Common Workflows¶
This guide covers the most frequently used workflows in Zenzero ZAI, with detailed examples, parameters, and best practices for each.
Employee Lifecycle Workflows¶
New Employee Onboarding¶
Complete setup for a new hire in one workflow.
M365 Complete Onboarding¶
What it does: 1. Creates M365 user account 2. Assigns appropriate license 3. Adds user to standard groups 4. Configures mailbox settings 5. Returns credentials
When to use: - New employee starting - Contractor onboarding - Temporary staff setup
How to trigger:
You: Onboard new employee
AI: What's the email address?
You: jane.smith@contoso.com
AI: What's the display name?
You: Jane Smith
AI: Which license?
1. Microsoft 365 E3
2. Microsoft 365 E5
3. Business Premium
You: 1
AI: Which department groups?
You: Sales and Marketing
AI: [Shows approval card with all details]
Parameters:
| Parameter | Required | Example | Default |
|---|---|---|---|
| user_email | ✅ | jane.smith@contoso.com | - |
| display_name | ✅ | Jane Smith | - |
| license | ✅ | Microsoft 365 E3 | - |
| department_groups | ❌ | Sales, All Staff | All Staff only |
| password | ❌ | TempPass123! | Auto-generated |
| usage_location | ❌ | GB | GB (org default) |
Expected output:
✅ Onboarding Complete!
User Details:
• User ID: 5c3102ee-ec2e-4885-8959-32d739cb90fd
• Email: jane.smith@contoso.com
• Display Name: Jane Smith
• Password: TempPass123!
• Account Status: Enabled
License:
• Microsoft 365 E3: Assigned ✅
Groups:
• All Staff: Added ✅
• Sales Team: Added ✅
Next Steps:
1. Copy password to share with Jane
2. Send welcome email with credentials
3. Verify she can log in
Time saved: 15-20 minutes vs manual process
Common issues:
| Issue | Solution |
|---|---|
| User already exists | Use Update User workflow instead |
| No licenses available | Purchase more or remove from inactive user |
| Group not found | Create group first or use different group |
| Invalid email format | Ensure full email with @domain |
Employee Offboarding¶
Complete teardown when employee leaves.
M365 Complete Offboarding¶
What it does: 1. Disables user account 2. Removes all licenses 3. Converts mailbox to shared 4. Removes from all groups (except archive group) 5. Revokes all sessions 6. Documents final state
When to use: - Employee termination - Contract end - Long-term leave (with modifications)
How to trigger:
Parameters:
| Parameter | Required | Example | Default |
|---|---|---|---|
| user_email | ✅ | john.doe@contoso.com | - |
| convert_to_shared | ❌ | true | true |
| shared_mailbox_access | ❌ | manager@contoso.com | (none) |
| archive_groups | ❌ | Former Employees | (none) |
Workflow steps:
⏳ M365 Complete Offboarding
✅ Step 1/6: Disable User Account
john.doe@contoso.com is now disabled
✅ Step 2/6: Revoke All Sessions
All active sessions have been terminated
✅ Step 3/6: Remove Group Memberships
Removed from 5 groups:
• All Staff
• Sales Team
• Marketing
• Office 365 Users
• Teams Users
✅ Step 4/6: Remove Licenses
Removed 2 licenses:
• Microsoft 365 E3
• Power BI Pro
✅ Step 5/6: Convert to Shared Mailbox
Mailbox converted successfully
✅ Step 6/6: Grant Manager Access
manager@contoso.com granted Full Access
✅ Offboarding Complete! (18.3 seconds)
Expected output:
✅ Offboarding Complete!
User Status:
• Account: Disabled ✅
• All Sessions: Revoked ✅
• Groups: All removed ✅
• Licenses: All removed (2) ✅
Mailbox:
• Type: Shared Mailbox ✅
• Size: 4.2 GB
• Access Granted to: manager@contoso.com ✅
Cost Savings:
• Licenses freed: 2
• Monthly savings: £15.60
Documentation:
[Export Offboarding Report] - Attach to ticket
Time saved: 20-25 minutes vs manual process
Best practices:
Before Offboarding
- Backup important data - Export user's files if needed
- Notify stakeholders - Inform team of upcoming change
- Transfer ownership - Move owned resources to others
- Document access - Note which systems user had access to
- Manager approval - Confirm offboarding is authorized
Irreversible Actions
- License removal is immediate
- Session revocation can't be undone
- Plan mailbox access before executing
Password Management Workflows¶
Password Reset¶
Reset user password and optionally revoke sessions.
