Will Connor, Chief Community Officer, and Matthé Smit, Chief Product Officer at inforcer, are joined by Lior Bela, Business Director of Microsoft Intune to unpack how the #IntuneForMSPs initiative will benefit MSPs. Discover what the initative is and how it will help MSPs solve the multi-tenant challenge.
Understand how inforcer and Microsoft's collaboration, #IntuneForMSPs, will impact MSPs as they enter a new era of managed services.
Will Connor
Good afternoon, good morning and potentially good evening to everybody. Thanks for joining us today for our Intune for MSPs launch event. We are really excited to have everybody on. We had a lot of registrations, so I will give it one more moment to let everybody who may be joining come on board.
We have a packed agenda for the next hour, and I am really excited that we have the business lead for Microsoft Intune joining us, who you have probably seen somewhere online. We also have Matthé Smit, our CPO, and myself. I am Will Connor, one of the co-founders and Chief Community Officer at inforcer.
We are recording the session, so if anybody needs to jump off, that is absolutely no problem. We will be sharing the recording as well. Lior, would you mind doing a quick introduction for anybody who is not already acquainted with you?
Lior Bela
This is great. I have been introduced as a LinkedIn influencer, so I have achieved a lifelong dream.
Hi everyone, my name is Lior Bela. I am part of the corporate Microsoft Intune team and the business lead responsible for partnerships, growth, community and everything that shows up in my email. I have been with Intune for nearly four years, and I am excited to be here because this specific topic is something I am very excited about.
Will Connor
Love it. So are we. Matthé, do you want to do a quick introduction before we get fully started?
Matthé Smit
Sure thing. Hey everyone. I am Matthé Smit and I am responsible for product engineering. We have a lot of really nice things we are working on, and I will tell you more about those later in the event.
I joined inforcer in February after working at other major vendors in the MSP space for a long time. I have spent the last 20 years in the MSP space, and it is good to see so many of you here at the event.
Will Connor
Perfect. We are going to kick off with Lior. Lior, I would love to hear directly from you about this Intune for MSPs initiative. Why is it something Microsoft has decided to push forward with and invest resources in?
Lior Bela
That is a very good question. About a year and a half ago, we started getting a lot more feedback that many customers viewed Intune as an enterprise solution. At the same time, our message has been security and management for all. It does not matter whether you are a small business with five people or 10 people. Everyone is vulnerable, especially to cyber attacks. Everyone requires management, and everyone cares about data privacy. In Europe, there is also a lot more regulation.
We investigated why this perception was happening and quickly learned that, although our solution is included in Microsoft 365 Business Premium, which many customers already have, alongside Defender, Entra and the rest of the Microsoft stack, it was harder for MSPs managing SMB customers to use Intune because of multi-tenancy limitations. Our products are also highly customisable, and that level of customisation requires training, skill and time, especially in a multi-tenant context.
We started looking at what we could do to help customers use Microsoft Intune and the rest of the solutions. Microsoft 365 Lighthouse existed, but it was not complete for all MSP needs. We did a lot of research. I personally spoke to more than 300 MSPs to identify the opportunity and what was missing. We realised Intune capabilities were there, and the product was ready for those customers, but we needed to unblock the multi-tenancy capabilities.
We spoke to many companies, including inforcer, investigated and tested the product, and verified that customers could get a very good experience by leveraging their Microsoft 365 licence in a centralised dashboard that gives them multi-tenancy capabilities. It allows them to use the licences they are already paying for, with no additional cost from a Microsoft perspective. It is a win-win situation. We expand our reach to more customers, especially in the SMB space, and inforcer is here to represent us and bring those solutions into a centralised view.
Will Connor
That makes a lot of sense. Just to make everyone aware, we will do a Q&A session at the end, and we will save around 10 minutes for questions. You can use the Q&A button at the top and put questions in for me, Lior, Matthé or all of us.
Lior, if I am an MSP, what benefit should I expect from this programme?
Lior Bela
First, we heard very clearly from MSPs that consistent margins are a challenge. MSPs can end up in a commodity-like business where everyone is taking the same package of solutions and offering managed services. It becomes difficult to differentiate, even if you are best in class, because prospects often compare MSPs on price. That is not where you want to lead your business.
