No two businesses onboard staff in exactly the same way. A SOHO operator hiring their first employee, a small business adding another team member, and a commercial organisation onboarding at scale will all have different processes, risks, and expectations. What is consistent, however, is the role your Managed Service Provider (MSP) plays in making day one productive, secure, and compliant.
The Common Onboarding Oversight
The typical flow looks like this:
- A letter of offer is prepared
- The candidate accepts
- A start date is set
And then—often unintentionally—one critical step is missed: informing your MSP that a new staff member is starting.
In today’s IT landscape, onboarding is no longer just about a desk and a login. It involves subscriptions, licensing, security policies, email provisioning, identity management, and access controls across multiple platforms. All of these require planning and, importantly, lead time.
Why Notice Matters More Than Ever
Modern workplaces rely heavily on subscription-based services—Microsoft 365, Google Workspace, cloud applications, line-of-business systems, security tooling, and device management platforms. Licences must be provisioned, accounts created, security baselines applied, and sometimes approvals or billing changes processed.
When an MSP is brought in after a staff member has already started—sometimes with the expectation that everything be ready “today”—the outcome is rarely ideal. It can lead to:
- Delayed access to email and systems
- Temporary or insecure workarounds
- Increased support costs
- Frustration for the new starter and internal staff
At Approved Systems, we regularly receive notifications that someone has started work that same day and urgently needs email, applications, and licences set up. While we always aim to assist where possible, this reactive approach puts unnecessary pressure on everyone involved.
Setting the Right Expectation
Onboarding should be a coordinated process. Just as payroll, HR, and management are informed ahead of time, your MSP should be included as soon as a start date is confirmed. Even a few business days’ notice can make a material difference; a week or more allows for proper preparation, testing, and documentation.
Early engagement ensures:
- Day-one readiness for new staff
- Correct licensing and subscription allocation
- Identity and security controls (including MFA/2FA) applied from the outset
- Reduced risk of delays, rework, or insecure shortcuts
- A smoother, more professional onboarding experience
What Your MSP Actually Needs (and Why)
Providing an MSP with only “Person A starts on Monday” is rarely sufficient. Modern onboarding requires accurate information to align licensing, identity, security, and access correctly from day one.
At a minimum, your MSP will typically need:
- Full legal name of the staff member
- Job role and responsibilities
- Start date and expected working hours
- Primary work location (on‑premises, hybrid, or remote)
- A registered mobile number (required for MFA/2FA)
- A backup personal email address (for account recovery and identity verification)
- Whether they require:
- A corporate login (Active Directory / Entra ID)
- Email and collaboration tools
- Access to line‑of‑business applications
- A computer, desk phone, or mobile device
This information allows identity, licensing, and access to be provisioned securely and correctly—rather than guessed at after the fact.
Real‑World Scenarios We See Far Too Often
The following are not edge cases—they are common examples MSPs deal with regularly:
- Last‑minute hardware requests
A business purchases a laptop off the shelf and asks for it to be ready this afternoon or tomorrow. There is often no clarity on:- Whether the device is running Windows Home or Pro
- Whether it is a locked‑down Windows S edition
- Whether it can be managed, secured, or remotely accessed by the MSP
- “They just need email”
We are told a new starter only needs email—but there is no information on:- Whether they require a corporate login
- Where they will be working from
- Whether a computer, desk phone, or mobile service is required
- Whether an eSIM or handset provisioning is needed
- What role they are performing, or who they are replacing
- Escalation driven by payroll pressure
Phrases like “This person is now on the payroll—I’m not paying them to sit idle. Get it done now.” create unnecessary tension.While MSPs will always act professionally and do their best to assist, this reactive, high‑pressure approach damages relationships, lowers morale, and ultimately slows outcomes rather than improving them.Respectful planning and reasonable notice lead to faster, better results for everyone involved.
SOHO vs Small Business vs Commercial: Different Scale, Different Expectations
While every organisation is different, business size strongly influences how onboarding should be approached and how an MSP is expected to engage.
SOHO (Small Office / Home Office)
Typically 1–5 staff, often owner-operated.
