inforcer's Chief Product Officer, Matthé Smit, Dan Harris, Director of Product Innovation, Frederick Bendzius-Drennan, VP of AI Transformation, and George Cochrane, Product Manager discuss Q1 feature releases and unpack the product roadmap.
Our Product experts break down what's new and upcoming in the inforcer platform in Q1 2026, and how these updates will help you deliver even more value to your customers.
Matthé Smit
Good afternoon and good morning, wherever you are. We will give it one more minute because I can see a lot of people loading into the event, and then we will get started.
Hello everyone, and welcome to the first big webinar we are doing this year: the first roadmap update for Q1. We have a lot to cover, and I am really excited about this session because we have some very talented people here today. We have many of the key people making decisions about the direction of the inforcer product. George is here as a lead product manager, and we also have Frederick and Dan presenting.
Today, we will cover some highlights you may have missed from Q4, including demos, and then we will go over what many of you are here for: highlights from the Q1 roadmap, things we have been working on, and things that are very close to shipping. Some may even be shipping next week. We will also leave time for Q&A.
Matthé Smit
When we develop the inforcer product and platform, we like to do that with you. Many of the things we are working on, and many of the things we recently launched, came directly from customers and partners. Your feedback throughout the development process helps us make sure that when we release something, it is useful and relevant.
We also like to innovate rapidly. Looking back at last year, we shipped a lot of different things. Our view is to ship fast, learn quickly, improve and make sure we solve real problems for you. Last year was incredible on many fronts, especially product delivery.
The green items on the slide are the big features we launched throughout the year, while the orange items represent new policies and new areas we introduced so you can support and manage them. Teams and Purview were added last year. On the feature side, there were several major highlights.
We delivered RBAC, role-based access control, which at the time was the number one thing people were asking us for. It made the product ready for larger MSPs and larger teams. We introduced AI policy summaries, which made Microsoft easier to manage by helping you understand user impact and decide whether a policy should be deployed. It was a great example of how AI can be genuinely useful.
We also launched tenant assessments, which help MSPs show value from day one by articulating where the problems are and helping customers win business. Following that, we launched the Copilot readiness assessment, which has been important for many of you thinking about Copilot. It helps articulate the value of Copilot, shows who should get it first and identifies what needs to be done first. For many partners, it helps sell AI and security together in one project.
Last but not least, we launched the new tenant experience, which was a big project for us.
Matthé Smit
A lot of this was driven by you. One of the things we did was launch a new feature request and roadmap system to better channel feedback. We launched that near the end of last year, on 17 December. There are now more than 400 ideas in the system, with a lot of traction, including new ideas, comments and upvotes. Please keep using it, because it really helps us. We look at it all the time, and it is a great way for us to decide what makes the most sense.
With a product like inforcer, there are so many things we could do, and we want to make sure we focus on your needs. Based on the roadmap system and customer advisory board sessions, we are hearing a few major trends. First, you are asking us to do more of the same: make sure inforcer has full coverage across Microsoft 365, including more policies, more settings, Intune apps and similar areas.
Second, people are asking for more automation, especially around reporting, but also around many other things that are currently manual in the product. Third, people are asking us to do more with the sales tools we have been developing. Prospect assessments come up all the time, as do more Copilot capabilities, SharePoint reporting, licensing reporting and similar areas. If you do not agree with any of that, let us know through the feedback systems.
Matthé Smit
With that, let’s talk about what we recently delivered. George, I would love to invite you to take us through some of the developments.
George Cochrane
Thank you very much. I am going to do a quick demo of both topics, especially for anyone who had a hectic end to 2025 and has not yet had time to use these features or learn them properly.
First, we built a toolkit to help enable Partner Center onboarding through inforcer. More broadly, it helps you connect tenants to Partner Center and establish GDAP relationships. If you have ever had to do this manually, you know it can be a long, painful and boring task. Hopefully, for future tenants, you can now use this tool to get tenants connected quickly.
Second, we released a major update at the end of last year. It brought together four or five of the top-voted feature requests in one release. At times it felt like changing the tyre while the car was moving, because custom baselines had significant implications for tenant alignment, and tenant alignment needed to be upgraded in many ways to support the new functionality.