The Microsoft 365 licence gives you many more capabilities than patch management, level one and level two support, and remote access. It allows you to manage devices across Mac, Android and Windows. If customers have bring-your-own-device scenarios and you only want to manage the applications rather than the device, Microsoft brings those capabilities to the table as well.
By leveraging the licence the customer is already paying for, MSPs can save cost on services they may be buying through separate solutions today. You do not need a separate identity solution, a separate patch management solution or a separate application management solution. Everything is centralised in one place.
Because those capabilities exist and include security capabilities, MSPs can and should offer more services. It is not only patch management. You can offer SOC services, Windows 365 management and other services. You can become a one-stop shop for customer needs, including selling devices directly from the OEM and deploying them using Autopilot.
First, we are helping you save cost by removing some of the need for third-party tools. Second, we are giving you solutions you can build on top of and package as services to differentiate yourself. Third, AI is not coming; it is already here. Customers will look to MSPs as trusted advisers to help them adopt AI. Copilot Studio is another capability that can come from a centralised point of view, helping customers enter the era of AI, build agents and use the latest technology, even if they are an SMB with 10 or 20 employees.
Will Connor
I agree. AI is already here, and many businesses already have people using it, but it is not always governed or secured effectively. That is something Matthé will touch on when he covers what we are building and what is on the roadmap.
One more question before we move into the demo. You said you spoke to a lot of different vendors, and only two made it. You are on a webinar with one of them today. Was there anything specific that made Microsoft feel it made sense to work with inforcer on this?
Lior Bela
Will is fishing for compliments here; I see what is happening.
When you develop an important capability and reach out to a new customer base, it is not something you do every day. I have been at Microsoft for several years, and reaching a completely new set of customers and partners, such as MSPs and MSSPs, is something we had to learn and understand. We were looking for Microsoft partners that also understood the business. The two partners we chose have a lot of background in the MSP space and understand MSPs.
We are not in a sales business. We are in the business of finding solutions and improving customer experiences. Specifically for inforcer, it is always a pleasure to work with you because the level of energy and knowledge is fun to work with as a partner. You have passion for your customers and MSPs, and a drive to solve their challenges and make their lives much easier. When I see that type of passion, I am attracted to it very quickly.
Will Connor
Thank you. I am going to run through a couple of brief introduction slides because we have a lot of people on the call, and I do not know if everybody knows who inforcer is yet. I will do a quick intro to inforcer, then a live demo of the product, and then I will pass over to Matthé.
I am one of the co-founders of inforcer and have been in the MSP space for over a decade. I was one of ConnectWise's first employees in the UK and helped grow the business in Europe. I founded inforcer with a couple of other people who have spent their careers in the MSP space: an MSP owner who spent his working days in and out of tenants using PowerShell scripts and struggling with the multi-tenant challenge in Microsoft, and Jamie, our CEO and another co-founder, who spent his career at Autotask.
In our different roles, we spent a lot of time with MSPs and felt there was not a solution built for MSPs that could help them be proactive when managing multiple tenants, reduce risk across customers, reduce human error when delivering policies, and ultimately allow them to deliver more services on top of Microsoft 365.
We founded the business in June 2022 and took on our first customer in January 2023, even though we did not have a user interface at that point. The first version of the UI was released in October 2023. Since then, we have been on a good track. We are 100% MSP-focused, which aligns well with the Intune for MSPs initiative. We have 80 investors from the MSP community: MSPs who use our platform and were invited to invest in the tool and be part of the journey.
We have brought on more than 800 MSP partners, who manage more than 50,000 tenants within our tool, and that continues to grow every month. We also have a strong community, which is about getting MSPs in front of other MSPs, both in person and online. Some of you may have attended our Winning with Microsoft events around the world. Lior joined us for the London event, where MSPs talked about the challenges they are facing and how we can solve them together.
Our online community has more than 1,000 people in it. One of our partners said that if he needs to build a new policy in Intune, he will often go to the inforcer community and ask other MSPs, because they have often already done what he is trying to do. That can be quicker than searching the internet.
