← Back to blog
IT Support Microsoft 365

How to Set Up a New Starter's IT in a Day

Setting up a new starter's IT correctly from day one is one of the most practical ways to protect your business — and yet most small businesses treat it as an afterthought. A new employee arriving to find their laptop not ready, their email not working, or their access permissions incorrect wastes time, creates frustration, and introduces security risks that can linger for months. With the right process, you can have a new team member fully set up and productive within a single working day.

Why New Starter IT Onboarding Matters More Than You Think

Poor IT onboarding isn't just an inconvenience. When accounts are created without proper security settings, or access permissions are granted too broadly because "we'll sort it properly later," those shortcuts become vulnerabilities. The NCSC consistently identifies misconfigured user accounts and excessive permissions as common factors in security incidents affecting UK small businesses. Getting it right from the start is far easier than fixing it afterwards.

There's also a compliance angle. Under UK GDPR, your organisation is responsible for ensuring that access to personal data is appropriately controlled. A new employee who can access customer records they have no business reason to view is a compliance problem, not just an operational one.

Before the First Day: Preparation Checklist

The majority of the work should happen before the new starter arrives. Leaving setup until they walk through the door is how a "morning task" becomes a three-day project.

Hardware and device preparation

  • Order or assign a laptop or desktop at least a week in advance
  • Ensure the device is enrolled in your device management platform (Microsoft Intune if you're on Microsoft 365 Business Premium)
  • Apply all operating system updates and security patches before the starter touches the device
  • Configure full disk encryption (BitLocker on Windows)
  • Set up antivirus and endpoint protection

Microsoft 365 account setup

  • Create the user account in Microsoft 365 Admin Centre with the correct licence assigned
  • Use a consistent naming convention for email addresses (firstname.lastname@yourdomain.co.uk is standard)
  • Enforce multi-factor authentication before the account is activated — not as a task for later
  • Add the user to the correct Microsoft 365 groups and Teams channels
  • Configure their shared mailbox access if applicable
  • Set an appropriate email signature using your organisation's template

If you're unsure which Microsoft 365 licence to assign, our post on Microsoft 365 Business Basic vs Standard vs Premium sets out exactly what each tier includes.

Access permissions and software

  • Grant access only to the systems and data the new employee needs for their role — nothing more
  • Set up access to your shared file storage (SharePoint or OneDrive) with appropriate folder permissions
  • Install or licence any role-specific software (accounting packages, CRM systems, design tools)
  • Add them to your password manager with access to the relevant shared credentials

On the First Day: The Setup Walkthrough

Even if everything has been prepared correctly, the first day should include a structured walkthrough rather than leaving the new starter to figure things out alone.

Security essentials briefing

Walk the new employee through your basic security policies: how to recognise phishing emails, what to do if they receive a suspicious message, how to use the password manager, and who to contact if they think something is wrong. This doesn't need to be a formal training session — a 20-minute conversation is enough to cover the basics. The NCSC's free Small Business Guide provides a useful reference framework you can adapt.

Systems orientation

Show them how to access the tools they'll use daily: their email, Teams, shared file storage, and any business-specific systems. Confirm that each system is working correctly while you're with them, rather than assuming it is.

After the First Week: Follow-Up Tasks

A few tasks are best completed once the starter is settled in rather than on day one.

  • Confirm their MFA is set up and working on their preferred device
  • Review their access permissions to check nothing was granted in error
  • Ensure they've completed any mandatory security awareness training
  • Add them to your IT asset register with their device details and serial number

When to Involve Your IT Provider

If you're using a managed IT service like Lasetech, new starter onboarding should be handled by your IT provider as part of your service agreement. This removes the risk of misconfiguration and ensures that every new employee's IT setup meets your organisation's security standards from the outset. A good provider will have a documented onboarding procedure they can execute consistently, regardless of how frequently you're hiring.

Frequently Asked Questions

How long does it take to set up IT for a new employee?

With proper preparation — starting at least a week before the new starter's first day — the actual setup time is typically two to four hours. If you're doing it on the day with no preparation, expect it to take most of the day and involve several delays. A managed IT provider can handle the process end to end, usually completing setup before the employee arrives.

What Microsoft 365 licence does a new starter need?

For most small business employees, Microsoft 365 Business Standard is the right choice — it includes the full Office apps, Teams, Exchange email, and SharePoint. If your organisation needs advanced security features, Microsoft 365 Business Premium adds Intune device management and Defender for Business. Business Basic is sufficient for employees who only need browser-based access and don't use desktop Office applications.

Should I enforce MFA for new starters immediately?

Yes — MFA should be enforced before the account is used for the first time, not after. Microsoft 365 allows you to configure Conditional Access policies that require MFA at first sign-in. Waiting until the employee is "settled in" leaves the account vulnerable during its most exposed period.

What should I do when an employee leaves, not just when they join?

Offboarding is equally important. When an employee leaves, their account should be disabled immediately, their email forwarded or archived, and their access to all business systems revoked. Any business data stored on their personal devices should be wiped remotely if your device management platform allows it. Leaving accounts active after an employee's departure is one of the most common and preventable security oversights.