The December release added the ability to tune how a baseline works, including whether it includes all policies or only Intune policies. In the alignment tool, you now have full freedom to accept individual granular deviations or set deviations to expire after a certain period of time. There is a lot you can do now, so it is better to show it hands-on.
George Cochrane
In the Partner Center management toolkit, you will now see a new Partner Center Manager tab on the All Tenants page. You can also access it by selecting Add Tenants and choosing Partner Center. This is an end-to-end toolkit to get a tenant into Partner Center and fully ready to onboard to inforcer.
If you do not have the basic reseller relationship yet, you begin by clicking the reseller relationship button. It creates a universal link that can add any tenant to your Partner Center. You approve that invitation as the customer’s Global Administrator. The tenant will then appear inside inforcer, though it may initially show as having no GDAP configured.
To fix that, inforcer generates the GDAP relationship. You can choose the minimum required roles for inforcer, or a larger set of roles if you want to use GDAP for account managers, engineering teams or varying levels of access. After creating that relationship, inforcer provides the GDAP link, which still needs to be approved by a Global Administrator. We would love to automate that approval, but Microsoft understandably requires that security step.
It is also important to assign users to the GDAP relationship. For example, you might create an inforcer onboarding group and assign people to use that GDAP relationship. Once the relationship and assignment are complete, the tenant can be selected and onboarded. We have also improved onboarding with Global Administrator access, but I will leave that for you to explore.
George Cochrane
Moving on to alignment, there is a lot here, so I will focus on a few powerful improvements. If you have multiple deviations, you can now select exactly which property differences to accept as a deviation. You can also set that deviation to expire, for example in a couple of days. The status updates quickly without requiring the whole page to reload.
Previously, if you accepted a deviation, the whole policy was effectively accepted as different and would stay that way. Now, inforcer tracks each individual property you accepted. If another property changes later, that future change will still be presented to you. That gives you much more control. You can align one property while leaving an accepted deviation in place for another.
There are also new ways to present data, such as table view, and you can group customers by alignment score instead of by baseline. I hope you enjoy the new tools. There are videos in the documentation if you would like to explore this in more detail. Back to you, Matthé.
Matthé Smit
Wonderful. Great demo, George. Please let us know if you have questions or comments in the Q&A panel or chat. That covers the past, including a busy December, November and January, but it is not all we are working on. There is a lot more happening, and for that I would like to ask Dan to take us through some of the new things.
Dan Harris
Absolutely. Good morning, good afternoon and everything in between. Let’s look to the future.
One very exciting thing we are working on, which has been requested for quite a while, is prospecting. It is a significant task for us to deliver. The idea is that you can send a magic link to prospects who are not yet your customers, or who may not be ready to grant broad permissions. Prospecting provides read-only access to a tenant so you can run useful things in the platform, such as tenant assessments, and gain insight into that tenant through other areas of the product as well.
Dan Harris
To do this properly, we are rethinking the enterprise application itself. We have added a lot of depth to the platform, with support for policies across Purview, Defender, Intune and Entra. Most people are comfortable with that breadth, but when we look at larger partners working with key enterprise organisations, those customers may not want to accept everything. They may be comfortable allowing a partner to work with Intune and Entra, but not yet ready to grant access to the depth of Defender and Purview.
That means we are rethinking onboarding. You may be able to choose which Microsoft products or applications you want to onboard, and whether access should be read-only or read-write. That will apply not only to prospecting, but also to Partner Center onboarding and Global Administrator onboarding.
For prospecting specifically, there will be a permission retention period. A prospect should not exist forever. You might be tendering for a partner for a week, two weeks or a month. During that time, you need access to run reports and assessments, find value, identify gaps in security and productivity, and show why the customer should buy a service. The retention period helps ensure that access is time-bound.
The prospecting link will be a branded inforcer link that you can send directly to the prospect. They can log in themselves, or pass it to the right person so the tenant can be connected. The idea is that you can brand it in a way that is specific to you, or to the partner you are working with, so the link feels appropriate and trustworthy.
Dan Harris
A broader theme we are working on is making tenant hardening much easier. George already showed significant improvements to tenant management. You no longer have to think of an entire tenant as comparing directly with your customers in one broad way. You can break things up into baselines that make sense for projects, licences or tiers.
