Back to Blog
·15 min read·By Aerie Team

The Complete MSP Client Onboarding Checklist

A comprehensive MSP onboarding framework covering discovery, technical audit, documentation, and go-live. Standardize your client onboarding process and build trust with every client.

msp onboardingclient onboardingservice deliveryoperationschecklist

Client onboarding is where first impressions happen. A sloppy onboarding process signals incompetence. A structured, thorough process signals professionalism and builds trust.

Most MSPs don't have a written onboarding process—they wing it. Each new client follows a slightly different path, some steps get missed, and customers feel like they're part of a freelancer operation, not a professional services firm.

This guide provides a standardized onboarding framework that:

  • ✅ Ensures no critical steps are missed
  • ✅ Creates a predictable experience for clients
  • ✅ Builds trust through transparency
  • ✅ Establishes clear SLAs and expectations
  • ✅ Documents everything for compliance and continuity
  • ✅ Can be completed in 2–4 weeks for most customers

Phase 1: Pre-Engagement (Week 0–1)

Goal

Understand the client's environment, risk profile, and objectives before any technical work begins.

1.1 – Initial Discovery Call

Duration: 60 minutes
Attendees: Sales engineer, client IT manager/owner
Outcomes: Understand current environment, pain points, priorities

Discovery Questions to Ask:

Category Questions
Environment How many locations do you have? How many staff? How many devices (PCs, servers, mobile)? What's your current tech stack (OS versions, applications, infrastructure)?
Support Model Are you currently working with another MSP? What's not working? Are you fully managed (we handle everything) or hybrid (we handle some, you handle some)?
Critical Systems What are your most critical systems? What downtime would cost you the most?
Compliance Are you subject to any compliance requirements (GDPR, PCI-DSS, HIPAA, ISO, local regs)? Do auditors ever request documentation?
Budget & Priorities What's your IT budget? What are your top 3 IT priorities for the next 12 months?
Timeline When do you want to be fully transitioned (if switching from another provider)? Do you have any quiet windows for maintenance?

Document Created: Discovery Summary (1-page recap of findings, confirm understanding with client)

1.2 – Proposal & Contract

Duration: 3–5 days turnaround
Deliverables: Proposal + Service Agreement

Proposal must include:

  • Proposed service tier (e.g., Bronze: business hours support, Gold: 24/7)
  • List of included services (monitoring, patching, backups, etc.)
  • SLA commitments (response time, resolution time by severity)
  • Pricing (per-device, per-user, fixed monthly fee structure)
  • Implementation timeline (kickoff date, milestones, go-live date)
  • Out-of-scope items (what you won't do)

Service Agreement (contract) must include:

  • Defined SLAs (P1/P2/P3, response/resolution times)
  • Escalation paths (who to contact if SLA is at risk)
  • Communication channels (Slack, email, phone support)
  • Access & security requirements (passwordless login, MFA, NDA)
  • Disaster recovery/business continuity expectations
  • Support window (hours of operation, holiday coverage)
  • Change management process (how changes are approved and deployed)

Document Created: Service Agreement (signed, dated)

1.3 – Access & Credentials Setup

Duration: 1 day
Deliverables: Secure credential repository, MFA enabled

Collect and secure:

  • Admin credentials (AD, mail, cloud, firewall, appliances)
  • Support contacts (primary, secondary, escalation)
  • Network documentation (IP scheme, DNS, firewall rules)
  • Existing backup/DR documentation (if applicable)
  • Hardware warranty/maintenance contracts (serial numbers, support contacts)

Store securely in:

  • Encrypted password manager (e.g., Aerie Vault or similar)
  • Document repository with access control
  • Never in plaintext, email, or shared drives

Actions:

  • Enable MFA on critical accounts
  • Rotate any shared credentials
  • Create shared service account for your monitoring tools (with limited privileges)

Document Created: Credential Inventory (encrypted, backed up)

Phase 2: Technical Audit (Week 1–2)

Goal

Understand the current state of the network, systems, and security. Identify risks, misconfigurations, and gaps.

