Automating Workloads with Extension Attributes
In various sectors, the standard Active Directory Job Title and Department suffice. However, for more detailed control over our environment, Microsoft Graph for industry workflows allows us to add information to Extension Attributes, enhancing automation across different sectors.
Scenario 1- Healthcare: Using Dynamic Groups for License Assignment
In healthcare, job titles and departments might not always give enough details to manage software licensing effectively. For instance, a cardiologist in the main hospital might need different Microsoft 365 services than a general practitioner in an off-site clinic.
A large healthcare organization with multiple departments faces this challenge. The IT department struggles to assign the right licenses using just job titles and departments. Their solution? Azure AD Extension attributes. They use ExtensionAttribute2 for medical specialization and ExtensionAttribute3 for building location.
By populating these attributes and setting up dynamic groups in Azure AD, they can automate license assignments. For example, a group named ‘Cardiology – Main Hospital Building’ will include all cardiologists in that building. When a new cardiologist joins, they’re automatically added to this group, and the necessary licenses are assigned.
This approach streamlines license management, ensuring users have the tools they need and reducing the IT department’s manual workload.
Scenario 2 – Retail: Implementing Conditional Access
In retail, managing user access to resources is crucial. With roles like Retail Associates and departments like In-Store Sales, determining access levels becomes challenging. Add factors like location and store assignment, and it gets even more complex.
A large retail corporation faces this challenge. They use extension attributes: ExtensionAttribute1 for ‘Region’, ExtensionAttribute2 for ‘District’, and ExtensionAttribute3 for ‘Store Number’. With these, they can implement conditional access policies in Azure AD, defining user access based on these attributes. For example, a Retail Associate in Store Number 123 in the Western Region, District-5 might have access to specific software applications and need to meet additional authentication conditions.
Scenario 3: Oil & Gas – Managing Dynamic Distribution Groups in Exchange
In the Oil and Gas industry, effective communication is vital. With roles like Engineers and departments such as Upstream Operations, managing communication can be a challenge. A global Oil and Gas company uses ExtensionAttribute3 to store each user’s engineering specialization. They can then create Dynamic Distribution Groups in Exchange Online. For instance, an ‘Upstream Operations’ group will include all relevant engineers, ensuring targeted and efficient communication.
Scenario 4: Law Firms – Controlling External Email Access
Law firms handle various cases, some classified as ‘High-Profile’ due to their sensitivity. These cases need extra protection. A large law firm uses ExtensionAttribute1 to indicate if a user is part of the ‘High-Profile’ sub-department. They can then control email access, allowing it for main departments but restricting it for ‘High-Profile Cases’. This approach protects sensitive case details and prevents accidental data leaks.
With Microsoft Graph and extension attributes, we can:
- Quickly create users with added attributes for automation.
- Automate the assignment of Microsoft 365 licenses and services. Control access to services based on these attributes.
- Automate membership in communication groups like Dynamic Distribution Groups.
- Control mail flow based on specific attributes.
- While these examples might be hypothetical, they showcase the potential of Microsoft Graph and Extension Attributes in enhancing policies and automating user management processes.
While these examples might be hypothetical, they showcase the potential of Microsoft Graph and Extension Attributes in enhancing policies and automating user management processes. As a trusted Microsoft Partner, we’re here to guide you through every step of this journey. For those new to this topic, you might find our previous blog on the introduction to Microsoft Graph beneficial as a foundational read. Let’s collaborate to harness the full potential of these tools and elevate your business processes.