Are you not sure whether your new hire will join seamlessly, or whether to expect admin and hang-ups from your IT provider?
The below onboarding checklist will help you determine whether you’re truly ready for that new hire to start.
Before the Employee Starts
- Hardware ordered, configured, and tested
- Device encrypted and security policies applied
- User account created and naming standards verified
- Microsoft 365 licence assigned
- MFA method prepared
- Temporary password securely issued
- Role-based security groups assigned
- Required shared mailboxes mapped
- Teams channels and collaboration spaces assigned
- VPN or remote access configured
- Printer access validated (if applicable)
- Browser profile created and synchronisation enabled
- Password manager access configured (if applicable)
- Required line-of-business applications installed
- Email signature configured
Access & Security Validation
- MFA successfully enrolled
- Leaver/shared account conflicts checked
- Least-privilege permissions reviewed
- Admin access restricted appropriately
- Legacy accounts disabled or removed
- External sharing permissions reviewed
- File/folder access validated against role
Remote & Hybrid Readiness
- Home working guidance issued
- Remote support process explained
- VPN tested externally
- Teams/video/audio tested
- Secure Wi-Fi guidance shared
- Browser standards explained
- Personal device policy confirmed
First-Day Validation
- User can log into all required systems
- Email functioning correctly
- Shared drives/folders accessible
- MFA prompts functioning normally
- Teams/calendar access working
- Printing/scanning tested if required
- Line-of-business software accessible
- Support contact process explained
And if you need additional help with onboarding, here’s a useful standards template:
1. Identity & Access Standards
- All users must have individual named accounts
- MFA mandatory for all
- Role-based permissions applied wherever possible
- Shared credentials prohibited
- Admin privileges separated from standard accounts
2. Device Standards
- Supported operating systems only
- Security updates automated
- Endpoint protection enabled
3. Browser & Profile Standards
- Approved browser list maintained
- Browser sync enabled for approved users
- Unsupported extensions prohibited
4. Remote Working Standards
- Remote access tested before start date
- VPN or secure access method documented
- Approved device usage policy communicated
- Clear escalation process for remote issues
5. Software & Application Standards
- Required applications mapped by role
- Licensing assigned before start date
- Access approvals documented
- Default application configurations standardised
- Unsupported software restricted
6. Operational Readiness Standards
- Joiner process ownership defined
- Checklist completion recorded
- Line manager sign-off required
- Documentation stored centrally
- Periodic onboarding review performed
