IT onboarding checklist for new starters: a step-by-step guide for SMBs
A new starter's first day says a lot about how organised your business really is. When the laptop is ready, the accounts work, and everything they need is one click away, the message is clear: this is a company that has its act together.
When it isn't, the opposite message lands just as loudly.
Here is a practical IT onboarding checklist for small businesses — the things that need to be in place before day one, not scrambled together during it.
Before day one
1. Confirm the role and access profile
Before anything technical, agree what the person actually needs:
- Job title and manager
- Start date and location (office, hybrid, remote)
- Which team, department and shared drives they belong to
- Which apps and systems they need access to
- Whether they need a shared mailbox, calendar or phone number
A one-page starter form covering this removes 90% of the guesswork later.
2. Order and configure the device
A laptop should arrive already set up — not shipped as a blank box for the new starter to figure out.
A properly prepared device has:
- Windows or macOS fully updated
- Disk encryption enabled
- Business antivirus and endpoint protection installed
- Enrolled in device management (Intune or equivalent)
- Standard business apps pre-installed (Microsoft 365, Teams, browser, PDF reader)
- A named local admin policy — the user is not a local admin by default
3. Create the accounts
Set up the core identity in Microsoft 365 (Entra ID) with:
- A consistent email format (firstname.lastname is the safest)
- Multi-factor authentication enforced
- Membership of the right security and distribution groups
- Licences assigned (Business Basic, Standard or Premium as appropriate)
- A temporary password that must be changed on first sign-in
4. Grant access, not admin
Add them to the SharePoint sites, Teams channels and shared mailboxes their role requires — no more, no less. Resist the temptation to copy someone else's permissions wholesale; that's how access sprawl starts.
Day one
5. A 30-minute welcome walkthrough
Book a short session to cover:
- Signing in and setting up MFA
- Where files live (SharePoint, OneDrive, Teams)
- How to raise an IT ticket
- Password and security basics
- Who to contact for what
This single session prevents dozens of small support tickets in the first week.
6. Confirm everything works
Before the welcome call ends, check the new starter can:
- Send and receive email
- Join a Teams meeting
- Open a shared document
- Print (if relevant)
- Access every system on their starter form
The first two weeks
7. Follow up, don't assume
Check in at the end of week one and week two. Most access gaps only show up once the person starts doing real work.
8. Document what you did
Keep a simple record of which groups, licences and permissions were assigned. It makes the leaver process — and future audits — dramatically easier.
Why this matters
A rushed onboarding costs you twice: once in the new starter's lost productivity, and again in the support time it takes to fix things retrospectively. A checklist like this turns onboarding from a scramble into a routine.
If you'd rather not run this process yourself, starter and leaver management is included with Dynamiti One — every new joiner gets a pre-configured device, accounts, licences and access ready before day one.
Standardise once, save every time
The biggest win with onboarding is not any single item on the checklist. It is turning the checklist into a repeatable template that runs every time a new starter joins. Once you have done that, the whole process moves from a scramble to a routine that anyone in the business can follow.
Group new starters by role, not by name
A sales rep, a warehouse operative, and a finance assistant all need different access on day one. Build a small set of role templates that define which licences, groups, and shared folders each type of starter gets. When HR confirms the role, IT applies the template and everything falls into place.
Plan the first two weeks, not just day one
Day one gets most of the attention, but the real risk sits in week two, when the initial excitement has worn off and small access issues start to bite. Book a short check in with every new starter at the end of week one to catch anything missing before it becomes a blocker.
Keep security in mind from the start
Multi factor authentication, a strong password policy, and clear guidance on phishing should be part of the very first sign in, not something that gets added later. Starting secure is far easier than trying to tighten up months down the line.
Feed lessons back into the template
Every new starter surfaces something small that could be better next time. A missing group. A confusing instruction. A licence that took too long to arrive. Keep a running list and update the template every quarter. Over a year, the process gets noticeably smoother without anyone having to run a big project.