Creating your first workflow: a practical example

The first step is to create a workflow that includes an action to remove guest users.
For further information, refer to the article: Create a workflow.

1. Click on the “ACTIONS” tab on the sidebar.  
2. Click “Manage workflows”.

3. Select “Workflows”.  
4. Select “Create new”.

Now let's configure “execution inputs”, also referred to as input variables, which are essential data points required to initiate the workflow.
For further information, refer to the article: Configure execution inputs.

5. Click the pencil icon and type the name “Remove guest user accounts” in the “Name” field.
6. (Optional): Click the “Description” button below the name of the workflow to add a description.
7. Click “Configure execution input”, then click “Add execution input” on the next page.

8. Under “Target“, select “User” from the drop-down menu.
9. Search for “UserPrincipalName” in the list and click on it.
10. Make sure the “is Required” box is checked.
11. Click “Save”. 

At this point, you have specified and created the required execution input for your workflow. 

After setting execution inputs, we can add actions, which are the individual tasks that make up a workflow.
For further information, refer to the article: Adding workflows actions.

12. In the “Add“ drop-down, click the “Add action” button.   

13. In the “Action“ category, select “User”.
14. In the “Select action” drop-down, select “Remove guest user”.
15. Under “Settings”, click on the lightning icon to the right of the User Principal Name field.     
    Choose the "UserPrincipalName" input that you previously created from the displayed list.
16. Click “Save”.

Let's save our workflow first as a draft, and then publish it.
For further information, refer to the article: Publish.

18. Click “Save” at the top right. This will save your workflow as a draft.
    Then, click “Publish” at the top right: this will publish your workflow and make it available to you, and everyone you grant access to it.

A workflow can be scheduled on a custom policy. We will create a custom policy from a report and then associate the workflow with it to use it as the remediation action.
For further information, refer to the article: Create a custom policy from a report.

19. Go to “REPORTS” > “USERS” > “Guest users”.
20. Display the columns “Last Microsoft 365 activity date” and “Creation date”, along with the “User principal name” column, which will supply the execution input for the workflow.
21. Add the filter “Not in last N days” = 180 to both the “Creation date“ and the “Last Microsoft 365 activity date” columns.

22. Select “Actions“ and click “Create Custom Policy”. 

23. Fill out all the required fields: “Name”, “Description”, “Category”, and “Playbooks”.

24. Set the desired threshold. This will trigger a warning when there are matched items. For further information, refer to the article: Thresholds.

25. Under “Remediation action” choose “Run workflow” as a remediation and select your workflow from the drop-down. For further information, refer to the article: Remediation settings and actions.
26. Under ”Remediation execution input”, click on “Automap” to automatically generate the input. 
27. Under “Schedule”, specify how often you would like the workflow to be executed.

28. Review and ”Save”.

29. Under ”PLAYBOOKS”, you should be able to see your new custom policy with scheduled remediation.