IT Onboarding Checklist: 10 Steps to Set Up New Hires for Success

Zero-Touch Deployment: How to Set Up & Distribute Employee Devices Efficiently

The time and energy that goes into getting computers and phones out to new employees is significant. And it’s only growing as modern companies become more distributed and remote friendly. 

Every visit to the IT closet—or the Apple website—is a distraction. And for busy IT teams, manually setting up and delivering new devices is a waste of resources. Even worse if you’re relying on line managers or your HR team to arrange all this.

Zero-touch deployment lets you automated these basic but essential IT processes. Devices can be set up, configured, and managed remotely without the need for physical intervention.

In this article, we'll explore how zero-touch deployment can transform your IT infrastructure, boost productivity, and support your business's growth.

‍

What is Zero-Touch Deployment?

Zero-Touch Deployment (ZTD) is the process of pre-configuring employee devices without any manual effort from your own team. The ideal outcome is an almost fully automated and highly efficient IT onboarding procedure, which works wherever your team members are. 

This process is also known as zero-touch provisioning or automated device enrollment. 

Let’s use Apple as a common example. Apple authorizes certain suppliers to pre-configure computers remotely, without having to handle them. These suppliers are therefore able to deliver to customers quickly, with computers that arrive pre-configured. Note: You won’t find ZTD if you order through Apple.com. This is only available through specific B2B providers.

There are plenty of benefits to zero-touch deployment for almost every business, as we’ll see. But particularly for companies with distributed teams and multiple locations or entities, automating device enrollment is a major asset. You don’t need IT experts in each office to set up computers for new employees—it can be fully automated and managed from anywhere.   

‍

What does it include? 

The specifics may differ slightly from provider to provider, but zero-touch deployment generally includes:

• Setting up accounts and preparing the device for use
• Maintaining security standards and being able to lock down accounts in seconds (if necessary)
• Retrieving company devices when employees leave, and deleting personal or employee-specific data

This service is typically provided by third parties—you essentially outsource device setup. Strictly speaking, zero-touch deployment doesn’t include sourcing or delivering devices to users. But some providers (like Primo) also help you purchase devices and deliver them to team members. 

This is best done through a software platform which lets you create new user profiles and order your preferred devices in a few seconds. Even better, this software can be integrated with HR or payroll platforms that already have new employee profiles with their home addresses, so delivery is fully automated.

‍

Advantages of automating device deployment 

Zero-touch deployment has become widespread as office spaces have changed. Today, 64% of companies have hybrid working arrangements, not to mention those with full remote or distributed teams. 

ZTD offers a more efficient way to distribute devices to these team members. Team members may be anywhere, and so may your devices. In this context, choosing a complete IT provider that offers zero-touch deployment as well as purchasing and delivery has several key benefits:

• Ready-to-use devices. Your IT team or office manager doesn’t need to prepare each device before handing them out. Likewise, employees don’t need to figure out how to configure the setup themselves.
  
  
• Fewer human errors. Particularly where you don’t have dedicated IT support, device setup can easily go away. ZTD leaves this work to the experts.
  
  
• Time savings. Devices are sent directly to the users who need them, removing the IT team as a middleman. This is more efficient, but also keeps your IT experts focused on higher-value work. And crucially, if someone is away or unavailable, there’s no bottleneck.
  
  
• Prompt device delivery: An automated process ensures that the correct steps are followed, so that devices arrive on time with the right person. Every time. This is important where you’re dealing with different countries and unique personal circumstances.

• Less technical expertise required: A well-designed zero-touch program doesn’t require an IT team at all. A hiring manager or HR leader can easily order devices and arrange delivery. 

• Better employee onboarding: New hires can choose the hardware they want and have it ready for them when they arrive. They simply turn on the device and their workspace is ready and waiting. This lets them get straight into onboarding tasks, and start getting to know their new team right away.
  
  
• Instant offboarding. ZTD also lets you wipe or reset devices from anywhere, which is helpful when employees leave your organization. You can instantly remove the user-specific data and return the device to its pre-configured state, with your specific software and apps still installed.
  
  
• Lower costs: Lower costs are the natural result of more efficient processes. Delivery costs should be cheaper as they’re taken on by logistics experts, and you also save on the human resources required to set up computers internally. 

