Skip to content
#02 Onboarding / Offboarding

Automated onboarding and offboarding

One script creates the user in AD, M365, groups, license and mailbox — or removes them cleanly in 30 seconds.

Implementation: 1 day base + iteration 5 technologies
The pain

What it costs you today

In an 800-employee organization the typical onboarding involves 11 manual steps split across HR, IT, facilities and the line manager: AD account creation, M365 license assignment, 3 to 5 security group memberships, mailbox, signature, Teams, directory profile, physical badge, hardware, payroll entry and welcome pack. Each step is a separate email or ticket, and at least two of them get missed in 30% of cases. Offboarding is worse: the ex-employee account stays active an average of 23 days after termination, with 14% of cases where the E5 license is never deactivated. The legal and audit risk is direct: GDPR, SOX and ISO 27001 penalize excess active privileged accounts. "We found an ex-employee still on VPN three months later" is the typical CISO confession. How many backdoors are open without us knowing?

The value

What changes when you have it

On day one HR fills a form in Teams or SharePoint, and by 06:00 the next morning the new hire exists in AD, M365, every group, with license assigned, mailbox configured, corporate signature, Teams profile, FM ticket and a welcome flow. The manager recovers 90 minutes per onboarding that used to be ticket chasing, and IT recovers an average of 2 hours per case. The visible output is a dashboard with the lifecycle of every employee and an auditable log of which script touched which resource. A 1,200-employee client went from 14 onboardings/month with errors to 14/month with zero findings in the latest quarter. The investment pays back in under 60 days when license recovery and ticket reduction are factored in.

Stack
Technologies we touch in the implementation
PowerShell 7ActiveDirectoryMicrosoft.GraphPnP PowerShellFormspree / Forms
Automated onboarding and offboarding
#02 · Onboarding / Offboarding

AD + M365 orchestration from a single entry point

Onboarding / Offboarding

I want to implement this

Let's talk 20 minutes about your environment and review scope, architecture and the work plan together. No commitment.