There is a lot of ground to cover before you truly understand the IT situation at a new client. “How much ground?”, you might ask… To give you an idea, this checklist was 10 pages long before splitting it up into 2 columns. 😅
It should come as no surprise that many great MSPs limit the number of new clients they sign each month. Biting off more than the team can handle is far too easy! It’s smart to reduce the cognitive overload your team experiences, and checklists are a great way to reclaim some mental space.
Take a look below to spur some new ideas. You might also like the client onboarding checklist app I’m developing to help you re-invent your onboarding process by automatically organizing onboarding into manageable bite-sized steps.
Special thanks to Hubert Jastrzebski (IT Consultant at Exigo) and all the other awesome Redditors over at /r/msp for their valuable contributions to this checklist.
Onboarding Checklist:
Client’s Business Structure:
☐ IT decision maker (main point of contact)
☐ Alternate points of contact, line of succession.
☐ Invoicing point of contact
☐ Security breach/vulnerability notification contacts.
☐ Client’s IT change management process/policy
☐ List of client’s staff
☐ Building floor plan
☐ Staff seating chart
☐ What are some of the client’s important business processes each month?
☐ Are any printers or specialized peripherals required for this process?
Critical Line of Business Applications:
☐ Application Name
☐ License Number
☐ Account number
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Contract Renewal Date
☐ Is an Admin portal available?
☐ Admin Portal URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ How do users log in to use this application?
☐ Are native in-application backups created?
☐ Are native database backups created?
Quick checks:
☐ Who are the Power-users within the company
☐ Name, email, phone
☐ What servers does this app depend on?
☐ SSL certificate renewal date?
Software Licenses
☐ Software Name and Version
☐ Number of Users
☐ License Number
☐ Hardware Key Number (USB token)
☐ Box Location
☐ Online Licensing Portal
☐ Portal URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
Identity Management:
Active Directory
☐ AD Domain Name
☐ Domain Controller Administrative Access
☐ Domain Name
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ AD Domain Controllers:
☐ IP
☐ Hostname
☐ OS version
☐ OS Patch level
☐ Review AD Privileged accounts & security groups
☐ AD Functionality:
☐ AD Forest functional level
☐ AD replication status
☐ AD Group Policies
☐ Windows Update schedule
☐ Security policies
Tip: Reset the AD DSRM recovery password
Cloud Identity Provider
☐ Provider Name
☐ Plan Name
☐ Account number
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Contract Renewal Date
☐ Administrative Access
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
Multi Factor Authentication Provider
☐ Provider Name
☐ Plan Name
☐ Account number
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Contract Renewal Date
☐ Administrative Access
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
PC local administrators
☐ Username
☐ Password
☐ Multi-Factor Authentication
Datacenter information:
☐ Provider Name
☐ Plan Name
☐ Account number
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Photos of the server rack
☐ Uplink Speed
☐ Contract Renewal Date
Cloud Hosting Providers
☐ Provider Name
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Contract Renewal Date
☐ Administrative IT Access
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
Server Room
☐ Photos of the server room
☐ Separate room in use?
☐ Physical access controls?
☐ Air conditioning installed?
☐ Fire protection/fire detection installed?
☐ Wall outlet power plug types available?
☐ UPS installed?
☐ Power generator installed?
Server Infrastructure:
Virtualization
(Hypervisor: ESXi, Hyper-V)
☐ Virtualization Product Used
☐ License key
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Contract Renewal Date
☐ License management portal
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ Administrative IT Access
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
Quick Checks:
☐ Percentage free storage space on physical datastore.
☐ VMs configured with thin-provisioned disks.
☐ Hypervisor software patch version
Virtual Machines (VMs)
☐ OS version installed
☐ Primary functions
☐ Primary business applications running
☐ Administrative Access
☐ IP
☐ Username
☐ Password
☐ Multi-Factor Authentication
Quick Checks:
☐ Domain joined?
☐ Percentage of storage capacity used?
☐ Software patch version
Physical servers
☐ Make
☐ Model
☐ Serial number
☐ Warranty expiration
☐ iDRAC/iLO Administrative Access
☐ IP
☐ Username
☐ Password
☐ OS installed
☐ Is this an ESXi/Hyper-V hypervisor host?
☐ Administrative Access
☐ IP
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ Primary functions
☐ Primary business applications running
☐ Photos of the server rack
Quick Checks:
☐ Domain joined?
☐ Firmware patch version?
☐ Percentage of storage capacity used?
☐ RAID level used?
☐ Drive failures/SMART status?
