It may be required by a law (i.e., the GDPR, as we wrote here) or by a standard (i.e., ISO 27001) or by common sense but all companies (even the small ones) should have an accountability system in place. In other words, it is mandatory to be able to find out why and since when a user has access to an item or perform an action. MS apps provide many ways to accomplish this in scalable, versatile, and universal way.
We can do it with three components of the Microsoft O365 Suite:
- Microsoft lists are a collection of data that you can share with your team members and people who you've provided access to. Lists can be created in Microsoft SharePoint, the Lists app in Microsoft 365, or Teams.
- Microsoft Power Automate is an enterprise system from Microsoft that allows to integrate and synchronize all our data analysis and applications in an automated way, with the aim of increasing productivity and business efficiency.
- Approvals in Microsoft Teams is a way to streamline your requests and processes with your team or partners.
And with some basic knowledge of the three components::•
- Basic knowledge of lists: https://support.microsoft.com/en-us/office/introduction-to-lists-0a1c3ace-def0-44af-b225-cfa8d92c52d7
- Basic knowledge of Power Automate: https://docs.microsoft.com/en-us/power-automate/getting-started
- Basic knowledge of Approvals: https://support.microsoft.com/en-us/office/what-is-approvals-a9a01c95-e0bf-4d20-9ada-f7be3fc283d3
How it works ? Quite easy:
Everything starts from a MS list – called ITEMS - where a user (requester) can ask approval for an getting/accessing an object (it may be a device, access to resource like a file a folder or whatever else). Power Automate – flow called WFLOW_APPR - accessing a second list – ORGANIZATION_CHART – finds out who is the designated approver and eventually complete a list – ASSESSMENT - with the requests status and the approver outcome.
For the full pdf describing the full procedure step by step or if you need help in customizing your own workflow please contact us: info@theinfosecvault.com.