We are globally located, with offices in London, Los Angeles, Tampa, Melbourne, Copenhagen and Amsterdam. Being close to our partners is important to us, because it helps us deliver in-person community, education and enablement.
Will Connor
In terms of the tool itself, I will cover this in the demo, but I want to share some key points. Ultimately, we want to give you better visibility across all your tenants and enable you to be more proactive. We provide baselines, and I will show our CIS baseline in the demo. We have proactive monitoring and alerting around policy drift and other areas within Microsoft 365. We back up the configuration across your tenants, provide custom reporting, and enable you to standardise and automate policy delivery.
We also provide operational dashboards that take complex information from portals such as Entra and bring it into one place, making it easier to understand and manage. We have embedded AI into the platform, and we provide monthly updates on changes within Microsoft through our Dispatchers webinar series, so partners can stay on top of changes and continue delivering a strong level of security to customers.
I will switch screens and jump into a quick demo.
Will Connor
The goal is to give you a multi-tenant view across all your customers. Once your tenants are enrolled, you can see the tenants you manage, compare them against different baselines, and even compare the same tenant against different baselines. That lets you talk to a customer about moving to the next level of security and run reports around that.
Once a customer is compared with a baseline, you get an alignment score that shows how far away the customer is from the baseline. This is updated every day, so when you come in each morning, you have up-to-date scores and can track changes. We track changes between the backups we run every day, such as added and removed policies on a tenant.
That visibility becomes critical as you manage more tenants. It can be very difficult to know what is changing across all customers, especially when different engineers may be making changes in tenants because customers asked them to, or because they are trying to fix a problem. Often, you do not know until it is too late. We give you that visibility in the UI and through email alerts.
You can create custom tags within inforcer to categorise your customers more effectively. If you have a large baseline, you are unlikely to roll out every policy on day one. By using tags in a phased approach, you can deliver phase one of a baseline to phase one customers in that baseline, giving you more nuance in how you deliver policies.
The multi-tenant view also includes Microsoft Secure Score, updated daily. If you need to look at a tenant specifically, you can jump straight into that tenant for more information, such as Secure Score recommendations or admin portals. These are deep-linked to the tenant, so if you need to jump into Intune to manage devices, you can do that from here.
For Entra, you can export information such as users, security risks and configuration issues. The point is to consolidate information that is often spread across different portals and make it easier for your team to manage. We also have different roles within the tool. For example, an account manager or technical account manager can have read-only access to certain tenants so they can view this kind of information.
Will Connor
One of the key areas of the platform is our tenant alignment tool. This is where you take a customer from where they are to where you need them to be. In the MSP space, that is not always simply about deploying policies. We give you a view of what is already aligned, which policies need changes or deployment from the baseline, and which existing policies have deviations.
One of the key things we do is show policies that already exist and are similar to the baseline but have a different name. That helps you start standardising naming conventions. We also have an AI analysis tool. If we analyse a policy with AI, we can compare a similar customer policy with the baseline policy. In one example, the customer policy does the same thing and the only deviation is the name. From there, you could rename the policy or approve the deviation.
That flexibility matters because customers may have nuances in how their policies are set up, and in reality, not every customer will be 100% aligned to a baseline. You can also run customised reports before deploying policies or making changes. Those reports can include logos and colours and can be used to get sign-off before delivery. Many partners deliver them quarterly to show customers where they are against a baseline.
Will Connor
If you need to deploy policies at scale, such as a new policy like token theft protection that has been brought downstream into P1 functionality, you may want to roll it out across all Business Premium tenants. You would create or select a policy in a baseline, choose the tenants, and those could be all tenants or specific tagged tenants.
From there, inforcer looks for variables such as tenant IDs, which differ across tenants. You can choose how the policies deploy, such as report-only to begin with, and whether to deploy security groups as well. Then you can deploy a single policy from a baseline across multiple tenants, giving you true multi-tenant deployment when it matters most.
For proactive alerting, you can set up specific alerts. For example, you might create an alert for gold customers if their Secure Score drops below 80%. You can configure the threshold and select the relevant customers. That gives you better insight into changes across tenants, not only at policy level. We have alerts across Entra, Intune, general Microsoft 365, and policy changes.