2.1 – Network & Asset Discovery

Duration: 1–3 days (depending on environment size)
Deliverables: Asset inventory, network diagram

Audit checklist:

Item Action Questions
Devices Inventory all: servers, desktops, laptops, network devices, printers, IoT How many of each? OS versions? Licensed? End-of-life hardware?
Operating Systems Document OS versions, patch levels, support status Any Windows 7 or older still in use?
Applications List all installed software (licensed and unlicensed) Any unlicensed software? Any non-standard installs?
Network Map network architecture, document IPs, DNS, DHCP, VPN Any overlapping subnets? Any outdated protocols (WEP, SSL)?
Storage Identify all storage (NAS, SAN, external drives, cloud) Where is data stored? Encrypted? Backed up?
Security Tools Identify antivirus, firewalls, intrusion detection, etc. All up-to-date? Any gaps?
Cloud List all cloud subscriptions (Microsoft, Google, SaaS apps) Licensing correct? Any orphaned subscriptions?
Backups Review backup strategy (where, when, how often tested?) Last tested restore? Retention policy? Off-site copies?

Document Created:

  • Network diagram (current state)
  • Asset inventory (spreadsheet or tool export)
  • Software license audit
  • Infrastructure health report

2.2 – Security Baseline Assessment

Duration: 2–5 days (depending on sensitivity and client size)
Deliverables: Security assessment report, gap analysis

Security Audit Checklist:

Category Assessment Status
Access Control Least-privilege principles in place? Shared accounts eliminated? MFA enabled on critical systems? [ ] Pass [ ] Fail
Authentication Modern authentication (e.g., Azure AD, okta)? Weak passwords enforced? Password rotation policies? [ ] Pass [ ] Fail
Encryption Data in transit encrypted (TLS/SSL)? Data at rest encrypted? Full disk encryption on laptops? [ ] Pass [ ] Fail
Patch Management Automated patching in place? Tested and deployed within SLA? Unpatched systems identified? [ ] Pass [ ] Fail
Antivirus/Malware AV installed on all systems? Real-time scanning enabled? Definitions current? [ ] Pass [ ] Fail
Firewall Perimeter firewall configured? Rules documented and reviewed? DDoS protection? [ ] Pass [ ] Fail
Logging & Monitoring Logs collected centrally? Critical systems monitored? Alerts configured? [ ] Pass [ ] Fail
Backup & DR Backups tested within last 90 days? Retention policy in place? DR plan documented? [ ] Pass [ ] Fail
Compliance GDPR/HIPAA/PCI controls in place (if applicable)? Audit trails maintained? [ ] Pass [ ] Fail
User Training Phishing/security awareness training completed? MFA adoption? Password policy understanding? [ ] Pass [ ] Fail

Document Created:

  • Security Assessment Report (findings, risks, recommendations)
  • Gap Analysis (what's missing, priority, cost to remediate)
  • Remediation Roadmap (quick wins vs. long-term improvements)

2.3 – Performance & Capacity Assessment

Duration: 1–2 days
Deliverables: Baseline performance report, capacity plan

Questions to answer:

  • Current CPU/memory/disk utilization on key systems?
  • Network bandwidth usage and capacity headroom?
  • Backup window taking too long? Growing exponentially?
  • User complaints about slowness—legitimate or perception?
  • Any devices/systems nearing end-of-life hardware?
  • Capacity plan for next 12 months (growth rate, additions)?

Document Created:

  • Baseline Performance Report (current state metrics)
  • Capacity Plan (12-month projection with upgrade recommendations)

Phase 3: Documentation & Knowledge Transfer (Week 2–3)

Goal

Ensure you have all documentation needed to support the client and establish a "single source of truth" they can reference.

