Adding a new employee to Microsoft 365 involves creating a user account in the admin center, assigning a license, and configuring their email. The whole process takes about 10 minutes and does not require any technical background. This guide walks through every step with the exact screens and buttons you will encounter.
What You Need
- Global Administrator or User Administrator access to your Microsoft 365 tenant
- An available Microsoft 365 license to assign
- The new employee's full name and desired email address
- Their job title and department (for the company directory)
Step 1: Sign In to the Microsoft 365 Admin Center
Go to admin.microsoft.com and sign in with your admin credentials. You will land on the admin center home page, which shows a dashboard of your tenant's health and usage.
If you are not sure who your admin is, any existing user can check by going to Settings > Org settings in Microsoft 365 and looking for the admin contact. If your company uses a managed IT provider like Athencia, your provider handles user provisioning for you and you can simply send them the new hire's details.
Step 2: Create the New User Account
- In the left sidebar, click Users > Active users
- Click + Add a user at the top of the page
- Fill in the following fields:
- First name and Last name
- Display name (auto-populates from the name fields)
- Username: This becomes the employee's email address. Enter the part before the @ sign and select your company domain from the dropdown (e.g., jsmith@yourcompany.com)
- Under Password settings, choose one of two options:
- Auto-generate a password: Microsoft creates a random password for you. This is the easiest option.
- Let me create the password: You type in a temporary password manually.
- Check the box for Require this user to change their password when they first sign in. Always leave this enabled so the employee sets their own password on day one.
- Click Next
Step 3: Assign a License
On the next screen, you will assign a product license. This determines which Microsoft 365 apps and services the employee can use.
- Check the box next to the license you want to assign
- If you have multiple license types, choose the one appropriate for the employee's role
Here is a quick comparison of the most common license tiers:
| Feature | Business Basic | Business Standard | Business Premium |
|---|---|---|---|
| Exchange email | Yes | Yes | Yes |
| Web and mobile Office apps | Yes | Yes | Yes |
| Desktop Office apps | No | Yes | Yes |
| Microsoft Teams | Yes | Yes | Yes |
| OneDrive (1 TB) | Yes | Yes | Yes |
| Intune device management | No | No | Yes |
| Defender for Office 365 | No | No | Yes |
| Entra ID Conditional Access | No | No | Yes |
Athencia deploys Microsoft 365 Business Premium for all managed clients because it includes Intune, Defender for Office 365, and Conditional Access at no extra cost. These security features are not available in Business Basic or Business Standard, which means organizations on those tiers lack device management, advanced email threat protection, and the ability to enforce sign-in policies.
If you have no available licenses, click the link to Purchase licenses directly from this screen. The new license is added to your subscription immediately.
- Click Next
Step 4: Configure Optional Settings
This screen lets you set additional details for the user's profile and permissions.
Admin roles: Leave this set to User (no admin center access) unless the employee specifically needs admin privileges. Follow the principle of least privilege: only assign admin roles to people who need them, and use the most limited role that covers their responsibilities.
Profile information: Fill in the employee's Job title, Department, Office, and Phone number. This information populates the company directory and is used by Exchange transport rules (for email signatures), org charts, and the Teams people card. Filling it in now saves you from having to update it later.
Click Next, then review the summary and click Finish adding to create the account.
Step 5: Add the User to Groups and Shared Mailboxes
After the account is created, add the employee to the correct distribution groups, Microsoft 365 groups, and shared mailboxes.
- Go to Users > Active users and click on the new user's name
- Click the Groups tab
- Click Manage groups and add them to any relevant groups (e.g., allstaff@, marketing-team@)
- For shared mailbox access, go to Teams & groups > Shared mailboxes, click the shared mailbox, and add the new user as a member
If your company uses Microsoft Teams for collaboration, the employee will automatically gain access to any Teams channels associated with the Microsoft 365 groups you added them to.
Step 6: Share Login Credentials Securely
Never send a password in a plain-text email. If that email is intercepted or the recipient's inbox is compromised, the attacker has the credentials.
Instead, share the temporary password using one of these methods:
- In person or by phone: The most secure option for employees working on-site.
- Password manager: If your company uses 1Password, create a secure share link with the temporary credentials. Athencia includes 1Password in its Athencia One Complete package and offers it as an add-on for Athencia One clients. A password manager eliminates the problem of securely transmitting credentials entirely.
- Separate channels: Send the username by email and the temporary password by text message, so both are never in the same place.
Let the employee know what to expect on their first sign-in: they will be prompted to change their password, and if your organization has MFA enabled, they will also be walked through setting up the Microsoft Authenticator app.
Step 7: Verify the Account Is Working
Before considering the setup complete, confirm everything is functioning:
- Send a test email to the new address from another account and verify it arrives
- Have the employee sign in at outlook.office.com and confirm they can access Outlook, Teams, and OneDrive
- Check the license by going to Users > Active users > clicking their name > Licenses and apps to confirm the correct license and services are assigned
If your organization uses Microsoft Intune for device management (included with Business Premium), the employee's device enrollment will happen automatically when they sign in to their work account on a company-managed device. For personal devices in a BYOD setup, Intune app protection policies can secure company data on the device without managing the entire phone.
Device and Security Setup
Once the account is active, the new employee's device needs to be properly secured. On a Business Premium tenant, this includes:
- Microsoft Intune enrollment, which pushes your company's security policies (encryption, password requirements, screen lock) to the device automatically
- Microsoft Defender for Business, which provides endpoint protection on the device
- Huntress Managed EDR, which Athencia layers on top of Defender for 24/7 monitoring by human threat hunters. Defender handles baseline protection; Huntress adds a managed Security Operations Center that catches threats Defender misses.
This happens behind the scenes for managed clients. If you are handling IT internally, you will need to configure Intune device enrollment and compliance policies separately.
Common Issues
| Issue | Cause | Fix |
|---|---|---|
| "This username is already taken" | Another account (active or deleted) uses that address | Check the deleted users list under Users > Deleted users. If found, either restore it or permanently delete it to free the address. |
| License assignment fails | No available licenses | Purchase additional licenses from Billing > Purchase services |
| Email not in global address list | Directory sync takes time | Allow up to 24 hours for the new user to appear in the global address list and Outlook autocomplete |
| Employee cannot sign in | Account may be blocked or password issue | Verify sign-in is not blocked under the user's account settings and try resetting the password |
Need Help?
Adding users is straightforward, but getting the full onboarding right, from license selection to device enrollment to security configuration, takes more planning. If you want help setting up new employees or building a repeatable onboarding process, contact Athencia. We handle user provisioning as part of every client onboarding.
