ServiceNow & CoreView: Automating M365 User Management

Does this sound like your day to day? Setting up calendar privileges for Joe from Marketing. And then the finance team has a new Finance Director Puja who needs access to her email ASAP.

When you receive these requests, the time it takes to manually perform this operation can be spent elsewhere more wisely

Join, Sharon Breeze, CoreView Solution Architect, for a 20 minute technical session, where she will show how to:

Automate admin so you spend less time working and more time doing the things you love
Provide self-service options such as requesting a Microsoft 365 license, shared mailbox or Teams group and create these automatically using CoreView workflow from ServiceNow
Create tickets in ServiceNow for security events or items of interest within your M365 tenant

Learn about Microsoft 365 automated user management using ServiceNow.

We'll look at understanding what licenses people have, what they're using, and then we'll look at mitigating risks. So this is where CoreView has very in-depth, very granular capability in terms of controlling the management within the tenant.

With Least Privileged Access we can look at security gaps that might be in the tenant and can enforce policies for things to remain consistent within that tenant.

How to Increase your Office 365 Management Capabilities

When we talk about management, there are three areas that we talk about.

Management Actions
Custom Actions
Workflow Actions

Management Actions in Office 365

These are built-in tasks that we've created, based on customer feedback. And they're going to be those day-to-day tasks that you might want to do within your tenant. They consist of:

Creating a user creating a mailbox
Adding permissions to a mailbox
Adding somebody to a group
Assigning a license

In terms of wiping devices, we also have the hybrid connector.

The hybrid connector allows us to extend out from CoreView to do some on-premise activity as well. Like:

Adding a user to an on-premise group
Creating a user on-premise
Enabling a remote mailbox

Custom Actions

So custom actions are PowerShell, essentially.

It gives you the ability to add in PowerShell scripts that you might already have or something that you want to do that we don't have a management action for.

Workflows for Office 365 Efficiency

Microsoft 365 workflows are a series of steps that we can build into an automated flow.

And we're going to take a combination of those management actions that we looked at and those custom actions to build a workflow.

Workflows can be built for:

Onboarding or offboarding a user
Guest account management
Harvesting licenses
Enforcing policies
Right-sizing licenses based on their persona

Office 365 Audit Logs for Enhances Security

Audit logs are available for a year. It means we can go back in time to understand what's been happening in the tenant, either from the end user's point of view or something that an administrator has been doing.

In addition, there is a concept of alert. Alerts are where we can look for something within those logs. And if we see that event happening, we can then take action.

That could be a notification that we're sending out just an email, or it could be some workflow that we're going to trigger based on that.

How do CoreView and ServiceNow work together?

Create a workflow
Add management actions and custom actions into the workflow
Create a record label - you can update or delete it in ServiceNow

Self-service where a user can request that a Teams group

Look at the inputs Who is requesting, email address, department
What to call the group, the purpose
ServiceNow instant ID
Ask for approval
If no approval in X number of hours/day, we can add another step in
Set visibility to private
Give the requester the owner of the group
Email requester
Trigger a workflow within ServiceNow for it to be complete
Update incident table

So we have triggered the workflow from within CoreView to ServiceNow.

We also have the capability from CoreView to then based on information that we are seeing in the tenant go and create tickets or create, you know, records within ServiceNow.

So let's go and look at some of those options.

Microsoft License Recovery

Inputs I need a UPN
Create a record
Create an incident
Set an urgency
Put a description in
Log in as a particular user
Pull a report
Schedule a report
Add to workflow

So every Monday morning, we're going to look for our users that are disabled but have got a license assigned. If we find any, we're gonna log an incident in ServiceNow.

We can automatically resolve this as well. So we could go and look at these users that are disabled, they've got the license, let's trigger some workflow to recover that license.

Maybe they've been missed as part of onboarding, so we can automatically respond to what we're seeing as well, as well as looking at those incidents.

Securing for Change in Admin on SharePoint Sites

Has anybody added or removed them?

Create an incident for this alert happening that we're seeing in CoreView
Workflow for quoting alert
What inputs did somebody add or remove? Who did it? Who did they add or remove as an administrator? What was the site? And when did they do it?
I've got two steps and these have a filter on them. So, depending on what operation we are seeing, we're going to slightly change the information that we're putting in ServiceNow.
Log in as a caller
Bringing in that information from those audit logs that we're going to put in the body, the incident that we're putting in ServiceNow

When was it done again? That's just an example. It could be. Mailbox permissions on one of the VIP mailboxes, maybe it could be someone we think has had lots of failed sign-ins and has a compromised account that we can maybe look at. Maybe we're looking at other information within those audit logs. Has somebody shared something externally that you don't want them to share?

View All Webinars