Admins have a packed calendar dealing with various Microsoft 365 user management tasks, and the most tiring process is working on onboarding new employees. Manually handling tasks such as user group assignments, account activations, and configuring access permissions can be a big hassle, consuming a lot of time and effortđź•ť. To tackle this, automation comes not just as an option – it’s a necessity you can’t ignore đź’Ż.
Now, automated employee onboarding with Power Automate and PowerShell sounds great, right? Well, hold on! It demands a fair bit of understanding and experience with these tools. But don’t worry! There’s a built-in, readymade, codeless solution— Microsoft Entra ID lifecycle workflows to automate Microsoft 365 user onboarding tasks.
Now, let’s dive into the blog and explore how to configure lifecycle workflows for onboarding tasks effectively and keep HR and IT teams free from chaos.
Set Lifecycle Workflows to Automate Microsoft 365 User Onboarding
In Microsoft 365, achieving a seamless onboarding process is pivotal for effectively integrating new employees and cultivating a productive work environment. Lifecycle workflows in Entra ID emerge as the stepping stones to achieve this simply, instead of manual complexity.
Lifecycle workflows in Identity Governance empower you to automate and streamline user management throughout their entire identity lifecycle categories (Joiner-mover-leaver) within your organization. These workflows efficiently handle tasks from onboarding new Microsoft 365 users to offboarding, automating user provisioning, and ensuring efficient Identity and Access Management (IAM).
When it comes to Microsoft 365 new user onboarding, lifecycle workflows offer three built-in templates, each designed with predefined tasks and conditions tailored for new employees (Joiners):
Purpose: Execute onboarding tasks before the user’s official hire date. This includes dynamically generating temporary access credentials through Azure Active Directory (AAD) to ensure seamless access to essential resources, such as SharePoint, Teams, and Outlook, streamlining the initial setup process for new hires.
Purpose: Execute tasks specific to new hires on their first day. This includes tasks such as activating their user account in Microsoft 365, ensuring a smooth start that allows them to get into work without any delays or complications. Also, it paves way for efficient account management in Microsoft 365.
3. Post-Onboarding of an Employee:
Purpose: Execute tasks after the new hire’s first day of work. It involves tasks like configuring access permissions, group memberships, and Teams channels, making them effortlessly join collaborative activities and contribute right away.
With these detailed joiner lifecycle phase templates, organizations can tailor their Azure AD onboarding processes to the specific needs of their new hires joining the organization.
3 Built-in Lifecycle Workflow Templates to Automate Microsoft 365 User Onboarding
Admins can use these three lifecycle workflow templates in Entra ID, streamlining the new user onboarding process without starting from scratch.
Admins can utilize the Microsoft Graph API for custom workflows that suits the organization’s needs.
Let’s delve into the real-time use cases of these three available workflow templates.
Template 1: Automate Employee Onboarding Tasks Before Their First Day
“Preparation in advance”, that is you need to prepare employee onboarding tasks before their first day, ensuring that they have immediate access to essential tools and M365 resources. For example,
âś… Sending onboard reminder emails to managers.
âś… Generating temporary access passes for passwordless authentication methods.
Overlooking these basic tasks not only slows down the onboarding process; but also makes it harder for users to get what they need in Microsoft 365. That’s where the employee pre-hire workflow template comes in handy! It automates these steps, reducing the chance of forgetting crucial access management tasks for the new employee.
Default Automatic User Provisioning Workflow Template Configuration:
| Name | Onboard pre-hire employee |
| Description | Configure pre-hire tasks for onboarding employees before their first day |
| Category | Joiner |
| Trigger type | Time based attribute |
| Days from event | 7 |
| Event timing | Before |
| Event user attribute | employeeHireDate |
| Scope type | Rule based |
| Rule | Marketing |
| Task | Get TAP and Send Email |
Template 2: Automate New Hire First Day Tasks with Microsoft Entra Lifecycle Workflows
New users have to wait a bit on their first day to get access to all M365 resources and collaborate with the existing team members. So, there are certain important tasks that need to be done right away for them to have smooth access management. For example, you need to
âś… Enable user account in Microsoft 365.
âś… Send welcome emails to users.
âś… Run a custom task extension.
âś… Request user access package assignment.
The pre-built new hire workflow template assists administrators by automating the above user provisioning tasks, making it easier for them. Admins can skip the manual steps of activating accounts and adding users to Microsoft 365 groups and Teams. The speed at which new hires can access their accounts and receive warm welcomes sets the tone for a positive onboarding experience.
Default Automatic User Provisioning Workflow Template Configuration:
| Name | Onboard new hire employee |
| Description | Configure new hire tasks for onboarding employees on their first day |
| Category | Joiner |
| Trigger type | Time based attribute |
| Days from event | 0 |
| Event timing | On |
| Event user attribute | employeeHireDate |
| Scope type | Rule based |
| Rule | Marketing |
| Task | Enable User Account Send Welcome Email Add users to groups |
Template 3: Automate Microsoft 365 User Provisioning with Lifecycle Workflows
Admin responsibilities extend beyond initial tasks. Post-onboarding actions, such as:
âś… Adding users to Microsoft 365 Groups.
âś… Adding users to M365 Teams.
