Microsoft’s Return to the Workplace Solution

Enable your workforce to confidently return to on-site work by deploying Microsoft’s Return To The Workplace app. The app allows managers to view location readiness, conduct employee health screenings, and ultimately ensure a safe environment to return to. Return To The Workplace is available in the AppSource, and is deployed as a Dynamics 365 App within your environment.

The App includes four separate solutions, all of which are interconnected through Common Data Services (CDS) and are all essential to use together to make the solution effective. These four solutions include:

  1. Location Readiness dashboard (Power BI)
  2. Workplace Care Management dashboard (Power BI)
  3. Facility Safety Management app (PowerApp)
  4. Employee Return to the Workplace app (PowerApp)

Learn how to use the other sections of the solution in this Return to the Workplace Solution Overview.

Prerequisites

The Return To The Workplace app requires two prerequisites:

  1. Global Administrator: Required to install the app and deploy it within an environment.
  2. PowerApps Per-App Plan ($10/Month): Required to have at least 1 per app plan to run this app.
Using the App

The first screen gives users the options to get a day pass, look up the status of a facility, or register a guest for entering a facility. There is also an optional self-assessment to select how safe the employee feels to return to work (Yes, No, Neutral). The selection is saved inside a CDS entity and factored into the app’s pre-configured algorithms. Organizations can modify those algorithms with the PowerApp studio to customize how it behaves and/or handles the user’s inputs.

Day Passes

The Day Pass feature allows users to search for active facilities and select one they want to enter. Users can follow the below steps to book a day pass:

  • Select Get Day Pass.
  • Search for the facility they would like to enter.
  • Select Book A Space.
  • Select Accept to agree to take the Daily Health Check questionnaire which will be given upon arrival at the facility.
  • Select I Agree to confirm that the users’ current health meets the requirements to enter. NOTE: Selecting I Disagree will deny the user from being able to book a space.
  • The day pass is generated.
  • If a user needs to cancel, they can do so by selecting Cancel.

When it comes time to enter the facility, the user must first complete the Daily Health Check to ensure they are healthy enough to enter the facility.

Then, the user must choose which facility they’d like to enter.

They are given a pass for the facility of choice.

Register A Guest

This feature allows users to generate a day pass for guests to enter facilities. To do so, a user should:

  • Select Register A Guest.
  • Fill out the guest info and select Next.
  • Proceed with the same steps as Get Day Pass.

Look Up Status

This function allows users to view the current status of a facility. The status of facilities is pre-configured by ‘Phases’ inside the Facility Safety Management app.

To utilize the Look Up Status feature, follow these steps:

  • Select Look Up Status from the home screen of the app.
  • Search and select the facility in question.
  • View the current Phase.
    • NOTE: If the facility is open and active, the Book A Space button will be enabled.

Safely Get Back To The Workplace

Give your team the ability to control their return to workplace operations with custom safety parameters set through the Microsoft Return to the Workplace app. Employees will have increased confidence in management’s ability to control potential risks and management will feel confident in their ability to control the return to work process and give some responsibility to the employees.

Thrive Adds Timlin Enterprises to Create Microsoft Collaboration Division

FOXBOROUGH, MA – October 7, 2020 Thrive, a premier provider of NextGen Managed Services, announces today that it has acquired Timlin Enterprises, an information technology services provider and long-time collaboration partner focusing on the Microsoft 365 platform, Teams and SharePoint. This transaction is Thrive’s first non-MSP, product-capability acquisition, greatly enhancing its existing technology portfolio by adding a proven team with expertise on Microsoft tools.

 

Timlin, headquartered in Massachusetts, has a deep bench of engineers, consultants, and business analysts spread out geographically across the United States. The company is predominantly focused upon the Life Sciences and Biotech industries, boasting an impressive clientele list, along with additional proficiency in Banking & Financial Services.

 

The acquisition of Timlin significantly expands Thrive’s Microsoft Collaboration and Digital Transformation efforts to help companies unlock the hidden value they are paying for and not utilizing within the Microsoft 365 platform, increasing employee adoption and driving productivity increases. Additional benefits include enterprise-wide governance, training, management, development, support; Teams integration and collaboration; SharePoint architecture management; SQL hosting and management; Power BI and Power Platform business process automation; and other Microsoft application management.

 

“We’re very excited to welcome Timlin to the Thrive family and create a separate Microsoft Collaboration Unit,” said Rob Stephenson, CEO of Thrive. “Timlin’s tremendous team of expert technical and consultative employees will provide a huge benefit to Thrive’s Microsoft 365 customers, enabling them to accelerate their digital transformation efforts and enhance employee productivity.”

 

“Timlin has more than 10 years of experience guiding our valued clients with Microsoft platform adoption efforts, especially in the Life Sciences sector, and we’re proud to combine our highly-skilled team, tools and insights with Thrive to enhance its industry-leading NextGen Managed Services Platform,” said Ryan Thomas, CEO of Timlin Enterprises. “Our whole team is excited to embark upon this journey and spur additional growth for Thrive, as well as to allow Timlin customers access to Thrive’s Cyber Security and Public, Private & Hybrid Cloud-focused services.”