• Consistent security: Devices can also be delivered with all the latest security updates and company-mandated programs. You’ll have the right security software right from the initial setup, and can update software on an ongoing basis.
  
  You also remove an extra handover step where things could get lost or stolen. There are fewer devices sitting around the office waiting for their user, and devices go straight back to the distributor when the user leaves or upgrades.

‍

Possibly the biggest advantage is simply not having to worry about devices during the onboarding process. The setup and delivery processes are taken care of in a few clicks from your IT or HR departments, and the rest runs like clockwork.

Zero-Touch Deployment with Primo

Some specialist services focus entirely on deployment. They’ll source and pre-configure a device, then ensure it arrives with the employee on time. Which is obviously a great start. But we believe that device procurement and deployment is part of a wider IT lens. And ideally, you’d manage everything in one place:

• Device deployment 
• Ongoing monitoring and management
• Employee onboarding and offboarding
• Updates to SaaS tools and software
• Passwords and security

With an all-in-one provider like Primo, you get deployment as part of a broader mobile device management solution. Meaning we don’t just get new devices to team members—we remove virtually all your manual, repetitive IT work. 

‍

‍

Free deployment

You can buy, ship, and track any device via our platform for free. That includes new devices from Apple, Dell, Lenovo, and more, or refurbished via Backmarket. 

Having all of these suppliers in one place makes sourcing new devices very quick, and lets you easily choose from a range of manufacturers. 

‍

Fully customized

What really makes a difference is the level of customization and automation you get. Choose the software, tools, and extensions each computer needs to have at the individual or team level. In most companies, engineers and product managers will have vastly different needs from sales or marketing teams, and you can pre-configure these before devices are sent out. 

The key point is, you’re not limited to what’s available off the shelf. You design the software and hardware setups you need from the centralized platform, but you don’t actually have to build the devices up yourself. They arrive ready to go. 

‍

Integrate your systems

You have your own software ecosystem and tools of choice. So new devices should be connected to these from the start. First, you can connect your HR system—tools like Payfit, Lucca, Personio, or BambooHR. This way, you assign each device to an employee in their official company profile. 

Primo also helps you manage access to Google Suite or Microsoft Office, Slack, Notion, Salesforce, and all the other critical platforms that run your business. Create a new user profile in your HR tool, and they’ll have the access they need based on their team, seniority level, and any other factors you choose during the Primo onboarding. 

‍

Automate IT onboarding & offboarding

Good Zero-Touch Deployment essentially automates employee onboarding. Your IT team and managers don’t need to manually add new users to each tool—it’s all done in a click. 

And the devices are ready to use, configured to the specifications for each user. 

‍

Compliant & secure

Finally—but just as crucially—Primo ensures that all disks are encrypted, your systems are compliant (integrating with Vanta & Drata), and identifies malware and ransomware attacks. 

The overall outcome is a complete device management process, tailored specifically to your company and your team. Because while Zero-Touch Deployment is an incredible service—and vital for remote-friendly teams—there’s more to love about complete IT automation and management.

‍

Make Zero-Touch Deployment part of automated IT management

Device distribution is one of those unglamorous but essential processes that makes your company run. There’s no added value to setting up each employee’s computer one by one. In fact, it costs you time and human resources, and often leads to mistakes or omissions. 

These are the business processes that simply must be automated. And we have the tools and providers to do just that. 

Wherever in the world your people are—and whatever tools and hardware they need—get them up and running without effort. Just as importantly, track their equipment easily, and recall or repair it when required. Again, with zero touch. 

‍

Learn more about how Primo lets you deploy, track, and optimize your company’s IT stack. That’s vital for remote teams, and important for all companies. 

The benefits of automation are well known to modern businesses. For decades, companies have found ways to turn slow, repetitive processes into efficient, self-executing systems. Which lets teams focus on impact, rather than repeating the same low-value tasks. 

Onboarding and offboarding are both high-value processes made up of low-impact touchpoints. Getting team members up to speed quickly really matters. How you create their email account or reset security permissions doesn’t.

Which is why automating these manual steps makes such a big difference. Automated onboarding and offboarding takes low-value work off your plate, and lets you focus on what is important. It also makes both processes faster, easier, and eliminates basic errors. 