For instance, when assigning a user, the role of ‘Marketing Analyst,’ it’s essential for that user to be seamlessly added to the relevant Teams. This ensures they are well-informed about role requirements and can effectively collaborate with other team members. Additionally, being part of the associated groups and Teams allows them to access shared information. This template serves as a proactive solution, automating post-boarding tasks and simplifies the M365 user management tasks.
Default Automatic User Provisioning Workflow Template Configuration:
| Name | Post-Onboarding of an employee |
| Description | Configure onboarding tasks for an employee after their first day of work |
| Category | Joiner |
| Trigger type | Time based attribute |
| Days from event | 7 |
| Event timing | After |
| Event user attribute | employeeHireDate |
| Scope type | Rule based |
| Rule | Marketing |
| Task | Add user to groups Add user to selected Teams |
Note: If you are satisfied with the default configuration, you can easily use these templates as they are for all user onboarding procedures in Azure AD. However, if you desire customization, such as additional tasks or modifying scopes, you can tailor the templates to better suit your specific needs.
Now, let’s plan for lifecycle workflow deployment for automating pre-hire tasks to help you grasp template utilization more effectively.
How to Automate Pre-hire User Onboarding Tasks Using Lifecycle Workflows?
In this scenario, let’s automate the process below.
- Enable user accounts in Microsoft 365.
- Generate Temporary Access Passes for new hires.
- User group assignments in Microsoft 365.
- Add users to specific Teams in Microsoft Teams.
- Send onboard reminder emails to managers.
- Send personalized welcome emails to the new user.
Before that, ensure you’ve reviewed how to create automated lifecycle workflows in Entra for a clear understanding of the process.
License Requirements: Entra ID Governance license is required to set up lifecycle workflows in Entra ID.
Roles: You should be a global administrator or lifecycle workflow administrator to configure Entra ID’s lifecycle workflows.
Prerequisites:
- Two accounts are required: one for the newly-hire employee and another for the manager.
- Configure the attributes “employeeHireDate” and “Department” in Microsoft Entra admin center. If not configured, the workflow will not work.
- Enable temporary access pass for passwordless authentication.
Once these prerequisites are in place, follow the steps below to configure pre-hire onboarding workflow:
1. Sign into the Microsoft Entra admin center.
2. Navigate to Identity Governance and select Lifecycle Workflows.
3. Click on “+Create Workflow” and choose the “Onboard pre-hire employee” workflow template.
Here, you’ll find three tabs.
4. In the “Basics” tab:
- Workflow Details: Provide a suitable name and description for your workflow.
- Trigger Details: Fill in the trigger details based on your need.
- Trigger type: It is set to Time based attribute by default.
- Days from Event: Set the specific number of days in advance when the workflow should be triggered or executed.
5. Click “Next: Configure Scope”.
6. In the “Configure Scope” tab:
- Scope Type: It is set to “Rule based” by default.
- Rule: Add an expression with the respective department.
7. Click “Next: Review Tasks.”
8. In the “Review Tasks” tab:
The default task is set to “Generate TAP and Send Email.” You can configure the below additional user provisioning tasks using “+ Add task” option.
- Enable user account
- Generate TAP and Send Email
- Add user to groups
- Add user to selected teams
- Send onboarding reminder email
- Send welcome email to new hire
9. Click “Next: Review +Create.”
10. Finally, review all the configured settings and proceed to create the workflow.
If you want to schedule onboarding lifecycle workflows, you can enable scheduling in the “Review +Create” tab.
That’s it! The workflow will be executed when the specified conditions are met, automating the Microsoft 365 user provisioning efficiently.
Run the Identity Lifecycle Workflow on Demand in Microsoft Entra ID
To ensure the functionality of your configured workflow, you can utilize the “Run on Demand” option available on the workflow overview page. This feature allows you to execute Azure AD user provisioning tasks immediately on selected users, providing real-time testing capabilities.
Monitor Lifecycle Workflows in Microsoft Entra ID
You can monitor the progress and performance of your workflow by accessing the “Workflow History” tab. You can follow the steps below to check the workflow history:
- Sign into the Microsoft Entra Admin Center.
- Navigate to Identity Governance and select Lifecycle Workflows.
- Choose Workflows from the navigation pane and select the specific workflow.
- Click on Workflow History in the navigation pane.
This process enables you to review critical metrics, identify failed users, assess reasons for flow failures, and obtain comprehensive information about the workflow’s execution.
In the end, “Why invest your time in grappling with complex codes and mastering Power Automate processes? Instead, simply configure a hassle-free lifecycle using our pre-built template. Sit back, relax, and let lifecycle workflow take care of the automatic user provisioning in for you! Also give equal importance to offboarding process. So, make use of lifecycle workflows to automate M365 offboarding tasks too! At the same time, the intermediate process “mover phase” is vital, involving real-time employee role changes. For that too, you can use lifecycle workflows to manage Microsoft 365 user role changes effectively.
I hope this blog brings you more information about how to manage user lifecycle with Microsoft Azure lifecycle workflows. Feel free to reach us in the comment section for further assistance! Thanks for reading!
Related Posts:
Quickly Automate Microsoft 365 Offboarding with…
Create Automated Lifecycle Workflows in Microsoft Entra ID
Ultimate Guide to Automate Microsoft 365 User…
Microsoft 365 User Onboarding Workflow For Easy User…
Manage Employee Role Changes with Workflows in Entra
Adaptive MFA Using Conditional Access in the Microsoft 365
