Designing AI-powered tools that support employees and managers streamline secure data access and compliance in large enterprises

Microsoft CX Sponsored ✽ Product Design Lead ✽ Winter 2024 - Spring 2025

Role

Team Lead
Product Designer
Team

1 UX Researcher
1 UX Designer
4 Microsoft Sponsors (Researchers, Designers, PMs)
Tools

Figma
Company

Microsoft
Context
My Master's Capstone Project with Microsoft!
For my HCDE capstone, I led a team of two in collaboration with Microsoft Customer Experience on a blue sky project exploring how to engage users in better security practices. We scoped the challenge to focus on streamlining workplace data access, designing AI-powered solutions that reduce friction for employees and help managers maintain compliance.
Problem
How might we streamline the data permission process for employees and managers to ensure efficient and accurate access to tools, software, and data while strengthening the company’s overall data security and protection?
As tech companies continue to scale, the complexity of managing employee access to tools, software, and sensitive data grows exponentially. Whether during onboarding, team transitions, or offboarding, inefficient data access and permissions workflows create friction for employees and managers which can cause lack of productivity, miscommunication, and potentially introduction of security vulnerabilities.
Solution
Introducing Nexus!
To tackle the complexity of enterprise data access, we designed Nexus, an AI-powered solution with two core experiences.

For employees, we streamlined the access request process with Copilot-driven suggestions that reduce friction, increase speed, and improve clarity.

For managers, we crafted a Copilot-powered dashboard that surfaces compliance risks and streamlines ongoing audits.

By addressing both perspectives, Nexus makes secure access more streamlined, proactive, and easy to manage.
New Hire: Request Access Form
Manager: Audit in Progress

Scroll to learn about the process

Discovery
We scoped our challenge to data access and management within large enterprises.
After exploring directions like phishing awareness and data collection via browser history, we narrowed our focus to workplace data access since it impacts a broad range of users and offered clear opportunities for meaningful design. We also considered time constraints and participant availability, ultimately choosing a scope that was both impactful and feasible to design and prototype for.
Netnography
We used netnography to quickly identify pain points and user types in real-world contexts.
To guide early exploration, we analyzed online forums and articles such as Reddit, using open thematic coding to uncover common frustrations around software and data access. This helped us surface recurring themes and define six key user profiles, including new hires, managers, and IT admins. These insights shaped our initial understanding before we conducted interviews.
Chart of our emerging themes
Here are some of the key takeaways from netnography:

Managers often want full administrative control to simplify oversight and maintain control over access.
New hires frequently feel frustrated by complex access dashboards and delays that block them from starting their work.
Contractors commonly face challenges when role-based access restrictions prevent them from accessing the specific files they need to complete their tasks.
Semi-structured interviews with Open Card-sorting
We combined interviews and open card sorting to efficiently gather insights from new hires and managers.
For our interviews, we chose to focus on new hires and managers. New hires often face challenges during onboarding as they work to gain access to the tools and resources needed to begin their roles. Managers were selected because they are responsible for overseeing team access and ensuring security compliance. To balance depth with feasibility, we conducted six one-hour sessions, combining semi-structured interviews and card sorting in a single session.
Here are some of the key takeaways from interviews & cardsorting:

Managers reported varied experiences with granting permissions and access, often shaped by their company’s internal structure.
New hires expressed a preference for minimizing communication during onboarding, and often felt unclear about how to navigate the access request process.
➺ While some feature cards were consistently grouped, no single concept was categorized the same way by all participants.
➺ Both new hires and managers showed a strong preference for features that automate provisioning, such as role-based access.
Expert Interview
We conducted an expert interview to better understand security concerns and best practices.
To supplement our user research, we interviewed a security expert to learn about common risks, user misconceptions, and potential tensions between efficiency and secure behavior. Using a semi-structured format with 20+ core questions, we gathered insights on how to responsibly design data access tools that balance user needs with enterprise-level security standards.

