Volunteer/Intern Computer Use Policies and Best Practices

In the past 5 years we’ve had about 3 requests to provide volunteers with access to staff resources and to even be assigned a dedicated laptop.

Unfortunately, all 3 of those also came in the past 2 weeks and are all considered “urgent” so it seems like this may be a new trend for us.

We a M365 shop, so I’ve purchased some Volunteer E1 accounts, but I was curious what you all do as a best practices for Interns and Volunteers that need access to staff resources.

Here’s my plan so far:

  • Create a handbook for them to sign that is basically our employee handbook minus the paid-staff only items (PTO, benefits, etc.), but keeping the IT policies and guidelines (with executive approval, of course).
  • Create an M365 account for the individual and assigning a Volunteer E1 license to them (what about those who need local office? Can I also assign M365BP licenses or Apps for Enterprise?)
  • Set their default reply email as our non-staff domain
  • Assign a laptop connected to public WiFi that is Azure AD joined (is this even possible with E1?)
  • Flag the laptop for review/pickup at the end of their scheduled service or in 3 months, whichever is shorter to re-evaluate the need with their ministry overseer.
  • Provide training similar to what we do for staff as far as acceptable computer use, help desk access, etc.

Is there anything in that list that looks wrong? Any ideas on providing AAD joining for volunteers?

I want to do things on the up-and-up, so I don’t want to assign M365BP if that isn’t allowed, but I do want them to be equipped for their role.

I think our friend Karl had a LOT of wisdom that is somewhat applicable to the questions you’re asking over in this thread. In an era where “staff resources” should be becoming more and more accessible from anywhere I think it’s a great time to revisit some of those things. Enabling staff and key volunteers to work efficiently from any device has its value. Your team can spend their time managing access to the tools and securing the data vs the computers.

More to your point, we’ve had a few situations lately where we have made cloud-only accounts in M365 for mail and other services versus an AD account that is synced up. Limit your scopes appropriately where you can.

Otherwise, I think you’re on the right track.

1 Like

Licensing wise, you need AAD P1 for each user that will utilize a computer that is AD joined so you can do that with plain old AAD P1, M365 BP/E3/E5, M365 F1/F3, or EMS E3/E5.

You can purchase M365 BP licenses for volunteers at the discount rate, you just can’t use the donated (grant) ones for volunteers unless they are an unpaid executive staff like chairman of a board. See the following site’s chart for reference: https://www.microsoft.com/en-us/nonprofits/eligibility