We also back up policies every day and give you the ability to restore them. If something changes, or a customer asks for a change and then decides they do not like it, you can roll the policies back easily. The process is similar to deployment, except we read from the backup rather than the tenant.
We also have reports such as MFA status, which are customisable and let you show customers where they are against something like an MFA rollout. We also have exports for device compliance and devices without BitLocker, which can be run across every tenant where needed. Matthé will now cover some of the upcoming platform areas that will add even more reporting value.
Matthé Smit
Thank you. I will take over the screen and give everyone a quick roadmap update. Before I do that, I will talk about what we see happening in the market and what drives our roadmap.
I have been around for a long time. I started when break-fix was a thing and everyone was happy deploying Small Business Server. Then we saw the wave of RMM and the transition into managed services. After that, everyone started doing more around security. At a certain point, especially in the SMB space, we shifted to cloud-first deployments: not many Exchange servers were being deployed anymore, and everything became cloud first. Many MSPs we work with are now not just cloud first, but Microsoft first.
These waves of change are happening faster than ever. The next wave is here now, around AI readiness. It is about delivering AI or making sure you are ready for AI. I see it almost like a layered cake. You have to go through phases to be successful at delivering AI.
When I look at what we are trying to do as inforcer, our mission is to help MSPs succeed in this cloud-first journey on top of the Microsoft stack. Will showed that our mission is to drive standardisation on top of the Microsoft stack, because we believe that with Microsoft, delivering something more secure, AI-ready and scalable is within reach. We also see that complexity and solutions that do not work together can be counterproductive and open more doors to risk.
Matthé Smit
In the market, many people say they deliver Microsoft 365. To me, there are different types of MSPs: those that sell Microsoft 365, and those that are Microsoft-first modern MSPs. The key differences are how they think about management and security. The big one for me is identity. Identity controls everything. In a cloud-first world, every app is effectively a SaaS app, and Microsoft Entra, with conditional access, provides security capabilities that are extremely strong.
A Microsoft-first modern MSP also delivers a different device management experience. They use technologies like Windows Autopilot for automated device enrolment, allowing a laptop to be drop-shipped to an end user and automatically configured. They use the Microsoft Intune Company Portal, manage mobile devices with Microsoft Application Management policies for iPhone and Android, and manage Macs with Intune. Intune has evolved significantly in the last couple of years. It is very powerful, especially when combined with conditional access and Entra.
Microsoft-first MSPs are also moving more into Copilot and Purview data management. It is no longer only about endpoint management or identity management; it is also about data management. Copilot is one of the waves that is already here. Many SMBs are asking whether they can get Copilot and whether they are ready for it, and we see strong opportunities for MSPs.
Microsoft-first modern MSPs try to standardise as much as possible. It has always been an MSP dream to make customers as consistent as possible, so that scale and automation become achievable. One objective measurement is Secure Score, which is becoming more important. We increasingly see MSPs being asked to reach, for example, an 80% Secure Score. A lower Secure Score is objectively worse than a higher Secure Score, and other MSPs are going into SMBs, doing quick assessments and saying, 'You have a low score; we can make it better.'
The desired result is Microsoft as a true multi-tenant service, with high and rapidly improving Secure Scores, and ideally one engineer who can control the experience across all customers. That is based on products customers are already paying for but may not be fully using. That is where inforcer comes in.
Matthé Smit
When it comes to product, we partner closely with our customers. Our MSP partners drive what we do. We have an active Discord community and many customer events, and MSP feedback drives our roadmap. We are also focused on rapid iteration. We aim to deliver a new product version with new features every couple of weeks. We are just getting started. Although inforcer is already valuable, I believe it will be much more valuable a year from now because our mission is to help you manage the entire Microsoft stack: Intune, conditional access, Defender and more.
Looking at the near term, everything I am discussing is either coming next week or in the next couple of months. We are expanding our platform from alignment and automation into assessment, alignment, automation and administration.
Assessment is a new capability that will help demonstrate compliance with major frameworks and Copilot readiness. It will allow you to take any customer or prospect and check how that customer is doing and whether they are in a good state.
