Microsoft 365 provisioning: Key steps and best practices

Microsoft MVP Drew Madelung talks about Microsoft 365 provisioning scenarios, and four key steps to provisioning success.

Microsoft 365 appeals to IT administrators as a powerhouse tool for simplifying work, but managing the Microsoft 365 environment is complex and time-consuming.

Luckily, Microsoft 365 provisioning can help you streamline your organization’s operations. When you adopt a standardized system, it becomes easier to coordinate user accounts, user management, groups, security, and other resources.

In this article, you’ll learn how Microsoft 365 provisioning works and the best practices for managing your organization’s environment. I’ll walk through a step-by-step guide to help you start reaping the benefits of using these tools for collaboration.

Understanding Microsoft 365 provisioning

At its core, provisioning is the act of “providing” or making something available. In Microsoft 365, this can be as high-level as provisioning:

• user licenses
• a new user
• a new tenant
• a new SharePoint site
• a new Team or Team site for a department

Provisioning scenarios and examples

Organizations can and should establish multiple provisioning scenarios around Microsoft 365 technologies to cut administrative overhead and streamline the onboarding process for new users. By standardizing your provisioning and using Microsoft automation technologies to deliver your scenarios, you can reduce risk and preserve your limited time for more critical tasks.  

Collaboration workspace provisioning is one of the most common scenarios. You can provision Microsoft 365 solutions that create communication and collaboration platforms for your employees, offering a single location where multiple people can work together.

Microsoft Teams is a prime example. In Teams, a user can create a team and call it “Product Launch Team” and then create different channels within it to organize discussions and content. They might create channels like “Marketing,” “Design,” or “Sales” to focus conversations and files around those areas. IT can build templates that put the guardrails in place for users to follow when creating spaces in Microsoft 365.

To implement a collaboration provisioning strategy for your business, you first need to understand how this scenario specifically fits within the Microsoft 365 architecture. Read on to explore some of the key components of the architecture that support this strategy.

Navigating Microsoft 365 provisioning: Services and products

When developing your collaboration provisioning policies, you need to move beyond simply considering specific products. It’s also important to reflect on the services they provide and the functions they serve within Microsoft 365.

While products and names come and go, the service’s core architecture remains the same. Behind every feature lies a product or several products, including chat, channels, files, emails, calendars, pages, and communities. For successful Microsoft 365 provisioning, reflect and plan around how these services work together and operate distinctly.

Interconnected through Microsoft 365 Groups

As a cross-solution membership service in Microsoft 365, Microsoft 365 Groups act as the core solution and the glue that binds these collaboration solutions together.

At a basic level, a Microsoft 365 group exists as a membership object in Microsoft’s cloud-based system Azure Active Directory. Administrators can create and manage active users, resources, and workloads across various Office 365 services, including: 

• Microsoft Teams (chat/channels) 
• SharePoint team site (files/pages/lists) 
• Shared Exchange mailbox (email/calendar) 
• Planner (tasks) 
• Yammer (communities)

The role of Azure Active Directory (AD) and Groups

With Azure Active Directory (Azure AD) user groups, businesses can ensure that all the users in their workplace can consistently access their workplace tools.

You can add or remove people to the Microsoft 365 group like any other group-based security object in Azure Active Directory.

What Azure AD does

Microsoft offers Azure AD as an identity and access management platform for businesses looking to centralize user authentication and boost their security. It simplifies coordinating access, permissions, and device management. AD users can also improve productivity by avoiding burdensome administrative and logistical tasks.

The relationship between Azure AD and groups for effective provisioning

Businesses can use Microsoft 365 groups in Azure AD to organize users, user identities, and resource access. When an administrator assigns a user to a group, they can make their job much more straightforward and ensure every team member can get their work done hassle-free.

Critical assets can remain confidential to only the users that need to see them, with the capacity to ensure proper access control. Azure AD also supports governance, facilitating policy, compliance, and risk management.

Ultimately, AD groups can be revolutionary for IT administrators, helping them to empower effective collaboration in their organization securely.

How each service works independently

When working in a Microsoft 365 environment, you can use each service individually without relying on the others. You can also customize, configure, enable, or disable each to reflect your organization’s requirements.

There are nuances to the Microsoft 365 architecture you need to understand for provisioning:

• A SharePoint communication site or classic SharePoint site only uses SharePoint permissions, not a Microsoft 365 group.
• Groups have the strongest tie to Exchange, so most advanced parameters are visible through the Exchange object of the group, including PowerShell management. 
• When you provision a team, a SharePoint site is created too, but the SharePoint site that’s automatically created is a generic template provided by Microsoft.
• If you create a Yammer community, you can’t add a Microsoft team to it, and vice versa.

