Project Phases
Implementation Roadmap
Click any checkbox to track progress. Click phase headers to expand or collapse.
Phase 1: Identity Creation
0 / 6
Week 1
Not Started
- Create user account in Microsoft Entra ID with correct UPN and display name
- Assign user to appropriate Entra ID security groups based on department and role
- Assign Microsoft 365 license (Business Basic / Standard / Premium per role)
- Configure mailbox settings and email aliases in Exchange Online
- Add user to relevant distribution lists and shared mailboxes
- Set initial password and configure temporary access pass for first sign-in
Phase 2: Device Provisioning
0 / 6
Week 1-2
Not Started
- Enroll Windows device in Microsoft Intune via Autopilot or manual enrollment
- Enroll macOS device in Intune via ADE or Company Portal (if applicable)
- Apply device configuration profiles (Wi-Fi, VPN, security baselines)
- Deploy required applications via Intune (M365 Apps, LOB apps, browser)
- Verify device compliance status in Intune portal
- Configure BitLocker (Windows) or FileVault (macOS) disk encryption
Phase 3: M365 App Setup
0 / 5
Week 2
Not Started
- Configure Outlook profile with mailbox, shared calendars, and room resources
- Set up Microsoft Teams and add user to appropriate team channels
- Configure OneDrive for Business sync and known folder move
- Grant SharePoint Online access to department sites and document libraries
- Install and activate Microsoft 365 desktop apps on user device
Phase 4: Security Configuration
0 / 6
Week 2-3
Not Started
- Walk user through MFA registration (Microsoft Authenticator app)
- Verify Conditional Access policies are applying correctly to user sessions
- Confirm device compliance check passes in Entra ID
- Review and validate Data Loss Prevention policy coverage for new user
- Verify sensitivity labels are available and functioning in Office apps
- Run simulated phishing test on new user account to verify protection
Phase 5: Training & Handoff
0 / 5
Week 3
Not Started
- Deliver security awareness training (phishing recognition, password hygiene)
- Provide Microsoft 365 basics training (Outlook, Teams, OneDrive, SharePoint)
- Share welcome documentation package with IT support contacts and FAQs
- Confirm user can access all required apps, files, and resources independently
- Conduct 30-day check-in call to address any remaining questions or access issues
Your Team
Dedicated Project Team
Professionals assigned to your onboarding.
T1
Team Member
Identity Specialist
Entra ID & User Provisioning
T2
Team Member
Endpoint Engineer
Device Enrollment & Config
T3
Team Member
M365 Administrator
App Setup & Licensing
T4
Team Member
Security Analyst
MFA & Compliance Verification
T5
Team Member
IT Project Coordinator
Scheduling & Handoff
Key Information
Project Guidelines
Success Criteria
- User has full access to email, Teams, and SharePoint on day one
- Device enrolled and compliant in Intune within 48 hours
- MFA configured and verified before first remote login
- All required applications installed and functional
- Security awareness training completed within first week
- 30-day check-in confirms zero outstanding access issues
Risk Mitigation
- Pre-stage device and apps before employee start date
- Use temporary access pass to avoid lockout during MFA setup
- Validate all group memberships and licenses in a test account first
- Document rollback steps for each provisioning action
- Assign a buddy or mentor for first-week IT questions
Communication Plan
- Send onboarding schedule to hiring manager 5 business days before start
- Provide new hire welcome email with credentials and first-day instructions
- Daily check-ins with new employee during first week
- IT support channel available via Teams for real-time help
- 30-day onboarding survey to measure satisfaction