 

Mr. Thomas, Jeff Johnson, and Joe Piccirilli will continue to oversee the management of Timlin as the Microsoft Collaboration Division of Thrive, along with their existing employees. Timlin engaged BellMark Partners as an exclusive advisor on the deal.

 

The Timlin transaction is now the eighth acquisition for Thrive since the M/C Partners investment back in 2016.

 

###

 

About Thrive

Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimization. The company’s Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application takes advantage of technology that enables peak performance, scale, and the highest level of security. For more information, visit thrivenextgen.com

Thrive: LinkedIn, Twitter, Facebook, YouTube and Instagram 

 

MEDIA CONTACT:

Stephanie Farrell

Director of Corporate Marketing

617.952.0289 | sfarrell@thrivenetworks.com

 

About Timlin Enterprises

Founded in 2010, Timlin Enterprises helps clients operate as digital organizations by enabling and continuing to advance their Office 365 and SharePoint capabilities. Timlin harnesses each organization’s unique definition of digital transformation, focuses on end users as the key to adoption, leverages a proven methodology, and maintains a commitment to exceptional service delivery using only US-based resources, as proven by a 100% service retention rate.  From targeted professional services to Center of Excellence managed services they have the solutions to help organizations adopt the tools available in the Office 365 platform to keep pace with the new speed of business. For more information, visit timlinenterprises.com

 

About M/C Partners

Based in Boston, M/C Partners is a private equity firm focused on small and mid-sized businesses in the communications and technology services sectors. For more than three decades M/C Partners has invested $2.2 billion of capital in over 130 companies, leveraging its deep industry expertise to understand long-term secular trends and identify growth opportunities. The firm is currently investing its eighth fund, partnering with promising companies and empowering strong leaders to accelerate growth, optimize operations, and build long-term value. For more information, visit mcpartners.com

 

About BellMark Partners

BellMark Partners, LLC is a boutique investment banking firm providing M&A, capital raising, restructuring, and strategic advisory services to middle market companies with a particular emphasis on the Consumer, Industrial, Healthcare, and Business Services markets. Headquartered in Boston, MA with an additional office in Cleveland, OH. For more information, visit bellmarkpartners.com

Mobile Device Management (MDM) and Working from Home

Many of us have been working from home for months, and as the remote workforce is larger than ever our business and technology practices are being challenged in new ways. Remote work happens differently at each organization.  Some of us are attached to corporate VPNs daily, others who use primarily cloud based platforms may not connect to VPNs at all.  This scenario creates new challenges for managing systems and deploying policies to workstations.

Mobile Device Management (MDM) is a technology that has been in place for years allowing us to push configurations to smartphones, tablets, and similar devices ensuring compliance with corporate policy while also providing the ability to deploy apps and more.  Most of us categorize MDM as specific to mobile devices, but the inclusion of MDM protocol support in Windows 10 expands the value of Microsoft’s Intune and other third-party MDM platforms to user workstations.  Plus, it supports macOS too!  Windows 10 allows MDM to maintain system inventory data, perform remote wipes, deploy WiFi and e-mail configurations, install applications and more.  It also delivers the ability to enforce security controls such as locking the screen or encryption settings.  The capabilities of MDM in Windows 10 are evolving quickly and deliver ease of management while enhancing security posture.

As the remote workforce continues to be the norm, it is time to consider MDM as a component of your overall management strategy to ensure compliance for your mobile devices and workstations.

Interested in learning more? CONTACT US TODAY!
How To Use Microsoft Bookings to Manage Returning to the Workplace Safely

Microsoft Bookings, an app included in Microsoft 365, is a scheduling tool that allows customers to easily book appointments with a company. The app incorporates a web-based calendar that integrates with Outlook, ensuring availability always stays up-to-date. Customers can easily schedule appointments during available time slots with the team member of their choice, cancel and reschedule bookings, and enjoy auto-generated emails to keep all parties notified.

The following Microsoft licenses include Bookings:

  • Microsoft 365 Business Standard
  • Microsoft 365 A3
  • Microsoft A5 subscriptions
  • Office 365 E3 and E5 subscriptions

Components of Microsoft Bookings

Business Information

All details about your business are configured in the Business Information section. These details, such as your business name, address, phone number, logo, and hours of operations, are visible to your customers.

Microsoft Bookings Business Availability

Services

Business offerings are configured in the Services section. You can specify details such as:

  • Service location (virtual or physical)
  • Service description
  • Pricing
  • Staff member assignments
  • Maximum number of attendees per service

Microsoft Bookings Service Name

Microsoft Bookings Scheduling

Staff

The Staff section is where you can specify all items relating to the members of your team relating to the services they provide. This can include:

  • Assign to specific services
  • Services the business provides
  • Hours of availability for each staff member

Microsoft Bookings Manage Staff

Microsoft Bookings Manage Staff Details

Customers

When users schedule an appointment or book a service, they are automatically added as a customer in your Bookings app. 