On the alignment side, the engine Will demonstrated is getting more policies every couple of weeks. Key upcoming areas include Purview, DLP, data loss prevention and information protection policies, along with more on the Intune side. We are also adding more customised baselines to make it easier to create packaged solutions, such as a basic Microsoft stack package and an advanced security offering with Purview and Defender capabilities.
On the automation side, there is more coming. We believe MSPs want to be proactive, but that is difficult in an environment that is not multi-tenant. We already have hooks into Microsoft tenants, and we will do more to keep you proactive and automated. We recently released our REST API because we believe in an open ecosystem with integrations, and you may want to build custom reports. This quarter, we are also working on integrations with popular PSA systems for alerting flows and more, including ConnectWise, Autotask and Halo.
On administration, we try to bring tenants into a more secure, better and more optimised state, but there is always work to fix or change things. The first step for us is more Entra management, with more expected around Intune, Defender and other areas.
Matthé Smit
Tenant assessment solves a different problem from alignment. Alignment can check whether a tenant has all the desired policies, but that does not necessarily tell you whether you or your customer are fully compliant with a desired framework such as CIS, NIST, Essential Eight or Cyber Essentials. It tells you whether the policies are there, but not always whether the outcome is really there.
It is also difficult to answer whether a customer is ready for Copilot. You have to look beyond policies, and when onboarding a new prospect, you need to understand how much work is needed to bring them to your standard. Prospects can have very different Microsoft stack configurations. For prospects, compliance and Copilot readiness, we have built a new engine called tenant assessment.
Copilot influences our roadmap because our mission is to help MSPs win more on top of Microsoft and sell more services. Copilot is what customers are asking for, but there are layers to the conversation: what problems are you solving; what is the value of Copilot; is the tenant secure; are devices and users configured properly; is data governance in place; is SharePoint configured properly; are you using information protection; and who should get Copilot first? It is still a licence you need to sell or buy, so you need to decide whether it should be deployed everywhere. All of that is part of how we think about assessment.
Matthé Smit
The tenant assessment engine is a way to quickly assess any tenant. You can have multiple assessments. I will start with a CIS assessment, but these can be fully customised so you can decide which checks matter to you. You can take any customer and run a quick assessment against that tenant. In this example, we are running 70 checks related to the CIS framework. The result shows 23 checks passed, 45 failed and two warnings. We present the information across products including SharePoint, Purview, Intune, Exchange and Entra.
The assessment goes deep. For example, for a check such as ensuring a managed device is required for authentication, you can drill in and see why it matters, the criticality and remediation steps. For a check such as ensuring multifactor authentication is enabled for all users, we analyse conditional access policies to determine whether it is enabled, whether the right policies exist and whether the right settings are enabled. In this case, the policies may be correct and applied to the right applications and users, but the check fails because the policy is not enabled.
You can remediate manually or deploy a policy. This makes it easy to run an assessment for a prospect without deploying any policies. You can export a brandable and customisable PDF that includes checks, licences and what needs to be done. This is one of the capabilities we are releasing very soon if testing goes well.
Matthé Smit
I also want to show the administration side of the product. When I drill into a tenant, I can see dashboards, the Entra ID dashboard, policies, and now users for Entra ID user management. We are also adding groups and much more. It allows me to click into a user, create users and manage them. For example, I can see a user's groups, assign new groups if I have permissions, and look at roles.
Because we are a policy management product, we can also show which conditional access policies apply to that user, which helps with troubleshooting and understanding policy impact. If a user has a problem, I can reset the password, revoke sessions, offboard the user, disable the user, convert their mailbox to a shared mailbox, assign mailbox delegates and remove licences.
There is a lot we are working on, and this is just around the corner. That covers what I wanted to share today. For the rest of the session, we can move into Q&A.
Will Connor
Perfect. Thanks, Matthé. There are quite a few questions, though some have been answered by what you just covered and by the earlier demo. I saw a few specifically for Lior, so while we have him, we will start there.
The first question is: when will Microsoft allow inforcer to delete Microsoft-managed conditional access policies that sometimes get pushed out?