In this article, we look at how automation can improve your onboarding and offboarding processes—particularly for IT operations. Then we meet two companies who successfully automated their own IT onboarding, and saw tangible benefits. 

‍

What are employee onboarding and offboarding processes?

Onboarding and offboarding are the practical, functional, and cultural processes associated with welcoming and farewelling company employees. Onboarding typically includes teaching new hires about the company culture, training in your specific ways of working, and giving them the hardware and software tools they need to execute. 

Offboarding is the change process at the end of an employee’s time with your company. This can include exit interviews, farewell celebrations, and regaining possession of company property like computers, phones, and access cards. 

‍

Key steps in IT onboarding

The IT onboarding process is often slower than you’d like. It involves numerous distinct steps, which can really add up if handled individually and manually. These include:

• Setting up user profiles and permissions
• Ordering new devices
• Configuring applications, software, and security updates on these devices
• Delivering devices to new employees
• Training employees on compliance, cybersecurity, and optimal use
• Monitoring device performance and troubleshooting issues

‍

IT is just one aspect of an employee’s onboarding, and can be taken for granted by hiring managers. Your goal is to make all of the above happen smoothly, quickly, and with no extra work for yourself or the new hire. 

For help, see our short checklist for efficient IT onboarding. 

‍

What IT offboarding involves

While the IT onboarding process may be neglected, offboarding is often overlooked altogether. Retrieving devices from departing employees is essential both for asset management and security. 

Key steps include: 

• Locking devices the moment employees no longer need them
• Wiping personal data or returning devices to factory settings
• Returning physical devices to the office or supplier
• Checking a device’s state for reuse
• Preparing devices to be redeployed

All of this adds up, and is always more complicated with remote or distributed teams. In a traditional office setting, it’s pretty simple to have an employee hand in their devices on their last day. It’s more challenging if that employee is in another city, state, or country. 

‍

Why automate employee onboarding and offboarding? 

In general, the best processes to automate involve a number of manual steps and little added value from having people handle each one.

Key benefits of automating your IT onboarding and offboarding include: 

• Time saved for IT teams and hiring managers, who no longer need to manually work through each of those steps we saw above. 
• Faster onboarding for new employees, who don’t need to wait for people to set up their profiles or order devices.
• Near-instant offboarding, because devices can be locked or wiped immediately with a simple click.
• Fewer errors, including skipped or forgotten steps, faulty devices, or losing track of devices when an employee leaves. 
• More consistent experiences, as every employee follows the same automated process at the beginning and end of employment. 

Overall, automation creates more streamlined and efficient internal processes. And for something as common and recurring as onboarding and offboarding, efficiency gains can really add up.

How modern SMBs automate onboarding and offboarding — and why it works

To illustrate with tangible examples, let’s take a look at two companies that prioritize automation in the onboarding and offboarding process. 

Like many growing companies, both faced real challenges in scaling IT operations. Even as modern tech companies, they had few resources specifically for IT operations. They needed to create efficient, easily-replicable processes to get new employees up and running, and to smoothly offboard team members at the end of their work. 

Best modern SMBs have understood that a great onboarding experience comes from the collaboration between HR and IT teams — and these two companies made that alignment a core part of their approach. As we’ll see, the secret to success lay in choosing the right tools and partners to take the weight off their very busy leaders.

‍

‍

Faume: Near-instant IT operations for a distributed workforce 

Founded in 2020, Faume is a technical logistics solution that lets brands create resale services for their products. Faume works with world-famous logos like Hugo Boss, The Kooples, Aigle, and Bash to bring second lives to items and make consumer commerce more sustainable.

Faume’s 30-person team includes remote staff across France. CTO and Co-founder Jocelyn Kerbouc’h needed a simple way to deploy and manage devices for this distributed workforce ahead of scaling post-Series A.

‍

Before: False starts with IT providers

Faume initially leased computers in the hopes of getting additional support and a streamlined service. But this was far more expensive than the cost of buying—they were asked to pay up to €2,500 for a €1,200 computer. And worse, they still regularly encountered malfunctioning devices and frustrating errors. 