Microsoft Bookings Manage Customers

Customers can be added manually or imported from a .csv file.

Microsoft Bookings Importing Contacts

Bookings Page

The Bookings Page is where major app details are configured and where the app is published. These details include:

  • Selecting a color scheme/theme of the Bookings app
  • Setting the time zone
  • Setting email notifications
  • Requiring customers to have an Office 365 account to use the app

Microsoft Bookings Booking Page

Calendar

The Calendar is for internal use only — it is only accessible by staff members. All Bookings made by customers will populate in the Calendar. The Calendar view can be switched around to display bookings by Day, Work Week, Week, Month, or Today. Clicking on each booking will display all the information regarding that specific booking.

Microsoft Bookings Calendar

Home

The Home dashboard displays an overview of the number of bookings made, the estimated revenue from all bookings, and the number of unique customers that have booked.

Microsoft Bookings Dashboard Home

The Problem

The COVID-19 pandemic forced companies to quickly transition to working remotely. As the pandemic settles and work-from-home mandates are lifted, businesses will have to adjust, once again, to ensure a safe return to the workplace. One of the main priorities during return to work operations is limiting capacities to ensure social distancing is possible.

The Solution

At Thrive, we pride ourselves on discovering ways to leverage existing tools in the Microsoft 365 ecosystem to fulfill even more business needs than they were originally intended for. Why not utilize Microsoft Bookings to ensure a safe and socially-distanced return to the workplace?

By utilizing the Services section for your office building, room, floor, or workspace, you can automate monitoring and limiting capacity with ease. The Staff section can be used for reservations and the Customer section can be used by employees who would like to come into the office.

The Fine Print

The ‘Maximum Attendees’ feature in the Services component doesn’t always work as seamlessly as we would like.

The key to successfully limiting the number of people that can book on a specific day is to add the exact amount of staff members, listed below as “reservations,” as a guideline for the maximum capacity for the office. In other words, make the total number of staff members equal the maximum capacity of people allowed in the office at once to restrict any more appointments.

Microsoft Bookings Service Details

Microsoft Bookings Manage Staff

Bookings require at least one staff member per booking. With three added staff member reservations and myself as an Administrator (by necessity), the app will allow four bookings per day—and nothing more. Even if ‘Maximum Attendees’ was set to one or two, the app would still allow four users to book—which is why this workaround is necessary to get the app to behave how it is intended to.

For this to work, the Availability for the Services must be set to “Bookable when staff are free.”

Microsoft Bookings Availability

Takeaways

We encourage you to try customizing your Microsoft features to best fit your needs. Microsoft Bookings’ capabilities reach far beyond simply scheduling and can be a great way to assist with keeping your team safe while returning to work.

As always, Thrive is here to help you keep up with these quick transitions. If you would like assistance to get the most out of your Microsoft 365 investment, please contact us today.

Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 3

In the second blog of this series, we discussed how Access Reviews in Azure Active Directory (Azure AD) provides a guided review of a group of Microsoft 365 users to help determine if their continued access to tenant resources is required. The third and final tool designed to control and audit access to company resources is Privileged Identity Management (PIM). PIM works synergistically with the other tools to help keep a watchful eye on the collaboration space without impeding productivity.

In Part 3, we’ll discuss PIM in detail. This tool is designed to provide just-in-time escalation of permissions to ensure higher permission levels are only available when needed and can be applied with governance in mind.

Privileged Identity Management

Setting up Privileged Identity Management

PIM is designed to support a “least privileged” model by making granular roles available to users requiring elevated functionality. In addition, users with continuous excessive access are vulnerable in the event their account is compromised, so when not-needed users’ accounts have no extraneous permissions. When needed, a user simply requests elevation into a specific role that has been made available to them. Depending on configuration, the assignment is either automatic or requires approval and/or justification.

The first step in configuring PIM is selecting which roles should be available under which circumstances. This configuration is found under Identity Governance, in the Manage section, by selecting Roles. The Roles screen presents a large list of Roles along with a Description of the Role’s intended usage. The screen will also display how many users are currently Active in a Role and how many users are eligible to be activated in the role.

Selecting Roles

For example, suppose you want to allow an Administrative Assistant to occasionally reset passwords without involving a tenant Global Administrator. To set this up, click on the Helpdesk Administrator Role in the list, or use the search to filter the list. Selecting this Role will list all current assignments for that Role, including Eligible, Active, and Expired. Pressing the “Add assignments” button will begin the process.

Add Assignments

The first screen will show you the Role you have selected, with a link to select member(s) to assign to the role. Pressing the hyperlink under the Select member(s) will bring you to a search for all users within your tenant.

