Automation is everywhere, from factories to warehouses, so why not automate tasks in IT? In the Microsoft world, automation has long meant using PowerShell. The old IT saying goes...if you must do the same task more than once, script it!

PowerShell is a powerful tool for anyone in IT to know but the larger the environment, the fewer and fewer people there are who have the right permissions to run PowerShell scripts. This is especially true in the cloud and Microsoft 365 where security is paramount to your business. The fewer global Admins you have, the better.

This is where 3rd party tools, like CoreView’s CoreSuite, come in. They help with automating routines once and then delegate out the ability to run them to lower-level administrators. At CoreView we call them workflows. Workflows allow you to combine multiple management actions into a single click. Management actions can be anything from creating a new user to resetting a user's password or even creating a new Teams Channel. Workflows can also prompt approval from a manager or IT administrator before executing so you’re aware of what's going on in your environment.

To illustrate, let’s take a look at a simple de-provisioning workflow. Below are the steps (or actions) that the workflow will complete.

Let’s break down the steps…

First are the configuration inputs at the top. These inputs will come from the person executing the workflow and will ask for the user’s “User Principal Name” (UPN/email) and password (we're going to change the user’s password to this value). These inputs can be used in any step of the workflow.

Let’s break down the steps…

First are the configuration inputs at the top. These inputs will come from the person executing the workflow and will ask for the user’s “UserPrincipal Name” (UPN/email) and password (we're going to change the user’s password to this value). These inputs can be used in any step of the workflow.

1. First is the approval step. In this case, the head of IT will get an email asking to approve or deny the removal of the user. If approved, it goes to the next step
2. Before we do anything, we want to revoke the user sessions for the user. This effectively logs them out of all Microsoft 365 services
3. Now that the user is logged out, this step changes the password to the value captured from the operator during the input stage
4. We want to make sure that email remains intact, so this step ensures litigation hold on the mailbox, so nothing gets deleted
5. Now we’re going to remove all Microsoft 365licenses for the user so they can be re-used by anyone else in the tenant
6. We now convert the Exchange mailbox to a shared mailbox, so the data remains accessible
7. To be able to see the contents of the mailbox, we give the user’s manager full access to the shared mailbox
8. Finally, an email is sent to the operator as well as the IT administrator notifying them that the workflow has finished successfully
9. If the workflow should fail for any reason, both the operator and the IT administrator will receive an email about the error so that it can be investigated

Now all you need to do is give a delegated administrator access to run this workflow, this is done in the permissions settings, in the case “Permissions for Bob” …

If you consider doing all the workflow steps manually, you know it’s going to take time and it’s easy to miss a step, especially if you need to use multiple Microsoft administration consoles. If you create a PowerShell script to complete all the steps, are you going to give “Bob from Accounting” the ability to run PowerShell in your tenant? (I hope not).

Additionally, if there are management actions that are not available within CoreView, you have the option of creating Custom Actions. Custom Actions are similar to PowerShell scripts – as in they assign out certain tasks. Also, you can also delegate out the running of Custom Actions to any of your delegated administrators. With CoreView you can easily assign the running of PowerShell scripts through Custom Actions and also include Custom Actions as steps in a Workflow.

This is just one example of the power of CoreView workflows. The sky really is the limit when it comes to creating your own workflows. If you’d like to see more details on the above workflow, check out this YouTube video showing its execution…