They pivoted to buying from Apple directly, tracking devices manually in a Notion doc. This was certainly more cost effective, but added more administrative effort to the onboarding process. 

As a co-founder wearing multiple hats, Jocelyn couldn’t afford this extra admin. Faume needed a more robust IT operations solution that could deliver devices at the right price, while also tracking their use and ensuring security. 

‍

Today: Centralized IT onboarding & offboarding

The big switch was finding an IT operations provider that lets Jocelyn order, configure, and deliver employee devices in a few clicks. Using Primo, Jocelyn sets password rules and updates, and pre-configures applications so that computers arrive ready to use. 

“Thanks to Primo, onboarding new employees now takes us half the time it used to,” says Jocelyn.

Faume has essentially automated the onboarding process, and offboarding is just as simple. When an employee leaves, Jocelyn can lock and wipe their computer remotely. Departing employees receive a shipping box and can easily return computers from anywhere. 

The result is a more efficient, secure IT environment for Faume. And Jocelyn can put all his energy into building and leading his business.

Read the full Faume story here.

‍

‍

Dalma: Efficient operations with no IT team

Dalma is France’s fastest-growing pet health insurance company. Its tech-enabled platform already insures more than 40,000 European cats and dogs, with no signs of slowing down. 

Founded in 2021, the 70-strong team has grown quickly to deliver this popular and worthwhile service. While that’s good for business (and for our pets), it put pressure on former Head of People Claire Maarek. 

With IT onboarding just a small portion of her role, Claire didn’t have the time or technical expertise to build a comprehensive program from scratch.

‍

Before: Poor leasing experience

Like Faume, Dalma also tried leasing as a (theoretically) efficient way to manage IT operations. But Claire explains that the downsides were obvious right away. “Our leasing experience was disappointing, offering minimal service and reliability with poor customer support.”

It was a maddening mix of high prices and low-quality service. For an HR leader like Claire—not an IT pro by trade—this wasn’t a tenable situation. 

‍

Today: IT onboarding in seconds

Since switching to Primo, the results are night and day. IT onboarding takes mere seconds, and Dalma can secure hardware at competitive prices, configured and delivered for when the person arrives. All of this with no deep IT procurement knowledge or dedicated technical experts. 

Most importantly for HR professionals, Primo integrates with Payfit (alongside other HR platforms). Dalma adds a new employee in Payfit, and most of the process is automated from there. Devices arrive on time, whether new hires are in France or Germany. 

When an employee leaves, Primo makes it easy to retrieve or reassign devices elsewhere, or simply resell them. Which makes both onboarding and offboarding as easy as can be. 

Read the full Dalma story here.

‍

‍

Make IT onboarding and offboarding a breeze

Both IT onboarding and offboarding are relatively simple processes, made difficult by manual steps and a need for technical expertise. Particularly for growing companies without IT teams or paid external consultants, key steps can fall through the cracks. 

That’s how you end up with security risks, sluggish processes, and frustrated team members — right when first impressions matter most.

The best way to streamline IT onboarding and offboarding is with one central solution. And as both Faume and Dalma showed, it’s even better when that solution integrates with your HR systems and company tools. This lets HR leaders and hiring managers—often “accidental IT managers”—keep control and ensure each step is completed efficiently. 

Primo provides exactly that: an all-in-one IT management system for faster onboarding and offboarding. You can easily automate virtually all of your IT operations, without paying huge fees to managed providers. 

‍See how Primo can improve your IT operations today.

What Is Remote Device Management? A Guide for SMBs

The shift towards remote and hybrid working models has created new hurdles for IT teams.  Employees are younger and more tech-savvy than in previous eras. And devices are more user friendly and easier to learn than in decades past. 

But they’re also more portable and more connected to the wider world than they used to be, which creates real security risks. The good news: IT teams spend less time showing staff how to use shared drives and set up “out of office” notifications. But the bad news: corporate devices are traveling all over the world, and it’s harder than ever to keep them safe and secure. 

Unless you have good remote device management software. Purpose-built services now do everything from delivering a device to updating security packages, from wherever you are to wherever that device happens to be. They’re a lifesaver for busy SMBs. And arguably a must-have in your tech stack. Let’s start by examining exactly what we’re talking about.

