Self-service provisioning: Setting it up and things to avoid when starting Microsoft 365 provisioning

Microsoft MVP Drew Madelung explains self-service provisioning, how to get started building a provisioning solution in Microsoft 365, and what to avoid in the process.

Self-service provisioning is about enabling employees to get the IT resources they need quickly and easily, without having to go through the IT department every time. Microsoft provisioning can help automate the process, making things more agile, efficient, and secure. Plus, it gives admins more control over what’s going on with IT resources.

But when working on a provisioning solution in Microsoft 365, there are both good and bad practices to consider.

Sometimes it’s easier to look at the things to avoid versus the best practices because every provisioning solution is different. You first want to ask yourself if out-of-the-box tools can help you. If the answer is no, think about what kinds of additional tools might be best for your organization. 

Let’s delve deeper into what self-service provisioning is before discussing what to steer clear of when building a self service provisioning services solution in Microsoft 365.

Understanding self-service provisioning

Self-service provisioning is a way for people to get what they need without having to ask someone else for help or maintain it. It can save IT time for more value-add projects, but good governance and monitoring is key to balancing productivity and security.

Here are the main takeaways about self-service provisioning for developers and organizations working with Microsoft 365:

• End users can create their own workspaces like Teams, groups, and SharePoint sites without IT’s help.
• They can easily sign up for Microsoft’s online services without opening up a ticket.
• Self-service provisioning in Microsoft 365 helps reduce the need for unauthorized cloud services by making it easy for users to request new objects within the platform.

Fortunately, IT admins can easily implement self-service management for various end user needs, such as creating Microsoft 365 groups.

Tangible benefits of self-service provisioning for your organization

IT is the main facilitator of enabling self-service provisioning, shifting some responsibilities from administrators to end users while ensuring security and governance within this framework. Here are some benefits of enabling self-service for managing modern IT operations:

1. Enhanced productivity and collaboration: Allowing users to create and manage their own workspaces make it easier for them to work together, resulting in more work done and less delay.
2. Reduced IT workload: Enabling self-service means the IT team has time to focus on more important tasks and support functions.
3. Improved security: IT makes puts guardrails and policies in place, which reduces the risk end users making costly or risky mistakes when provisioning. It allows IT to know what’s being created, rather than restricting end users, which typically leads to shadow IT and sprawl.

Top 5 Microsoft 365 provisioning setup mistakes and how to dodge them

By being aware of these mistakes, you can take steps to avoid them and ensure a smooth provisioning process.

1. Avoid using technology your team can’t support 

Building a custom provisioning solution for your collaboration workspaces in Microsoft 365 has a large toolkit of options.

If you’re building and managing something incredibly custom at scale, you could be in a situation where you have custom code running somewhere like Azure or on a server that needs access to be maintained and governed.

Many provisioning solutions are using Microsoft Patterns & Practices (PnP) provisioning engine. This can be used via PowerShell or development languages but can become complex.

What if your team doesn’t have anyone that can actually write or understand the development languages that the custom solution was written in? What if you hired a third party to build a solution in the Power Platform, but no one on your team has ever worked with it, and when it’s done, it breaks? 

If your team is more comfortable with Azure Logic Apps than Power Platform and can get the same technical capabilities from the platform for the ask, then you should use it.

How to make sure your infrastructure is lasting

Ensure your technical architecture can be built, supported, and maintained after the provisioning solution is built. One of the worst scenarios is if you build something, there is an issue, and no one on your team has the skills to fix it. And just like that, your amazing custom Microsoft 365 provisioning solution you spent time and money to build is useless. 

2. Avoid not getting actual requirements

You need to make sure that you’re building or enabling a network provisioning solution that has a reason to be there.

Do you need to block creation for certain people or have a naming scheme for part of your organization? That is simply fine to have but don’t jump to conclusions for technical implementation just because the technology offers it.

A motto to live by when building your provisioning solution is “just because you can, doesn’t mean you should.” It’s too easy to fall into a complex configuration solution because you think it’s a clever idea if it isn’t needed.

A common pitfall for collaboration workspace provisioning is an extremely complex naming scheme for Teams with a prefix. If you have too many characters at the beginning, let’s say you use a business unit or department within the Teams clients, you won’t be able to determine the team itself, and you’ll only see a giant list of department names.

The takeaway: Just because you can make a complex prefix doesn’t mean you should!

Pro tip: include non-IT stakeholders in your planning

The way to avoid these potential issues is to have stakeholders outside of IT in the planning and feature design sessions.

For example, your information governance team might have good reasons to want to use Adaptive Scopes for retention policy or label deployment. Maybe your communication team wants a better information architecture for news and a better SharePoint hub site architecture as part of provisioning. 

As you prepare to deploy fully, do user acceptance testing. Don’t just have functional IT testing as part of your implementation. While piloting the solution, use feedback surveys, focus groups, and meetings to talk to the users about the solution to hear what they like and don’t like. Spending the time upfront will ensure that your Microsoft 365 provisioning solution is not overly complicated and is what the users want. 

3. Avoid too many approvals

One of the worst things you can do for your users is slow down the collaboration experience.

If they’re requesting a SharePoint site or team, they’re in the context of their work and will be more productive if they can get their workspace as quickly as possible. But if you put a barrier in the creation of an unnecessary approval, they’ll end up storing those files somewhere else like their own computer, a network share, or another cloud storage option, and end up emailing multiple copies around.

If they could quickly get their collaboration workspace, they’d have better sharing, security, compliance, and overall working experience. 

This doesn’t mean that there aren’t reasons to have approvals in a provisioning solution, but make sure they’re actually there for a good reason.

