Skip to main content

Cornell University

Description of Onboarding Process for Endpoint Management Tools

This article applies to: Endpoint Management Tools

Onboarding is the process of bringing a unit or department into the Endpoint Management Tools service. (It does not refer to the state of individual computers.)

In order for the Endpoint Management Tools service to work properly in your environment, the CIT Desktop Engineering team needs to work with you to make sure that your IT environment and the Endpoint Management Tools service are configured to be compatible. We need to gather information about your environment and then create a short plan of action for both your team and ours. This is your "onboarding plan."

A basic requirement for Endpoint Management Tools for Windows is that client computers must be part of the Cornell Windows domain. Macintosh computers do not need to be domain members.

Onboarding includes several sets of activities that need to be carried out and are explained in detail in the links below. The end result of the process is that the IT staff responsible for the customer's unit is able to use the Endpoint Management Toolsservice to manage workstations. Once onboarding is complete, one or more test groups of computers will have been added to the Endpoint Management Tools service and the customer is then free to add more as they wish. An overview of the onboarding steps is listed below:

  1. Management signs off on agreement to adopt the service.
  2. Funding sources are identified.
  3. Training recommendations are made based on existing experience in the customer's IT support group.
  4. Information is gathered about the customer's environment and a short custom action plan is created.
  5. Firewalls and other filtering systems both in CIT and in the customer's area are configured to allow access between the customer's systems and the central systems.
  6. For Windows systems, Active Directory group policies are applied to appropriate OUs to prepare computers to be managed. Note that, depending on the configuration of workstations and their environment, some workstations may require remote or hands-on actions to complete the installations.
  7. The appropriate Windows or Mac software client is deployed to workstations across the area that will adopt Endpoint Management Tools, beginning with a small test group.
  8. A Live Tester group is designated that is used in conjunction with Live Tester groups across campus to test patches and other activities. Live Testers should be actual users who are representative of the unit's environment, and should include at least 5% of the population (large units in excess of 1,000 workstations should aim for 3%.) Read more about the Live Tester groups.


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.