Client Onboarding Checklist

Systematic approach to onboarding new managed service clients. This checklist ensures consistent setup, proper documentation, and smooth transition to managed services.

Pre-Onboarding

Sales Handoff

• Review signed MSA (Managed Services Agreement)
• Confirm scope of services
• Identify key stakeholders and contacts
• Obtain emergency contact information
• Review SLA requirements
• Clarify exclusions and out-of-scope items
• Schedule kickoff meeting

Access Requirements

• Request admin credentials for all systems
• Request access to existing documentation
• Request network diagrams (if available)
• Obtain building/server room access
• Request vendor contact information
• Get ISP account details
• Obtain domain registrar access
• Get DNS management access

Week 1: Discovery and Assessment

Initial Meeting

• Conduct kickoff meeting with stakeholders
• Document business hours and support expectations
• Identify critical systems and applications
• Understand business processes and workflows
• Document escalation contacts
• Review existing IT policies
• Discuss change management procedures

Network Discovery

Document Network Infrastructure

# Scan network for devices
nmap -sn 192.168.1.0/24

# Document findings:
# - Routers and switches
# - Firewalls
# - Wireless access points
# - VPN concentrators
# - Network printers

• Map network topology
• Document VLANs and subnets
• Identify internet circuits (primary/backup)
• Document public IP addresses
• Review firewall rules
• Check for network segmentation
• Identify any site-to-site VPNs
• Document Wi-Fi SSIDs and passwords

Network Diagram Template

[Internet]
    |
[Firewall] --- [ISP Router]
    |
[Core Switch]
    |
    +--- [Access Switch 1] --- Workstations VLAN 10
    +--- [Access Switch 2] --- Servers VLAN 20
    +--- [Wireless AP]     --- Guest VLAN 30

Server Inventory

Document All Servers

# Get server inventory
Get-ADComputer -Filter {OperatingSystem -like "*Server*"} -Properties * |
    Select Name, OperatingSystem, OperatingSystemVersion, IPv4Address

# For each server document:

• Hostname and IP address
• Operating system and version
• Physical or virtual
• If virtual, what hypervisor
• Hardware specs (CPU, RAM, Storage)
• Roles and services
• Business applications hosted
• Patch status
• Antivirus status
• Backup status

Critical Servers

• Domain controllers
• File servers
• Email servers
• Database servers
• Application servers
• Print servers
• Backup servers
• Hypervisor hosts

Workstation Inventory

Document End-User Devices

# Get workstation inventory
Get-ADComputer -Filter {OperatingSystem -like "*Windows 10*" -or OperatingSystem -like "*Windows 11*"} -Properties * |
    Select Name, OperatingSystem, LastLogonDate

# Document for each:

• Computer name
• Assigned user
• Operating system and version
• Hardware model
• Age of device
• Warranty status
• Antivirus status
• Patch status
• Special software requirements

Active Directory Assessment

Domain Configuration

• Document domain name
• Check functional level
• Identify all domain controllers
• Review AD sites and subnets
• Check replication health
• Review DNS configuration
• Check for stale computer accounts
• Review disabled accounts
• Audit privileged accounts

# AD Health Checks
Get-ADDomain
Get-ADForest
Get-ADDomainController -Filter *
repadmin /showrepl
dcdiag /v

Group Policy

• Document existing GPOs
• Review security policies
• Check password policy
• Review software deployment
• Check folder redirection
• Review drive mappings

User Accounts

• Total user count
• Active users
• Service accounts (document purpose)
• Admin accounts
• Shared accounts (flag for cleanup)
• Accounts with password never expires
• Accounts that haven’t logged in 90+ days

Security Assessment

Antivirus/Endpoint Protection

• Identify current AV solution
• Check coverage (all systems protected?)
• Review definition updates
• Check for unresolved threats
• Review exclusions
• Test reporting/alerting

Firewall Review

• Document make/model and firmware
• Review ruleset
• Check for outdated rules
• Verify logging enabled
• Review VPN configuration
• Check for default passwords
• Review content filtering

Patch Status

# Check Windows Update status
Get-WindowsUpdate -ComputerName (Get-ADComputer -Filter *).Name

# Or using WSUS
Get-WsusUpdate -Classification Critical,Security -Status FailedOrNeeded

• Windows servers patch status
• Workstation patch status
• Third-party software patching
• Firmware updates (switches, firewall, etc.)