Understanding this technical architecture, you can build stronger collaboration workspace provisioning solutions. You’ll be able to recognize that you aren’t just building a Microsoft Teams or SharePoint site provisioning solution but something more comprehensive that requires the Microsoft 365 Groups level for planning.

How each service can work together

Using Azure AD, businesses can integrate services and link them to each other, such as using Microsoft Planner in Teams. The service also enables users to sync data sharing between services, employing API connections and Microsoft Graph to allow advanced custom cross-service interactions.

Provisioning flexibility within services

Azure AD also allows businesses to customize their provisioning settings and a flexible Microsoft 365 environment, giving you the tools to provision specific services or a combination of services based on employee usage. Depending on your organization’s needs, you can tailor solutions and create templates and methods for different user roles and scenarios. You can even integrate new applications, on-premises applications, applications built by your developers, and applications that aren’t in the gallery.

Plan for modern provisioning solutions 

Innovations in provisioning options have evolved alongside modern collaboration technologies, finally allowing businesses to embrace out-of-the-box approaches that reflect their particular goals.

In the past, collaboration provisioning solutions, such as on-premises SharePoint sites, were primarily IT-owned and driven by helpdesk requests. End users found this particularly frustrating because the experience would cause delays in starting their work, and it just wasn’t flexible enough to meet their needs.

Benefits of modern provisioning

Embracing a modern IT provisioning approach means deploying and configuring software, applications, and devices for users quickly, efficiently, and automatically.

Cloud-based tools can help you streamline the process and handle growth.

For example, an IT admin can use ShareGate, an out-of-the-box management solution for Microsoft 365, to identify an existing SharePoint site with all its web parts, components, structure, and content and embed it in your provisioning templates. When a user provisions a team using that template, ShareGate copies the blueprint site, including all its elements and content, enabling a fully-equipped workspace within minutes.

Modern provisioning is faster, Microsoft 365 group-backed, and primarily self-service driven. It can help eliminate boundaries and bottlenecks between users and IT, while also ensuring that collaboration workspaces can support employees and administrators in their duties. 

Typical challenges of modern provisioning to look out for

For the most successful Microsoft 365 provisioning, you’ll want to balance how you prioritize the user experience while also meeting your IT, security, and compliance provisioning requirements.

Too often, companies focus too heavily on their internal needs and neglect to add guardrails and empower their users, leading to a clunky navigation experience for the end users.

Ensuring your team can undergo this large-scale organizational change with minimal disruptions is also critical. Managing complex provisioning tasks while adapting to new tools and expectations requires guidance and a comprehensive, proactive strategy.

Luckily, self-service management for creating Microsoft 365 groups can effectively address ticket queries and enhance collaboration among end-users.

4 key steps to Microsoft 365 provisioning success

The key to a good governance plan is balancing productivity with security. With a flexible and modern Microsoft 365 provisioning approach, you can avoid overcomplicating your processes and technologies, enabling you to manage the various services in collaboration workspaces successfully.

Too often, IT administrators make provisioning decisions for Teams or SharePoint that don’t consider all the technologies or how users will feel and interact with the process.

Before selecting your technology, start with requirement gathering. That way, you’ll actually achieve your desired outcomes.

Step 1: Requirement gathering for Microsoft 365 provisioning policy development

Figuring out the “why” behind your choices needs to come before tooling. To set the stage for an effective provisioning solution, start by determining your organization’s requirements and expectations.

With that information, you can create customized solutions to meet specific needs and goals for both IT teams, organizational teams, and your end users. You can also reduce complications by identifying how to allocate your resources more efficiently to your most prioritized features and essential services.

Example: Building a Teams provisioning solution

Careful planning to enable provisioning begins with documenting your organization’s requirements and answering, “What do we want to accomplish?”

Here are a few examples of potential provisioning requirements:

• Our organization needs to address a security or compliance risk for specific users.
• We have multiple business units or subsidiaries and want to be able to identify a Team or Team site by business unit or subsidiary.
• For reporting or auditing purposes, we want to add metadata to the Team or Team site based on the data of the user creating it, such as the creator’s location or department.
• We want to speed up an existing process that would allow users to create collaboration workspaces faster instead of doing it manually.
• We want to add custom content or experiences to new collaboration workspaces as learning tools for new owners.

