Building a Change Management Request System with Microsoft 365
This is Part 2 of our ‘Getting the Most Out of Your Microsoft 365 Licensing’ blog series. Look for a new installment every month. This blog series is intended for Small and Medium sized businesses (SMB) with Microsoft 365 E3/A3 or E5/A5 licensing to help you cut costs and maximize on the investments your organization has already made.
Within this five-part blog series we will be exploring:
- Building an Internal IT Helpdesk Request System
- Building a Change Management Request System
- Building an Asset Tracking System
- Track and Organize your Client/Vendor Listing
- Organize your Documentation Across Multiple Compliance Frameworks
Part 2: Building a Change Management Request System
Having a strong Change Management System is essential for multiple regulatory compliance frameworks and will help you stay on top of your environments. Electing technology skilled staff to a Change Approval Board (CAB) is key. The CAB should oversee all changes to your production environments, and question and approve the need for such changes via regular standing meetings. In some cases, the CAB may even need to have Business (CIO) weigh-in on such changes.
The CAB should be able to track a request through the entire change lifecycle process (review, approval, and implementation stages). Training all IT staff on your Change Management System, including how to submit a change request and create a testing and back-out plan will add to your success. Inviting the key stakeholders (requestors and implementers) to attend the CAB meetings to speak about changes will also help speed along the process. In some cases, organizations may find it beneficial to include their Development and Testing environments within the Change Management Request process.
In this blog I’ll show you how to set up a Change Management Request System for your organization. We will be using most of the same techniques as in Part 1, but here the SharePoint List will allow for more detailed fields and the Power Automate will utilize trigger conditions and condition controls. We’ll use:
- Exchange Online
- SharePoint Online
- Power Automate Flow
- Microsoft Teams
Step 1: Create Your SharePoint List
If you do not already have a Change Approval SharePoint site (or equivalent), you will need to create one for your SharePoint list.
- Within your SharePoint site, select + New then select List.
- Select your Template. In this example we will be using the Blank template.
- Give your list a distinct name and description, click Create.
- Now we will want to modify the list to suit our needs. Select the ⚙ in the upper right corner, select List settings.
- Add/Modify the columns to match your design.
Lists can be customized and built out based on organizational needs. For example, do you need to track the entire change by environment – Dev to Test, Test to Production? That can all be done with these solutions. Below is an example of a basic list.
Here’s how I customized the above list:
- Renamed the required “Title” column to “Change Name” to show the short description on the request.
- Created the required “Risk Level” column as a choice column to choose the possible impacts to production. In this example medium risk is set as default.
- Created the required “Reason for Request” column to allow for multi-line text to detail out the need for the change.
- Created the required “Description of Work to Be Performed” column to allow multi-line text to have complete descriptions of the required implementation/change steps.
- Created the required “Impact of Change” as a multi-line text column to allow for the identification of systems, groups, users, etc. that may be impacted by this change.
- Created the required “Testing Plan” as a multi-line text column that will allow for a testing plan to be described.
- Created the required “Back-Out Plan” column as a multi-line text column to allow for full description of how the environment can be restored.
- Created the “Emergency Change” column as a Yes/No checkbox to dictate that this needs immediate approval as it is affecting production. Default value is set to no.
- Created the “Change Request ID” column to be a single line of text. This column will be used by Power Automate Flow to create a change request identification number. In this example the default value is generating ID.
- Created the required “CAB Status” column to be a choice menu that has different status that could come from the approval process (Pending Review, Pending Additional Information, Postponed, Rejected, Approved). In this example we set the default choice as Pending Review.
- Created a “CAB Notes” column to be a multi-line appended text column for CAB notes that are captured during meetings or emergency request reviews.
- Created the required “Implementation Status” column to be a choice menu that can be updated while implementing a change (Pending Approval, Pending Implementation, Completed, Backed-Out). In this example we set the default choice to Pending Approval.
- Created the “Scheduled Date” column to be a Date and Time column (in a Date & Time friendly format) to be decided upon during CAB meeting.
- Created the “Assigned To” column to be a Person or Group selection that will allow multiple people or groups to be selected and entered during CAB meeting.
- Created the “Implementation Notes” column to be a multi-line appended text column for assigned people/groups to enter their implementation notes as needed.
With this design, I expect the CAB will be updating the CAB Status, CAB Notes, Implementation Status, Scheduled Date and Assigned To columns.
Example: CAB reviews a request to update Bios Firmware on 40 devices, during the discussion the CAB captures notes via the “CAB Notes” section, CAB Approves the request changing the “CAB Status” to Approved and “Implementation Status” to Pending Implementation, they select the “Scheduled Date” Date and Time for the implementation to begin and they select the “Assigned To” to be an individual or a team who is responsible for the implementation. (We could also change the Implementation Status with Power Automate Flow based on the CAB Approval modification).
Customize Your View (Optional)
Within your SharePoint List select the All Items drop down and select Create new view or use List Settings. We will use the List Settings to create view filters.
