Access Management is a core part of any modern business strategy, and making sure the right people can easily get access to tools is vitally important to success. So, is there a simple way to do it? Or is it something that we need to rely on someone else for?
The simplest answer is that you will always need to rely on others for some elements, but great management comes from delegation and management of appropriate levels of delegation. Over the last decade we have worked to ensure the Group Management is delegated to the end users. They know who needs access after all, so inserting a delay there seems silly.
Group management is a headache for organisations of all size and complexity. Almost all businesses struggle to find a solution and very often things end up either too rigid or too flexible. O365 and the more user-led side of your IT estate also require separate management.
The recommendation for O365 and Microsoft Power Platform
is to consider it as partly standard and partly ad-hoc.
Users need to have locked down and controlled areas
and more open areas that they can manage as needed.
So, how can we manage and balance the two elements, remembering that you should have at least one group for each Workspace and App? Things can get complicated quickly. There are some recommendations in terms of manging groups and permissions, and we’ll quickly cover those next, but fundamentally it is an administrative overhead that you may not want to get involved with.
In practice, within your ad-hoc space you may find that removing the expectation of using Role groups as an intermediary makes sense. Users can manage the specific list of permissions to their managed resources themselves.
By working this way it becomes very easy to audit permissions. We can check to make sure people are not in “Permissions” groups, for example, and the task of adding someone to or removing them from a User Group is relatively simple.
In practice, though, it is extremely rare for a business to be able to commit to fully using this practice with O365, Microsoft Power Platform and Teams. Changes have been made by Microsoft to make things easier so Teams can now be used to manage access to resources. Some companies have experimented with limiting who can create O365 and Power Platform resources, often receiving significant pushback, or they have not been able to fully delegate the controls.
The Microsoft O365 estate (and Azure) support something called “Owner”, that means that one or more people can be assigned owner rights to a group. When you are a group owner you have the rights to add people to and remove people from a group. If you want to see if you are the owner of an groups follow the link below – you need to be using O365.
https://myaccount.microsoft.com/groups/groups-i-own
The default behaviour of the environment is to allow you to manage the group memberships of the groups that you own, technically you can add users or groups to them. Our advice would be to start using this solution with your ad-hoc spaces, a good JLM (Joiners, Leavers and Movers) process will manage the role side of things.
Geordie Consulting has published a free PowerApp for you to use to manage the groups that you own.
You can use and share this PowerApp internally with your bundled O365 PowerApps subscriptions.
This simple app allows people with Ownership of groups to modify the membership of those groups. This is far better than contacting IT to add or remove people. You can further tweak the PowerApp to add an audit trail, to track what has been done and by whom – and it can email that record to the person making the changes. This is intended as a simple way of managing your ad-hoc environment and assigning access quickly and easily, and most importantly, it empowers the user-base to make the changes themselves, all without adding cost.
If you would like assistance in updating the app please do not hesitate to get in contact with Geordie Consulting.
Geordie Consulting have a wealth of expertise and a proven track record of delivering high-quality, customised solutions tailored to our clients’ specific needs. Our skilled professionals are dedicated to ensuring that your organisation reaps the maximum benefits from the Power Platform, driving efficiency and innovation. We pride ourselves on our commitment to customer satisfaction, providing ongoing support and continuous improvement to keep your systems running smoothly. By choosing Geordie Consulting, you are investing in a reliable partner who understands your business and is ready to help you achieve your goals without the burden of excessive costs or complicated processes.