M365 Reset User Password¶
What it does: 1. Generates or uses provided password 2. Resets user's password 3. Optionally revokes all sessions 4. Forces password change on next login 5. Returns new password
When to use: - User forgot password - Security incident (compromised account) - New device setup - Account recovery
How to trigger:
Parameters:
| Parameter | Required | Example | Default |
|---|---|---|---|
| user_email | ✅ | john.doe@contoso.com | - |
| new_password | ❌ | TempPass123! | Auto-generated |
| force_change | ❌ | true | true |
| revoke_sessions | ❌ | false | false (true for security) |
Security levels:
Expected output:
✅ Password Reset Successfully!
User: john.doe@contoso.com
New Password: kQ7$mP2!xR9z
Force Change: Yes (user must change on next login)
Sessions Revoked: No
⚠️ Security Note:
Share this password securely (don't email).
User must change it on first login.
Next Steps:
1. [Copy Password] - Securely provide to user
2. [Send Reset Instructions] - Email how to log in
3. [Mark Ticket Resolved] - Update ConnectWise
Time saved: 5-7 minutes vs manual process
Common scenarios:
| Scenario | Parameters to Use |
|---|---|
| User forgot password | Default (auto-generate, force change) |
| Suspected hack | revoke_sessions=true, force_change=true |
| New device setup | Custom password, force_change=false |
| Temporary access | Custom simple password, force_change=true |
License Management Workflows¶
Assign License¶
Add one or more licenses to a user.
M365 Assign License¶
What it does: 1. Checks license availability 2. Validates user has usage location set 3. Assigns specified license(s) 4. Confirms assignment 5. Returns license details
When to use: - New user needs access - User role change (promotion) - Additional app access needed - License upgrade (E3 → E5)
How to trigger:
Parameters:
| Parameter | Required | Example | Default |
|---|---|---|---|
| user_email | ✅ | jane.smith@contoso.com | - |
| license_name | ✅* | Microsoft 365 E3 | - |
| license_sku | ✅* | 6fd2c87f... | - |
| disabled_plans | ❌ | Sway, Flow | (none) |
*Either license_name OR license_sku required
License selection:
Common license names:
| License Name | Monthly Cost* | Typical Use |
|---|---|---|
| Microsoft 365 E3 | £15.60 | Standard office worker |
| Microsoft 365 E5 | £31.70 | Power users, executives |
| Microsoft 365 Business Premium | £15.60 | Small business |
| Exchange Online Plan 1 | £3.10 | Email only |
| Power BI Pro | £7.80 | Data analysts |
*Approximate GBP pricing
Expected output:
✅ License Assigned Successfully!
User: jane.smith@contoso.com
License: Microsoft 365 E3
Details:
• SKU ID: 6fd2c87f-b296-42f0-b197-1e91e994b900
• Assignment Date: 2024-01-15 14:30:12
• Status: Active
Included Services (enabled):
✅ Exchange Online
✅ SharePoint Online
✅ Microsoft Teams
✅ OneDrive for Business
✅ Office Apps
✅ Yammer Enterprise
Disabled Services:
❌ (none)
Licenses Remaining:
Microsoft 365 E3: 14 of 50 available
Cost Impact:
Monthly: +£15.60
Annual: +£187.20
Time saved: 3-5 minutes vs manual process
Remove License¶
Remove one or more licenses from a user.