For example, you might have a project baseline for deploying MAM for BYOD protection on iPhone or Android devices, a licence-based baseline for maximising Business Standard or Business Premium, or a tier-based approach such as phase one, phase two and phase three of a security rollout. We have already made improvements there, but the next step is our own inforcer baseline.
Dan Harris
Today, the platform includes the CIS baseline, which is a strong industry best practice for security hardening across Microsoft 365 and Intune. However, CIS is focused primarily on security, and particularly enterprise security. It is not inherently written for an MSP, or for a small business such as a dentist, car workshop or other local organisation.
That is where the inforcer baseline comes in. We can be opinionated about certain policies and practices in a way that is appropriate for MSPs and SMBs. The baseline will be managed internally by a strong team, headed by Roy, and also shaped by you as the community. If a policy has serious impact, or if you think something should change because of a real-world issue, that is where we come together and weigh security against productivity. We will always favour security, but we also need to think about how to phase changes in sensibly.
Dan Harris
We will provide pre-built projects and tiers. The core tier will include integral security controls, such as MFA for all users, marginal Intune protection and some SharePoint hardening. Then it will move into enhanced and strict tiers, going deeper into the Microsoft stack and security capabilities. This can become something you use as a service: a core managed security offering that you can run for customers.
Within each tier, we will package projects rather than presenting a long list of unrelated policies. In my MSP days, everything was delivered as a project, such as MAM, Autopilot, Teams hardening or enabling SharePoint functionality. The tiers and projects will give you autonomy. You can use our practices as provided, change them in your own tenant, or use our baseline without needing to maintain a separate tenant.
The baseline will continue to grow as we add more policy depth. We are looking at areas such as detection and remediation scripts in Intune, quality updates, hotpatch and Autopatch rollout at scale. Policy depth is visible in the roadmap site, so please log in, review it and help steer priorities.
Dan Harris
Another change builds on George’s tenant alignment update. It is useful to compare a baseline to a tenant, but sometimes you want visibility into one specific setting across all customers. MFA for all users is a good example. It is an important setting, and we want to let you select a setting and see which customers are aligned, misaligned, missing the policy or have accepted deviations.
That gives you a new kind of multi-tenant visibility and helps you plan rollout strategy. You may feel confident that everyone has MFA configured, but one click should show whether all customers actually do. These updates are heavily being worked on throughout Q1. I will now hand over to the next part: how we help you enforce this even harder.
Matthé Smit
Thanks, Dan. Frederick, I would love you to talk a little more about how we can help partners enforce every tenant.
Frederick Bendzius-Drennan
Thank you, Matthé. As a follow-on from what George and Dan have shown, the inforcer platform now delivers a fantastic array of functionality. I joined inforcer several months ago, and it has been frenetic how much we have built to solve real-world problems.
Today, the platform supports deploying policies, aligning with baselines, detecting drift, fixing drift, alerting, user management, group management, assessments and Copilot readiness. There is a lot in the platform. It integrates tightly with Microsoft 365, gives you a lot of power and helps you be efficient when delivering a world-class service to customers.
However, we can see that not every tenant always gets onboarded to inforcer. We have been investigating why. One use case is a customer that is not fully managed. You may do ad hoc project work, where you need to understand the situation, report on the environment, propose a solution and implement project work.
A second use case is licensing. inforcer covers the full breadth of Microsoft 365, and especially on policy depth, it is geared towards SKUs like Microsoft 365 Business Premium. We have therefore looked at the capabilities in the platform and developed new options for how you use inforcer with customers that fit those different use cases.
Frederick Bendzius-Drennan
We are effectively introducing three SKUs for the inforcer product. The inforcer you know today remains unchanged as the Premium SKU. For the ad hoc or project-focused customer relationship, we are introducing the Tenant Assessment SKU. You can onboard that tenant and access tenant assessment and Copilot readiness.
Tenant assessment lets you run a large number of checks across different use cases. Compliance is a strong example because you can get valuable insight in seconds into how an environment is configured and what should be done about it. Copilot readiness similarly helps assess environments quickly to understand security, technical readiness and data governance requirements for taking a customer through their Copilot journey.