Lior Bela
I answered that one in the chat. We have some things coming. September and October are exciting months, and we keep news close to our chest because Ignite is in November. The only thing I can say is that I am doing a session at Ignite about Intune.
Will Connor
Based on the AI point from Will and Lior, is there current work to enable data policies within the Power Platform to mark apps as business or non-business? Is that through inforcer? That sounds like one for Matthé.
Matthé Smit
I would say stay tuned for what we are doing there. I do not have anything to announce today, but it is on our radar.
Will Connor
A question for Lior: we standardise on Business Premium and fully compliant Windows devices. When is application management coming for BYOD Windows devices, and when will we be able to control Outlook, Edge, Word and similar apps through a MAM profile on a registered device?
Lior Bela
That is a good question. We do have MAM solutions for Android and Mac. For Windows, we will share more updates, but we definitely recommend looking at a secure browser approach. The approach we are taking right now is to have web app access as a MAM perspective. It still gives you full capabilities on the machine, but the policy and access are applied through a MAM policy for the web version.
Will Connor
The next question asks whether Microsoft is looking to connect the default OData feed in Intune to integrate more easily into products like inforcer instead of everything going through Graph.
Lior Bela
You are asking difficult questions and putting me in situations with topics I cannot fully talk about. What I can say is that we have a partnership and work closely with inforcer and our other ISV partner to make sure data integration exists and that there is access to datasets we want to surface through the inforcer experience. It depends on API capabilities and the tools, but we are definitely looking at it and investigating closely with Matthé's team to see what we can do and how we can enable more of those capabilities.
Will Connor
This one is for Matthé: are all those new features coming before year end, such as assessments and Purview?
Matthé Smit
Yes. Assessments are coming in September, user management is September, and Purview is probably early October.
Will Connor
Another one for Matthé: what level of privileges are needed to conduct an assessment, especially because you mentioned prospects?
Matthé Smit
Right now, there is one enterprise app. Although we only require read permissions for the assessment itself, we still use one enterprise app for inforcer, and it is the same for management and assessments.
That said, in Q4 we are planning what we call prospecting mode, which will make it easier to onboard prospects. We plan to let you send a link to prospects so they can onboard their own tenants. That means you do not have to ask for Global Administrator permissions. They can control the expiration and probably also the permissions they grant, making it much more customisable.
Will Connor
Will we integrate with SuperOps PSA as well?
Matthé Smit
I would have to check. We are already very open. We can send webhooks and emails to systems today. In our community, I have seen people sending Teams messages into dedicated channels and doing more chat-ops style workflows. Most PSA systems can receive webhooks or emails already. We are planning to go to the next level and do more there, but if you are using SuperOps, you should be able to get our alerts already.
Will Connor
Lior, earlier you talked about patching, and there was a good chat thread with recommendations for tools that do a great job there. There was a question about whether inforcer plans to bring app deployment along at some point. Matthé, I will start with you.
Matthé Smit
I do not have anything specific to announce today, but our mission is to make sure you can deliver everything you need within Intune. We believe there is a future where you can probably do all device management with Intune. There are a few things that need to happen. We see Intune used with other tools in combination right now, and part of that is third-party patch management. Our mission is to make sure you only need Microsoft.
Lior Bela
I will add that earlier this week we announced a partnership with partners helping move apps from on-premises Config Manager to Intune, and they offer some free solutions. You can look at my LinkedIn and Microsoft blogs around it. There are many great third-party patch management solutions.
I also want to call out that in Intune core, you have app management through the Microsoft Store and Company Portal. In addition, the Intune Suite includes enterprise app management capabilities with a fairly big list of apps that keeps improving. With Matthé's comments, I think we are aligned. We will have a comprehensive first-party solution improving through the Intune Suite.
Will Connor
Absolutely. It is inevitable, but it is also really important in a cloud-first world that MSPs have the ability not to use an RMM on every device. Devices and users are already in the cloud, so having a great place to manage all of that across multiple tenants within Intune is important, and hopefully we can help with that.
