IT Automation · Microsoft 365 · Security

I build the automation that runs IT behind the scenes.

Microsoft 365 administration, automation, and security. Here's some of what I've built at work.

Robin Pokharel — Available for new roles

Work Projects

Shipped · 10

I build these end to end, from the Entra ID app registration and Graph API permissions through to the finished workflow. High-level overviews; client and tenant details are left out.

Identity · Lifecycle

Offboarding Automation

A Power Automate flow that handles offboarding from a single request: updating accounts and access, moving the user's files to their manager, and tracking the device back. Takes a long manual checklist off IT and keeps access removal consistent.

Power AutomateGraph APIEntra ID

Swipe through the workflow →

Step 01Offboarding email received
Step 02Employee details extracted
Step 03Scheduled until offboarding date
Step 04Entra ID updated
Step 05Files transferred to manager
Step 06Licenses removed
Step 07Groups reviewed
Step 08Mailbox converted
Step 09Return label created
Step 10Tracking saved
Step 11Reminders sent
Step 12IT notified on return

Identity · Lifecycle

Onboarding Automation

A Power Automate flow that sets up new hires from HR data: creating the account, applying department-based access, setting up email, and assigning licenses and groups. Cuts down the repetitive setup and keeps new accounts consistent.

Power AutomateEntra IDGraph APIExchange

Swipe through the workflow →

Step 01HR data received
Step 02Details validated
Step 03Account created
Step 04Department logic applied
Step 05Email configured
Step 06Licenses assigned
Step 07Groups added
Step 08Access routed
Step 09IT notified

Compliance

OIG Compliance Screening

A scheduled Power Automate job that runs a Python runbook in Azure Automation to check staff against the OIG exclusion list, then emails compliance any potential matches. Replaces a manual, list-by-list comparison.

Azure AutomationPythonPower Automate

Swipe through the workflow →

Step 01Power Automate runs on schedule
Step 02Exclusion data downloaded
Step 03Workforce records loaded
Step 04Python comparison runs
Step 05Potential matches identified
Step 06Results logged
Step 07Email sent to compliance

Operations

Microsoft 365 License Tracking

A Power Automate flow that tracks Microsoft 365 license usage and flags when licenses are running low or sitting unused. Gives the team a heads-up before it turns into a problem.

Power AutomateGraph APISharePoint

Swipe through the workflow →

Step 01License data pulled
Step 02Counts calculated
Step 03Thresholds checked
Step 04Low / excess flagged
Step 05IT notified
Step 06Tracking list updated

Collaboration

Teams & Group Provisioning

A Power Automate flow that spins up Microsoft 365 groups and Teams channels for new contracts with consistent naming and access. Saves setting each one up by hand.

Power AutomateTeamsEntra ID

Swipe through the workflow →

Step 01Contract request received
Step 02Workspace details captured
Step 03M365 group created
Step 04Teams channel created
Step 05Access groups configured
Step 06Owners assigned
Step 07IT notified

Integration

Third-Party Account Provisioning

A Power Automate flow that keeps a third-party platform's accounts in sync: each day it compares the current users against the day before, builds a change file, and uploads it over SFTP. Keeps accounts current without manual updates.

Power AutomateSharePointSFTP

Swipe through the workflow →

Step 01Current user list loaded
Step 02Prior-day records checked
Step 03New users detected
Step 04Changed users detected
Step 05Removed users detected
Step 06Change file generated
Step 07Tracking list updated
Step 08Results logged
Step 09Accounts uploaded to platform over SFTP
Step 10IT notified

Endpoint Management

Endpoint App Deployment

Packaging and deploying app updates to Windows endpoints through Intune, using detection scripts and supersedence so devices stay on current versions. Keeps the fleet consistent without chasing updates by hand.

IntunePowerShellWin32 apps

Swipe through the process →

Step 01Update identified
Step 02Package prepared
Step 03Detection script written
Step 04Supersedence configured
Step 05Target group assigned
Step 06Deployment monitored
Step 07Issues remediated

Identity · Governance

Access Reviews

A scheduled Power Automate flow that pulls the members of sensitive groups via Graph and sends each group's owner a Teams adaptive card to confirm who should keep access. Removals are applied and logged, so access doesn't quietly pile up over time.

Power AutomateGraph APITeamsSharePoint

Swipe through the workflow →

Step 01Power Automate runs on schedule
Step 02Sensitive groups pulled via Graph
Step 03Group owners identified
Step 04Adaptive card sent in Teams
Step 05Owner marks keep or remove
Step 06Removals applied
Step 07Changes logged

Security Operations

Alert Response Playbook

When a high-severity Sentinel or Defender alert fires, a playbook enriches it with the user's recent sign-ins, device, and group memberships via Graph, then posts a clean summary to the security channel. Critical alerts can disable the account or revoke sessions; lower-severity ones are logged for triage.

SentinelDefenderLogic AppsGraph API

Swipe through the workflow →

Step 01High-severity alert fires
Step 02Playbook triggered in Logic Apps
Step 03Sign-ins pulled via Graph
Step 04Device and groups gathered
Step 05Summary posted to security channel
Step 06Critical alerts auto-contained
Step 07Outcome logged for triage

Identity · Reliability

Secret Expiry Monitor

A scheduled Azure Automation runbook that checks every Entra app registration for client secrets and certificates nearing expiry via Graph, and alerts IT weeks ahead. Keeps an expired secret from quietly breaking an integration, including the other flows here.

Azure AutomationPowerShellGraph API

Swipe through the workflow →

Step 01Runbook runs on schedule
Step 02App registrations pulled via Graph
Step 03Secrets and certs checked
Step 04Expiring ones flagged
Step 05IT alerted ahead of expiry
Step 06Results logged

Administration

Day to day

The day-to-day administration work I do.

Microsoft 365 administration

Managing users, licensing, and mailboxes, and keeping SharePoint, OneDrive, and Teams running for the org.

Identity & access

Provisioning and deprovisioning accounts, managing access and MFA, and role-based permissions across Entra ID and Active Directory.

Endpoint management

Enrolling and managing Windows devices through Intune and Autopilot, including device policies and app deployment.

Security operations

Monitoring Sentinel and Defender, and investigating and remediating security incidents.

Scripting & reporting

Using PowerShell and Graph for ad-hoc admin tasks, bulk changes, and reporting across the tenant.

What I do

I work primarily with automation, Microsoft 365 administration, and security. AI is part of my workflow for researching and solving unfamiliar problems, but I always validate its output against the underlying technology. Sensitive and tenant data stays out of AI tools.

How I work

On the job

Handling escalations

I'm comfortable handling the escalations the help desk passes up, the tickets that need more digging.

Clear communication

Able to communicate technical things to non-technical people: leadership, end users, and new hires.

Documentation

I document procedures and workflows so the team has something to follow and isn't relying on memory.

Compliance-minded

I've worked in clearance-required and healthcare environments, so least privilege, auditability, and careful handling of data are habits.

Contact

Let's talk

Open to new roles in IT, automation, and security.

Email robin2pokharel@gmail.com ↗

Phone 202-413-0061

LinkedIn linkedin.com/in/robinpokh

Resume Download PDF