---------- Email 1 ----------
From: Dana Osei <d.osei@contoso.com>
To: Priya Nair <p.nair@contoso.com>; Marcus Webb <m.webb@contoso.com>
Date: Tuesday, February 25, 2025 10:15 AM
Subject: New Employee Onboarding — We Need to Fix This

Priya, Marcus,

I want to start a conversation about overhauling our new employee onboarding process. Right now it's a mess — IT, HR, and the manager each do their own thing with no coordination. Last month we had a new hire in Finance who sat without laptop access for 3 days because IT didn't know the start date. The week before, a new manager in Sales had no idea she needed to submit a software request 2 weeks in advance.

I don't know exactly what the solution looks like yet but I think we need some kind of automated workflow that connects HR (Workday), IT provisioning, and the hiring manager. Can we get 30 minutes this week to sketch out what we actually need?

Dana

---------- Email 2 ----------
From: Priya Nair <p.nair@contoso.com>
To: Dana Osei <d.osei@contoso.com>; Marcus Webb <m.webb@contoso.com>
Date: Tuesday, February 25, 2025 11:40 AM
Subject: RE: New Employee Onboarding — We Need to Fix This

Agreed — it's broken. From IT's side the main problem is that we don't get confirmed start dates until 2-3 days before the employee arrives. Hardware procurement alone takes 5 business days minimum. We need a 10-day lead time minimum to guarantee Day 1 readiness.

We also have the software licensing problem — managers request tools ad hoc with no standard list. Last quarter I had 4 different new hires in similar roles with completely different software stacks because no one told managers what the standard was.

What I'd want from a new system:
- Confirmed start date in Workday triggers IT provisioning automatically, minimum 10 days before start
- Role-based software bundles so IT knows exactly what to provision per job family
- Checklist visible to both IT and the hiring manager showing what's done and what's pending

Can we loop in Sandra from IT Security too? She has requirements around access provisioning that we keep ignoring and it creates compliance issues.

Priya

---------- Email 3 ----------
From: Marcus Webb <m.webb@contoso.com>
To: Dana Osei <d.osei@contoso.com>; Priya Nair <p.nair@contoso.com>
Date: Tuesday, February 25, 2025 2:30 PM
Subject: RE: New Employee Onboarding — We Need to Fix This

Dana, Priya,

From a manager's perspective — the biggest pain point is that I have no visibility into what's happening. I submit a hire in Workday and then nothing. I don't know if IT has the hardware order in, I don't know if the system access is set up, I don't know if the new hire got the welcome email with their credentials. I find out something went wrong when the person shows up on their first day and calls me from the lobby.

Two things I'd want:
1. A single dashboard or email digest that shows me the onboarding status for my pending hires
2. Automated reminders to do my part — set up their first week schedule, assign their onboarding buddy, submit their day-one agenda

I'd also push back gently on scope — can we start with just the laptop and system access flow before we try to automate everything? That's 80% of the problem. Let's not let perfect be the enemy of good here.

Marcus

---------- Email 4 ----------
From: Sandra Lim <s.lim@contoso.com>
To: Dana Osei <d.osei@contoso.com>; Priya Nair <p.nair@contoso.com>; Marcus Webb <m.webb@contoso.com>
Date: Wednesday, February 26, 2025 9:05 AM
Subject: RE: New Employee Onboarding — We Need to Fix This

Priya looped me in — happy to contribute.

From IT Security: right now new employee accounts are being created with default Global User permissions and then narrowed down after complaints. It should be the reverse — least privilege by default, with access expanded based on role. We've had two audit findings in the last 18 months related to onboarding access being too broad.

Security requirements I'd want baked in from the start:
- Role-based access groups provisioned at account creation, not after
- MFA enrollment completed before Day 1 (not on Day 1 — it creates a support surge)
- Manager explicitly approves access scope before provisioning runs, not after

I can document the access matrix for each role family if that helps — it's mostly in my head right now.

Constraint to be aware of: any automated provisioning that touches Azure AD needs to go through the change advisory board. Build that into the timeline.

Sandra

---------- Email 5 ----------
From: Dana Osei <d.osei@contoso.com>
To: Priya Nair <p.nair@contoso.com>; Marcus Webb <m.webb@contoso.com>; Sandra Lim <s.lim@contoso.com>
Date: Wednesday, February 26, 2025 11:00 AM
Subject: RE: New Employee Onboarding — We Need to Fix This

This is great — let me summarize where we are before we meet Thursday:

What we're trying to fix:
- Late start date notifications causing hardware delays
- No standard software bundles per role
- Zero manager visibility into onboarding progress
- Security access provisioned too broadly then clawed back

Rough scope (agreeing with Marcus — start focused):
Phase 1: Automate the IT provisioning trigger from Workday + role-based software bundles + manager status dashboard
Phase 2: Security access matrix + MFA pre-enrollment + CAB-approved Azure AD automation

Not in scope for now: buddy program, day-one schedule, welcome communications (we'll do those manually for now)

Does this reflect everyone's understanding? I'll use this as the starting point for the requirements doc.

Dana