Lior Bela
Another comment: yesterday we also announced Windows 365 web apps or online app management, and Windows 365 Reserve. Windows 365 Reserve is like a backup for a physical device. In order for those apps to be available on Windows 365, you need to move them to Intune and manage them cloud natively.
Once apps are managed in the cloud, you unlock additional revenue and customer opportunities by providing virtual machines for scenarios such as consultants, frontline workers, travellers and bring-your-own-device users. You can give them access to their corporate environment through the Windows app on their phone. It is a bigger ecosystem. Once you make one move around apps, it unlocks more capabilities afterwards.
Will Connor
Someone asked whether the Intune for MSPs product is being built into inforcer or whether it will be a separate product. To clarify, Intune for MSPs is the initiative. inforcer is the product that allows you to manage Intune across multiple tenants for MSPs, rather than it being a separate product.
It is an initiative where we are working with Microsoft, specifically with the Intune team and the OS team, to help MSPs deliver more services and deliver device management and overall tenant security at scale across all customers from one place.
Will Connor
We have a question around Copilot adoption. The biggest barrier to Copilot adoption is customers with poor data hygiene and the risk of someone finding sensitive information, such as salary details. Can we get some kind of free or low-cost one-time hygiene assessment for SharePoint, ideally at migration time? Matthé, that is probably one for you.
Matthé Smit
When I look at the Copilot readiness report that is coming up very soon, it will look at several areas, including data hygiene. That includes whether the right things are enabled in SharePoint, because SharePoint permissions still drive or impact Copilot quite a bit. The next layer is enabling Purview, which we recommend as well.
Our first assessment will look at generic SharePoint settings, then go deeper into different sites and things like sharing. It will give you more information to determine whether you want to turn Copilot on or whether you want to do a data management project for that customer. We will not automatically fix all permissions issues, but we will flag them and help you explain them to your customer so you can potentially do a project beforehand.
Will Connor
Another Copilot readiness question: what are the main risks involved with simply getting a Copilot licence and assigning it to a user? Is there anything major that needs to be addressed before rolling it out?
Lior Bela
It depends. Copilot is a broad brand. We have Copilot for Microsoft 365, Copilot for coding and other areas. I assume the question is about Copilot for Microsoft 365. One of the most important things is document labelling: making sure you label documents as general access, private, confidential and so on.
Copilot can search and find documents connected to your account across SharePoint. That is incredibly useful, but it means you need data access hygiene. You do not want users to find documents they should not see, such as HR or finance documents.
At the same time, Copilot for Microsoft 365 is a closed ecosystem. One of its biggest differentiators compared with many other AI solutions is that the data stays within your tenant. The model does not train on it, and the information does not go outside the tenant. That gives you a strong security reason to move towards Copilot.
If you do not give people Copilot licences, they may go to other online AI solutions because AI is useful. If they start uploading company financial information or other sensitive information into free or low-cost AI tools to analyse data, create presentations or generate insights, you introduce the risk of data leaking into public AI domains that may train on that information. That is why Copilot is important.
Matthé Smit
I would add one more thing. I sense that many MSPs are worried about Copilot, but readiness is also about increasing the success of a Copilot project. You do not want customers simply getting Copilot and then concluding it is not valuable.
We want to help MSPs build the story around it: why it is valuable, what the business case is and what outcomes the customer wants to achieve. There are multiple levels of Copilot use. Some people use it for meeting transcription or drafting a Word document. The next level is agents, including basic agents and more advanced agents built with Copilot Studio.
We want to be there with MSPs for that journey. It is not just about stopping people from getting Copilot because their data is not ready. It is also about making sure you talk about outcomes, which is a very different conversation from security, but it helps you sell security.
Will Connor
Exactly. Thanks to everybody for joining the call today. We had a lot of people, which is great to see. Special thanks to Lior for your time. We really appreciate you speaking to so many of our partners and to other MSPs who are not using inforcer yet.
We are excited about this initiative and looking forward to working closely with Microsoft to help more MSPs deliver more services through Intune.
Lior Bela
Thank you all. Please ping me on LinkedIn if you have any feedback. I would love to hear directly from our customers. If anybody did not get their question answered, we will come back to you directly. Thanks, everybody.
Will Connor
Bye-bye.