Your First 90 Days
Every client journey is different, but here's what a typical onboarding looks like. Most phases overlap; we don't wait for one to finish before starting the next.
Discovery & Planning
We audit your environment, document your current infrastructure, and build a tailored onboarding plan. This is where we learn your business inside and out.
Key activities (5)
- • Full environment audit and documentation
- • Stakeholder workshops and project scoping
- • Licensing review and optimisation recommendations
- • Migration planning, risk assessment, and timeline agreement
- • Communication plan for your team
Foundation & Identity
The groundwork goes in: securing your internet presence, locking down identity, and establishing the policies that everything else builds on.
Key activities (6)
- • DNS hardening and domain protection
- • External attack surface monitoring
- • Tenant configuration: branding, admin roles, licensing
- • Conditional Access policies and MFA enforcement
- • Single sign-on (SSO) configuration where applicable
- • Emergency access accounts and break-glass procedures
Security Stack Deployment
The core security stack rolls out across your Microsoft 365 environment. Email, apps, and identity all get hardened. Your Secure Score starts climbing.
Key activities (6)
- • Email hardening: anti-phishing, DKIM/DMARC, mail flow rules
- • Microsoft Defender for Office 365 deployment
- • Defender for Identity and Cloud Apps configuration
- • Sensitivity labels and data loss prevention policies
- • Secure Score optimisation begins, targeting 75%+
- • Ironscales email security integration
Endpoint Management & Device Migration
Devices get enrolled, configured, and brought up to standard. This is typically the longest operational phase. Each device needs individual attention during the Autopilot rebuild process.
Key activities (6)
- • Intune enrollment and device configuration policies
- • Compliance policies tied to Conditional Access
- • Application deployment: company apps, Win32 packaging
- • Device wipes and Autopilot rebuilds, scheduled per user
- • Windows Update rings and Autopatch configuration
- • Windows 365 Cloud PC provisioning where applicable
Why this phase takes longest
Device rebuilds are hands-on operational work. Each machine is wiped, rebuilt via Autopilot, and tested individually. For a 50-user organisation, this alone can take 2–3 weeks of rolling rebuilds scheduled around your team's availability.
Communications & Advanced Security
With the core estate secured, we move to collaboration tooling and advanced threat detection. These workstreams run in parallel where possible.
Key activities (5)
- • Teams Phone setup: number porting, call policies, auto attendants
- • SharePoint and Teams governance policies
- • Microsoft Sentinel SIEM deployment
- • Data connectors, analytics rules, and automation playbooks
- • Advanced hunting queries and custom detections
Teams Phone and Sentinel are typically included in COSAINT Complete and COSAINT Cyber tiers.
Go Live & Handover
Your team gets onboarded with white-glove sessions, the helpdesk goes live, and we enter the warranty period. By the end, most clients wonder how they managed without us.
Key activities (5)
- • White-glove user onboarding: 1-to-1 or small group sessions
- • Helpdesk handover and support process training
- • Warranty testing period: monitoring, fine-tuning, edge cases
- • Documentation handover: runbooks, escalation paths, contacts
- • First Quarterly Business Review (QBR)
What you'll typically have at the end
- Secure Score targeting 75%+ — most clients see significant improvement within the first quarter
- All endpoints managed — every device enrolled, compliant, and monitored
- Helpdesk live — your team knows how to raise issues and what response times to expect
- First monthly report delivered — clear visibility into your environment's health and security posture
Ready to start your journey?
Every onboarding starts with a conversation. Let's talk about where you are and where you want to be.
Get in Touch