In this example, I want to create two useful views. Select the ⚙ in upper right corner. Select List Settings.
- “Pending Approval” – This view will only display Change Requests with a CAB Status equal to “Pending Review” and “Pending More Information” and “Postponed.” This will allow the CAB Meetings to easily display what’s new and existing that needs to be reviewed during the meeting.
- Set the view to be the “Gallery” view and Save the view.
- “Pending Implementation” – This view will display Change Requests with a CAB Status equal to “Approved” and Implementation Status is not equal to “Completed” and “Backed-Out.”
- Set the view to be the “Gallery” view and Save the view.
- Format the “All Items” List view to use alternating row styles for easy reading. This will display all Change Requests and will allow users to easily filter by all columns.
- For alternating the rows I want to make sure I highlight critical items within the columns. I will be using “Choice Pills” for this option. Select the column you want to modify, select Column settings, Format this column.
- Choose Choice pills and select Edit styles and modify to meet your business needs. Save your design.
We will also be using the choice pills for CAB Status and Implementation Status.
Not all column types have choice pills (like yes/no columns). In that case you will want to use Formatting options for the Emergency Change column.
SharePoint also has a “Calendar” view that can be used to publish via your Internal IT or other IT Teams calendar.
Example: You can create a view for your Active Directory (AD) team that shows all “CAB Status” equals “Approved” and where the AD team and/or it’s members are “Assigned To” the change. That view can be added to their Teams Site or their SharePoint site, or both. That view can also be added to the members Outlook calendars.
Create a Shared Mailbox (Optional)
In this step we will be creating a “No-reply” shared mailbox. Shared Mailboxes under 50 GB can be used without a license. This shared mailbox will be used to notify users of successful submission. You can also use an existing Shared Mailbox.
(In this example we will be using the same “no-reply” shared mailbox that was created in Part 1: Building an Internal IT Helpdesk)
- In the Exchange Admin Center, under Recipients, select Mailboxes, then select Shared Mailbox.
- Select a Display Name and Email Address, click Create.
- Modify the Shared Mailbox.
- Close the “Shared mailbox created successfully” screen. We will be making some additional modifications to the shared mailbox.
- Hide the Global Address List (GAL).
- Search for the newly created Shared Mailbox, open the mailbox properties. Select the Hide from GAL option.
- Turn the toggle to ON and click Save.
- SendAs Rights
- On the “Delegation” tab select the users that need to have SendAs rights. Add any users or service accounts that the Power Automate Flow will be using.
- Confirm your delegation members.
- Set Mailbox Mail Flow Settings.
About Mailbox Mail Flow Settings
In this example, I want to prevent users from outside the organization and limit as many senders from replying as possible. We can do this with an Exchange Mail Flow rules or it can be done at the Shared Mailbox level (Shared Mailbox level has more limitations). Select Mailbox and Message Delivery Restrictions.
I’m also going to block anyone from sending to this address if they are outside the company and are not me. Optionally, you can skip the “Message Delivery Restrictions” and just set an Automatic Reply found in the Others.
NOTE: Automatic Replies will still generate mail collection and will increase your mailbox storage (remember the 50GB limit for Shared Mailboxes without licenses). Regular maintenance should be done to stay within your storage size.
Step 3: Create Your Power Automate Flows
As I first suggested in Part 1, when you’re first getting started Power Automate and any Power Platform App will direct you to the “Default” Power Platform Environment for your tenant. It is highly recommended to leave the default a clean slate environment and create a new production environment. In some cases you may have the1GB capacity limit that will not allow you to create a new environment. It is also recommended to further lock down your environment so users cannot misuse production.
Currently, Flow does not support Service Principles or Managed Identities. You can use a Service Account, which will require access and licensing for all connectors you use. Alternatively, it is recommended to share your flow with additional staff and give them a co-owner right as a backup. Verify there is a Change Management Approval in play for any modifications to Flows within your production environment.
For this example, we will be creating two automated cloud flows, one that will update the Change Request ID and emails the CAB when an “emergency” change is created and another when a change request is no longer “Pending Review”.
- Open Power Automate (Power Automate can be found via the Office Portal, select All Apps if it is not on your menu). Select the correct “Environment.”
- Create an automated cloud flow for the Change Request ID generation and emergency change notification.
- Click +Create.
- Select Automated cloud flow.
- I will create an “New Change w/Emergency Notification” to be triggered by a “When an item is created” SharePoint trigger. Click Create.
- Power Automate Flow has built in “dynamic” content. Using the dropdown, we see that our “Site Address” (Site that hosts your SharePoint List) and “List Name” are visible. Select Change Request.
- Click +New step and select the Control.
- Using dynamic content select “Emergency Change” is equal to ”true”.
- Under “If yes,” select Add an action.
- Select the Update Item SharePoint action.