3.1 – Network & System Documentation

Create or collect:

  • Network diagram (topology, IP scheme, VLANs, DMZ)
  • System inventory (hardware specs, warranty info, support contacts)
  • Configuration documentation (firewall rules, AD policies, VPN, DNS)
  • Runbooks (how to handle common issues: "server down," "user can't print," "network slow")
  • Escalation procedures (who to call, when, with what information)
  • Disaster recovery plan (RPO/RTO, backup restore procedures, failover steps)
  • Change management log (what's been changed, by whom, when)

Store in:

  • Wiki or knowledge base (searchable, versioned, accessible to authorized parties)
  • Not on email, USB drives, or individual laptops

3.2 – Handoff Documentation

Create:

  • Onboarding Summary (1-page: what was discovered, what's been done, what's next)
  • SLA Confirmation (document client agrees to SLAs; signature/email confirmation)
  • Contact Directory (your team's contact info, client's IT contacts, vendor support contacts)
  • Common Issues & Solutions (FAQ-style guide: "screen went black," "can't connect to email")

Share with:

  • Client IT manager (so they understand what's in place)
  • Your entire support team (so they can resolve issues without asking client questions)

3.3 – Communication Setup

Establish:

  • Primary support channel (email, ticket system, phone, SMS for critical issues)
  • Support hours (business hours vs. after-hours; who handles after-hours calls)
  • Escalation channel (who to contact if immediate attention needed; response time SLA)
  • Change notification (how you'll communicate before/after changes)
  • Maintenance windows (pre-scheduled times for updates; minimum notice period)
  • Regular reporting (monthly metrics report? quarterly business review? ondemand reporting?)
  • On-call contact (during support hours, who's responsible for monitoring/tickets)

Document: Communication Protocol (shared with client, signed)

Phase 4: Implementation & Go-Live (Week 3–4)

Goal

Deploy monitoring and management tools, finalize configuration, and transition to ongoing support.

4.1 – Monitoring & Management Tool Deployment

Deploy:

  • RMM agent (install on all devices; ensure monitoring/patching/remote access works)
  • Backup agent (if not already in place; configure retention, schedule)
  • Endpoint protection (AV, EDR, or hardening tools; ensure latest definitions)
  • Network monitoring (firewall, switch, VPN monitoring; alert thresholds set)
  • Application monitoring (mail, web, database monitoring; uptime alerts)

Test:

  • RMM agent can remotely access systems without issues
  • Patches deploy successfully to test systems
  • Backups complete without errors
  • Monitoring alerts fire correctly (test a system failure, confirm alert)
  • Escalation notifications reach the right people

Document: Deployment Log (what was deployed, when, any issues encountered)

4.2 – Configuration & Policy Deployment

Configure & Deploy:

  • Security policies (password requirements, MFA mandate, encryption, logging)
  • Patch policies (schedule, auto-restart if needed, critical vs. non-critical handling)
  • Backup policies (schedule, retention, off-site copies, encryption)
  • User provisioning process (how new users get access; deprovisioning on termination)
  • Change management (approval process, maintenance windows, rollback procedures)

Client Approval:

  • IT manager reviews and approves all policies
  • Email/written confirmation that policies are agreed

Document: Policy Registry (all policies, version, approval date, next review date)

4.3 – Knowledge Transfer & Training

Conduct:

  • IT manager training (how to request support, how to submit change requests, who to escalate to)
  • Key user training (if client has "power users" who manage hardware/software, brief them)
  • End-user communication (brief message about new support structure, how to get help)

Document:

  • Training attendance log (who attended, date, topics covered)
  • Recording of training (if applicable, for reference later)

4.4 – Go-Live Checklist

Final verification before declaring "go-live":

  • All systems are being monitored
  • All devices have RMM agent installed and reporting
  • Backups are running on schedule
  • Security policies are deployed and enforced
  • SLA support hours are active
  • Client contact directory is established
  • Documentation is complete and accessible
  • Your team has access to credentials and runbooks
  • Escalation procedures are tested and confirmed
  • Client IT manager has been trained and confirmed ready

Go-Live Sign-Off:

  • Client IT manager confirms readiness
  • Your team confirms readiness
  • Formal "go-live" email to client confirming support is now live

Document Created:

  • Go-Live Checklist (signed off by both parties)
  • Onboarding Completion Report (summary of what was accomplished)

Phase 5: First 30 Days (Ongoing Support)

Goal

Monitor closely, catch any issues early, build trust.

