Running an MSP is a challenge. Clients are more technologically savvy and often know how they want technology to contribute to business success, plus organized crime is getting ever more persistent and nastier in their attacks. On top of that, you’re building the technology solutions you offer your clients on top of shifting sand, no longer upgrading their Small Business Server version every 2-4 years, instead Microsoft 365 is changing daily. 

Furthermore, every client is a snowflake, with unique needs and requirements. But the key to scale in an MSP is standardization, not artisanal, hand-crafted, custom deployments for every client. These are the pain points we’ll look at. 

MSP standardization and efficiency isn’t a new problem, and there are some solutions available.  

Microsoft 365 Lighthouse 

Microsoft offers Microsoft 365 Lighthouse, not to be confused with Azure Lighthouse which is a completely different service.  

This Lighthouse is a work in progress and offers centralized account management so that your help desk staff doesn’t have to open individual M365 tenant portals to reset a user’s password for example. There are some device management options and some centralized visualizations of app performance and data protection, but it only really works well if you have the full Microsoft Security stack deployed for your clients. If you’re using third party services for things like email hygiene, this isn’t going to show up in Lighthouse.  

Microsoft 365 Lighthouse dashboard

Limitation: Lighthouse manages a limited number of settings and doesn’t cover many security and configuration aspects across Microsoft 365 services.

Microsoft 365 DSC

Then there’s Microsoft 365 DSC – this open-source project has been around for a few years but is not an official project from Microsoft. The idea is to represent the configuration of a tenant in code, using PowerShell’s Desired State Configuration (DSC) and then be able to apply configuration settings to one or more tenants.

Limitation: It’s not an official solution from Microsoft, so it’s probably not something you want to build your business on. Also, it relies totally on scripting and coding, which might be challenging for the average MSP tech to master. And relying on inhouse developed scripts can lead to fragile, undocumented processes.

Microsoft 365 DSC

Delegated Admin Privileges (DAP)

As part of the look at the history of this space, we must mention Delegated Admin Privileges (DAP), Microsoft’s first take on the concept of an MSP needing permissions to do work in their client’s tenants. The problem with DAP was twofold, swapping techs in and out of access groups was very cumbersome, especially as you don’t want every tech to have access to every client. The larger issue however was the level of access, DAP gave far too broad privileges to MSPs, a huge risk in a situation where the MSP has been breached.

Fortunately, Microsoft fixed this with the new method, Granular Delegated Admin Privileges (GDAP), where the exact level of permission can be controlled, and specific techs can easily be granted access to various clients.

Limitation: One problem with GDAP is that many other services from Microsoft don’t support it when they first come out, and sometimes it can take many months / years before they do, leading to clunky work arounds. And there’s still some overhead in GDAP for the MSP to manage, and an easier approach, whilst still providing good security, would be better.

The MDM answer

When it comes to device management, Microsoft’s answer for many years has been Intune, a cloud based Mobile Device Management (MDM) service which handles Windows client, MacOS, iOS/iPadOS and Android. I suspect many MSPs who have attempted to use this as the method for managing security and configuration across many clients have found this difficult. Intune is very powerful, but it’s also very complex, and not really geared towards the more common small business space that MSPs cater to.

Limitation: Microsoft Intune is a powerful Mobile Device Management (MDM) service, but its complexity and single-tenant focus make it challenging for MSPs managing multiple clients. Intune’s licensing structure and complexity can also be overwhelming. There’s basic Intune, Premium P2 and the Intune Suite. And you can buy certain add-ons individually, rather than as part of P2 / the Intune Suite. Based on this, Intune isn’t really a solution for managing security and configuration baselines across all your clients in an efficient and easy to use way.

Partner Center

In keeping with Microsoft’s tradition of having multiple portals for everything, Partner Center is a way of seeing your clients and managing their billing (depending on how you buy their licenses).

Limitation: Based on your partner level you can also access incentives, referrals and insights, but you can’t manage the configuration of your client’s tenants from Partner Center.

Insights in Microsoft Partner Center

A solution designed to help MSPs standardize and scale 

365 Multi-Tenant Manager is designed to overcome these limitations by offering a user-friendly interface for managing configurations across multiple M365 tenants. It’s the perfect tool for MSPs on their journey towards automation. Thanks to its deep integration into the Microsoft Partner environment, 365 Multi-Tenant Manager allows MSPs to free up as much as up to 80% of their time, from customer onboarding to configuration and standardization tasks. 

Key features: 

  • Automates onboarding through Microsoft Partner Center integration;
  • Provides a centralized dashboard for managing customer settings;
  • Supports granular access control and integrates with GDAP for precise permission management;
  • Detailed tracking and management of all settings, ensuring that nothing falls through the cracks;
  • Easily applies pre-configured security settings across multiple tenants and offers the option to create custom settings for specific needs;
  • Offers real-time monitoring and reporting to track tenant compliance with defined MSP policies and detect configuration drift. 

Conclusion 

There are many hurdles when you’re an MSP, trying to make sure your finite technical resources (people, management resources, apps) can take care of all your client’s IT needs in an efficient and cost-effective way. And while many Microsoft tools and services can do small parts of the required technical standardization and automation, none of them can manage it across all of your clients. 365 Multi-Tenant Manager offers a unified solution to streamline these processes, ensuring that MSPs can operate efficiently and securely.

Leave a Reply

Your email address will not be published. Required fields are marked *