How Can Today’s Small Businesses Use Artificial Intelligence?

AI is flexible in its design, intending to mimic the cognitive processes of the human brain. Essentially, it is software that can follow patterns and establish its own learning and reasoning processes to solve problems. This is why it’s so useful for small businesses. Here are some ways it can improve operations for SMBs:

Enhancing Cybersecurity

Your employees likely have a routine that they follow, and this routine is what makes their work responsibilities consistent. AI can use data to make predictions, a process which aids in cybersecurity and productivity. AI can take note of a user’s account and showcase when it’s doing something out of the ordinary, like logins at times when the office should be closed or from strange locations around the world. It can also tell if employee behavior is at odds with your security efforts.

Optimizing Customer Service

Businesses prioritize customer service, but the unfortunate fact is that it can be time-consuming. This time is often better spent on other processes and needs. AI systems can aid in customer service through the use of automated chatbots, providing customers ways to get the answers they need, when they need them. This removes some of the burden off your workforce and might just give them time to perform other tasks. Furthermore, it’s a great way to collect data about what your customers want and need.

Finessing Customer Relationships and Marketing Efforts

It takes a lot of effort to sift through the data and insights gathered during the customer relations and marketing aspects of your business and digging through this data can be an incredibly time-consuming and resource-intensive process without the use of AI. AI can examine this data and make conclusions based on it. You can then use these conclusions to make the most educated decisions possible for your organization moving forward.

Artificial Intelligence is More Accessible Than Ever

If you want to learn more about machine learning and other ways technology can make your business’ operations better, contact us. 

The post Small Businesses are Starting to Embrace Artificial Intelligence appeared first on Thrive.

In Part 3, we’ll discuss PIM in detail. This tool is designed to provide just-in-time escalation of permissions to ensure higher permission levels are only available when needed and can be applied with governance in mind.

Privileged Identity Management

Setting up Privileged Identity Management

PIM is designed to support a “least privileged” model by making granular roles available to users requiring elevated functionality. In addition, users with continuous excessive access are vulnerable in the event their account is compromised, so when not-needed users’ accounts have no extraneous permissions. When needed, a user simply requests elevation into a specific role that has been made available to them. Depending on configuration, the assignment is either automatic or requires approval and/or justification.

The first step in configuring PIM is selecting which roles should be available under which circumstances. This configuration is found under Identity Governance, in the Manage section, by selecting Roles. The Roles screen presents a large list of Roles along with a Description of the Role’s intended usage. The screen will also display how many users are currently Active in a Role and how many users are eligible to be activated in the role.

For example, suppose you want to allow an Administrative Assistant to occasionally reset passwords without involving a tenant Global Administrator. To set this up, click on the Helpdesk Administrator Role in the list, or use the search to filter the list. Selecting this Role will list all current assignments for that Role, including Eligible, Active, and Expired. Pressing the “Add assignments” button will begin the process.

The first screen will show you the Role you have selected, with a link to select member(s) to assign to the role. Pressing the hyperlink under the Select member(s) will bring you to a search for all users within your tenant.

Select the user and press the Select button to add them to the list of members eligible for the Role. Selecting Next navigates to the Settings section, where you determine the Assignment type and durations. Leaving the type Eligible will require the user to request elevation when needed, which is the intention in this case. If you want the assignment to be limited in duration, such as covering an employee who is on leave or vacation, you can set dates for the start and end of the assignment by un-checking Permanently eligible and select dates. Selecting Assign will move that assignment into the Eligible list.

Additional settings can be applied to the Role by selecting the Settings button at the top of the Assignments screen for the Role.

From this screen, there are many configuration options to allow for more granular control of how the escalation process is executed, including approval and notification options. 

The first section covers the Activation process itself. Here you can set a maximum duration for the escalation, require Azure MFA, justification, ticket information, or even approval. If requiring approval, you can select who provides the approval from this screen as well.

The next section covers Assignment, where you can decide if permanent Eligible assignments are allowed, permanent Active assignments, and whether justification and/or MFA is required for Active assignments.

The final section provides rich configuration for Notifications to be sent regarding this process. Notifications can be enabled for when members are assigned eligible to the role, when they are assigned as Active to the role, and when eligible members activate the role. This last alert would trigger when escalation has occurred. Each section of notification includes three options: Role activation, Notification to requestor, and request for approval. All of these options are enabled by default, with default recipients being Admin, Requestor/assignee, and Approver. Additional recipients can be added for most notifications.

Requesting Elevation

Once a role is configured to be available, a user can request escalation by going to Azure AD, navigating to the Identity Governance screen, and selecting “Activate Just In Time”. There, they will see all Roles for which they are eligible, and have the opportunity to request being assigned to that role. Pressing Activate will start the process to be added to the role.

