the system automatically targets all of the affected users, and sends an email — there is a description of the problem CoreView detected, that you are accessing your email with an unsafe client. You have to update your mobile device. To learn how to update your mobile device operating system, please look at this video. There is a link to a helpful video that shows how to update the device,” Mascarella said.

The workflow offers several ways to remediate the iOS problem. We mentioned sending an email advising an end user to update iOS or switch off the iOS Mail App. It can also remove the device.

Finally, the workflow can automatically enforce an iOS security policy. IT can have a report showing which devices are still not secure, and run the report, say, every Friday. If the report is empty, there is no problem. “Every Friday the system will check if we still have a user who has not updated their device. Then the system will engage the user and alert them to update their system. You can also make these workflows more active and run these workflows every day. You can also deactivate the mobile device, and remove the mobile devices and the email client,” Mascarella said.

Learn more in our Discover Vulnerabilities and Unsecure Mobile Devices with Workflow webinar.

6. Just-in-Time Privileges Through Temporary Admin Sign-ins

One key way to safeguard the M365 tenant from wayward admins and dangerous mistakes is through Just-in-Time admin rights. Theses right can be assigned, given out, and taken back – all through simple, repeatable workflows.

7. Safe, Secure, Proper and Always Perfect Provisioning

User provisioning and deprovisioning are prone to error, allowing successful cloud attacks. Workflow templates easily create and automate provisioning and deprovisioning processes, eliminating these mistakes. This ensures users have the right licenses and access to the right applications and infrastructure. You can also “clone” users to reduce errors and speed provisioning.

Incorrect user provisioning can have a direct impact on user productivity, while mismanaged deprovisioning can open the doors to potential data breaches.

8. Efficient and Secure Onboarding

Onboarding and provisioning are related and complimentary processes. Onboarding is much the same as the provisioning. It is just more extensive. Technically, provisioning refers to the creation of the user object. Onboarding is all the stuff that takes place outside of that user creation.

Onboarding speaks to the authorizations and permissions that are then bound to the object. We might say that a provisioning action is creating the user, giving that person a license, and setting the password. The onboarding is everything else. That person now needs to be inserted into 10 distribution lists, needs to be given a pre-provisioned OneDrive share, or have a script run against them to turn on their access.

“If we have to onboard a user, we can create a fully automated workflow. Inside our own company, we have a 50 – step workflow to onboard a user – and it’s one click,” said Ivan Fioravanti, CoreView Chief Technical Officer. “I create a user, assign the Teams membership, group membership, create the mailbox and so on – it is super easy.”

Inside the Onboarding Workflow

9. Fool and Hacker Proof Configuration

According to Gartner analyst Neil MacDonald, “Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities.”

In fact, a large number of data breaches are because admins did not complete all required configuration steps, and misconfiguration arises. With a workflow based on a proven and perfected configuration process, regardless of what is being configured, mistakes are never made again.

CoreView workflow eliminates that human error and ensures that all the dependencies are met. Moreover, it guarantees that desired configuration management practices are met which is critical for setting up user accounts and other data assets like mailboxes, shared mailboxes, and Teams channels.

Gartner finds that most successful cloud attacks exploit misconfiguration. Once you have a secure approach to configuration, map it to a workflow so it is done properly each time.

Customizable IT admin processes can be run from the workflow engine. Steps can be chained together so they are performed in the proper sequence. All management actions can be part of a workflow, including custom PowerShell scripts, leading to unlimited scenarios.

10. Safety Proof External Users – Govern the Lifecycle

From CoreView usage stats, we have found that 90% of external users become inactive after 90 days. With automation, you can automatically block access and remove the user, or ask consent to the person or the manager who invited them. Any active account is an additional endpoint opened on your tenant.

Workflow automation also identifies external users inactive in the last 60 days and automatically starts a process of cleanup with approval. Another workflow forces employees to add detailed information when an external user is invited such as department, company, manager, country and a validity. Workflow will take care of removing the invited user or renew them based on a customizable approval process. CoreView automation can also be used to identify external users inactive in the last 60 days and automatically start a process of cleanup with approval.

Adding Workflow automation to the external user equation makes it faster, easier and safer to perform external user processes. Chief Technology Officer Ivan Fioravanti detailed how CoreView does this work. “Maybe you do not want the M365 operator to go manually through all the external users. A second way is to run a workflow. Built into the platform we have Workflow, which does business process automation,” Fioravanti said.

Meanwhile, workflow scheduling is flexible and easy. “Maybe we want a Monday morning habit of dealing with external users. You can schedule the ‘Inactive External User’ report, and have IT alerted if it is not empty. So you choose every week. The action is that the workflow will automatically execute and send an email to the manager asking to remove the external user. You can always re-invite an external user that has been removed,” Fioravanti said.

Workflow adds to external user security. “Everything is extremely secure. You can create a workflow that will only be visible to specific users, specific operators of the platform. Using RBAC and virtual tenants, only that operator can see and use that workflow,” Fioravanti said.

Administration

11. Protect and Update Active Directory Automatically

Managing Active Directory and Azure Active Directory (AD) is a constant and complex effort. Fortunately, common Active Directory tasks, whether Azure AD or on-premises Active Directory, can be automated, insuring they are done correctly and on time.

By automating admin tasks through workflow, which include updates to the on-premises Active Directory environment, IT administrators will save hours of manual effort each week. One customer automates an array of directory-related tasks, including:

  • Adding a remote user from an Organizational Unit (OU)
  • Creating an M365 user from Azure AD
  • Moving group to a different Organizational Unit
  • Moving user to different OU

12. Create, Enforce and Manage Policies

Policies are key to M365 administration efficiency and security. Wouldn’t it be great to create, automate and apply policies that handle every aspect of Office 365 administration? As well as supporting fine-tuned security policies and automated implementation?