M365 Remove License¶
What it does: 1. Validates user has the license 2. Removes specified license(s) 3. Confirms removal 4. Returns updated license state
When to use: - Employee leaving (offboarding) - User role change (downgrade) - Cost optimization - Temporary access ended
How to trigger:
Parameters:
| Parameter | Required | Example | Default |
|---|---|---|---|
| user_email | ✅ | john.doe@contoso.com | - |
| license_name | ✅* | Microsoft 365 E3 | - |
| license_sku | ✅* | 6fd2c87f... | - |
| remove_all | ❌ | true | false |
*Either license_name/sku OR remove_all=true required
Expected output:
✅ License Removed Successfully!
User: john.doe@contoso.com
Removed: Microsoft 365 E3
Remaining Licenses:
• Power BI Pro (active)
Data Retention:
⚠️ User's data remains for 30 days
OneDrive: 4.2 GB (retained)
Email: 1.8 GB (retained)
After 30 days:
• OneDrive marked for deletion
• Mailbox converted to inactive
Licenses Recovered:
Microsoft 365 E3: 15 of 50 now available
Cost Savings:
Monthly: -£15.60
Annual: -£187.20
Time saved: 3-4 minutes vs manual process
Data Retention
User data is retained for 30 days after license removal. Plan accordingly for data backup or transfer.
Group Management Workflows¶
Add User to Group¶
Add user to one or more M365 or security groups.
M365 Add User to Group¶
What it does: 1. Validates group exists 2. Checks user isn't already a member 3. Adds user to specified group(s) 4. Confirms membership 5. Returns updated group list
When to use: - New employee department assignment - Project team addition - Distribution list subscription - Security group membership
How to trigger:
Parameters:
| Parameter | Required | Example | Default |
|---|---|---|---|
| user_email | ✅ | jane.smith@contoso.com | - |
| group_name | ✅* | Sales Team | - |
| group_id | ✅* | f3e4d5c6... | - |
*Either group_name OR group_id required (can specify multiple)
Expected output:
✅ User Added to Group(s)!
User: jane.smith@contoso.com
Added to:
✅ Sales Team
Group ID: f3e4d5c6-a7b8-9c0d-1e2f-3g4h5i6j7k8l
Members: 47 (including jane.smith@contoso.com)
Type: Microsoft 365 Group
✅ All Staff
Group ID: a1b2c3d4-e5f6-7g8h-9i0j-1k2l3m4n5o6p
Members: 523 (including jane.smith@contoso.com)
Type: Distribution List
User's Current Groups (8 total):
• All Staff
• Sales Team
• Office 365 Users
• Teams Users
• Marketing (new!)
• Project Alpha
• UK Office
• London Site
Time saved: 2-3 minutes vs manual process
Remove User from Group¶
Remove user from one or more groups.
M365 Remove User from Group¶
What it does: 1. Validates user is currently a member 2. Removes user from specified group(s) 3. Confirms removal 4. Returns updated group list
When to use: - User department change - Project team offboarding - Access revocation - Distribution list cleanup
How to trigger:
Parameters:
| Parameter | Required | Example | Default |
|---|---|---|---|
| user_email | ✅ | john.doe@contoso.com | - |
| group_name | ✅* | Sales Team | - |
| group_id | ✅* | f3e4d5c6... | - |
| remove_all | ❌ | true | false |
*Either group_name/id OR remove_all=true required
Expected output:
✅ User Removed from Group(s)!
User: john.doe@contoso.com
Removed from:
✅ Sales Team
Removed successfully
✅ Marketing
Removed successfully
Remaining Groups (5):
• All Staff
• Office 365 Users
• Teams Users
• UK Office
• London Site
⚠️ Access Impact:
User no longer has access to:
• Sales Team SharePoint site
• Sales distribution lists
• Marketing shared resources
Time saved: 2-3 minutes vs manual process
Mailbox Operations Workflows¶
Convert to Shared Mailbox¶
Convert user mailbox to shared mailbox.
