Feb 28 2020
Office 365 Workflow Done Right – Automation for Admin Efficiency, Human Error Reduction, and Unrivaled Security
SEVEN BIG WAYS COREVIEW WORKFLOW BENEFITS OFFICE 365 OPERATIONS
By Doug Barney
Today’s Office 365 administrators have a tough job – constantly solving problems, insuring security, handling end user management, configuration and provisioning and deprovisioning are just a few of the things that keep them busy.
Most of these tasks, let’s face it, are grunt work. Admins must be experts in PowerShell scripting, and master of hundreds of manual processes just to keep Office 365 in tune.
It does not have to be this way. Instead, O365 administrative tasks can be automated, simplifying and insuring these tasks are handled error-free by harnessing automation and workflows. Instead of facing endless grunt work, these largely manual daily activities can be directly mapped to automated workflows.
Think of it as workflow and process automation. Process automation is a best practice that reduces human error, and delegates and automates complex tasks optimizing the IT.
As mentioned, the key to Office 365 administrator efficiency and operator error elimination is IT automation, and this is achieved through workflows. Unfortunately, native O365 Microsoft Flow workflows are aimed at making end users more efficient, not administrators.
“Office 365 has workflow built into it, but Microsoft created that workflow to serve as an overall framework for things people want to plug into. More often than not, these are knowledge worker facing items. It is similar to the old batch files end users used to automate things, and like the ways Microsoft automated processes for end users in the old Microsoft Office,” explained Valentin Vasquez, CoreView principal solution architect and O365 IT veteran.
CoreView, in deep contrast, is exclusively focused on workflow for admins to automate their work. Admins already automate much of their work through the CoreView interface. Extending the mission, CoreFlow automates O365 IT tasks through easyto-build workflows, replacing our complicated manual tasks with one-click errorfree completion. Automating those processes improves key operations, generates opportunities to save money through efficient license management while reducing overall security risks. “With workflow, those actions are event-based. When something happens in the O365 environment, CoreView picks it up and moves from there. That event might be a user being renamed, a user moving from one location to another, a ticket that’s being passed to CoreView via ServiceNow – things like that,” Vasquez said.
Work Smarter with CoreFlow 0365 Automation
Like most CoreView solutions, workflow features were driven by user need. “Customers asked for CoreView solutions to react to various types of actions such as alerts, and these actions are driven through workflows which are handled by CoreFlow,” Vasquez said. “Some of the most popular things CoreView customers use our workflow to do are Office 365 user provisioning, de-provisioning and generalized onboarding.”
In short, much of CoreFlow’s functions revolve around rules and actions governing user activity and user provisioning.
1. Overcoming the Challenge of Automating Administration Tasks
Most Office 365 IT pros want their jobs to be easier, and more efficient. Those that hold the IT purse strings would love Office 365 to be optimized to make the most of IT resources. That is one of the tenets of good IT governance.
Streamlining and optimizing O365 management is done through automation, i.e. workflows, but as CoreView’s Vasquez pointed out, this is easier said than done – at least with the native Microsoft Admin Center, which focuses largely on how end users interact with Office 365.
Role-Based Access Control (RBAC) and workflow-based automation overcome these shortcomings.
With CoreFlow Workflow Automation, customizable IT admin process steps will run automatically from the CoreView workflow engine. Different steps can be chained together so they are performed in the appropriate sequence. All management actions can be used in a workflow, including custom PowerShell scripts, opening the door to unlimited automation scenarios.
CoreFlow Options Easily Accessed
Meanwhile, by automating the activities of these IT experts and empowering them to securely delegate specific admin tasks to regional support teams and helpdesk engineers, admin time commitments are greatly reduced. This timesavings equates to hard dollar savings in overhead costs for IT departments.
2. Provision and Onboard Safely and Easily
User provisioning and deprovisioning are complex tasks and terribly prone to human error. Incorrect user provisioning can have a direct impact on user productivity, while mismanaged deprovisioning can open the doors to potential data breaches.
Onboarding Safe and Easy with CoreFlow
Onboarding and provisioning are related and complimentary processes. “Onboarding is much the same as the provisioning. It is just more extensive. Technically, provisioning refers to the creation of the user object. Onboarding speaks to the authorizations and permissions that are then bound to the object. We might say that a provisioning action is creating the user, giving that person a license, and setting the password. The onboarding is everything else. ‘Oh, that person now needs to be inserted into 10 distribution lists, needs to be given a pre-provisioned OneDrive share, or have a script run against them to turn on their access.’ The way we define onboarding is all of the stuff that takes place outside of that user creation,” Vasquez explained.
