Book a demo

Let the business self-serve without losing control.

Route sensitive Microsoft Teams workspace requests to the right approver — only when the template, process, or risk requires it. Low-risk work stays self-service.

ISO 27001 certified · SOC 2 Type II certified · Acts on your Microsoft 365 tenant via the Microsoft Graph API

Both extremes create friction the business pays for.

If every workspace request goes through IT, teams wait days for something that should take minutes. If nothing gets reviewed, sensitive workspaces get created with the wrong membership, missing labels, and no one who signed off. The fix is targeted approval — applied only where it matters.

Everything needs an IT ticket

When all workspace requests go through IT, the business slows down. Teams wait days for a workspace that should take minutes to start.

Or nothing gets reviewed

When approval is skipped entirely, sensitive workspaces get created with no one signing off on membership, labels, or external access.

Duplicates pile up

Three teams for the same project, five for the same client. Nobody checks whether the workspace already exists before creating another.

Governance becomes cleanup

Without a checkpoint at creation, IT discovers the gaps after the risk already exists — a remediation project rather than a guardrail.

From request to provisioning — with a decision only when it's needed.

Approval sits inside the same self-service flow your teams already use. The request carries everything an approver needs to decide, and nothing is created until they do.

01

Attach approval rules to specific templates

Set approval per template. Low-risk internal workspaces provision instantly; templates for sensitive or client-facing work route to the right approvers.

02

A user requests a workspace

From the self-service catalog, a user picks a template and submits a request — carrying the naming convention, membership rules and structure already defined for that template.

03

The request routes to approvers

nBold sends it to the designated approvers. Single-step for routine workspaces, multi-step where a line manager and a governance owner both need to sign off.

04

Only approved requests provision

On approval, nBold provisions the full workspace from the template. On rejection, nothing is created and the requester is notified — no orphaned workspace left behind.

Tune the guardrails to the risk, not the volume.

Not every request needs the same scrutiny. Configure approval per template so routine work moves fast and higher-stakes workspaces get the review they warrant.

Self-service preservedSprawl preventedSensitive workspaces reviewedOwner accountabilityAudit-ready decisionsGuardrails at creation

Single or multi-step

Configure one approver or a chain — line manager, then governance or IT owner — so higher-risk workspaces get the review they warrant without slowing everything else down.

Per-template rules

Set approval per template. Low-risk internal workspaces provision instantly; client-facing or sensitive ones route to designated approvers — not to a generic IT queue.

Designated approvers

Name who signs off: workspace owners, template managers, IT admins, or department leads. Approval rights are assigned deliberately, not inherited from broad tenant roles.

Pre-governed requests

Because the request carries the template, approvers review a complete workspace — naming, membership, labels — not a blank form that still needs governance decisions made.

A checkpoint at the right moment — before anything exists.

Reviewing a workspace after it exists means undoing risk that has already materialised. Approval moves the control upstream, to the instant of creation, where a decision costs nothing and prevents everything.

nBold is Microsoft 365 native. Requests, approvals and provisioning all run via the Microsoft Graph API under a service account you control. ISO 27001 certified and SOC 2 Type II certified.

Frequently asked questions

Can approval be optional — only on some templates?

Yes. Some templates can be fully self-service while sensitive or high-risk templates require approval. Low-risk internal project workspaces provision instantly; client-facing or regulated workspaces route to designated approvers.

Who can approve requests?

Approvers reflect your governance model: workspace owners, template managers, IT admins, department leads, or delegated administrators. You assign them deliberately — approval rights are not inherited from broad tenant admin roles.

Does requiring approval slow self-service down?

Users still request from a catalog of templates in seconds. Approval adds a checkpoint, not a help-desk ticket — and because the request carries the template, naming and membership already defined, approvers review a complete, pre-governed workspace rather than a blank form.

Does approval replace other governance policies?

No. Approval is one guardrail. Naming conventions, sensitivity labels, membership rules and lifecycle all still apply automatically to approved workspaces — approval is the check before creation, not instead of the rest.

Where does the approval run — does any data leave our tenant?

nBold acts on your Microsoft 365 tenant through the Microsoft Graph API, under a service account you control. nBold is ISO 27001 certified and SOC 2 Type II certified. See our Security & compliance page for the full detail on how nBold handles data.

Self-service speed where it belongs, control where it counts.

See how nBold lets you apply approval only where the process, risk, or template requires it — so the business moves fast and sensitive workspaces are never provisioned without the right sign-off.