Assigning Roles

Select the user and press the Select button to add them to the list of members eligible for the Role. Selecting Next navigates to the Settings section, where you determine the Assignment type and durations. Leaving the type Eligible will require the user to request elevation when needed, which is the intention in this case. If you want the assignment to be limited in duration, such as covering an employee who is on leave or vacation, you can set dates for the start and end of the assignment by un-checking Permanently eligible and select dates. Selecting Assign will move that assignment into the Eligible list.

Role Settings

Additional settings can be applied to the Role by selecting the Settings button at the top of the Assignments screen for the Role.

Additional Role Settings

From this screen, there are many configuration options to allow for more granular control of how the escalation process is executed, including approval and notification options. 

The first section covers the Activation process itself. Here you can set a maximum duration for the escalation, require Azure MFA, justification, ticket information, or even approval. If requiring approval, you can select who provides the approval from this screen as well.

Activation Process

The next section covers Assignment, where you can decide if permanent Eligible assignments are allowed, permanent Active assignments, and whether justification and/or MFA is required for Active assignments.

Assignment

The final section provides rich configuration for Notifications to be sent regarding this process. Notifications can be enabled for when members are assigned eligible to the role, when they are assigned as Active to the role, and when eligible members activate the role. This last alert would trigger when escalation has occurred. Each section of notification includes three options: Role activation, Notification to requestor, and request for approval. All of these options are enabled by default, with default recipients being Admin, Requestor/assignee, and Approver. Additional recipients can be added for most notifications.

Notification Settings

Requesting Elevation

Once a role is configured to be available, a user can request escalation by going to Azure AD, navigating to the Identity Governance screen, and selecting “Activate Just In Time”. There, they will see all Roles for which they are eligible, and have the opportunity to request being assigned to that role. Pressing Activate will start the process to be added to the role.

Requesting Elevation

Depending on configuration there may be approval and / or justification needed for the assignment to be completed. They can also set a Duration, up to the configured maximum, for how long the assignment should be in effect. 

Requesting Elevation Part 2

Once completed, they will be in the Active roles section until the duration has been met, or they manually Deactivate the assignment.

Active Roles

Summary

Privileged Identity Management in Azure AD Identity Governance provides just-in-time elevation to targeted roles, helping to protect users’ accounts during normal usage, but providing an easy, governed method of escalating privileges when needed. As with the other facets of Identity Governance, PIM provides a healthy balance of productivity and security within the Microsoft 365 platform.

Need a refresher?

Revisit Part 1 and Part 2 of this blog series.

Power Apps vs. SharePoint Framework for Forms

Overview

As the capabilities in the Microsoft Power Platform have matured over the last couple of years, Thrive has spent considerable time delivering business process automation solutions using the tools in the platform. With Power Apps, Power Automate, and Power BI, the platform allows us to accelerate the digital transformation process for our customers using the low-code capabilities in the platform. However, when requirements get complicated, a better approach may be to build your form using the SharePoint Framework (SPFx). This is especially true if you are dealing with large amounts of data, fast load time of the form is critical, or the UI requirements are complicated. Using SPFx does require development experience, but with the right skills, you can quickly build out custom forms that can provide a better solution.

The table below provides a detailed comparison of building your form in Power Apps versus using the SharePoint framework. We have also provided a summary of our findings at the end of this post.

