There's a lot of buzz about automation these days, and most organisations are starting to recognise the benefits and getting on board. At Lida, we think that makes a lot of sense, and if you're not already doing it, we think you should be seriously considering it. If you're not convinced, take a look at our article outlining the reasons we think organisations ought to automate. Or if you are convinced but don't know how to start, you might like to have a read here.
If you're someone who is on board with automation but you have no idea how to pick which processes to start with, then this article right here is for you. We're going to run through what we call the 'low hanging fruit' - activities that are reasonably easy to automate and which will help you realize significant cost savings when you do. These are the activities with a fantastic Return on Investment (ROI) - activities which will pay for themselves in next to no time.
Identifying the low hanging fruit
Our rule of thumb when selecting good ROI automation candidates is that they should be high volume, time-consuming or complex. If they're all three, then all the better. With high volume activities, even a small improvement from automation can add up to a huge benefit over time - if an automation only saves someone 10 minutes but it's something that happens a thousand times a month, then that's 166 hours you can save each month, or around about one full-time employee's effort! On the other hand, time-consuming tasks tend to, well, take a lot of time (and effort), and complex tasks are often error-prone, requiring higher than normal levels of rework. So automation of those types of tasks can quickly deliver big gains in terms of time-to-deliver, quality-of-service and, of course, cost-of-service.
Many of the automation initiatives we describe below are actions than end-to-end services. And that's intentional. It's probably easiest to explain with an example Our top candidate for automation relates to Active Directory. Now, adding a user to an Active Directory group is not really an end-to-end service; rather, it's a single step (or action) that can be part of many different end-to-end services. You might add a user to an AD group in order to give them access to an application, to add them to an email distribution group, to make them a local administrator or to exclude them from password expiry rules. Those are the services, and each will have other steps - approvals and notifications to name just two. But by automating just the 'add user to Active Directory group' step, we are simultaneously going to see improvements in the cost, quality and time-to-deliver of each of those services (and probably many more). That's low hanging fruit if ever we saw it - automating one thing once to benefit many services always. That's an automation with a seriously quick Return on Investment!
That being said and without further ado, here's our list of some great things to automate if you want to maximize your Return on Investment:
We've already given this one away, but our top automation candidate is good old Active Directory. Active Directory drives so much of most businesses these days - from network logins to security policies to email distribution lists to software installations. Run an audit on how much time your IT analysts are spending creating, updating, adding and removing in AD and you might be very surprised - we had one government client who worked out that they could save over 2 FTE (full-time employees) just by automating their account creations, deletions and extensions. That project paid for itself in weeks!
Of course, there's no need to automate everything in AD, but a little bit of analysis should show you were you can get the most benefit. These are the things we think you'll probably want to look at:
Account creations. This will let you apply naming conventions automatically, check for availability of account names and email addresses, generate complex passwords, make sure your new users get added to the right OUs and groups every time and guarantee that all of the fields that need to be completed are completed, correctly. We find that manual account creations tend to take longer than you think they should, and have a relatively high error rate.
Account extensions. How about an automation that scans your AD for accounts that are going to expire in the next 30 days and sends a task to the user's manager to ask if they want to extend or terminate the user? And then does it, with no touch for your IT team.
Add user to group. This is a bit of a no-brainer really; we've outlined some of the uses for this above but there are many more. Usually quick and easy to implement and pays for itself many times over.
Add computer to group. Useful for things like applying group policies or automatically rolling out software using a tool like Microsoft SCCM.
Enabling or disabling accounts. We've had clients set up their vendor accounts so they are disabled by default, then provide the vendor with a portal to automatically re-enable the account for a limited time when they need to connect to do something. Given how hard vendor accounts can be to control, this gives them an added layer of confidence in the security of their network.
Account deletions. Automation can allow you to take away delete permissions from analysts, protecting you from accidental account removal and giving you a more controlled environment that will keep your auditors happy!