While not representative of all security professionals due to a small sample size, the feedback served as a valuable guide for identifying key security compliance considerations during design.
Personas
We created two personas to capture the goals and challenges of our primary users.
To better understand the needs, goals, and success metrics of those involved, we developed personas representing new hires and managers navigating the data access and auditing process. These helped ground our design decisions in real user contexts.
Persona for New Hires
Persona for Managers
Customer Journeys
We mapped the onboarding and auditing journeys to uncover pain points and opportunities for improvement.
We created journeys for both new hires and managers to visualize their key actions and challenges during onboarding and access management. For new hires, we focused on access delays and reliance on coworkers for guidance. For managers, we mapped responsibilities like granting permissions and auditing access, revealing gaps in visibility and process ownership.
Current Journey for Onboarding Process
Current Journey for Offboarding
Key Takeaways from User Research
Our research revealed critical gaps in clarity, ownership, and automation.
New Hires need clearer, more guided onboarding flows and process to request for access
Confusion around the access request process led to delays and reliance on coworkers during onboarding. To address this, we focused on simplifying the request experience with contextual guidance that helps new hires navigate the process independently and reduces setup friction.

Managers Require Tools to Simplify and Automate Access Audits
Manual onboarding and audits are time-consuming and prone to error. We focusesd on designing manager-facing dashboard powered by AI suggestions to streamline decision making, surface access risks, and reduce the time spent managing permissions.

Lack of Visibility Slows Teams and Increases Compliance Risk
Without a centralized view of statuses, both new hires and managers experienced delays and confusion. We focused on crafting tailored dashboards for each role, enabling new hires to track their tool and file access in real time, and helping managers take proactive actions through prioritized insights.
Ideation Workshop
We ran a stakeholder workshop to align on priorities and co-create AI-powered solution ideas.
After sharing our research findings with Microsoft stakeholders, we hosted a collaborative ideation workshop to generate solutions that addressed user needs while supporting business goals. Through structured activities like “How Might We” framing, voting, and brainstorming, we identified top opportunities around onboarding, automation, and AI-supported access. The most promising ideas centered on improving onboarding through features like automated provisioning, AI-powered directories, and mentorship systems.
User Flow Maps
We mapped user flows to uncover blockers and identify opportunities for AI support.
To further understand the current experience, we created flow maps for both new hires and managers, outlining the visible steps they take along with the supporting back-end processes. This helped us surface key pain points such as access delays, audit bottlenecks, and unclear responsibilities. We also identified potential ingress and egress points where users enter or exit the system. These insights revealed opportunities for AI-driven support and helped us scope a focused scenario for storyboarding and prototyping.
User Flow Chart for New Hires
User Flow Chart for Managers
Storyboarding
We used storyboarding to ground our prototype in a real-world scenario.
Storyboarding helped us translate our user flow maps into a tangible, narrative-driven scenario. This visual artifact kept our team aligned, ensuring our design decisions remained focused on real user needs and context throughout the prototyping process.
Storyboard for New Hires
Storyboard for Managers
Initial Concepts
We tested early concepts with users and gathered feedback from sponsors to guide design decisions.
Our initial wireframes explored AI-assisted access forms for new hires and AI-powered audit dashboards for managers. Feedback from participants and sponsors helped us streamline layouts and prioritize key tasks, resulting in more focused and usable designs.
Early Iteration of Request Access form for New Hires
New Hire Access Request Experience Changes

 Auto-filled user information: Stakeholders wanted name, role, team, and manager fields to be non-editable and automatically populated for clarity.

Reduced visual clutter: General information was moved into a collapsible section to keep the form streamlined and focused.

AI support redesign: Users found chatbot-style interactions awkward and overwhelming. We transitioned to inline, contextual Copilot suggestions that appear when needed.

Helpful defaults: Copilot now surfaces default access selections based on similar past requests, making the form quicker and more intuitive to complete.
Early Iteration of Audit Dashboard for Managers
Manager Audit Dashboard Changes

Clear and actionable dashboard content: Participants appreciated the clean layout and color-coded CTAs, which made it easy to identify urgent tasks. Both participants and stakeholders emphasized the importance of surfacing the most time-sensitive actions, suggesting that "Priority Actions Today" be placed more prominently than less urgent content like “Team Access Overview.”

Proactive audit scheduling: Managers preferred receiving calendar reminders about upcoming audits to stay ahead with complaince. They found it easier to take action when prompted with a clear link or task via email or directly on the dashboard.

AI-powered audit suggestions with human oversight: Participants were open to AI highlighting risky access but emphasized the need for final approval. Some suggested a customizable risk tolerance setting to better align AI behavior with individual preferences. However, stakeholders preferred less visual clutter on the dashboard and emphasis on features directly related to the main user flow.
RITE + Krug Usability Testing
We used the RITE + Krug method to rapidly test and iterate on our prototype.
To make the most of our limited timeline, we conducted six usability tests with three new hires and three managers using the RITE and Krug approach. Designers observed each session live, and made improvements between tests. This approach helped us continuously refine our prototype based on direct user feedback.
New Hire Access Request Process Changes

First Round
Replaced inline suggestions with tooltips for better clarity.
Redesigned the justification section with inline auto-fill detection.
Moved the "Requests Summary" into the "Request Access" card for easier access.