Detailed Comparison

Power Apps SharePoint Framework
List Thresholds
Currently, when a list has threshold problems, there is no way to easily work around them in Power Apps. The Power Apps will immediately break if already published and will not allow you to publish or save it. All submissions will break. Structuring the data or applying filters makes it easy to work around List Thresholds and retain functionality.
Performance
Even with small-scale forms and applications, the load times for Power Apps can be relatively lengthy. Performance is exponentially better than Power Apps. Small or large applications will load quickly and navigation in large applications is also extremely fast.
Simple Forms/Applications
For forms that we just want to add a couple of easy conditionals, set up some formatting or styling, and so forth, Power Apps is probably the way to go. It requires little to no development knowledge and allows for further customizations by Power users. For simple forms or applications, we may want to stray away from an SPFx solution. The development overhead and time spent would most likely outweigh the benefits.
Large Forms/Applications
Power Apps can get very bogged down by large applications that contain paged navigation, a lot of conditions, several lookups, etc. Maintaining connections between pages, altering conditions, implementing validation, etc. becomes very difficult. Large forms and applications can be constructed to be exactly what meets the needs of the business. Inline field validation, paged navigation, conditions, etc. can all be implemented with ease. Performance is also fantastic in any SPFx application.
Dev, Test, Prod
Power Apps becomes tricky if you want to try to have a development stream. If you have a Power App that is integrated with a SharePoint list or library, it cannot be exported or migrated anywhere else. You would need to continuously rebuild the app from scratch and reconnect all data connections for this work. Canvas apps do allow for exports, but the amount of configuration required for each installation can be painstaking. Seeing as SPFx solutions are packages, they can be deployed at a tenant wide level or per site collection. This means you can easily spin up a development, test, and prod site collection and have a development stream that can publish updates to any one of these environments with ease without affecting anything you don’t want. Pipelines can be established to further simplify the development stream.
Migration
As stated in the previous point, migration can be very difficult or even impossible with Power Apps. Given the nature of SPFx solutions, migrations can happen with little to no effort moving between site collections, environment, and tenants.
Validation/Conditionals
Conditional and validation logic is certainly possible in Power Apps, but only to an extent. Certain fields do not have the innate ability to filter out things such as special characters and implementing logic to do so is tricky. In some cases, the logic may not even have the ability to be implemented. Conditionals are also implementable, but take time and can be very reliant on form loading factors. Rules were removed so there is no central location to manage all of your logic. Literally any form of conditional or validation is possible in SPFx. Real-time/async validation is implementable. Regex, string validation, number validation, etc. is all easily implementable and scalable. Conditional logic can easily hot-swap visible components to the user.
Data Connections
While data connections to other applications in Office 365 are easy enough to set up, they cause some unintended side effects that may result in an undesirable user interface. For example, if you wanted to pre-populate a Manager field in Power Apps, you can do this by adding the Office 365 Users data connection. However, when you add this data connection, it will prompt the user to allow access to this when they load the Power App. This will occur each time they load it if their cache has been cleared and in other instances as well. While data connections require a bit more set up in SPFx, they can be tailored to do exactly what you need them to do. The sign-in prompt that was mentioned in the Power Apps version of this functionality is no longer an issue. Data connections will migrate with the application should you decide to move it. By default, connections to Teams, Graph, SharePoint, and more are relatively preconfigured for you when creating an application in SPFx.
Redirects
Currently, redirecting applications on submission is not possible from Power Apps. This can cause a lot of headaches, particularly in SharePoint integrated Power Apps. Redirects are completely possible in all manners within SPFx.
SQL Connections
Connections to SQL databases are available from in Power Apps. Depending on what needs to be done with them, you may or may not want to use SPFx (driven by the complexity of the app). SQL connections are also easily implementable in SPFx. They can integrate with non-standard SQL connections such as Azure Cosmos DB, AWS, Firebase, NoSQL DBs, etc.
Customizations
Depending on what needs to be customized, you may or may not be able to complete the task in Power Apps. While they give you a wide range of customization options in Power Apps, you will still encounter some limitations in terms of styling, sizing, resolution, etc. There are essentially no limits to the customizations you can do in SPFx.
Responsiveness
While Power Apps can and will work across platforms, it still has a wide range of issues with responsiveness across browser sides. One area of note is when using People Pickers, Date Picks, and Multiple-Choice fields. These components will often be inoperable on smaller devices. In addition, embedded Power Apps will often have scrolling issues where a user cannot scroll to the very bottom of the app on smaller devices. This is currently a known issue. SPFx applications can be made to be 100% responsive across devices. In addition, SPFx grants the ability to design per device or screen size. For example, you could create a design for phones, a design for tablets, and a design for PCs all in one application.
Data Load
Data loading can be tricky in Power Apps. If you are trying to execute actions based on pre-loaded data, there is not much in terms of something asynchronous that will await the response. Many different issues can come up in things like conditions based on pre-loaded information as the information is not ready to be consumed. Data loading is no issue. Async/Await functionality is easily implementable to ensure that you have the information you need when you need it.

Summary

Use Power Apps if…
  • You do not require storing more than 5,000 records
  • The speed of the forms is not a significant consideration
  • Your forms are relatively basic, without complex repeating sections or business logic
  • You do not need to promote the forms through Development, Test, and Production environments
  • You do not have complex conditional or validation logic
  • Your forms do not need to redirect to a custom location upon completion
  • Responsive design across numerous browser configurations is not critical
  • You have power users who can maintain and modify basic forms and functionality
Use SharePoint Framework if…
  • You need to store larger amounts of data
  • Fast form load and navigation time is critical
  • There is complex logic and/or UI design involved
  • You need to support a full Software Development Lifecycle or migrate the form to various locations
  • You want complete control over the responsive design to support various browser configurations
  • Having seamless integration into Teams and/or SharePoint is important
Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 2

In our first blog of this series, we discussed how entitlement management in Azure Active Directory (Azure AD) Identity Governance creates Access Packages to control the scope and duration of access to groups, applications, and SharePoint sites. The two additional primary tools designed to control and audit access to company resources include Access Reviews and Privileged Identity Management. These three functions work synergistically to help keep a watchful eye on the collaboration space without impeding productivity.

In Part 2, we’ll discuss Access Reviews in detail. These are about auditing access to ensure previously-granted permissions are still appropriate and necessary.