Email configuration is another very common activity in most organisations. Here are a few ideas to get you started:
Create mailboxes, either on-premise or in the cloud. We have clients with multiples sites in different countries, some with on-premise email and others with cloud email. We can automate the process based on where the user is located and apply site-specific rules and policies, such as adding them to particular on-premise mail databases based on their level of seniority, setting custom retention policies and applying litigation holds. This is an automation that combines well with an Active Directory account creation automation, as you can have a new starter up and running with network access and an email address within minutes.
Remove mailboxes. An obvious one, but if we can create then we can also delete or disable. This is often used in an offboarding or termination process, to ensure consistency in the clean-up process (so no bits-and-pieces are left behind).
Provide access to mailboxes. Quickly allow a user to gain access to a shared mailbox or another person's mailbox. We often have a simple workflow where the owner of the mailbox just needs to approve, and then the access is immediately granted, automatically.
Manage distribution lists. Allow users to create and delete distribution lists, and add or remove people as required. Delegate management of a distribution list to multiple people, or allow the owner to automatically transition ownership to someone else. There's a lot of expensive IT time to be saved by enabling users to self-serve their distribution list management.
Office 365 is becoming more-and-more central to the way many organisations do business. We've already covered off creating your Office 365 mailboxes above, but here are some other ideas.
Enable and disable users. Guarantee that the correct licenses are applied for a new user every time, based on variables such as their location or role. And when their time with your organisation is finished, automatically remove their access as part of your offboarding process to ensure you don't continue to get charged for a license you aren't using - the license saving might even pay for the cost of putting the automation in!
Manage OneDrive for Business. Perhaps you want to keep a tight rein over who has access to OneDrive for Business in your organisation - you can automate provisioning so it is only granted to users who need it, when they need it. And you can also automate clean-up when they go - need to move or transfer ownership of their files when they leave? That can be a painfully slow manual process, so why not add that to your automation suite as well?
Add or remove licenses. Automatically provision access to apps like MS Visio or MS Project within seconds of the request being approved. We often team this up with an Active Directory automation, where we add the user's computer to an AD group and allow SCCM to automatically install the software as well. Software installed and licensed within a few minutes without IT needing to get involved at all? Can't get better than that. And when the user is done, we just automatically take it all away so they don't keep getting charged.
Instant Messaging and Online Meetings
Whether you use Skype for Business, Teams, Lync, Webex Teams, Slack, Zoom, Viber or something else, there are a few consistent actions that are ripe for automation. Here are just a couple of the best examples:
Enabling and disabling users. This has been a common theme through this list, of course, but it's something we always need to do, day-in and day-out. We often see this included as another step in an end-to-end onboarding process. Automation lets you provision your users across different server pools at different locations or in different regions, applying appropriate policies along the way. And, as always, you can automatically clean everything up when the user leaves.
Allocating Enterprise Voice telephone numbers. We often find IT Service Desks maintaining spreadsheets of pools of available telephone numbers, trying to manually add and remove users as they come and go. It quickly becomes an inconsistent mess and ends up taking a lot more time that it should. We've built solutions where we store those telephone numbers in a central repository (often a Configuration Management Database, or CMDB) and have the automation record the person (or resource) they're assigned to and mark them as in use or available, while also adding or removing the telephone number in the relevant software. Enterprise Voice provisioning in seconds with no IT involvement has to be a big time and money saver, right?
These few suggestions above are just some of the things we'd typically recommend you take a look at first, because automating them will usually give you a pretty good cost saving for a relatively low cost to implement. Plus, of course, you get the added benefits of drastically reducing turnaround times on your services and vastly improving your service quality.
There are plenty more things you can automate that maybe take a little bit more effort but are still definitely worth doing. You might want to look at automating your application accesses, the commissioning and decommissioning of virtual servers, network file sharing, or some of your SAP services. You might find some real gains in automating connectivity between some of your systems to reduce double-keying of data - for example, automatically shipping off actions in your legacy IT Service Management tool to Azure DevOps, and then keeping the two systems in sync, to save your analysts having to do it manually. The possibilities really are endless.
Like we said at the start, our recommendation is to find the low-hanging fruit in your organisation, and start there. Once you begin your automation journey, you'll wonder why it took you so long. Hopefully this has given you some inspiration!