- Select your “Site Address”, “List Name” and use the dynamic content to select ID from the “When an Item is Created” action.
- The action will expand. Using dynamic content fill out all * required columns using the “When an Item is Created” action content.
- For the Change Request ID column we are going to start our naming convention. In this example I will be using “CR-“ and the dynamic ID from “When an item is created” action. (This will generate our CR-1 change request ID).
- Use dynamic content for the rest of the columns from the “When an item is created” action.
- Select Add an action.
- Select the “Send an email (V2)” Office 365 Outlook action. (Recall from Part 1 that you can customize the design of your emails via HTML as needed in all Outlook actions).
- I want to send an email to the CAB letting them know an emergency change is awaiting immediate response. (In M365 Admin center make sure you have “Send copies of team emails and events to team members’ mailboxes”). I want to send as the no-reply address as well as have that as the reply to address with a high importance (advanced options will need to be exposed).
- Under “If no”, select Add an action.
- Repeat steps 9 – 13 to generate the Change Request ID. Assuming there is a regular CAB meeting status, that notification is not needed for new non-emergency change requests. Fine tune this based on your business needs.
- Create an automated cloud flow to generate CAB decision based on the trigger condition that the default CAB Status does not equal the default “Pending Approval” status.
- Click +Create.
- Select Automated cloud flow.
- I will create an “CAB Status Change” to be triggered by the “When an item is created or modified” SharePoint trigger. Click Create.
- Using the dropdown, we see that our “Site Address” (Site that hosts your SharePoint List) and “List Name” are visible. Select the Change Request.
- Click the ellipsis, select Settings.
- In this example we only want to trigger the “CAB Status” does not equal “Pending Review” flow. Under Trigger Condition, select +Add, enter “@not(equals(triggerBody()?[‘CAB_x0020_Status’], ‘Pending Review’))”, select Done.
- For SharePoint sites/lists/columns containing spaces, the space should be reformatted with _x0020_ . This is also true for any special characters that will be encoded (Example: Sara’s List would have an internal encoded name of Sara_x0027_s_x0020_List). Designing your SharePoint, Lists, and Columns to be as simple as possible is recommended.
- We now need to get the items that were modified. Click + New Step.
- Select “Get changes for an item or file (properties only)” SharePoint action.
- Select the “Site Address”, “List Name” “ID” (dynamic content). Select the “Trigger Window Start Token” for the “Since” field and “Trigger Window End Token” for the “Until” field.
- Click the + New Step.
- Select “Send an Email (V2)” Office 365 Outlook action.
Now I will send an email to the user who submitted the change to let them know the status of the CAB review. I’ll cc the person or team assigned to the change (will trigger an “apply to each” action). I want to send as the no-reply address as well as have that as the reply to address.
Step 4: Share and Post the List
I want to allow all IT staff to submit Change Requests
- Within the SharePoint List, select “Share.”
- Select the ⚙ in the upper right corner.
- Select “People you choose” and “Can edit items” and select “Apply.”
- In this example I have a Microsoft 365 group for “Information Technology.” I select the group and select “Copy Link.” Save link for use in next step.
- Since I have shared and allowed “Can edit items” which allows users to add/delete items, for compliance purposes I want to make sure that I’m alerted for each CR deletion so it can be restored and classified properly per regulatory standards. Select “Automate,” and “Create a rule,” and notify someone when “An item is deleted.”
- Enter the email address of someone that has full admin rights to the list. Select Create.
- Navigate to the “Information Technology” (or your internal IT SharePoint site), Add a “Quick Link” named “Change Request” pointed to the URL you copied in step 4, give it an icon, and “Republish” your SharePoint site.
Now you can create internal procedures and training for internal staff on how to submit Change Requests. Publish the training via the SharePoint KB/Wiki and distribute to all IT staff. You’ll want to have the training and procedures available for all new IT staff on-boarding and training.
Pin SharePoint List to Teams (Optional)
To easily access the Change Requests for reviewal during CAB meetings, we will pin the list to the CAB Teams General Channel. Most staff stay logged into Teams throughout the day, so they have one application to manage.
In this example we will be pinning the “Change Request” List to the team.
- Select the + to add a new Tab to the CAB General Channel.
- Select the location and the list you want to add.
- Change the view to “Pending Approval.”
The CAB can also discuss changes within the implementation stage by changing to “Pending Implementation” view.
Step 5: Putting It Together
- IT staff can submit a change request from a link within the Information Technology SharePoint site.
- The CAB can review and manage requests via the pinned Tab in Teams.
- The “Assigned To” staff can keep implementation notes and update the status of their implementation for CAB to review.
Final Thoughts
Fully leveraging your Microsoft 365 license investments can be a valuable tool to help reduce cost of third-party software. The above is just one example of how to create a Change Request Approval or CAB tracking system.
Does your organization need assistance with planning and deploying Microsoft 365 capabilities?
We will be happy to discuss the details with you. Contact Us.