Access Reviews

Setting up an Access Review

An Access Review is a scheduled, guided review of a group of Microsoft 365 users to help determine if their continued access to tenant resources is required. The review can be performed by multiple users and can be set to report on dispositions and, in some cases, automatically take action based on the dispositions set.

The first step of creating an Access Review is naming and describing its purpose. You will also set a start date and frequency if the intention is to perform the review periodically. Frequencies include weekly, monthly, quarterly, semi-annually, and annually. Occurrences can run indefinitely or can end by a specified date or after a number of occurrences. The review will also have an end date, after which the review will close and the “upon completion settings” will be applied.

Create an Access Review

Next, you determine who will be reviewed and who will be performing the review. The users to review can be Members of a Group or users Assigned to an Application on the tenant. Additionally, you can scope the review to include Guest users only or include all users. For Reviewers, you can select the Group’s owners, specific tenant users, or allow for self-review by the users. You can also associate the review with a Program (similar in concept to a Catalog for Access Packages) or choose the Default Program.

Select Users And Reviewers

Next, we’ll set the “Upon completion settings,” which determine the action to take when the end date of the review is reached. The first choice is whether or not you’d like to auto-apply the results. With this setting enabled, any user whose disposition is to Deny access will automatically have their access removed upon the completion of the review. The second option is to determine what actions to take if reviewers don’t respond. These options include “No change,” “Remove access,” “Approve access,” or “Take recommendations.” The last option is based on Azure AD’s auto-set recommendations, which are primarily based on the last time the reviewed user utilized the system.

The final settings, under Advanced, include options to Show recommendations, Require a reason on approval, Mail notifications, and send Reminders to reviewers. All are currently enabled by default.

Settings

At this point, we are ready to start the review process. After pressing the Start button, the new Access Review will be added to the Access Reviews section within the Identity Governance module. The listing will include the name, the resource being reviewed, the status, and when it was created. 

Starting the Access Review

Clicking on the review will show an overview of the settings as well as a chart showing the status of the resources being reviewed. There are also pages to view the Results and the Reviewers. You can even send automated reminders for individual reviewers with the press of a button.

Performing a User Access Review

If the Mail Notifications option was set to Enabled, reviewers should receive an email with a link to begin their review. The email will have a hyperlinked button to take the user directly to the review page.

Review Request

The Review page will show all relevant information, including who requested the review, when it is due by, the names of any other reviewers, and the progress made so far. It will also list each Resource being reviewed with their name, email address, Access Info (statement about whether they have recently logged in), and a recommended Action.

Team Review

This list of users can be filtered based on Status (Reviewed, Not Yet Reviewed, All), Recommendation (Approve, Deny, All), or Action (Approved, Denied, Don’t Know, All). The reviewer can click on a single source to review or multi-select resources using the checkboxes, then press the “Review n user(s)” button. Reviewing resources opens a dialog with options for the disposition and comments. Actions can be Approve, Deny, or Don’t Know. The recommended action will be highlighted already. Don’t Know is useful if there are other reviewers who may have more insight or knowledge of the resource being reviewed. 

Approve or Deny

Although all Resources may have been reviewed, the Access Review will stay open until its end date has been reached to allow for changes or other reviewers to provide input. If desired, a review can be manually stopped so action can be taken. This can be done by the user who originally set up the review using the Access Review overview screen. At that time, the actions will be automatically applied if the “Upon completion” setting’s “auto apply results to resource” is enabled, or the Apply Results button can be pressed if not. 

The results of the review can be reviewed in the Results section of the Access Review.

Results Section

Summary

Access Reviews in Azure AD Identity Governance provide a simple, consistent, and governed method of reviewing and controlling access to company tenant resources. By combining Access Reviews with Access Packages, administrators can tightly control who has access to which resources and ensure they retain the appropriate access only as long as required, all while maintaining agility and simplicity for users.    

Next up: Privileged Identity Management. Configure just-in-time role escalation to implement a least-privileged security model for day-to-day operations while providing a rapid but governed path to escalated roles as required. Stay tuned!

Microsoft Teams vs. Zoom: Feature Comparison

For those using Zoom, hopefully you are carefully reconsidering your use based on the recent security concerns exposed. In this blog, I’ll review the features of Zoom relative to Teams to make sure users are aware of what they get and are giving up with each platform in the event they could take advantage of features that allow them to communicate and work better.   

Unlike a simple “review site,” I’ll address this from the view of a remote worker trying to get their job done and highlight the differences in functionality. This comparison is not intended to target the “social distancing cocktail party” crowd, though they may benefit from it as well. 

Security

Zoom should essentially be treated like an “open conversation” until they get their security issues fixed. The platform is easy to hack and Zoom has previously admitted to collecting and sharing users’ personal data. If security is a real concern, I would not recommend Zoom for anything that you wouldn’t feel comfortable with any random person hearing. 