☐ Software patch version
Internal Network Architecture:
Firewall
☐ Make
☐ Model
☐ Serial Number
☐ Business Support: Email, Phone
☐ Administrative contact
☐ Company, Name, Email, Phone, Contract renewal date
☐ Security Services License Expiry Date
☐ External Hostname
☐ External IP
☐ Administrative Login Info
☐ Internal IP
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ VPN Login Info
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ Physical link speeds
Quick checks:
☐ Firmware patch level?
☐ Bandwidth management enabled?
☐ SSL certificate renewal date?
VPN appliance
☐ Make
☐ Model
☐ Serial Number
☐ Business Support: Email, Phone
☐ Administrative contact
☐ Company, Name, Email, Phone, Contract renewal date
☐ License Expiry Date
☐ External Hostname
☐ External IP
☐ Administrative Login Info
☐ Internal IP
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ VPN Login Info
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ Physical link speeds
Quick checks:
☐ Firmware patch level?
☐ Brute-force attack surface minimized with MFA?
☐ SSL certificate renewal date?
Network Switches:
☐ Administrative Login Info
☐ Login IP
☐ Username
☐ Password
☐ IP Ranges Served
Quick checks:
☐ Physical link speeds
☐ Firmware patch level?
Wireless Access Points
☐ Administrative Login Info
☐ Login IP
☐ Username
☐ Password
☐ IP Ranges Served
Quick checks:
☐ Physical placement in building
☐ Firmware patch level?
☐ Access to corporate network via WiFi?
☐ Guest isolation enabled?
☐ Dedicated network for personal devices?
Internal Subnets
☐ Find each IP Range
☐ VLAN ID
☐ Static IP Range
☐ DHCP Range
☐ Default Gateway
☐ DNS Servers
Internal DNS Servers:
Quick checks:
☐ Domain names managed
Tip: Note existing “stale” DNS records and enable DNS aging and scavenging for accurate network discovery scans.
Internal DHCP Servers:
Quick checks:
☐ Active DHCP ranges
☐ Percentage of DHCP range used
Hardware Repairs & Upgrades
☐ What?
☐ Where?
☐ ETA?
☐ Contact info?
☐ Repairs/upgrades scheduled onsite?
UPS Battery Backup Devices
☐ Make
☐ Model
☐ Date of purchase
☐ Date of last battery replacement
Quick checks:
☐ Battery self-test results?
☐ Is entire networking stack connected to UPS?
Discovering Business Goals:
☐ What does your client aim to achieve this year?
☐ Where does your client see themselves in three years?
☐ What are some issues the client experienced with the outgoing IT provider?
☐ Has any of their technology not been working as expected?
☐ Top 3 IT priorities for the current year
☐ Name
☐ Purpose
☐ Schedule
☐ Status
Outgoing IT Provider:
☐ Have passwords and network documentation been requested yet?
☐ Is a network diagram, asset list, and other auxiliary documentation available?
☐ Has the outgoing IT provider been given their termination notice?
☐ Point of contact at old IT provider
☐ Name, email, phone
☐ When will the last day of support be?
☐ When will the outgoing IT provider remove their IT tools?
Tip: Have a call with the old IT provider after the client has given their notice. You may get a great inside scoop about the client you’re taking on... 😉
IT Security
☐ Is BYOD allowed?
☐ Standard workstation/server build?
☐ Do you conduct regular security awareness training?
☐ Do you centrally collect and monitor log messages?
☐ Is security incident management documented?
☐ Web content filtering policy guidelines?
☐ Email Data Loss Prevention policy?
☐ Email archival and legal hold policy?
☐ Email attachment policy?
☐ Data encryption policy?
Policies and requirements
☐ Allowed software list
☐ Telecommuting Policy
☐ Security Policy
☐ Acceptable Use Policy
☐ Backup requirements
☐ Systems/services/applications availability requirements
☐ Ethics Policy
☐ Change Control Policy
☐ Disaster Recovery Plan
☐ PCI Compliance requirements
☐ ISO Certification requirements
☐ EU GDPR Compliance requirements
Standard Operating Procedures
☐ New hire
☐ New computer
☐ Employee departure
☐ Computer retirement
ISP Information:
☐ Provider Name
☐ Plan Name
☐ Account number
☐ Billing Address
☐ Internet Service Address
☐ Photos of the ISP demarcation point
☐ Modem/Edge Router info:
☐ Internal IP
☐ Make
☐ Model
☐ Firmware Version
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Link Speed
☐ IP Subnets
☐ Gateway IP
☐ Contract Renewal Date
Telephony Circuit Information:
☐ Provider Name
☐ Plan Name
☐ Account number
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Contract Renewal Date
☐ Link Speed
☐ VoIP or Legacy?