We are also introducing a Standard tenant licence. Whereas Premium is focused on tenants using Microsoft 365 Business Premium, Standard is focused on tenants using Business Standard or lower SKUs, with a different price point to match. If you have questions or interest in these options, please speak to your Partner Success Manager.
Frederick Bendzius-Drennan
We are also making this very easy to engage with. Today, if you want to add more tenants and have exhausted your onboarding code, you need to speak to your representative to get more onboarding codes. Onboarding codes are going away. You will be able to self-serve from within the platform very quickly, with a full audit log of the change to your contract when you buy additional licences from any of the SKUs.
This will be integrated into the platform workflows. When you onboard a new tenant, for example, you can select precisely which SKU or product they get access to, and then continue with the important work of deploying policies, aligning policies and providing service to that customer.
In the demo, I can add licences from the platform in a few clicks and see the order log, including who did it and the timestamp. It is designed to be simple and fast.
Matthé Smit
There is more to talk about. One thing I am personally very excited about, and I know many of you are too, is PSA integrations: Halo, ConnectWise, Autotask and Synchro. There have been many requests for this, and there is a real reason for that. Many MSPs tell us that if something is not in the PSA, it does not exist.
Most of you are not looking for more dashboards. You have plenty of dashboards. You want your PSA to be the engine that sets priorities, because work gets done in the PSA and the other products you use need to feed into it. If something is not in the PSA, you cannot bill for it, track time properly or connect it to the right workflow.
Tickets are the heartbeat of any MSP. Every task a technician does needs a ticket with priority, category and ownership. It may be tied to a contract and an SLA, and that is how you automate the wider business.
Matthé Smit
Last year, inforcer built an alerting engine. Many people like what we do there, but the number one piece of feedback was that it needed PSA integration. We previously supported alerts to email and alerts to webhook, which both have benefits and downsides. Webhooks are powerful because they can send data to Teams, Slack or middleware, but many PSA systems do not have strong webhook support. Email integration often creates tickets that are not linked to the right customer, category or priority, which means you cannot assign the right SLA. It is also cumbersome to set up.
I am excited to announce native integrations with the most popular PSAs: ConnectWise, Halo, Autotask and Synchro. These will be robust and powerful, with mappings for companies, ticket boards or queues, statuses and fully customisable ticket flows, including ticket titles and descriptions.
Matthé Smit
When this is available, inforcer will detect a problem in one of your Microsoft tenants. It could be a policy change, an expired certificate or a critical MDM certificate issue. From there, it will automatically create a ticket in your PSA, such as Autotask, and the ticket will land exactly where you want it with the right associations.
In the configuration section, there will be a PSA integration area where you can monitor created tickets, review failures if any occur, and review configuration. You can map inforcer alerts to specific categories in the PSA, map inforcer tenants to PSA companies and set fallback defaults if a category or tenant is not mapped. We have also added automatic mapping based on name overlap, so if naming is logical across inforcer and your PSA, setup should be simple.
When configuring an alert, you enable PSA ticket creation and use templates similar to those used for emails and webhooks. Depending on the PSA, it can support HTML or plain text. In the demo, the ticket is created instantly in Halo with policy-change information, including a case where someone added a user to conditional access exclusions. That is exactly the kind of issue you want highlighted in your PSA. The rollout is coming very soon.
Matthé Smit
As we add more features like this, we receive more automation requests. The best technician is a lazy technician: you do not want to do things manually. That is one reason you probably use inforcer. I see automation falling into three categories: check and alert, check and action, and scheduled reporting.
Check and alert is what we just discussed. For example, a certificate may expire, or a new account may be created, and inforcer creates a ticket. We are planning more alerts, such as a new forwarding rule to an external user in Exchange, an unused enterprise app that could be a back door into a tenant, or SharePoint running out of storage.
Check and action is where inforcer can do something about the issue so you do not have to. One example is reverting a policy when it changes, such as removing an unexpected exception from a conditional access rule. Another example is Exchange mailbox configuration, where some settings cannot be handled through policy and require PowerShell. inforcer can check whether a flag is enabled and, if not, apply it for you.
Scheduled reporting is an extension of alerting. If you have disabled users that still have licences, or Intune devices with conflicting policies, you may not want a separate alert for every item. Instead, inforcer can create a scheduled report and, with PSA integration, deliver it where it needs to go.