Microsoft Teams does not use users’ data for anything other than to provide better services. The Microsoft 365 platform, in general, is designed around data loss prevention and information protection. However, it has more to protect as it is designed for persistent storage and collaboration on sensitive information, not just a simple video conferencing platform. 

Web Conferencing

Zoom is simple — which is part of what made it vulnerable. It’s really just an audio/video conferencing tool. Zoom makes it easy to set up a virtual meeting, meet, chat, discuss, and be done. It also doesn’t require any advanced authentication or account management besides your name. 

Teams has similar functionality, but may take a moment longer to set up a conference due to the intent of the platform. For example, Teams was built for integration with Microsoft 365, not as just a standalone product. Its scheduled meetings can be done from within its own calendar interface, which pulls directly from your Outlook/Microsoft calendar. You can also create meetings for Teams directly within Outlook and never open Teams. 

Video Calls & Chat

When it comes to one-on-one or multi-person calls and chatting, Zoom is heavily built around the ID of a meeting or user, which is senout for attendees to “join.” This system is designed to help users schedule meetings or start ad hoc video conferring meetings quickly, but it gets a lot less user-friendly when you want chat with someone, view their availability, jump on a video call, and add/remove people from that context.   

Teams is designed around the individual, not the meeting. Chatting with someone, adding another person to a chat stream, sharing documents and notes, and collaborating on files are Teams’ main goal. It’s called “Teams” for a reason — it’s meant to let smaller groups of people work together.  

It’s important to know that when sharing documents or data with people in ad hoc chats or video calls, that data is stored in OneDrive and available indefinitely if you want to continue working on it.   

Since Teams is part of the overall Microsoft 365 ecosystem, all the data is searchable and discussion/chats can be sent out via email. 

Telephone Integration

One of the biggest differences between Teams and Zoom is telephony. Zoom allows you to use a web link or a dial-in number for those joining from phones, but that’s pretty much where it leaves off. Teams has advanced integration with true calling capabilities because it was designed to replace telephone systems as well. 

For example, with the proper licensing, I can call a telephone or join someone else’s conference via a traditional dial-in number with Teams, treating it like it was a telephone. In a voice meeting or chat, when I want to add a user, I can choose to call their telephone to dial them in. If Teams knows the user, it allows you to choose to invite them via telephone or their traditional online user account.   

If you want the ability to add legitimate telephone capabilities (including receiving calls and voicemail), Teams is a much better choice. 

Complete Internal Communication

Teams was created to be complete internal communication hub — a context-based front-end to a lot of the work we perform on a daily basis. Its capabilities includeemailing, chatting, meeting, co-authoring documents, setting up calendar items, working on projects, and collaborating with both internal and external users on various secured topics and data.  

Teams allows users to work with documents in secure channels, synchronize data to desktopsand co-author documents, adding workflow and automation to them as well. It also allows users to notify others when certain changes are made or reduce notifications on items they don’t need to hear about.  

Teams provides for persistent notes integrated into meetings or work “locations and @ mentionand hashtags to message people and groups specifically or allow them to search for tagged data and conversations. 

One of the most important aspects of Teams is the ability to create multiple teams to work on specific content or projects and make sure those locations are private, secure, and audited, only accessible by the intended groups or users you define. 

Platforms

Both applications are available on all typical platforms: PC, Mac, iOS, and AndroidThere isn’t a big distinction here in terms of availability, and both tools can be browserbased. 

Price

Teams has a free version and the paid access starts with a $5 minimum licensing. However, most organizations already have Microsoft 365 Business Premium ($12.50) or E3 ($20) licensing, which includes a fullyfunctioning version of Teams at no additional cost. Prices increase if you want to use Teams as your office phone. 

Zoom has a free version with some meeting time limitations, and their standard pricing is approximately $15-20 per month. 

Bottom Line

The bottom line is that, in many ways, Teams and Zoom aren’t even comparable.  

Security aside, if all you want to do is create a video/audio conference calls from a computer, Zoom is certainly easier to set up and useBecause the functionality is very specific and limited, there isn’t much else to do with it. 

Teams, however, is designed to be an enterprise collaboration and productivity tool for business that do a lot more than calling and conferencing. The integration of documents, data, workstreams, permissions, and sharing all lend themselves to a deeper overall product. This product does come with some complexity and governance challenges that need to be addressed unless you simply want to use it for video conference calls. 

If you want to do more with the tools you have and prefer software you can manage internally via settings, provisioning, and auditing, Teams is the clear choice for you. 

How To Use Multi Choice People Picker Fields With Microsoft Flow Approvals

Users looking to assign an approval to multiple people in Power Automate (or Microsoft Flow) using a Multi Choice People Picker field in a SharePoint list, may find that it isn’t as straight forward as it might seem. When users feed the field value into any approval step, it will throw it into a for each loop (as shown below).

A challenge arises since users now face an approval being individually assigned to each person defined in the list item. The goal is to have one main approval and if someone in that list approves or denies it, the approval process is completed. To do this, users need to build a string array separated by semicolons and feed that into the “Assigned To” input. First, initialize a variable called “Approvers” and set it’s type to “String”.