Power Automate approvals

A great tool is Power Automate approvals. Only use them when appropriate. A good example is to include approvals for SharePoint and Team sites that are planned to host sensitive data or in regions that require Microsoft multi-geo. Then you can ensure you’re controlling risk and cost.

An effective way to think about this is to start your provisioning plan with open provisioning and only lock it down where you need to. Don’t start with approvals required for all and only open it up for a specific reason.

ShareGate’s Multiple approvers feature

Another great way to streamline your approval process for team creation is by leveraging ShareGate’s new Multiple approvers feature. It demands that end users seek approval for new team creation by people IT assigns as approvers right at their templates (managers, end users, you name it). And, when this creation request is sent out, all approvers are notified so the new team won’t sit waiting for just one person to say “yes” or “no.”

4. Avoid only planning for modern SharePoint

Microsoft 365 provides enterprises with a collection of collaboration solutions, and they continue to evolve. The primary collaboration solutions are backed by Microsoft 365 Groups, which power SharePoint, Teams, Yammer, Outlook, Planner, and maybe more in the future.

Even within SharePoint, we have group-backed sites and non-group-backed sites like Communication sites. As you read through these things to avoid, you’ll see the references to Microsoft 365 collaboration workspaces, not just SharePoint or Teams. 

Use the idea of what type of collaboration workspaces you need to provision with specific configurations and settings to empower your users.

You can build a provisioning front end that lets the user pick the types of things they want to work on, and then provision the appropriate workspace.

For example, if a user is prompted with a collection of workspace options on creation, one could be document storage, the next a project site and the other could be communication location. The first would provision a non-group-backed SharePoint site, the next would be a Microsoft Team, and the last would create a SharePoint communication site. This gives you a flexible, business-focused solution compared to just a technical SharePoint tool. 

5. Avoid building your provisioning infrastructure thinking your tenant will always look the same

Your Microsoft 365 environment is going to evolve. From the time this post was written to the time it’s read, things will have changed in your tenant.

A provisioning solution is not a set-it-and-forget solution. The workspace options will change, the capabilities you can configure will change, and the ability to add governance options as part of provisioning will change. Also, the APIs backing Microsoft 365 continue to expand with more options and sometimes will have endpoints deprecated. Things will break and need to be maintained simultaneously as innovative technology gets released. 

Establish a proactive response to changes within your organization

One of the best ways to do this is through monitoring the message center and the option to track your message center tasks in Planner. This will let you and your organization stay in front of changes before they break your provisioning solution and allow you to plan for updates if new options come out.

If you built a solution using custom development or PnP open-source technologies, follow the Microsoft 365 developer blog.

Best practices for implementing Microsoft 365 self-service provisioning

When implementing Microsoft 365 self-service provisioning, there are several factors to consider to ensure a successful deployment. Here are some key considerations:

Align self-service provisioning resources with your organizational goals

• You can customize Microsoft 365 self-service provisioning settings to match specific business needs and achieve key objectives. Or, you can give your end users templates for workspaces tailored to their needs right from the get-go, with your guardrails in place using an automated provisioning solution for Microsoft 365.

Ensure data security and compliance

• Control who can access sensitive data by using role-based access and permissions, ensuring only authorized users can access specific resources.
• Regularly review the self-service provisioning process to make sure it complies with industry standards, legal regulations, and your internal security policies.

Fortunately, ShareGate is a codeless solution and with these Power Automate examples, you can swiftly and securely streamline your Provisioning process with.

Simplify workflows and streamline processes

• Create user-friendly interfaces and tools for self-service provisioning that are easy to understand and navigate. This helps users learn quickly and reduces the potential for errors.
• Automate routine provisioning tasks and connect Microsoft provisioning tools with other systems for smoother workflows throughout your organization. A third-party tool can help you automate everyday IT tasks and governance policies, so you can keep your tenant organized and secure.

Increase end-user adoption and engagement

• It’s important to understand how employees use their tools to do their work and what they need to be more productive and efficient. This way, you can identify areas for a better user experience in the context of self-service provisioning automation.

Evaluate the success of your Microsoft 365 provisioning setup

How well did your Microsoft 365 provisioning service setup work? Here’s a general framework to assess the effectiveness of your implementation and what factors to consider:

Monitor user adoption and satisfaction

• Collect feedback from users about their experiences with the self-service provisioning services to identify areas for improvement or dissatisfaction.
• Assess how quickly users are adopting the provisioning system and identify any obstacles that may hinder widespread adoption.
• Track helpdesk tickets to see if there’s a decrease in requests for provisioning or creating workspaces and productivity tools.

Track key performance indicators (KPIs) and metrics

• Set specific and measurable targets for the self-service provisioning system’s performance, like how many users are adopting it, how quickly resources are allocated, and the occurrence of errors.
• Regularly analyze metrics and targets to identify usage patterns that can guide your decision-making in helping to improve the system.

Managing end users with smart monitoring is seamless, thanks to ShareGate’s pre-built and custom centralized reports.

Regularly fine-tune

• Try to encourage a culture of ongoing improvement by regularly reviewing and refining the provisioning process based on user feedback and data insights.
• Ensure the provisioning system stays updated with the latest software, security, and best practices to maintain its effectiveness and efficiency over time.

And there you have it. It’s important to be mindful of the pitfalls in setting up Microsoft 365 provisioning. And although every provisioning process will be slightly different for everyone, you can keep these lessons in mind, from planning to ongoing maintenance.

• Don’t build something so complex that no one can fix it.
• Don’t overcomplicate if it doesn’t need to be.
• Start with no approvals and only add where needed.
• Approach modern SharePoint as collaboration workspace provisioning.
• Things will break and change, so be ready.  

Dive deeper into M365 provisioning! Watch ShareGate’s on-demand video webinar video to learn how to combine the best of both worlds – enabling self-service and keeping your sensitive data secure.