Owner-led IT support for small businesses in Charlotte and Orlando

July 2026 · User Access

Before someone starts or leaves: a small-business IT checklist.

Hiring someone, changing a role, or saying goodbye to an employee creates a surprising number of technology loose ends. Email, Microsoft 365, phones, files, devices, passwords, MFA, and app access all need a clean handoff.

Small-business workstation prepared for employee account and access setup

The short version

Employee changes are access changes.

Most small offices are careful about keys, alarms, and paperwork. The technology side deserves the same attention because one forgotten mailbox, synced folder, phone extension, or shared password can create confusion later.

The goal is not to make HR complicated. It is to have a simple checklist so new people can work on day one, role changes do not pile up extra permissions, and departures do not leave loose ends behind.

1. Start with the account plan

Before a new employee starts, decide what account they actually need. That usually means a Microsoft 365 user, the right license, MFA from the beginning, and access to the files, mailboxes, apps, printers, scanners, phone system, and shared resources that match the job.

This is also the best time to avoid the bad habit of sharing someone else’s login. A separate account makes support, security, auditing, and cleanup much easier later.

2. Prepare the device and daily tools

A good first day is easier when the computer, email profile, Microsoft 365 apps, browser bookmarks, printer access, scanner shortcuts, line-of-business software, and phone or VoIP app are already thought through.

Small details matter here. If someone needs a desk phone, mobile app, voicemail, shared caller ID, or a spot in a call group, it is better to know that before they are sitting at the desk waiting.

3. Review access when someone changes roles

Role changes often create permission creep. A person gets access to new files, a new mailbox, or a new app, but the old access never gets removed because nobody wants to break something during a busy week.

When someone changes jobs inside the business, review what they still need in Microsoft 365, SharePoint, OneDrive, Teams, shared folders, vendor portals, phone groups, and business apps. Adding access is easy; cleaning it up later is where things usually get missed.

4. Handle departures without losing business data

When someone leaves, the account should be blocked or disabled at the right time, active sessions should be revoked, company devices should come back, and passwords or shared credentials should be reviewed. The business also needs to preserve useful email and files before anything is deleted.

Shared Mailboxes are often the right tool for preserving and delegating access to an old mailbox. They can let the business keep receiving mail, search old messages, and give another employee access without leaving the former employee’s normal sign-in active.

Licensing needs a little care. A converted Shared Mailbox usually does not need a paid license if it is under Microsoft’s size limits and does not need features that require one. But OneDrive is different: files tied to the user’s OneDrive may need to be copied, reassigned, backed up, or temporarily kept under a licensed account long enough to preserve the data properly.

5. Check the hidden access points

The obvious account is only part of the picture. Look for MFA devices, email forwarding rules, browser-saved passwords, local computer accounts, cloud app seats, vendor portals, password managers, scanner address books, shared folders, and phone-system access.

This is where a short checklist helps. The things that get missed are rarely dramatic on their own, but they can create billing waste, lost files, awkward client communication, or access nobody intended to leave open.

6. Preserve what the business may need later

Email history, customer conversations, project files, calendar items, contacts, and local documents may still matter after someone leaves. Decide who should own them, how long they should be kept, and whether they are covered by the backup plan.

This is especially important when a user had information stored in OneDrive, on a desktop, in a Downloads folder, or inside a business app. Do the cleanup deliberately instead of discovering six months later that the only copy was tied to an account that no longer exists.

7. Clean up licenses and document the change

After the access and data questions are handled, review licenses, app subscriptions, phone seats, backup coverage, security tools, and documentation. Removing a license too early can create recovery problems; leaving everything licensed forever wastes money.

The useful middle ground is to document what changed, confirm who has access now, and set a reminder to finish any delayed cleanup after the data has been preserved.

Quick checklist

What I like to check when employees start, leave, or change roles.

New hire setup Microsoft 365 account, license, MFA, device, phone, apps, printers, and shared resources.
Access review Files, OneDrive, SharePoint, Teams, shared folders, mailboxes, vendor portals, and business apps.
Departure lockout Block sign-in, revoke sessions, recover devices, and review shared passwords or credentials.
Data preservation Use Shared Mailboxes where appropriate, and handle OneDrive files before removing needed licensing.
Hidden access MFA devices, forwarding rules, local accounts, cloud app seats, phone access, and saved passwords.
License cleanup Remove what is no longer needed only after email, files, backups, and ownership are settled.

Need a cleaner process?

Not sure who has access to what?

Hughes IT can help review Microsoft 365 users, shared mailboxes, OneDrive files, phones, devices, app access, and the practical cleanup steps around employee changes.