Depending on configuration there may be approval and / or justification needed for the assignment to be completed. They can also set a Duration, up to the configured maximum, for how long the assignment should be in effect. 

Once completed, they will be in the Active roles section until the duration has been met, or they manually Deactivate the assignment.

Summary

Privileged Identity Management in Azure AD Identity Governance provides just-in-time elevation to targeted roles, helping to protect users’ accounts during normal usage, but providing an easy, governed method of escalating privileges when needed. As with the other facets of Identity Governance, PIM provides a healthy balance of productivity and security within the Microsoft 365 platform.

Need a refresher?

Revisit Part 1 and Part 2 of this blog series.

The post Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 3 appeared first on Thrive.

The sudden onset of the COVID-19 pandemic sent much of the world into a frenzy. With businesses concerned for the safety and wellbeing of their employees and customers, and many governments strongly advising social distancing, the need to ramp-up the remote workforce went from a distant goal to a top priority almost overnight. One of the many groups greatly impacted by this new priority is the group of people responsible for collaboration platforms such as Microsoft 365. The need to quickly enable remote workers has made it seem necessary for many groups to ignore or postpone best practices and security considerations in favor of business continuity. Azure AD’s Identity Governance is one set of tools designed to help strike the balance between security and productivity, enabling quick turnaround on required resources while providing checks and balances to mitigate risk.

What is Azure AD Identity Governance? 

Simply put, Azure AD Identity Governance is about “ensuring the right people have the right access at the right time.” More specifically, it is a set of 3 primary tools designed to control and audit access to company resources.   

Entitlement Management is about creating Access Packages to control the scope and duration of access to groups, applications, and SharePoint sites.    

Access Reviews are about auditing access to ensure previously granted permissions are still appropriate and necessary. 

Privileged Identity Management covers the just-in-time elevation of tightly scoped roles to allow users to perform privileged operations when needed while maintaining lower permission levels during their day-to-day job functions.   

These three functions work synergistically to help keep a watchful eye on the collaboration space without impeding productivity. Part 1 of this series will cover Entitlement Management in detail.   

Entitlement Management 

Setting up an Access Package 

The key component of Entitlement Management is the creation of “Access Packages”.  An Access Package is a collection of resources that users can be granted or request access to. Unlike simply adding users directly to Groups, these packages can control the duration, approval process, and periodic reviews of those assignments.   

The first step of creating an Access Package is naming and describing its purpose.  You can also create “Catalogs” to group multiple packages and delegate the administration of them to the appropriate users.

Next, you determine the Resource Roles that will be part of this package. It can be a combination of Groups/Teams, Applications, and SharePoint sites. In this case, we will grant access to the “COVID-19 Response Team” team in the Member role.

We’ll then move onto the Request process. Since this team may be made up of external collaborators who are unknown at this time, we’ll select “For users not in your directory”, and we’ll allow “All users (All connected organizations + any new external users)” to request access. 

Since we are allowing as of yet unknown external users, we must require approval (other settings allow you to disable approval). We will set a specific user to provide approval, ensure a decision is made within 2 days, and force both the requestor and the approver to provide a justification for the access. We’ll enable this access request when we are ready to start requesting access.

Next, we will set the lifecycle of the access being provided. In this case, we will allow for 30 days of access, with the ability to request an extension (which also requires approval). If this was a longer duration or did not expire, we could also tie access to an Access Review, which we’ll cover later.

The last page will show a summary of all the choices to allow you to make any desired changes before creating the package.  

Once the package is created, the browser will display a list of all Access Packages the current user has access to. From here, you can use the ellipsis to copy the link used to request access. This link can be emailed, put on a public site, or shared in any other traditional way.

Requesting Access

To request access via an Access Package, a user can use the link generated during the creation process. Once they sign in to the 365 tenant, they will be presented details of the access being requested. The user would then select the package and push the “request access” button. 

From there, because we require justification, the user will be presented an area to provide the reason they are requesting access.

They will receive confirmation that their request was submitted.

Approving Access

After requesting access, the Approver will receive an Email with actions to Approve or Deny the request, and a summary of the information about the request. 

Pressing the Approve or deny request button takes you to an Approvals page where you can approve or deny and provide the required justification. 

Now that the request has been approved, the user should have access to the Team as a Member.  When the expiration date is reached in 30 days, that access will be revoked unless an extension is requested. 

Summary

Entitlement Management using Access Packages is a great way to govern access to resources such as Teams, SharePoint sites, and Applications, especially when external users are involved or the context of the access is limited to a specific timeframe. Users can request access as needed, owners can be empowered to grant access on demand, and removal of access can be automated to prevent lingering exposure of company information.  

Next up: Access Reviews

Configure periodic, guided reviews of access to resources with suggestions based on login activity and automated resolution based on dispositions. 

The post Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 1 appeared first on Thrive.

Relational drop-downs are something that come up quite frequently but aren’t always straight forward.