Security Gaps

• Systems without antivirus
• Unsupported operating systems (Windows 7, Server 2008)
• Missing patches (30+ days old)
• Weak password policies
• No MFA on critical systems
• Open RDP to internet
• Unnecessary services enabled
• Local admin rights for users

Backup Assessment

Backup Solution

• Identify backup software/service
• Document backup targets
• Review backup schedule
• Check backup job status (last 30 days)
• Review retention policy
• Identify offsite/cloud backups
• Check backup storage capacity

Backup Coverage

Check backups for:
- [ ] Domain controllers (system state)
- [ ] File servers (all data)
- [ ] Email server (mailbox databases)
- [ ] Database servers (application-aware)
- [ ] Workstations (if applicable)
- [ ] Virtual machine hosts

Test Restores

• Perform test file restore
• Test system restore (if possible)
• Document restore procedures
• Verify backup encryption
• Check backup monitoring/alerts

Application Inventory

Line of Business Applications

• Accounting software
• CRM/ERP systems
• Industry-specific applications
• Database platforms
• Email system (Exchange, O365, Gmail)
• Collaboration tools
• Remote access solutions

For Each Application Document:

• Application name and version
• Server(s) hosting application
• Licensing information
• Support contacts/vendor
• Dependencies
• Backup requirements
• Update/patch status
• Number of users

Cloud Services

Identify Cloud Subscriptions

• Microsoft 365 tenant
• Azure subscriptions
• AWS accounts
• Google Workspace
• SaaS applications
• Cloud backup services
• Cloud phone systems

Document

• Admin access credentials
• Licensing (type and count)
• Multi-factor authentication status
• Integration with on-prem AD
• Data residency/compliance
• Renewal dates
• Monthly costs

Week 2: Remediation Planning

Risk Assessment

Prioritize Issues

Critical (Fix Immediately)

• Public-facing RDP
• Missing antivirus
• Unpatched critical vulnerabilities
• No backups or failing backups
• Unsupported operating systems
• No MFA on admin accounts

High (Fix Within 30 Days)

• Missing patches
• Weak password policies
• Insufficient backup retention
• Stale accounts
• Missing documentation

Medium (Fix Within 90 Days)

• Old hardware
• Software nearing end-of-life
• No network segmentation
• Insufficient monitoring

Low (Ongoing Improvement)

• Process documentation
• User training
• Optimization opportunities

Remediation Plan

Create documented plan with:

• Issue description
• Business impact
• Proposed solution
• Estimated time/cost
• Implementation date
• Assigned technician

Present Findings

Prepare Assessment Report

Include:

• Executive summary

• Current state overview

• Issues identified (by priority)

• Recommended improvements

• Implementation timeline

• Cost estimates (if any)

• Schedule presentation meeting

• Present findings to stakeholders

• Get approval for remediation plan

• Update project plan with agreed items

Week 3-4: Implementation

Standard Setup Items

Deploy RMM Agent

# Deploy monitoring agent to all systems
# Via GPO, PDQ Deploy, or manual installation
# Verify agent check-in and data collection

• Install RMM on all servers
• Install RMM on all workstations
• Configure monitoring thresholds
• Set up alerting rules
• Test alert delivery

Endpoint Protection

If deploying new AV:

• Deploy to test group
• Monitor for issues
• Deploy to production
• Remove old AV solution
• Configure reporting
• Set up alert notifications

Patch Management

• Configure patch approval workflow
• Set up test group for patches
• Schedule patch deployment
• Configure reporting
• Set maintenance windows

Backup Improvements

• Fix failing backup jobs
• Add missing systems to backup
• Configure cloud/offsite backup
• Set up backup monitoring
• Test restores
• Document restore procedures

Security Hardening

Active Directory

• Implement strong password policy (12+ characters, complexity)
• Enable account lockout policy
• Clean up stale accounts
• Remove users from local admin groups
• Audit privileged group membership
• Implement separate admin accounts
• Configure audit logging

Firewall

• Block RDP from internet (implement VPN)
• Review and clean up rules
• Enable logging
• Configure alerting
• Implement geo-blocking (if appropriate)
• Enable IPS/IDS

Multi-Factor Authentication

• Enable MFA for admin accounts
• Enable MFA for VPN
• Enable MFA for cloud services (O365, etc.)
• Roll out to all users