Legacy PBX
☐ Model
☐ Purchase Date
☐ Support Expiration
☐ Business Support Information: Email, Phone
☐ Administrative contact
☐ Company, Name, Email, Phone, Contract renewal
VoIP PBX
☐ Hosted/On-Prem
☐ Name, Version
☐ License key
☐ Provider Name
☐ Business Support information: Email, Phone
☐ Administrative contact
☐ Company, Name, Email, Phone, Contract renewal
☐ Administrative Login Info
☐ Administrative URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ SIP Configuration
☐ Phone numbers
Remote Access Methods:
VPN
☐ Hostname
☐ Username
☐ Password
☐ Multi-Factor Authentication
Remote Desktop
☐ Hostname
☐ Username
☐ Password
☐ Multi-Factor Authentication
Remote Access Tools
☐ Hostname
☐ Username
☐ Password
☐ Multi-Factor Authentication
SSH
☐ Hostname
☐ Username
☐ Password
☐ Multi-Factor Authentication
Email Infrastructure:
Spam Filter
☐ Provider Name
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Contract Renewal Date
☐ Email Administrative IT portal
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ User login portal URL
☐ Identity provider used to log in
Quick Checks:
☐ Number of active mailboxes
Cloud Hosted Email
☐ Provider Name
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Contract Renewal Date
☐ Email Administrative IT portal
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ Email user login portal
☐ Identity provider used to log in
Quick Checks:
☐ Number of active mailboxes
Cloud Hosted Email Backups
☐ Provider Name
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Contract Renewal Date
☐ Backups Administrative IT portal
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
☐ Backup configuration and exclusions
☐ Backup success and failure notification messages
☐ Backup Frequency
☐ Backup Retention Policy
Quick Checks:
☐ Number of backed up mailboxes
On-Premises Exchange Servers:
☐ OS version installed
☐ Exchange version installed
☐ Administrative Access
☐ IP
☐ Username
☐ Password
☐ Multi-Factor Authentication
Quick Checks:
☐ OS patch level
☐ Exchange cumulative update installed?
☐ Amount of available disk space?
☐ Is Exchange database segmented into 200 GB chunks or less?
☐ SSL certificate renewal date?
Data Storage:
NAS/SAN/DAS
☐ Make
☐ Model
☐ Serial number
☐ Warranty expiration
☐ Administrative Access
☐ IP
☐ AD Domain Name
☐ Username
☐ Password
☐ Multi-Factor Authentication
Quick Checks:
☐ Firmware patch version
☐ Percentage of storage capacity used
☐ RAID level used
☐ Drive failures/SMART status
Cloud Storage
☐ Provider Name
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Contract Renewal Date
☐ Administrative IT Access
☐ URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
Backups
☐ Provider Name
☐ Plan Name
☐ Account number
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Support contract renewal date
☐ Backup license renewal date
☐ Administrative Access
☐ URL
☐ AD Domain Name
☐ Username
☐ Password
☐ Multi-Factor Authentication
Quick Checks:
☐ Backup configuration and exclusions
☐ Backup success and failure notification messages
☐ Backup Frequency
☐ Backup Retention Policy
☐ Are database server backups viable (application-aware processing set up)?
Printers & Specialty Peripherals
☐ Support Provider Name
☐ Plan Name
☐ Account number
☐ Account Manager: Name, Email, Phone
☐ Business Support: Email, Phone
☐ Support contract renewal date
DNS and Website
DNS Registrar
☐ Provider Name
☐ Plan Name
☐ Account number
☐ Business Support Information: Email, Phone
☐ Letter of Authorization (LOA) sent
☐ Administrative Login Info
☐ Administrative URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
Quick checks:
☐ Domain Names Registered
☐ Renewal Date
☐ External IP address
☐ Auto-Renewal enabled
☐ SPF Record Contents
☐ Check/update Whois points of contact
Website Hosting
☐ Provider Name
☐ Plan Name
☐ Account number
☐ Renewal Date
☐ Business Support Information: Email, Phone
☐ Administrative Login Info
☐ Administrative URL
☐ Username
☐ Password
☐ Multi-Factor Authentication
Quick checks:
☐ Domain Names Registered
☐ Web Design Agency
☐ Account Manager
☐ Name
☐ Email
☐ Phone
☐ Business Support
☐ Email
☐ Phone
Tip: Separate DNS administration from web design activity.
Congratulations for making it to the end! 🥳
Check out the Client Onboarding Checklist App I’m building for MSPs
Founder and Software Developer
Benno is a former Tier 3 Support Engineer with a 15 year background in IT support and MSP Automation. He is now developing software to help IT Providers build trusting relationships with clients.
He loves learning about people, developing software, and glides around on electric unicycles.