Create The Right Access
Set up the named account, license, mailbox, groups, multi-factor authentication plan, shared folders, and role-specific applications before the employee arrives.
A new hire should not spend the first morning waiting for a login, guessing which files to use, or borrowing someone else's account. When an employee leaves, access and company information should not leave with them.
I connect the employee, computer, Microsoft 365 account, shared files, applications, and recovery details to one documented process.
Set up the named account, license, mailbox, groups, multi-factor authentication plan, shared folders, and role-specific applications before the employee arrives.
Sign in, install updates, connect email and files, test printers and business applications, and confirm the employee can complete the tasks the role requires.
Disable sign-in, preserve needed email and files, remove shared access, recover the computer and keys, and document what was transferred to the owner or manager.
A Microsoft 365 account is only one part of the employee's access. The useful checklist follows the work.
Named account, license, MFA method, recovery ownership, administrator roles, and a separate emergency admin path.
Outlook, Teams, OneDrive, SharePoint, shared mailboxes, calendars, contacts, and the folders the role actually uses.
Windows updates, browser profile, printer access, business software, backup, security settings, and device records.
A short role checklist keeps access intentional and makes the next hire or departure faster.
A few business days is helpful when a computer, Microsoft 365 license, or application access must be purchased. Start earlier if a vendor controls an account or a new computer needs to be ordered and transferred.
No. Each person should normally have a named account so access, multi-factor authentication, email, files, and departures can be managed without changing someone else's work. Shared mailboxes can be added where several people need a common address.
The account can be blocked from sign-in while needed mail and files are preserved. Depending on the business need, mail can be delegated, forwarded for a limited period, converted to a shared mailbox, or archived before the license changes.
Yes. I first confirm company data is preserved, then remove the former user's access, update and clean the device, create the new profile, install the required applications, and test the role-specific tasks.
The employee can use an approved authentication method, but the business should retain administrative control and an emergency recovery path. A former employee's personal phone or email should not be the only route back into a company account.
Yes. I can leave a practical checklist covering accounts, licenses, equipment, shared access, applications, testing, and the steps to reverse when someone leaves.
Send the employee role, date, computer status, and applications involved. Do not email passwords or recovery codes.