Documentation

Create Standard Documentation

Network Diagram

• Physical topology
• Logical topology
• IP addressing scheme
• VLAN assignments

Server Documentation

• Server inventory spreadsheet
• Server build procedures
• Application dependencies
• Service account documentation

Access Credentials

Store in password manager:
- Local admin passwords
- Service account passwords
- Application credentials
- Cloud admin accounts
- Vendor portals
- Network equipment passwords

Runbooks

• Backup restore procedure
• Server restart procedures
• Application restart procedures
• Disaster recovery plan
• Emergency contacts

Policies

• Acceptable use policy
• Password policy
• Remote access policy
• Incident response procedure
• Change management procedure

Client Portal Setup

Ticketing System

• Create client company in PSA
• Create user accounts for key contacts
• Configure SLA rules
• Set up email integration
• Create email signature with ticket submission instructions
• Train client on ticket submission

Documentation Repository

• Create knowledge base articles for client
• Upload network diagrams
• Upload vendor contacts
• Upload software licenses
• Share access credentials (via secure method)

User Training

End-User Orientation

• How to submit support tickets
• Emergency contact procedures
• Password best practices
• Recognizing phishing emails
• Remote access procedures
• Data backup expectations

IT Contact Training

• Escalation procedures
• After-hours support process
• Change request process
• How to use client portal
• Reporting and metrics access

Post-Onboarding

30-Day Check-In

• Review ticket volume and types
• Check monitoring alerts
• Review backup success rate
• Verify patch deployment
• Check antivirus coverage
• Solicit feedback from client
• Identify any issues with transition

90-Day Review

• Full infrastructure review
• Update documentation
• Review and update monitoring
• Client satisfaction survey
• QBR (Quarterly Business Review) preparation

Ongoing

Monthly

• Review security logs
• Check backup status
• Review patch compliance
• Update documentation as needed

Quarterly

• Conduct QBR
• Review SLA performance
• Technology roadmap review
• Budget planning

Annually

• Full security assessment
• Disaster recovery test
• Hardware refresh planning
• License renewals
• Contract renewal

Templates and Tools

Essential Spreadsheets

Server Inventory Template

Columns:
- Server Name
- IP Address
- OS Version
- Role
- Physical/Virtual
- CPU/RAM/Storage
- Applications
- Backup Status
- Last Patched
- Notes

Network Device Inventory

Columns:
- Device Type
- Make/Model
- IP Address
- Location
- Firmware Version
- Purpose
- Support Contract
- Notes

Contact List

Columns:
- Name
- Role
- Email
- Phone
- Mobile
- Responsibilities
- Emergency Contact? (Y/N)

Discovery Scripts

Network Scan

# Quick network discovery
$network = "192.168.1"
1..254 | ForEach-Object {
    $ip = "$network.$_"
    if (Test-Connection -ComputerName $ip -Count 1 -Quiet) {
        $hostname = [System.Net.Dns]::GetHostEntry($ip).HostName
        [PSCustomObject]@{
            IP = $ip
            Hostname = $hostname
        }
    }
}

AD Computer Inventory

Get-ADComputer -Filter * -Properties * |
    Select Name, OperatingSystem, OperatingSystemVersion,
           IPv4Address, LastLogonDate, Enabled |
    Export-Csv -Path "AD_Computer_Inventory.csv" -NoTypeInformation

Red Flags During Discovery

Technical Red Flags

• No backups or backups never tested
• Admin passwords unknown or “lost”
• Critical systems on Windows Server 2008/2003
• No antivirus or definitions months old
• RDP open to internet
• No documentation exists
• Previous IT left abruptly
• No change control process

Business Red Flags

• Unrealistic expectations for response times
• Won’t provide admin access
• Reluctant to pay for necessary improvements
• Expects free work during onboarding
• Toxic workplace culture
• Constant urgency but won’t plan
• Micromanages or questions every action

Success Metrics

First 90 Days

• All systems under monitoring
• Backup success rate >95%
• Patch compliance >90%
• Average ticket response time <4 hours
• Critical ticket response <1 hour
• Zero security incidents
• Client satisfaction score >4.5/5

Related Documentation

• Network Documentation Standards
• Server Documentation Standards
• Backup Strategy Guide
• Incident Response Runbook