- Onboarding is usually informal and ad-hoc
- Limited or no internal IT or HR processes
- Often reactive, with technology added as needs arise
- MSP involvement is critical, as the business owner is juggling multiple roles
Expectation setting is essential here: lead time may be shorter, but simplicity and clarity matter most.
Small Business
Generally 5–50 staff.
- Some documented processes exist, but may not be consistently followed
- Growing reliance on cloud services, security tooling, and compliance
- Onboarding usually tied to payroll or HR actions
- MSPs are expected to provide guidance, structure, and scalability
At this level, advance notice and role clarity become vital to avoid compounding technical debt.
Commercial / Enterprise-Style Operations
50+ staff or regulated environments.
- Formal HR, security, and IT governance processes
- Defined onboarding workflows and approval chains
- Strong emphasis on compliance, auditing, and least-privilege access
- MSPs operate as an extension of internal IT teams
Here, onboarding delays are rarely caused by technology—but by missing approvals or incomplete information.
What Good Onboarding Looks Like: A Practical Checklist
A smooth onboarding experience doesn’t need to be complex—it just needs to be deliberate. The following checklist represents a realistic, MSP-aligned approach:
Before the Start Date (Ideally 5–10 Business Days Prior)
- Confirm start date and role
- Notify your MSP with sufficient notice
- Provide full staff details (name, mobile number, backup email)
- Confirm work location (on-site, remote, hybrid)
- Identify a comparable role or predecessor (if applicable)
Identity, Licensing, and Security
- Approve required software and service licences
- Confirm MFA/2FA requirements
- Define access levels based on role
- Confirm password recovery and identity verification methods
Hardware and Access
- Confirm whether a device is required or already purchased
- Validate device suitability (OS version, manageability, security)
- Arrange remote access and device enrolment
- Provision phones, eSIMs, desk phones, or headsets if required
Day-One Outcome
- Email and core systems accessible
- Security policies applied from first login
- Minimal downtime or guesswork
- New staff member feels welcomed, productive, and supported
Good onboarding is not about urgency—it’s about preparation. When businesses and MSPs work together with clear expectations and mutual respect, everyone wins.
Cyber Security in Today’s Era: Start Right on Day One
In today’s threat landscape, cyber security is no longer optional—it is foundational. A new staff member, without the right awareness and controls, can unintentionally expose your business to significant risk within their first hours or days.
Phishing emails, weak passwords, credential reuse, unsafe file sharing, and unauthorised software installs remain some of the most common entry points for cyber incidents. These are rarely malicious acts—they are usually the result of insufficient training and unclear expectations.
This is why cyber security awareness training should be part of every onboarding process.
Why New Starters Are the Best Time to Train
The first week matters. New staff arrive without habits formed inside your organisation, making this the ideal window to establish:
- Correct security behaviours
- Clear expectations around acceptable use
- Understanding of phishing, MFA, and password hygiene
- Awareness of reporting procedures and escalation paths
Trying to retrain long-term staff after the fact—especially where poor habits are entrenched or there is resistance to change—is significantly harder and less effective.
Approved Systems provides tools and platforms specifically designed to support cyber security awareness training as part of onboarding, ensuring staff receive the right guidance before informal workarounds or unsafe practices are passed on.
By training new starters early, you:
- Reduce the likelihood of human-error-driven incidents
- Reinforce your security culture from day one
- Protect your business, customers, and data
- Avoid new staff being unintentionally “trained” into bad habits on day one
Good onboarding is not just about access—it is about protection. Starting with the right cyber security foundations sets both your staff and your business up for long-term success.
This Is Why We Ask These Questions
When Approved Systems requests detailed information for onboarding, it is not bureaucracy—it is risk management and preparation.
We ask these questions so we can:
- Provision the correct licences the first time
- Apply security controls such as MFA/2FA from day one
- Ensure identity recovery details are in place before an issue occurs
- Confirm devices are secure, manageable, and supported
- Align access with job role and least-privilege principles
- Deliver a smooth, professional day-one experience
Incomplete or last-minute information forces assumptions. Assumptions increase risk.
Good answers upfront mean fewer delays, fewer security gaps, and better outcomes for your business and your staff.