Frederick Bendzius-Drennan
Scheduled reports are one of the automation use cases we are looking at closely. Knowledge is power. You need information at your fingertips to identify project work, sell customers more value and help improve the ROI of their IT spend. You may also be looking to sell Copilot, and information is critical to everything you deliver as part of managed services.
We are building a new scheduled reporting engine so you can take a report that exists in the inforcer platform today, such as an existing export, tenant assessment or Copilot readiness report, and schedule it with a recurrence and start date.
Frederick Bendzius-Drennan
We also want to improve the whole reporting experience end to end. Reporting is important and, when done well, can make managed services more efficient. We are looking at improved targeting, because today report creation is very tenant-specific. We want to support tenant tags, inclusions and exclusions, similar to alerts.
We are also looking at more recipient options. You may want to send reports by email, use a webhook or send them into a SharePoint folder structure for additional processing. We are also considering more output configurability: some reports should be PDFs, while others may need to be CSV exports for programmatic use.
We have received feedback that some reports contain a lot of information, so we are working to optimise and speed up PDF exports and improve the overall user experience.
Frederick Bendzius-Drennan
This is also a natural segue into the REST API. In late Q3 last year, we launched the REST API beta, and the feedback was tremendous. inforcer consumes and processes a lot of valuable information from Microsoft, including alignment scores and other data that you want at your fingertips. We started delivering that through the API to unlock automation, reporting and integration use cases.
Some partners built production workflows very quickly after the beta launched. George produced a Power BI dashboard walkthrough in the documentation, and Matthé created an MCP server that can talk to the API as well.
Frederick Bendzius-Drennan
We now want to build on the input from beta customers and partners. The way we build the inforcer platform means it is well structured to make everything available through the REST API in some way. Instead of selecting only certain endpoints, we are asking why we should not add all of them.
Activity log, tenant tags, assessments, users, groups, deviations and Copilot readiness are all on the backlog as next endpoints to add to the API. We will keep adding to this as part of an API-first strategy. Some endpoints are more important than others, so please keep providing roadmap input.
We also want the API to support more than retrieving information. We want it to unlock more powerful workflows, such as configuring tenant tags programmatically, adding licences, assigning licences and deploying policies. We are also working on improvements to existing endpoints based on feedback. Please keep that feedback coming.
Matthé Smit
That was a lot. On automation and API, one of the top requests since we introduced user management is to automate more there, including scheduled user onboarding and offboarding. That is part of the plan. Exposing those capabilities through the API could also enable new workflows from other systems you use.
To summarise what you can expect very soon: PSA integrations are rolling out next week. Licence self-service and the new SKUs Frederick mentioned are also likely next week. The new inforcer baselines are coming in February.
This quarter, you can expect a lot more. Scheduled reporting and scheduling automation are a major focus. We will work on read-only prospect assessment and continue developing flexible security options. We will also work on multi-tenant policy alignment, and there is more coming around automation, including scheduled offboarding and reverting a policy when it changes.
We will continue increasing the speed at which we add policies and settings to the product. We will add more alerts, more checks and more REST API functionality. Other items on our radar include managing apps within inforcer and GCC High support for US government cloud tenants. The plan is evolving quickly, so please check the roadmap from within the product, leave feedback, upvote what matters most and ask your questions there as well.
Matthé Smit
I know we have received a lot of questions, and I have not been able to keep track of them all while presenting. Dan, George, Frederick, is there anything you think we should cover in the few minutes we have remaining?
George Cochrane
There were a lot of questions while Frederick was presenting reporting, such as whether certain raw report data will be available in the API. Then one slide later, the answer was essentially yes: everything should be in the API. That has been a big theme. Otherwise, everyone has been chatting and asking good questions in Q&A, and I think most have been handled.
Matthé Smit
Brilliant. Thank you for answering those questions. Let’s wrap up. Thank you to everyone who joined today. Keep sharing how we can make the product better for you. We have big plans this year, and there is even more going on than we presented today. Hopefully, we will see you soon at the next one. Have a great day, and see you soon.
Frederick Bendzius-Drennan
Thank you so much, everyone. Have a great day.
George Cochrane
Cheers, everyone.