While you can automate hundreds of different processes, onboarding, provisioning and deprovisioning are indeed critical processes to prioritize. Consider a standard employee turnover rate of 11 percent. That means you should be deprovisioning at least 10 percent of your users, and provisioning 11 percent of new users, every year. “CoreView has workflows, and so can streamline any process. If we have to onboard a user, we can create a fully automated workflow — doing everything with one click. Inside our own company, we have a 50–step workflow to onboard a user — and it’s one click,” said Ivan Fioravanti, CoreView co-founder and Chief Technology Officer. “I will create a user, assign the Teams membership, group membership, create the mailbox and so on – it is super easy.”
User provisioning and deprovisioning daily tasks equates to hundreds of hours of repetitive and expensive IT admin work each year. CoreView focuses on changing that requirement forever.
3. Provision Properly
Provisioning and deprovisioning can be a simple process, but incorrect execution has a massive negative impact. Assigned licenses are not properly released, former employees can still access sensitive company data, and you can lose company information you need to access in the future — such as Exchange or OneDrive data.
With CoreFlow, Workflow Templates automate provisioning and deprovisioning operations, which ensures your users always have correct licenses and access to the right applications and infrastructure.
Aside from provisioning, CoreView workflow templates automate Account Management, License Management, and Security Compliance.
“Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes.” — Gartner
4. No Fuss Security
Dealing with security alerts, as well as creating security policies and insuring compliance are complex repetitive tasks. That is, without workflow. “On the security side, workflows make protecting the environment easier. For instance, CoreView may detect that someone downloaded 1,000 files from OneDrive. With a workflow, an admin can automatically disable their account,” Vasquez said.
The crux is that CoreView observes all types of user activity, gathers data around it in real time, then takes an action against it. “If someone gives themselves permission to 100 mailboxes, a CoreView workflow can turn off that account. If somebody is logging in from a location other than North America, you can also automatically turn off that account,” Vasquez continued.
Dealing safely with external users is another workflow sweet spot. CoreFlow can address these issues through a workflow that forces employees to add detailed information when an external user is invited, such as department, company, manager, country and a validity. CoreView will take care of removing the invited user, or renew it based on a customizable approval process.
Removing External Users for Safety
CoreFlow automation also identifies external users inactive in the last 60 days and automatically starts a process of cleanup with approval.
CoreFlow Shows IT Approvals
5. Save Time
CoreView’s business value sweet spot is our ability to empower IT administrators with time saving tools that drive efficiencies and reduce the amount of manual effort needed to perform their day-to-day management tasks for Office 365. By automating the activities of these IT experts and empowering them to securely delegate specific admin tasks to regional support teams, and helpdesk engineers, their time commitments can be greatly reduced. This time savings equates to hard dollar savings in overhead costs for IT departments.
By automating admin tasks through workflow, which include updates to the on-premises Active Directory environment, IT administrators will save hours of manual effort each week. The CoreView admin interface provides customizable IT admin process steps that will be run automatically from the CoreView workflow engine. Different steps can be chained together so they are performed in the appropriate sequence. All management actions can be used in a workflow, including custom PowerShell scripts, opening the door to unlimited automation scenarios.
As mentioned, a client can configure the automated processing for the complete user provisioning cycle. Several customers told us this workflow automation reduces the weekly tasks for user provisioning and deprovisioning from up to 20 hours to under 10 minutes. This saves a typical organization about 1,000 hours a year in manual IT admin activities while improving quality of service and reducing human errors.
6. Reduce Errors
Gartner and Forrester both indicate that 80% of SaaS breaches stem from misconfiguration, inappropriate user behaviors, or incorrectly elevated user permissions.
For enterprises, correctly defining configurations and appropriate user behaviors are best practices. However, misconfiguration is still possible due to operator workarounds or operator error.
Instead, Office 365 admins need to understand who their users are and what they are doing. With CoreView, you can set up administrators that are specific to a location, functional set of users, or other attributes. This means admins know who their users are, and have a manageable set of end users to handle.
