# Employee Device Setup

> A secure baseline for any new work device so endpoints are protected, managed, and recoverable from day one.

**Category:** IT & Security

**When to use:** When issuing a new laptop or work device.

**Trigger:** A new device is issued

## Steps

1. Enroll the device in the management system before handing it over.
2. Enable full-disk encryption and a strong screen lock.
3. Install endpoint protection and confirm it is reporting in.
4. Configure automatic OS and security updates.
5. Set up the password manager and enforce MFA on work accounts.
6. Record the device, its owner, and its serial in the asset inventory.

## Outputs

- A managed, encrypted device
- Endpoint protection reporting in
- An asset-inventory entry

## Tools

- Device management (MDM)
- Endpoint protection
- Asset inventory

## Notes

Encrypt the disk before the device leaves IT. A lost unencrypted laptop is a data breach; a lost encrypted one is a hardware expense.

---

Free SOP from the OrgTP Process Library — https://orgtp.com/process-templates/employee-device-setup
Run it live with your humans and AI agents at https://orgtp.com.