M365 Convert to Shared Mailbox¶
What it does: 1. Validates user exists and has mailbox 2. Converts mailbox type to shared 3. Removes user license (optional) 4. Grants access to specified users (optional) 5. Confirms conversion
When to use: - Employee offboarding (keep email) - Department mailbox (sales@, support@) - Shared resource mailbox - Free up licenses while retaining data
How to trigger:
Parameters:
| Parameter | Required | Example | Default |
|---|---|---|---|
| user_email | ✅ | john.doe@contoso.com | - |
| grant_access_to | ❌ | manager@contoso.com | (none) |
| access_level | ❌ | FullAccess | FullAccess |
| remove_license | ❌ | true | false |
Benefits of shared mailboxes:
| Benefit | Description |
|---|---|
| 💰 Cost Savings | No license required (up to 50GB) |
| 👥 Multi-User Access | Multiple people can access |
| 📧 Email Retention | All email history preserved |
| 📅 Calendar Sharing | Shared calendar if needed |
| 🔄 Send As | Users can send as shared mailbox |
Expected output:
✅ Mailbox Converted Successfully!
Mailbox: john.doe@contoso.com
Type: Shared Mailbox (was User Mailbox)
Details:
• Size: 4.2 GB (within 50GB limit)
• Messages: ~3,847
• Folders: 23
• Calendar: Retained
• Contacts: Retained
Access Granted:
✅ manager@contoso.com
Permissions: Full Access, Send As
License Status:
❌ Removed Microsoft 365 E3
(No license needed for shared mailbox <50GB)
Cost Savings:
Monthly: £15.60
Annual: £187.20
Next Steps:
1. manager@contoso.com can now access this mailbox
2. Add mailbox in Outlook: File > Account Settings > Add Account
3. Or via OWA: Right-click folders > Add shared folder
Time saved: 5-7 minutes vs manual process
Shared Mailbox Limits
- Free: Up to 50GB (no license required)
- >50GB: Requires license to avoid storage issues
- Max users: No hard limit, but performance degrades with too many
Quick Reference¶
Workflow Comparison¶
| Workflow | Duration | Cost Impact | Complexity | Use Frequency |
|---|---|---|---|---|
| Complete Onboarding | ~20s | +£15-32/mo | Medium | Daily |
| Complete Offboarding | ~18s | -£15-32/mo | Medium | Weekly |
| Reset Password | ~3s | None | Low | Multiple/day |
| Assign License | ~5s | +£3-32/mo | Low | Daily |
| Remove License | ~5s | -£3-32/mo | Low | Weekly |
| Add to Group | ~3s | None | Low | Multiple/day |
| Remove from Group | ~3s | None | Low | Weekly |
| Convert Mailbox | ~8s | -£15-32/mo | Medium | Weekly |
When to Use Which Workflow¶
graph TD
A[What do you need to do?] --> B{User Lifecycle}
A --> C{Credentials}
A --> D{Access}
B --> B1[New hire] --> W1[Complete Onboarding]
B --> B2[User leaving] --> W2[Complete Offboarding]
C --> C1[Forgot password] --> W3[Reset Password standard]
C --> C2[Security incident] --> W4[Reset Password + Revoke Sessions]
D --> D1[Add permissions] --> W5[Add to Group]
D --> D2[Remove permissions] --> W6[Remove from Group]
D --> D3[License needed] --> W7[Assign License]
D --> D4[Save costs] --> W8[Remove License / Convert Mailbox]
style W1 fill:#0f9d58,color:#fff
style W2 fill:#ea4335,color:#fff
style W3 fill:#4285f4,color:#fff
style W4 fill:#ea4335,color:#fff
style W5 fill:#4285f4,color:#fff
style W6 fill:#ea4335,color:#fff
style W7 fill:#0f9d58,color:#fff
style W8 fill:#f4b400,color:#000Success Checklist¶
Before running any workflow:
- Verify context - Correct tenant selected?
- Check parameters - All information accurate?
- Review impact - Understand what will change?
- Confirm permissions - Do you have rights?
- Plan rollback - How to undo if needed?
After running workflow:
- Verify success - All steps completed?
- Copy outputs - Password, IDs saved?
- Test access - User can log in?
- Document ticket - Results recorded?
- Notify user - User informed of changes?
Next Steps¶
- M365 User Management - Deep dive into user operations
- M365 User Management - Advanced license techniques
- Workflow History - Review and learn from past runs
Master These 8 Workflows
These 8 workflows handle 90% of daily IT tasks. Learn them well and you'll save hours every week!