At the same time, CoreView tracks application usage, so you know which applications handle the most work, and when end users are misusing the system. The ‘single pane of glass’ CoreView console offers deep insight into how end users are configured, and where they might be misconfigured.
Then you can automate configuration and policy duties with a workflow, transforming policy management from a manual and error-prone process to one that is intuitive, easy and automated.
7. Save Money
The best way to streamline Office 365 administration processes, improve efficiencies, and optimize IT resource costs, is to automate all administrative tasks that can possibly be automated. The problem with Office 365 administration for enterprise organizations is that it requires an IT expert, with full rights on the admin center portal, to perform many low-value tasks. And many of those tasks need to be performed one user at a time. You also reduce IT operational costs by delegating some complex admin tasks to remote IT admins or the helpdesk.
How CoreView Automates Provisioning
Leveraging CoreView’s workflow capabilities, a customer can configure the automated processing for the complete user provisioning cycle. The following tasks could be combined in a pre-set, serial workflow process with full auditing implemented by default:
- Import New User List – into CoreView processing queue using CSV file
- On-Premises Account Creation – in the on-premises Active Directory using the CoreView Hybrid management functionality
- Azure AD Account Creation – setup synchronized account in the cloud
- O365 License Assignments – based on department and job role profile
- Addition to Security Groups – based on department and job role
- Addition to Distribution Groups
- Addition to Office 365 Groups
- Addition to Teams Groups
- Policies Assignment for Various Services
- E-Mail Sent to Manager with Temporary Password
- Preconfigured Welcome Message Sent to New User – containing links to onboarding materials and training portal
- New User Account Included in Virtual-Tenant for Associated Business Unit
A Dozen CoreFlow Benefits
1. Deep Workflow Automation
Customizable IT admin process steps can be run from the CoreFlow workflow engine. Steps can be chained together so they are performed in the proper sequence. All management actions can be part of a workflow, including custom PowerShell scripts, leading to unlimited scenarios.
2. Provision and Deprovision Safely and Easily
Workflow templates automate provisioning/ deprovisioning. With automation, IT ensures users have the right licenses to access the right infrastructure. IT can “clone” users or create them from templates to reduce errors and speed provisioning.
3. Stop Cloud Attacks
Gartner finds that most successful cloud attacks exploit misconfiguration. Once you have a secure approach to configure, map it to a workflow so it is done properly each time.
4. Reduce Admin Mistakes
Streaming administration through workflows takes the guesswork out of account management, license management, and security and compliance operations.
5. External User Lifecycle Governance
From our usage stats, we have found that 90% of External Users become inactive after 90 days. With automation, you can automatically block access and remove users, asking consent to the person or the manager who invited them. Any active accounts is an additional endpoint opened on your tenant.
6. Automate Licenses Management Easily
Create and automate a process to reclaim licenses when a user becomes inactive, asking approval to the manager or IT or again start the process to buy additional licenses, automating the request to your LSP through a workflow when a usage threshold is reached.
7. Secure Operations with Automated Policy Management
Create, automate and apply policies that handle every aspect of Office 365 administration.
8. Protect and Update Active Directory
Common Active Directory (AD) management tasks can be automated, insuring they are done correctly – and on time.
9. Automate User Lifecycle: Onboarding, Configuration, Provisioning and Removal
CoreFlow makes it exceptionally easy to manage end users. Some provisioning processes can include 50 or more steps – all of which can be triggered by a single click – with full auditing implemented by default. This saves admins time and insures these processes are error free.
10. Save Time
Custom workflows replace and streamline tedious manual processes with automation and error-free operations. Time saved by O365 admins can be spent on more strategic IT work, while ensuring fewer support tickets opened to Support teams.
11. Improve Security and Governance
CoreFlow can connect workflows to security alerts so issues are handled quickly and properly. Automation brings O365 administration and management to the highest level – maximizing IT resources, increasing end user productivity, and enhancing economic efficiencies.
12. Achieve Admin Consistency, Improve Quality
The automation of IT processes will help organizations drive consistency and improve performance and quality, as well as reduce IT operational costs by delegating some complex admin tasks to remote IT admins or the helpdesk.
Resources Related to CoreFlow
Check out our new CoreFlow web page: https://www.coreview.com/coreflow/
Read our blog Improve IT Operations with Workflow and Hybrid Support
Explore our white paper Six Biggest Microsoft Office 365 Challenges
About the Author
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.