Your provisioning process will be rewarding when the entire organization is on the same page and defines these requirements together, including both business and IT. Remember, avoid adding unnecessary barriers to user adoption! Don’t add a provisioning solution just for the sake of it; gather your requirements first.

Step 2: Technical understanding: What’s possible for your architecture? 

Once your team has established your “why” behind your provisioning strategy, you need to assess and then identify your feasible options. Factors like APIS, permissions, and automation technology can act as instant blockers and limit your provisioning process. Remember, avoid overpromising what you can accomplish based on your identified requirements.

Example: Provisioning question form

Here’s an example of working around a provisioning limitation: when you can’t do a URL redirect to add a form to point to a provisioning question form across all creation starting points. For administrators who want an entry port form, an organizational change management practice can help educate the users about the new location instead of allowing the “create” out-of-the-box options.

Similarly, developing an effective workaround will require understanding the technical architecture of Microsoft 365 collaboration, as discussed above.

Introducing Microsoft Graph

Beyond the base architecture, implementing Microsoft Graph will be pivotal for organizations using an advanced custom provisioning process.

Graph will provide the necessary create, read, update, and delete (CRUD) operations for organizing and managing Teams, Sites, Communities, and their supporting Microsoft 365 Groups in your provisioning plan.

Step 3: Develop the user provisioning process

Once you have your “why” and have determined what’s possible to accomplish technologically, it’s time to focus on the user experience. During provisioning, people often overlook how users initiate a particular request type.

User experience and its impact on the provisioning process

Your provisioning strategy needs to consider how users will initiate requests, which will significantly impact the user’s daily experience and the effort required from your team when responding.

Users have countless options for creating Microsoft 365 collaboration workspaces across clients, browsers, and mobile apps – and you can’t add custom logic to everything.

Too often, organizations underestimate the organizational change required when migrating from off-the-shelf Microsoft 365 creation templates and any processes outside initial provisioning.

An excellent user experience also involves adding your necessary provisioning requirements behind-the-scenes after or during the initial creation, using out-of-the-box creation and editing for Teams, SharePoint sites, and Groups.

Tips for creating an effective user provisioning process and an even better user experience

When implementing your Microsoft 365 provisioning and changing your existing system and features, you must consider your user’s current preferences before introducing something new. With any change, you need to enhance their native experience and avoid disrupting it as much as possible. Ask yourself, “Where do users currently make other requests?” and keep their best interests in mind. 

A user-centric provisioning approach means making strides to streamline the request process.

• Simplify the steps users must take to initiate provisioning requests to reduce barriers to engaging with your infrastructure. Users can then accomplish this task with less effort and a more pleasant experience.

You should automate as much as possible.

• Use automation technologies to accelerate provisioning tasks, reduce manual errors, and improve consistency across your organization.

Finally, your team should strive to clearly communicate how provisioning will work.

• Offer ongoing support through training, guidelines, and one-on-one assistance if users need help navigating the provisioning process and adapting to system changes.

Step 4: Establishing a Microsoft 365 provisioning policy with the right software

After determining your requirements, technical capacity, and user provisioning process, you can finally decide what technology will comprise your Microsoft 365 collaboration workspace provisioning solution. The three primary options I see are:

1. Native creation tools and post-creation provisioning
2. Build your solution through custom development
3. Or, get a third-party solution

Guidelines for choosing the best option for your organization

• If you don’t have a team available to maintain and own a custom solution, native creation tools or third-party solutions should be your first choice.
• Don’t disrupt the user experience and overcomplicate the process just because new and shiny tools seem appealing to introduce into your environment.
• Critically, you need to ensure that you are familiar with the technical resources available to your organization and have the necessary experience in using them. This will reduce the time required to complete the project and minimize the post-implementation impact too.
  • Take the user entry point, for example. When companies build a custom solution, they commonly use Power Apps as a tool. Suppose your organization hasn’t deployed Power Apps globally or doesn’t own it. In that case, you may create an unnecessary roadblock if another team already uses a more standardized form solution that can work just fine.

Effective Microsoft 365 provisioning requires keeping user needs at the forefront. You’re also more likely to succeed if you engage in rigorous groundwork and take a proactive approach that considers your unique business environment and available resources.

When you’re well informed about your options and how your provisioning process fits into your long-term objectives, you can create a seamless provisioning experience that empowers users to take their productivity to the next level.

If you’re ready to get started, I recommend heading over to my next article in the series: How to get started with modern Microsoft 365 provisioning.