Automating user provisioning, security roles, and service desk workflows with Power Automate and Microsoft Teams
I designed and implemented a suite of Power Automate workflows that transformed the organisation's service desk operations by automating user provisioning, security role assignments, and Teams-based notifications. The project integrated SharePoint lists and Microsoft Teams channels directly into the service desk process, creating a seamless flow from request submission through to resolution and notification.
Before implementation, user onboarding and role changes required manual coordination between HR, IT, and department managers — often involving email chains, spreadsheet tracking, and significant delays. The new system cuts manual processing time by 50% and reduces escalations by 20% through automated routing, real-time status updates, and structured approval workflows.
The solution leverages the full Microsoft 365 stack: Power Automate for orchestration, SharePoint lists for request tracking, Teams channels for real-time notifications and collaboration, Azure AD/Entra ID for identity management, and Power BI for operational reporting. It demonstrates how M365-native automation can replace fragmented manual processes with a governed, auditable, and scalable service delivery model.
The organisation's service desk processes had grown organically, relying heavily on email and manual intervention. When a new employee joined, the onboarding process involved a chain of emails between HR, IT, and the hiring manager to provision accounts, assign licences, configure security groups, set up equipment, and grant access to relevant SharePoint sites and Teams. Each step was manually tracked, and there was no single view of progress.
Security role changes were similarly manual. When an employee changed departments or took on new responsibilities, updating their access across Azure AD groups, SharePoint permissions, Teams memberships, and application roles required multiple touchpoints with no automated verification that all changes had been applied correctly. This created both security risks (over-provisioned access from incomplete deprovisioning) and productivity losses (under-provisioned access for new roles).
The service desk team spent a disproportionate amount of time on routine, repeatable tasks rather than resolving complex technical issues. Escalations were frequent because there was no structured routing — requests sat in shared mailboxes until someone picked them up, with no SLA tracking or automatic reassignment. Leadership needed a solution that would bring structure, speed, and accountability to service delivery without requiring a costly third-party ITSM platform.
I mapped every service desk process end-to-end, identifying the steps that were manual, repetitive, and suitable for automation. I analysed ticket data to understand the most common request types, average resolution times, escalation patterns, and bottlenecks. User provisioning and security role changes emerged as the highest-volume, most time-consuming processes with the clearest automation potential.
I designed SharePoint lists to serve as the structured backend for service requests, replacing the shared mailbox approach. Each request type has a dedicated list with custom columns capturing the specific information needed for that workflow — eliminating the back-and-forth that occurred when requests arrived with incomplete information. Power Apps forms provide a guided submission experience for end users.
I built 20+ Power Automate flows covering the full service desk lifecycle. For user provisioning, this includes: new starter request capture, manager approval routing, automated Azure AD account creation, licence assignment, security group membership, SharePoint site access provisioning, Teams team addition, and confirmation notification. For role changes: request submission, multi-level approval based on access sensitivity, automated group membership updates, and verification checks.
I configured dedicated Teams channels for service desk operations, with Power Automate posting structured Adaptive Cards for new requests, status changes, and SLA warnings. This gave the IT team real-time visibility without needing to constantly check a queue, and enabled quick collaboration on complex requests directly within the channel thread. Escalation alerts automatically notify relevant managers when SLA thresholds are approaching.
Each workflow was tested against comprehensive scenarios including: standard provisioning, role changes across departments, emergency access requests, deprovisioning (leavers), and edge cases like concurrent role changes or requests for access to restricted resources. I validated that Azure AD changes propagated correctly and that all notification channels fired as expected.
The solution was rolled out in phases — starting with user provisioning, then adding security role management, and finally broader service desk automation. Each phase included training sessions for both IT staff and end users, with feedback loops informing iterative improvements. Power BI dashboards were configured to provide real-time operational metrics from day one.
The architecture centres on Power Automate as the workflow engine, orchestrating between SharePoint (request management and tracking), Azure AD/Entra ID (identity and access management), Microsoft Teams (notifications and collaboration), and Power BI (operational reporting).
When a service request is submitted via Power Apps or directly in SharePoint, Power Automate evaluates the request type and routes it through the appropriate approval and fulfilment workflow. For provisioning requests, the flow calls Microsoft Graph API to create or modify user accounts, assign licences, and manage group memberships. Teams Adaptive Cards keep stakeholders informed at each stage, and the SharePoint list is updated in real time to maintain a complete audit trail.
Error handling is built into every flow with retry policies, fallback notifications, and manual intervention queues for requests that cannot be automatically fulfilled. The Power BI dashboard pulls from SharePoint list data to surface request volumes, resolution times, SLA compliance, and automation success rates.
Using Teams Adaptive Cards for notifications was a game-changer for adoption. Rather than requiring IT staff to monitor a separate system, updates came to them in the tool they already lived in. The structured card format made it easy to see request details at a glance and take action directly from the notification. The phased rollout approach also proved critical — starting with user provisioning built confidence in the automation before expanding to more complex workflows.
I would build a self-service portal earlier in the project, giving end users visibility into the status of their own requests without needing to contact IT. I would also implement more granular analytics from the start — understanding which specific workflow steps take longest and where manual intervention is most frequently required. This data would enable continuous optimisation of the automation flows and help justify further investment in service desk modernisation.
The immediate impact was a 50% reduction in manual processing time for the most common service desk operations. For user provisioning alone, what previously took hours of coordinated effort across multiple teams now completes in minutes with a single request submission. This freed the IT team to focus on complex technical issues rather than routine administrative tasks.
The 20% reduction in escalations reflects a fundamental shift in how service requests are handled. With structured routing, SLA tracking, and automated notifications, requests no longer fall through the cracks. Managers have real-time visibility into their team's requests, and the IT team can proactively manage workload based on dashboard insights rather than reacting to complaints.
From a security perspective, the automated provisioning and deprovisioning workflows significantly reduce the risk of access-related incidents. New starters receive exactly the access they need from day one (no more, no less), and leavers have their access revoked systematically rather than relying on manual checklists. Every change is logged with a complete audit trail, supporting compliance requirements.
The solution is built entirely on Microsoft 365 tools the organisation already licences, avoiding the cost and complexity of a third-party ITSM platform. It's maintainable by the internal team and extensible as new automation opportunities are identified.
I build M365-native service desk automation that eliminates manual bottlenecks and brings structure to IT operations. Let's discuss your requirements.
Get in Touch