‍

What is remote device management (RDM)?

Remote device management is the practice of monitoring, configuring, and securing devices from a central location. With high-level RDM in place, you can distribute, control, update, and recall employee computers wherever they are, from wherever you are. This includes the ability to lock devices, change passwords, update software, and edit user permissions. This is particularly useful in today’s hybrid working conditions. Many (if not most) companies now have distributed teams, with employees in different cities and countries from the head office. 

As employees increasingly work from home several days a week, it’s crucial to be able to provide IT support and troubleshoot issues without physical access to devices. 

‍

What does RDM involve?

Remote device management is the broad term for everything you need to manage devices from afar. Tangibly, this includes: 

• Create, adjust, and remove user permissions and profiles
• Update software and perform security scans
• Monitor device performance and identify issues slowing systems down
• Gain admin access remotely, to take over and “drive” the device from anywhere

‍Remote device management is both a practice and a software category. The above capabilities are possible when you choose the right remote management software suite, which we’ll explore further shortly.

‍

RDM vs MDM

While the names are similar and the differences can be confusing, these two terms aren’t synonyms. RDM is the umbrella term for the practice of managing devices remotely, and MDM is the software that makes this possible. Mobile device management (MDM) is a staple tool within your broader remote device management strategy. It’s the technology that lets you manage, secure, and monitor devices from a central platform.

MDM is arguably the most important tool in your remote management suite.

‍

Key IT challenges for remote-friendly companies

Without help, most SMBs struggle to manage their remote devices. Here are the most common issues companies face in these circumstances. 

‍

Distributing devices

Before you can even worry about monitoring and managing remote devices, you need to get them into the hands of end users. This is relatively simple if employees will be at headquarters for their first few days of onboarding, but more challenging when they’re in another city or country.

Ideally, you want to deliver pre-configured devices to employees wherever they are. On time, in the right location—their house or a satellite office—with a clear Plan B if there are any issues. 

And vitally, you’ll do this without distracting your IT staff or office managers with these logistical tasks. 

‍

Tracking their whereabouts

Device management was easier when everyone had their cubicle workstation, all with the same computer, keyboard, and landline. Today, you have distributed teams working from anywhere, often with completely bespoke IT setups. 

You need to know who has which devices, where they are, and have a simple (ideally automated) way to update your records when items change hands. 

Plus, with more laptops and phones traveling around the world, the risk of loss or theft is also higher. So you also need a way to report stolen items and trace their specific whereabouts. 

‍

Updating software and fixing bugs

Another challenge with remote teams is repairing and updating devices when necessary. In an office, team members can bring their slow or damaged devices to the IT desk for quick diagnosis. This clearly doesn’t work the same while remote. 

But you can (and should) have remote access tools that let administrators log in and take control from anywhere. These lets you roll out security updates and patches, and see what employees see when they complain about issues.

‍

Retrieving and replacing devices

Just like getting devices to employees can be a challenge, replacing or retrieving them is equally difficult. Whether you’re upgrading a model, delivering a temporary replacement, or offboarding a remote employee, you need to be able to get devices back efficiently from anywhere. 

You also need to be able to lock and wipe devices remotely, including all user profiles and passwords. A stolen phone or laptop can give hackers access to the backend of your products, user databases or your own financial data. 

It’s a serious risk to send devices out into the world without knowing that you can first wipe, and then retrieve them, no matter where they are.

‍

Giving employees flexibility

Most employees—but particularly younger generations—have their preferred device models and operating systems. Modern companies should be able to offer employees their choice, within reason. 

But this adds to your logistical challenges. You may need different suppliers for Apple and Android devices, for example. And if the user needs operating systems installed, that’s more work for the IT team to prepare. 

Even simple things like giving an English-native user a QWERTY keyboard versus an AZERTY for a French writer is easily overlooked. 

‍

Managing remote IT efficiently

Done manually, all of the above takes time and energy from your IT or office managers. They absolutely should not have to know the ins and outs of local deliveries in other countries, and they shouldn’t have to manage tech supply chains. 

The ideal outcome is to automate most—if not all—of the work required. You shouldn’t have to manually update spreadsheets to track items, or install software on laptops one by one. 

