Published:

Most SMEs do not have a joiner, mover or leaver problem because they lack effort.
They have it because too much of the process depends on memory, inboxes and one-off tickets.
That is when access drift starts. New starters arrive without everything ready. Movers keep access that no longer fits their role. Leavers are disabled eventually, but not always cleanly or consistently. The result is repeated admin work, repeated support tickets and repeated risk.
This is why joiner, mover, leaver workflow is an operations issue first and a tooling issue second.
Why JML is an operations problem, not just an admin task
When onboarding and offboarding are treated as isolated admin tasks, the same gaps appear again and again:
approvals are informal
ownership is split but not defined
timing depends on someone noticing an email
evidence of completion is weak
exceptions pile up without review
That is what creates access drift. The problem is not only that a task was manual. It is that nobody can say with confidence which steps are automatic, which need approval, and which have actually happened.
The cost of access drift and repeated setup tickets
Access drift creates two kinds of cost.
The first is risk. People keep access they should not have, admin rights linger, and old group memberships remain because there is no clean trigger to remove them.
The second is operational drag. The service desk keeps rebuilding the same setup steps, chasing managers for missing details, and fixing access mistakes after the fact.
That is why a better JML process improves both security and supportability.
What a reliable JML workflow includes
A workable SME process should define four things clearly.
1. Trigger
What starts the workflow? Usually a confirmed joiner, role change or leaver event from HR or management.
2. Ownership
Who owns each part? For example:
HR confirms the people event
the manager confirms required access
IT applies or verifies technical changes
an approver signs off exceptions or elevated access
3. Timing
When should each action happen? Before day one, on the day of change, or immediately at exit.
4. Evidence
What proves completion? Timestamps, approval records, access changes and completion status should be visible enough to review.
Where Microsoft 365 automation helps
Microsoft Entra Lifecycle Workflows is useful because it helps automate repeatable user lifecycle actions across joiner, mover and leaver scenarios.
That matters because it turns recurring steps into a controlled workflow rather than leaving them entirely to email threads and manual checklists.
For SMEs, the benefit is not “more automation” in the abstract. It is fewer avoidable misses in the places where identity should stay aligned to real life.
The evidence trail SMEs should keep
A sensible JML evidence trail should include:
the workflow or process map
named owners and approvers
timestamps for key actions
completion records
exceptions requiring manual review
a monthly review of failures, delays or unusual cases
That makes the process easier to improve and easier to defend.
Final thought
Joiner, mover, leaver automation is valuable because it reduces ambiguity.
When the process is clear, ownership is visible and the evidence trail exists, access drift becomes harder to ignore and easier to reduce. That leads to cleaner onboarding, safer offboarding and fewer repeated tickets caused by the same broken handoffs.

Managed IT Services
Joiner, Mover, Leaver Automation: A Guide for SMEs

Modern Workplace
What Defensible IT Looks Like for a Microsoft 365 SME

Managed IT Services
What a Monthly IT Review Should Include for a 10-25 User SME

Backup & Disaster Recovery
7 Questions to Ask a Managed IT Provider About Security, Backup and Accountibility

Cyber Security