5.1 – First Week Check-In

Within 48 hours of go-live:

  • Verify all monitoring is working correctly
  • Confirm no alerts are being missed
  • Check backup completion status
  • Verify client can submit tickets/support requests
  • Call/email client to confirm everything is running smoothly

Document: First Week Status (any issues, resolutions, next steps)

5.2 – First Month Check-In

Within 30 days:

  • Review any incidents or alerts that occurred
  • Verify backup restoration worked (do a test restore if possible)
  • Review patch deployment success rate
  • Check for any security findings or warnings
  • Gather client feedback (is support responsive? Any issues?)
  • Schedule Quarterly Business Review (30-day intro + ongoing quarterly cadence)

Document: 30-Day Status Report (metrics, issues resolved, recommendations)

Phase 6: Ongoing Support (Month 2+)

Regular Cadence

Weekly:

  • Review alerts and incidents from the week
  • Ensure backups are completing successfully
  • Monitor for any security warnings

Monthly:

  • Generate and review performance metrics
  • Review patch compliance
  • Check capacity trends (heading towards upgrades?)
  • Send summary report to client

Quarterly:

  • Quarterly Business Review (QBR) with client
    • Key metrics: uptime, response/resolution times, patch compliance, backup success
    • Issues encountered and how they were resolved
    • Upcoming projects or maintenance
    • Budget/roadmap planning for the next quarter
  • Review and update documentation (runbooks, network diagram, policies)
  • Plan any needed upgrades or remediation projects

Annually:

  • Comprehensive security reassessment
  • Disaster recovery plan review and test
  • Contract renewal discussion
  • Budget planning for next year

Downloadable Checklist

Quick Reference: Onboarding Timeline

Week 0–1: Discovery, Proposal, Contract, Access Setup
Week 1–2: Technical Audit, Security Assessment
Week 2–3: Documentation, Knowledge Transfer
Week 3–4: Tool Deployment, Configuration, Training, Go-Live
Week 4+: Support, Monitoring, QBR

One-Page Onboarding Checklist (For Your Team)

Pre-Engagement

  • Discovery call scheduled
  • Discovery notes documented
  • Proposal drafted
  • Service agreement signed
  • Credentials collected and stored securely
  • MFA enabled on admin accounts

Technical Audit

  • Network/asset discovery completed
  • Security assessment completed
  • Performance baseline established
  • Audit reports generated and shared

Documentation

  • Network diagram created
  • Runbooks written
  • SLA agreement confirmed
  • Contact directory created
  • Common issues FAQ created

Implementation

  • RMM agent deployed to all devices
  • Backup agent deployed
  • Monitoring configured and tested
  • Security policies deployed
  • Training completed

Go-Live

  • Final checklist signed off
  • Go-live email sent to client
  • First-week check-in scheduled

Ongoing

  • Weekly alert review
  • Monthly reporting
  • Quarterly business review
  • Annual security reassessment

Why This Matters

A structured onboarding process:

  • Builds trust - Clients feel you have a professional process
  • Reduces risk - You discover issues before they become crises
  • Improves retention - Happy clients stick around
  • Increases upsell opportunities - During discovery/audit, you'll identify services clients need
  • Enables scalability - New team members can onboard clients without ad-hoc decisions
  • Improves compliance - Documentation and process logs help with audits

Closing

Client onboarding isn't a sales task—it's your operational foundation. Every client you onboard well is a customer you'll keep and expand with.

Use this checklist to standardize your process. Adapt it to your business model. And share it with your team so everyone knows exactly what "done" looks like.

Get Help With Client Onboarding

Aerie OS helps MSPs standardize and automate onboarding workflows—from discovery documentation to CRM for contact management, PSA for ticket/SLA tracking, and Vault for secure credential storage.

Request a demo to see how Aerie can streamline your client onboarding process.

Document Version: v1.0
Published: 2026-04-10
Status: Published

Get Weekly MSP Insights

Subscribe to our newsletter for the latest tips, industry trends, and Aerie updates delivered to your inbox.

We send MSP insights weekly. Unsubscribe anytime. Check our Privacy Policy.