You can. The same large CoreView customer referenced above uses myriad workflows for policies, including:

  • Setting conditional access policies for users outside the country
  • Forcing changed password on next login
  • Reactivating compromised account
  • Managing SharePoint external sharing policies

WorkFlows

Challenges
  • Common tasks like provisioning and de-provisioning users are time-consuming, tedious, and prone to errors, angering users and increasing support desk calls
  • Incomplete or late de-provisioning of departed users creates security risks and wasted spend
  • You want to automate everything you can, but the tools just don’t exist
Results with CoreView
  • Automate common business processes like user provisioning, de-provisioning, and cloning; workflows that alert and allow actions from reports
  • Automatically scan configurations and activities to identify problems and enforce policies
  • Easily automate tasks using the visual workflow builder that incorporates approval management steps, custom scripts, and more

13. Workflow Gets Dependencies Right Each and Every Time

It is not reasonable to expect a non-expert in Microsoft 365 administration to understand the dependencies involved in a task. Take mailbox administration. You have to create a user before you can create a mailbox, which seems obvious. However, there are many layers of subtleties beneath that. You need to wait until the mailbox is fully created before setting a litigation hold or retention policies on it, and so forth.

Workflow gets all these dependencies right, and even puts in the requisite waits and retries, which are important because M365 is a shared environment of well over 300 million users. Things do not often happen instantaneously within a system as large as Microsoft 365. To set up mailboxes right, you have to know the exact commands to operate, and the order that they needed to be operated in. In practice, people sometimes start the task and then have to wait – 15, 30 minutes, an hour – for, say, step three of seven to complete. So they switch to another task, and critical step number four never gets finished due to human error.

A workflow can be designed to know all the intricacies and dependencies – and get the job done right.

14. Taking the Trickiness Out of Teams

Workflow is also key to solving the Teams configuration problem. To set up Teams properly, certain tasks must be performed in order. In the case of Teams, a higher-level admin can create workflows to set up Teams-oriented voice functions such as routing and provide that to local employees that simply apply those workflows and those processes to their own individual environments.

With CoreView workflow, these local workers or admins get a form to fill out instead of waiting on a person to execute on that form. CoreView workflow automates the process so it is much timelier, and more straightforward. IT defines exactly what data is needed to process the request, and CoreView workflow processes that request efficiently and precisely.

A person needing to set up Teams’ voice features in Spain, for instance, could use a form provided by higher level admin, and apply that to setting up call features such as auto attendant for their organization, department, or group of users. Even better, this workflow is available on demand, 24 hours a day, seven days a week in their language. There is no need to pick up the phone or translate user requests.

15. Automate License Management

License management is a complex, but necessary task. A great approach is create and automate a process to reclaim licenses when a user becomes inactive, or ask approval to the manager or IT, or to start the process to buy additional licenses, OR automate the request to your LSP through a workflow when a usage threshold is reached.

Here is an example of such as scheduled workflow. Every month it targets users with inactive licenses in the last 90 days then:

  • Send an email to the manager asking if IT should remove the license
  • If the manager is not the right person, send the request to HR or other target
  • If the answer is yes, remove the license

Usually, IT does not have enough information to decide if a license must be removed or not. Managing this process manually can be very time consuming – often IT simply decides to do nothing. The workflow, on the other hand, speeds up inactive license deprovisioning by the actual manager who should know if the license must be removed or not.

16. Transferring a User in 7 Easy Automated Steps

Transferring a user is tricky – doing so for an admin or manager is even more thorny. The graphic below shows how easily a CoreView workflow gets the job done.

Transferring user, as Microsoft admin
Transferring user, as Microsoft admin

One CoreView Customer’s Workflow Story

One CoreView customer has 51 different workflows (and counting). Here are some of the best:

  • Adding new collaboration tools without giving more licenses
  • Creating O365 user
  • Display or hide a user in the global address list
  • Conditional access for users outside of the country
  • Add or remote a user (with a specific title) from an Organizational Unit (OU)
  • Changing main email address and UPN
  • Change password
  • Change state ID
  • Change immigrant ID
  • Change language for a mailbox
  • Create M365 user from Domino
  • Create M365 user from Azure AD
  • Create a meeting room
  • Create an external mailbox
  • Create a contact
  • Create a synchronized group or cloud only
  • Move group to a different Organizational Unit
  • Move user to a different Organizational Unit
  • Deactivate compromised account
  • Deactivate user
  • Deactivate MFA
  • Deactivate student license
  • Send mailbox stats
  • Merge 2 mailboxes
  • Manage audio conferences
  • Change licenses
  • Update user (many attributes)
  • Force change password at next login
  • Deep configuration for the Outlook client (weather, chat etc…)
  • Change custom attributes (used a lot)
  • Reactivate compromised account
  • SharePoint – Manage admins
  • SharePoint – Site provisioning
  • SharePoint – External sharing management
  • Restore deleted SharePoint site
  • Delete SharePoint site
  • Delete User
  • Delete user but keep shared mailbox

Gorge on the Full M365 Workflow Skinny

Learn how to master M365 workflow with our white paper – Office 365 Workflow Done Right – Automation for Admin Efficiency, Human Error Reduction, and Unrivaled Security

Bellow is the Thank You Message shown if the resource will be available in the future.