Next, set up a for each loop based on the Approvers field in the SharePoint list and append each Approver Email to the string variable using the “Append to string variable” action. At the end of the variable, simply type in a semicolon so the completed string will be the email with a semicolon at the end.

Lastly, users can recreate an Approval step and feed it the new Approvers variable.

With this, users will notice notice that it is no longer thrown into a for each loop and they will get one single Approval tree to work with.

Microsoft Power Automate Flow Trigger Conditions

It’s common to use the ‘When an item is created or modified’ trigger when creating Flows for SharePoint with Power Automate. This can be a very chatty trigger as every change can result in the Flow executing. Users can utilize Conditions, Scopes, and Run After settings within the Flow logic to determine if they should really act on an item. This still results in yet another unhelpful entry within the Run History.

Leveraging Trigger Conditions offers the option to check Trigger Properties and additional logic to determine if the Flow should run at all. Users can continue to use the same Trigger while streamlining both Flow logic and Run History.

Trigger Conditions are found by selecting the menu from the three dots or ellipsis in the upper right-hand corner of the Trigger Card. Once there, look to Settings, then at the bottom, Trigger Conditions. Users can add more than one Condition and that the Trigger will only run when the Conditions of which at least one must evaluate as True.

Since the Dynamic Content menu isn’t available at this point, users must use the available Functions. Whatever expression is entered should return a Boolean value. A non-Null value like an Object or Number won’t allow the Flow to run at all.

Expression Result Type Valid Condition
@add(1, 0) Integer No
@true Boolean Yes
@equals(1, 1) Boolean Yes
@json(triggerBody()) Object No

Note that List One which has two Content Types with differing Fields. Item has only the Title column and Item 2 adds the Example column.

Content Type Fields
Item Title
Item 2 Title, Example

Normally, users would have no means of filtering processed items within the Trigger with When an item is created or modified as no OData filtering is provided. By using the following Trigger Condition, users can ensure Flow doesn’t process any items where Example is missing data.

Two Compose actions are added to show the values of the Content Type and Example properties of the triggering items. When the Test functionality is used, three scenarios can be run:

Item Content Type:

Create a new Item which has only the Title column; no processing should occur.

Item 2 Content Type Without Example Value:

Create a new Item 2 which has both Title and Example columns, complete only the Title; no processing should occur.

Item 2 Content Type With Example Value:

Create a new Item 2 which has both Title and Example columns, complete both; the Test should now fire and process the Trigger.

Here are the results showing the Item 2 Content Type and the text from the completed Example field:

Alternately, we could use the Content Type itself as the Trigger Condition:

@equals(triggerBody()?[‘{ContentType}’]?[‘Id’], ‘0x0100ACFF228D0E467842B04850DDAE19C31C00BBAE74759D28534CB0A8EEAFC9908541’)

Trigger Conditions can be grouped to create complex AND/OR logic. While adding multiple conditions acts as an AND, where all must be True, there is no UI method for OR. Adding @false as a secondary condition illustrates this as if we run a Test — it will never trigger. 

Fortunately, Microsoft has provided both and() and or() logical comparison functions, allowing the introduction of OR in a single condition.

@or(equals(triggerBody()?[‘{ContentType}’]?[‘Id’], ‘0x0100ACFF228D0E467842B04850DDAE19C31C00BBAE74759D28534CB0A8EEAFC9908541’), not(equals(triggerBody()?[‘Example’], null)))

With this condition, the Flow would fire only if either the Content Type is Item 2 OR Example isn’t empty. This would run anytime the Content Type was Item 2, regardless of the value for Example, as well as for any other Content Type so long as Example isn’t empty. Tests do not fire when the Trigger Condition isn’t met, which means no more Run History entries when no real processing occurs. 

Condition Breakdown:

@: Allows the use of a Function within an Expression (anytime it isn’t entered via the Dynamic Content / Expression menu).

or(<expression1>, <expression2>, …): Return true when at least one expression is true. Return false when all expressions are false.

equals(‘<object1>’, ‘<object2>’): Return true when both are equivalent. Return false when not equivalent.

not(<expression>): Return true when the expression is false. Return false when the expression is true.

[, ], and ?: These operators are used to navigate data structures. In addition to accessing indexes in an array, the square brackets also allow access to Properties or Keys.

For users currently filtering on Trigger properties with Action Cards, it’s recommended to use Trigger Conditions instead. Users can even leave your existing logic in place as a matching condition would ensure that the same values are passed. They work particularly well in instances where Flow may trigger itself, such as updating a column value when a List Item is modified. In organizations with complex Flows or a large inventory, Trigger Conditions can cut down on Nesting Depth, Actions Per Flow, and Flow Executions — all of which contribute to staying within service limits and getting the most value from your subscriptions.