It’s 8:47 AM on a Monday. Your new marketing hire starts at 9. You’ve got a laptop sitting in a box (still in the shrink wrap), a stack of account forms, and approximately 13 minutes before the founder asks how onboarding went.
Welcome to IT without an IT team.
If you’re an office manager (or office administrator, or “the person who knows where everything is”) at a growing startup, this scene probably sounds uncomfortably familiar. Somewhere along the way, IT setup landed on your plate. Not because you asked for it. Not because you’re particularly technical. Just because you’re the one who cares enough to make sure people can actually do their jobs on Day 1.
You’ve made it work. But “making it work” and “doing it right” are two very different things, and the gap between them quietly grows every time you add a headcount.
WHAT YOU’RE ACTUALLY MANAGING (EVEN IF NOBODY CALLS IT IT)
Think about everything that has to happen before a new hire’s first cup of coffee goes cold:
- A device needs to be sourced, configured, and enrolled
- A Google or Microsoft account has to be created
- Access to Slack, Notion, Figma, Salesforce, or whatever your stack looks like
- Maybe a phone, maybe a badge, maybe an ergonomics form
- Security policies applied, or at least attempted
If you’re doing this manually, you’re working off a checklist you built in a Google Doc two years ago and hoping it hasn’t gone stale. You’re spending 4–6 hours per hire just on IT coordination — emailing vendors, chasing approvals, walking someone through downloading their SSO app while they sit there smiling awkwardly in the conference room.
At 10 new hires a year, that’s 40–60 hours of your time annually. Time that isn’t going toward operations, culture, or the hundred other things that actually need your attention.
THE SECURITY PROBLEM YOU DON’T SEE UNTIL IT’S TOO LATE
There’s a subtler cost here, and it matters more as your company grows.
When IT onboarding is informal, devices don’t get properly enrolled in an MDM (Mobile Device Management) system, such as Jamf. That means:
- The company has no visibility into what’s on the device
- No ability to remotely wipe it if it’s lost, stolen, or the employee leaves unexpectedly
- No way to enforce disk encryption, screen lock policies, or OS update requirements
- No audit trail if something goes wrong
You might have 30 laptops floating around your company right now, and no real way to confirm which ones have full-disk encryption enabled. That’s not a hypothetical risk. That’s a live exposure that your cyber insurance carrier will ask about — and that any serious enterprise customer will surface in their vendor security review.
One improperly configured device is all it takes.
WHAT A REAL ONBOARDING PROCESS ACTUALLY LOOKS LIKE
You don’t need to build this from scratch. You just need a system and someone to run it.
A managed IT partner handles the mechanical parts, so your onboarding checklist shrinks from two overwhelming pages to a few coordinating steps:
Device ordering and pre-configuration. New hires get a Mac (or whatever your standard is) that arrives already enrolled in MDM, with policies applied and software installed. Out of the box, it’s ready. No shrink wrap drama. No “can you just walk me through setup real quick.”
Account provisioning. Your IT partner creates the Google or Okta account, enforces MFA, applies the right security policies, and grants access based on the person’s role. If you’ve got a clean HR to IT hand-off workflow, this can all happen the week before the hire starts.
Day 1 support. Someone the employee can actually call if something isn’t working. Not you.
Documentation. A real, auditable record of what was provisioned to whom, when. This matters enormously when you’re pursuing SOC 2 or responding to a vendor security questionnaire.
For office managers at companies between 20 and 100 employees, this isn’t a luxury. It’s getting 4–6 hours of your Monday back every time someone new joins — and never having to panic-Google “how to enroll a Mac in Jamf” at 8:50 on a Tuesday.
YOUR QUICK-REFERENCE CHECKLIST: WHAT GOOD LOOKS LIKE
Use this to audit your current onboarding process. If you can check every box without heroics, you’re in solid shape:
- Device ordered and enrolled in MDM before Day 1
- Full-disk encryption confirmed on all devices
- Identity provider account created (Google/Okta) with MFA enforced
- Application access provisioned by role — not ad hoc
- Email signature and default settings configured
- Device asset-tagged and added to inventory
- IT support contact communicated to the new hire
If you can check everything, great. If half of these depend on you remembering to do them manually, there’s an easier way.
YOU SHOULDN’T HAVE TO BE THE IT DEPARTMENT
At Advisory, we work with exactly the kind of companies where the office manager is carrying the IT hat along with five others. We help take that weight off, with structured onboarding workflows, pre-configured device deployments, and an MDM infrastructure that actually scales with your headcount.
You focus on the humans. We’ll handle the hardware.If you want to see what a clean hand-off looks like, or just get a second opinion on your current process, reach out at advisorymsp.com/contact. No pressure, no pitch deck. Just a real conversation.