And this is where some remote device management providers fall short. If they’re focused purely on access, you’re only solving a portion of your challenges. 

How to set up remote device management

The RDM process requires a suite of good software to operate effectively. So as you shop around potential providers, here are some of the keys to look for. Let’s start with tangible software or tools:

• MDM or unified endpoint management (UEM) software. Key functions include the ability to enforce security policies, manage apps, configure devices, update software, and track any device’s status. You should also be able to lock and/or wipe a device when items get lost or stolen, or for fast offboarding.
  
  
• Remote access tools. These let you view and control a device as a user from anywhere. They’re crucial for troubleshooting and support for remote devices.
  
  
• Endpoint security. You should be able to automatically deploy antivirus and malware updates for all devices.
  
  
• Device monitoring. You also need to be able to check device (and network) performance from anywhere, to see why devices might be running slowly.

On top of these core tools, any modern remote device management provider will also be able to offer the following specifics: 

• Remote locking and factory reset.
  
  
• User and permission management. Add new device users, remove leaving staff, and change levels of access to certain tools. Again, all of this remotely. 
  ‍
• Find my device. Expect a handful of devices falling out of pockets or being left on public transport, as well as actual theft. So you need to be able to track the location of devices through services like Apple’s Find My, or through your remote management system.

Of course, you want to do this in a non-invasive, non-creepy way, and only when really necessary. You will doubtless have other key considerations to negotiate with prospective providers. And crucially, there’s more to managing remote IT than gaining access to and controlling devices.

‍

How to upgrade the typical remote device management system

RDM gives you full access and control over remote devices. But you should really think of the entire system of providing and maintaining staff devices:

• Purchasing, leasing, or sourcing a device for a team member
• Creating accounts, downloading tools, and preparing the device for use
• Distributing devices to team members wherever they are
• Monitoring performance and troubleshooting issues
• Maintaining security standards and being able to lock down accounts in seconds (if necessary)
• Retrieving devices when employees leave or have otherwise finished with them

All of these points make up the holistic device management process for remote teams. It’s essentially RDM 2.0—a full IT system for busy remote teams. On top of the key access features that good RDM tools provide (above), make sure your provider can also offer the following:

• Pre-configured software setup. The best services will send devices out to employees with the software already set up. This means your IT desk doesn’t need to manually do the work, which adds time and can create delays in getting devices out to new staff. 

• International support. Probably obvious, but make sure your RDM provider is available and experienced in each of the countries you need to manage. They should be able to handle distribution and collection locally, and provide technical assistance to remote teams if required. 

• Scalability. Efficiency becomes increasingly important as your company grows and adds more remote staff. Whether you have 50 employees or 300, your remote management system should be just as easy to work with. Add or remove employees with a click, track all devices in one place, and avoid any manual effort that would quickly become unscalable. 

• Customizable equipment. This is one of the factors that differentiates dedicated device management from a simple leasing service. You shouldn’t be limited to a specific package for each employee, with the same narrow range of devices. If employee freedom is important to you, they should get the exact equipment they need to perform at their best.

On top of giving you more security and keeping your records up to date, you want to remove manual admin work and get new team members onboarded quickly. This exact model is saving real time and money for growing companies today.

‍

‍

Manage all company hardware and software from anywhere

Hybrid work and remote staff are reshaping company IT. Device management is now both crucial and more complex, even if the devices themselves are more commonplace.

Remote, flexible work is critical to find the best talent and let employees do their best work. But as you welcome remote employees—sometimes internationally—you encounter new logistical challenges. Plus the added security and financial concerns.

Your best option for peace of mind and operational efficiency is a remote device management system that handles the entire process: from onboarding to offboarding, with everything in between. 

A service like Primo is: 

• Cheaper than leasing;
• Faster and easier to manage than outsourced IT; and
• Better suited to your needs than a generic managed service provider. 

‍

Primo includes the core MDM software you need to manage remote devices, alongside an Endpoint Detection and Response (EDR) that you can automatically deploy and monitor to go a step further in security. We also make buying and delivering (and returning) devices simple, manage user permissions and settings easily, and essentially automate all of your core IT processes. 

To see how comprehensive but simple remote device management can make your life easier, get started today.