Second Round
Removed the entire general information section to reduce visual clutter.
Added additional duration options to give users more flexibility.

Final Round
Updated justification suggestions to appear directly below the input field.
Removed "My Files" and "My Apps" from the dashboard to streamline the interface.
Manager Auditing Process Changes

First Round
Integrated calendar scheduling for proactive audit planning.
Combined "Team Access Overview" with "Pending Actions" and added a visual compliance indicator.
Standardized CTAs, removed ellipses, and added an email option for quicker action.

Second Round
Replaced vague suggested actions with clear CTAs and added confirmation messages.
Color-coded risk levels, expanded table spacing, and included tooltips for added context.
Introduced pre-filled messages to speed up communication.

Final Round
Improved chat CTAs and refined AI-generated responses for better clarity.
Added tabs to separate resolved and active tasks, and made audit timelines collapsible.
Simplified tooltips to display AI confidence only and clarified compliance visuals with more actionable insights.
Improved the visual clarity of audit actions to make them easier to understand and execute.
Final Solutions
New Hires: Access Request Process
➺ Short minimal form for speedy completion
➺ A tooltip appears next to each field with a Copilot suggestion, offering additional context based on previous requests without interrupting the user’s flow.
➺ As the employee types their justification, Copilot provides real-time suggestions based on previous requests, helping them craft clearer, security-compliant responses.
➺ The access dashboard (employees) gives users a centralized view of their access requests, including real-time status updates and a clear CTA to submit new requests.

➺ A “Curated for You” section also surfaces relevant tools or data sets based on past request history and upcoming expirations, helping users stay ahead of their needs.
Managers: Auditing Process
➺ The Access Dashboard (Managers) helps managers oversee permissions, monitor compliance, and manage role-based access with AI-powered insights.

Key sections include:
Priority Actions – Highlights urgent tasks based on deadlines, team activity, and calendar events
Team Compliance Status – Surfaces gaps in compliance and outlines recommended actions
Access Issues & Gaps – Flags critical access risks that need managerial attention
Access Distribution by Role – Visualizes team access levels to support thoughtful provisioning and reduce risk
➺ The Audit tab is designed to help managers log audit activity, review AI-flagged issues, and resolve them efficiently.

➺ Copilot assigns each item a risk level (low, medium, or high—based on AI-driven analysis of access patterns).

➺ To build user trust, hovering over the risk level reveals a tooltip showing Copilot’s confidence score, and clicking the tooltip opens a side panel with more detailed security context.

➺ Managers can take action directly within the audit table or from the Copilot panel, ensuring they stay in flow while reviewing access issues.
Reflections
Next Steps
Conduct additional user testing on revised designs. After making final design updates based on usability feedback, further testing is needed to validate changes. Expanding the participant pool beyond six users will also help ensure broader usability and uncover any remaining friction points before moving into development.

Explore more thoughtful and intentional AI integration. Throughout the project, we considered how AI could support users without overwhelming them. Future exploration could focus on identifying additional touchpoints where AI can enhance decision making, reduce cognitive load, and feel contextually helpful rather than intrusive.

Enhance accessibility considerations in future design iterations. While we used Microsoft’s Fluent Design system for its accessible foundation, future work could include deeper integration of accessibility features. This includes support for screen readers, keyboard-only navigation, and text-to-speech, as well as involving users with disabilities and accessibility specialists in testing and feedback.
More Reflections
Key Takeaways
Managing complexity across two distinct personas. Designing for both new hires and managers introduced unexpected complexity to our project. Each group had unique goals, responsibilities, and pain points, which led us to develop two separate but interconnected solutions. This added significant scope and required constant prioritization to ensure our work remained focused, feasible, and meaningful within the time constraints of our capstone.

Growing through team leadership and collaboration. As the team lead, I coordinated communication, facilitated decision making, and kept our work aligned with feedback from both sponsors and instructors. This role helped me learn how to support a team under tight timelines, adapt to shifting priorities, and lead with empathy while ensuring we delivered high quality, thoughtful, and user-centered solutions.

Designed by Jenn with love