New employee onboarding is one of those things that seems straightforward until it goes wrong on day one — the new hire shows up, their laptop isn’t ready, they can’t log into the main system, nobody’s sure who handles what. A simple IT checklist prevents most of that.

This checklist is designed for small businesses where there may not be a dedicated IT person — the owner, the office manager, or whoever handles “tech stuff” can run through it before the start date.

One week before the start date

Create the accounts:

  • Company email account (youname@yourcompany.com). Send the welcome email with the temporary password and first-day instructions.
  • Microsoft 365 / Google Workspace user account with the appropriate license
  • Any business-specific software accounts they’ll need (your accounting software, your CRM, your project management tool, etc.)
  • Password manager account if your company uses one
  • Add them to the appropriate Teams/Slack channels and group emails

Prepare the device:

  • If they’re getting a company device, have it set up with the operating system updated and apps installed
  • Install required software: browser, email client, Office/Google apps, any industry-specific tools
  • Enable full disk encryption (BitLocker on Windows, FileVault on Mac) — this protects data if the device is lost or stolen
  • Install and activate your antivirus/endpoint protection software
  • Apply any required security policies (screen lock, auto-update settings)
  • Verify the device connects to the company Wi-Fi and VPN if applicable

Set up MFA:

  • Enable multi-factor authentication on the company email account before sending login credentials. Don’t skip this even if it feels like extra work.

Day one: what to walk through with the new hire

Account access (30–45 minutes):

  • Walk them through logging into their company email for the first time and changing their password
  • Set up MFA on their phone — walk through this together so they understand how it works
  • Log into Microsoft 365 / Google Workspace and confirm access
  • Log into each business tool account and verify access
  • Get them set up in the password manager with the company shared vault

Device setup (15–30 minutes):

  • Connect to company Wi-Fi (and guest network if appropriate)
  • Connect to VPN if your company uses one, and confirm it works
  • Install any apps they identified as needed for their specific role
  • Show them where shared files live (SharePoint, Google Drive, shared network drive)
  • Verify they can print if that’s relevant to their work

Security basics (15 minutes):

  • Explain your company’s password policy — use the password manager for all accounts
  • Walk through what a phishing email looks like and what to do if they receive one
  • Confirm they know to report anything suspicious to you (or whoever handles IT)
  • Show them the acceptable use policy if you have one

Communication tools (15 minutes):

  • Teams or Slack — show them the channel structure, how to find the right channels, and your norms for when to use chat vs. email
  • Video conferencing — confirm their camera and microphone work, add the relevant account

Day one troubleshooting prep

Even with good preparation, something usually needs a fix on day one. Common issues:

  • Password not working: Password got set before MFA was configured, causing a lockout. Reset from the admin console.
  • App not showing in Microsoft 365: License wasn’t assigned correctly. Check Admin Center → Users → Licenses.
  • Can’t access a shared folder: Permissions weren’t set for the new account. Add them to the appropriate SharePoint site or shared drive.
  • MFA not working on mobile: The authenticator app needs to be freshly enrolled. Re-run the MFA setup wizard.

Have the admin credentials for your email system and business software accessible on day one — you’ll likely need them.

After the first week

  • Remove access for any accounts they tried but don’t need (over-provisioning permissions is a security risk)
  • Confirm they’ve been added to any recurring meetings or calendar events they should be part of
  • Add them to HR and payroll systems if not already done
  • Verify their work email is in your email signature generator or directory if applicable

When an employee leaves

Offboarding IT is just as important as onboarding — and more often skipped. A departing employee who still has access to your email system, cloud storage, or CRM is a security and liability risk, even if the departure was amicable.

Keep a matching checklist for offboarding:

  • Disable or remove the email account (or set a forwarding/auto-reply)
  • Remove from all software accounts
  • Revoke device enrollment and VPN access
  • Change any shared passwords the employee knew
  • Transfer their files to the appropriate manager before disabling storage access

Do all of this on or before the last day, not a week later.

Good IT onboarding is invisible — the new hire just shows up and things work. Bad IT onboarding is memorable in the wrong way. Ten minutes of preparation before each hire, following this checklist, is the difference between the two.