Edit

Share via

Manage employee lifecycle using Microsoft Security Copilot (Preview)

  • Article

Microsoft Entra ID Governance applies the capabilities of Microsoft Security Copilot to save identity administrators time and effort when configuring custom workflows to manage the lifecycle of users across JML scenarios. It also helps you to customize workflows more efficiently using natural language to configure workflow information including custom tasks, execute workflows, and get workflow insights.

This article describes how to work with lifecycle workflows using Security Copilot in the Microsoft Entra admin center. Using this feature requires Microsoft Entra ID Governance licenses.

Sign in to the Microsoft Entra admin center as at least a Lifecycle Workflows Administrator. Navigate to Identity Governance -> Lifecycle workflows overview.

Launch Security Copilot from the Copilot button in the Microsoft Entra admin center. Use natural language questions or prompts to:

  • Create a lifecycle workflow
  • Run a lifecycle workflow
  • Explore available workflow configurations
  • Analyze the active workflow list
  • Troubleshoot the processing results of workflows

Screenshot that shows the Copilot in the Microsoft Entra admin center.

Create a new lifecycle workflow

Security Copilot can give you the steps for creating a new lifecycle workflow. Provide a prompt with actions to take when the workflow is triggered and conditions that define which users (scope) this workflow should run against, and when (trigger) the workflow should run. For example:

Create a lifecycle workflow for new hires in the Marketing department that sends a welcome email and a TAP and adds them to the "All Users in My Tenant" group. Also, provide the option to enable the schedule of the workflow.

Review the returned results to see what the workflow includes and then create a new workflow in the Microsoft Entra admin center. After the workflow is created, you can perform verification testing before enabling the schedule.

Run a lifecycle workflow on demand

Security Copilot can also provide steps for running a workflow on demand or on a schedule. Provide a prompt with information on a specific workflow to run, when it should run, and which users to run it for. For example:

Review the returned steps to see what the workflow includes then run the workflow.

Explore available workflow configurations

Using Microsoft Security Copilot, you can efficiently manage various lifecycle workflows. Here are some common tasks you can accomplish with Security Copilot:

For example:

  • List all lifecycle workflows in my tenant
  • List all the supported workflow templates for creating a new workflow
  • What are my lifecycle workflow settings?
  • Which leaver tasks can I automate with lifecycle workflows?
  • What templates can be used for creating a mover workflow?

Analyze active workflow list

With Microsoft Security Copilot, you can easily analyze and manage your active workflow list and retrieve specific workflow information.

For example:

  • Get my lifecycle workflows with the name {workflow name}
  • List all mover workflows in my tenant
  • List all the deleted lifecycle workflows in my tenant
  • List all disabled lifecycle workflows in my tenant
  • Show me the details of disabled workflow {workflow}

Troubleshoot a Lifecycle Workflow run

You can use Security Copilot to help troubleshoot a workflow run. Security Copilot uses the information provided to generate and return a rich summary of the workflow history over the given time period for the specified workflow.

Explore workflow processing results of a specific workflow:

  • Summarize the runs for {workflow} in the last 7 days
  • How many times did the workflow run in the last 24 hours
  • Which users failed to be processed by this workflow in the last 7 days?
  • Which tasks failed for {workflow} in the last 7 days?
  • Show me the user processing results summary for {workflow} in the last 7 days

Explore workflow processing results across workflows:

  • How many workflows were processed in the last 7 days?
  • How many users were successfully processed by workflows in the last 14 days?
  • Which workflows have been run the most in the last 7 days?
  • Which tasks failed the most in the last 30 days?
  • Which workflows failed the most in the last 7 days?
  • How many mover workflows were executed in the last 30 days?

Compare versions of a lifecycle workflow

You can use Security Copilot to compare workflow versions. Security Copilot uses the information provided to generate and return a rich summary of the content of two versions of the specified workflow as well as the core differences between the workflow versions including tasks and execution conditions.

For example:

  • List all workflow versions for {workflow}
  • Show me who last modified {workflow} and when
  • Show me the details of {version #} for this workflow
  • What changed in the last version of this workflow?
  • Compare the last two versions of this workflow
  • Compare {version #} and {version #} of this workflow

Next steps