PowerApps gives you a relatively friendly manner of creating simple relational drop-downs when using the “Depends On” functionality but this falls apart when utilizing anything but simple fields (text, number, etc.) and trying to further drill down into filtered results. You may have noticed that when you start trying to use Choice fields to filter your drop-downs on, it is not inherently possible.

In our example, we will work off a mock Products list in SharePoint. The SharePoint Products list will be made up of the following columns (yours can vary):

• Product Type – Choice field – Choices: HDD, CPU
• Title – Text (Product Name)
• Manufacturer – Choice field – Choices: Timlin, Generic
• Configuration – Choice field – Choices: 250GB, 500GB, x1, x2

Below is a screenshot of how this list looks and some sample data we have input for testing.

Once your list is setup, we can hop straight into PowerApps. If you aren’t familiar with how to get started, simply click on the “PowerApps” button followed by the “Customize Forms” button.

We arranged our fields in the PowerApp to go in the following order: Product Type, Manufacturer, Configuration and Title.

The end goal of this is to have it so the end-user will go through the menu one by one and be provided a final filtered list of products that follow the selected Type, Manufacturer, and Configuration.

You might notice from the screenshot of the layout of the PowerApp above that there are duplicate fields. The reason for this is that the more advanced filtering we will be doing on the fields does not work when using the out of the box choices column in PowerApps.

To circumvent this, we unlock each of these data cards and add a “Dropdown” control (to make things easier, set “AllowEmptyField” to true in the properties of each drop-down we add).

Currently, the fields are disabled just as a visual aid but in normal circumstances, you can set the value of the fields to the value of the drop-down and have them hidden in the background so nothing is visually different to the end-user. In our example, Product Type won’t need to be filtered in any way so we can leave that card alone.

Our options in Product Type are CPU and HDD.

In this instance and given the sample data above, when we select “CPU” we will want to see both the Timlin and Generic manufacturers (we will filter this even though each manufacturer has a CPU, there will be instances in production where a manufacturer will exist that does not offer a CPU product).

To filter the Manufacturer drop-down based on the Product Type, we can set it’s “Items” property to the following formula (keep in mind that the numbers or names of the Data Cards may vary on your application):

Distinct(Filter(Products, ‘Product Type’.Value = DataCardValue2.Selected.Value),Manufacturer.Value) – DataCardValue2 is associated with Product Type

Using the “Distinct” operation, we ensure that we do not pull back the same manufacturer more than once. The second parameter following the filter (Manufacturer.Value) is the return value, which in this case is the Manufacturer value that we want.

The Filter operation is ensuring that we are only getting products in the list that match the product type we selected in the first field. One other thing we want to do on this drop-down is to set up a variable that stores the filtered results so we can easily filter our next field. To do so, we can change the “On Change” operation to the following formula:

Set(ManufacturerFilteredProducts, Filter(Products, Manufacturer.Value = DataCardValue4.Selected.Value)) – DataCardValue4 is associated with Manufacturer

This will provide us with the list of products we have filtered on Product Type and on Manufacturer.

Next, we will want to set up our Configuration drop-down to only show us products that have the Product Type and Manufacturer the user has selected. To do so, we can set the “Items” property on the Configuration drop-down we added (the control, not the field) to the following:

Distinct(Filter(ManufacturerFilteredProducts,’Product Type’.Value = DataCardValue2.Selected.Value),Configuration.Value)

We should now have a drop-down with only the results that match the Product Type and Manufacturer the user chose in the previous two fields.

Lastly, we will want to make sure that when a user chooses a configuration that the product names that appear in the “Title” drop-down are those that match all of the previous filters. To do so, we set the “On Change” property of the Configuration drop-down to a new variable (FinalFilteredProducts).

This variable will filter the results we stored in ManufacturerFilteredProducts based on the Configuration value the user chooses and store the results for use in the Title/Product Name field. We can do this via the formula below:

Set(FinalFilteredProducts, Filter(ManufacturerFilteredProducts, Configuration.Value = DataCardValue3.Selected.Value)) – DataCardValue3 is associated with Configuration

Finally, we want to make sure that the only Titles we get back are for products that are related to all three previous drop-downs. This is simply just the Title rows in the FinalFilteredProducts variable we just created. To do this, set the “Items” property on the custom Title drop-down to the following:

FinalFilteredProducts.Title

This should produce a fully filtered list of choices for the products (as shown in the original screenshot). Given the sample data, if a user were to look at SSDs made by Timlin with a 250GB capacity, the only title we should get back is the “Timlin 250GB SSD”, which we do (shown below).

Interested in diving in deeper to Filtered Relational Drop-downs? Reach out to our team here to set up a free consultation call.

The post How to Create Filtered Relational Drop-downs with Choices in PowerApps appeared first on Thrive.