Scoring the stack - Episode 1: What's the Score?
0:01
Hello everyone. Welcome to the defend,
0:03
govern, improve uh YouTube series that
0:05
we've got running here. Just to give you
0:07
guys a bit of background, this is an
0:08
eight-part um series that talks around
0:11
about around the Microsoft 365
0:14
environment, but focusing on the MSP
0:16
stack problem. Uh we've titled it
0:19
defend, govern, and improve because we
0:20
want to talk around the three pillars of
0:23
building out a really good secure
0:25
environment that works for managed
0:27
service providers that can be
0:28
implemented to customers. Um and I and
0:31
this whole series goes through every
0:33
element where you can leverage Microsoft
0:36
um but where it fits within the the
0:38
world of security governance and proving
0:40
that for regulatory businesses,
0:42
insurance providers and also just your
0:44
customers generally.
0:46
So give you guys a bit of background. My
0:48
name is Tim. I'm one of our 365
0:49
solutions architects. I've been with
0:52
Enforcer for nearly 6 months uh from
0:54
date of this publishment.
0:57
And my role here is to enable MSPs to be
1:02
the best they can and the most efficient
1:04
proactive business that delivers
1:07
security, compliance, governance, and
1:09
protection to their customers. My job is
1:12
to make sure you guys are as efficient
1:14
as you can be, but leveraging the tools
1:16
to be proactive, less reactive, and and
1:20
scalable. We want scalability and
1:22
reliability and efficiency when we talk
1:24
to our MSPs. We're a partner for the
1:27
MSPs we work with. And this is why we
1:29
focus on giving these kind of content,
1:31
web content series, and theor um
1:34
webinars, YouTube series to to our
1:36
customers. And this is one of those key
1:38
topics that I think really resonates
1:40
when we talk about building out a good
1:43
technology stack or tooling for MSPs to
1:46
deliver the best they can for their
1:47
customers. Prior to my role here, I was
1:51
an MSP. I was I've been at three or four
1:53
MSPs over the last 12 years focusing
1:56
around Microsoft 365, whether that's
1:58
Azure, modern workplace as solutions
2:00
architect, more recently for an MSP in
2:03
central London that really focused
2:05
around financial services. So really hot
2:07
on security, governance and compliance.
2:10
Um so I've leveraged all of Microsoft
2:12
plenty of third party tools. Um and then
2:15
and then kind of really focusing on
2:17
purview in recent years. So this series
2:21
is to talk about that that MSP or
2:24
unifying MSP stacks, making sure we're
2:26
leveraging the right tools for the
2:29
customers that we service and support.
2:31
And I truly do think that sits with
2:33
leveraging Microsoft and that's why
2:35
we're doing this series. So it's part of
2:37
the defend govern. This episode today is
2:40
focused on the MSP stack problem. I want
2:43
to talk about the tools that we're
2:44
currently using previously versus what
2:47
we're using now or what we could be
2:48
using now. And then moving forward,
2:51
we're going to be doing things around
2:52
managed email security, endpoint
2:54
security. Uh we have some live webinars
2:57
that will be talking around this
2:58
throughout the course of 2026 um and
3:01
beyond. We've got plenty to come. But in
3:03
the meantime, uh sit back. Hopefully
3:06
you'll find this quite useful. So
3:09
today's episode is around the MSP stack
3:11
problem. If you're an MSP, I would
3:14
always encourage you guys to start
3:15
counting how many portals you need to
3:17
log in before 10 10:00 a.m. The reality
3:20
is it's going to be far more than six.
3:23
And it is, you know, we've got our
3:25
documentation solution, RMM solution. We
3:28
need to be logging into 365. Perhaps by
3:31
10 a.m. If you're a service desk
3:32
engineer, you've logged into three or
3:34
four different Microsoft 365 portals to
3:37
service problems or fix issues,
3:38
particularly on a Monday morning with
3:40
password resets. It's a continuous
3:42
journey for ourselves. We are constantly
3:44
having to log into different portals,
3:46
cloud backup solutions, um, additional
3:49
platforms, antivirus platforms that are
3:51
third party, all of these things. I'd
3:54
even include all the portals within
3:55
Microsoft 365 in this in this solution
3:58
that I'm discussing here. We've built
4:00
the modern MSP stack to protect
4:02
everything. As as MSPs, we focused on
4:05
making sure when we support a customer,
4:08
they are secure on the endpoint. Their
4:10
emails are secure. We can remote monitor
4:13
and manage their environment, i.e. the
4:15
RMM. We're backing things up. We're
4:17
keeping things protected. Maybe it's a
4:19
sock. We're getting alerts in providing
4:21
a reactive solution and a service. Live
4:24
responses are are critical. The thing
4:27
is, we don't need more tools. that what
4:30
we actually need is better trust in a
4:32
single platform or or better trust in in
4:35
minimal platforms and it starts with
4:37
making sure the tools that we leverage
4:39
provide more of the products or
4:41
solutions and services that we need and
4:44
for me I'm obviously working at enforcer
4:46
the conversation here is around enforcer
4:48
at the end of the day that single
4:51
platform for me I do believe most of it
4:53
can be solved with enforcer so we can
4:55
discuss that bit later on throughout the
4:57
course of this series in
5:00
So let's talk let's talk about the stack
5:02
and how it's spiraling. So previously
5:05
and I have I have this on another slide.
5:08
We've used and we've leveraged multiple
5:10
tools over the last several 15 plus
5:13
years. We look at that stack of
5:15
solutions that we need. The constant
5:17
renewal cycles is a pain in the ass.
5:19
Portal overload. Let's be transparent.
5:22
It's fatigue for your engineers when we
5:24
have to start teaching them 10 different
5:26
portals, 10 different policies within
5:28
those portals, def 10 different roles,
5:31
configurations, sign multiple platforms
5:34
to say we accept the risks associated
5:36
with using yet another portal, patch
5:39
management, EDR, IM, email security,
5:42
backup, seam solutions, compliance
5:44
tools, you name it. There are so many
5:46
and it's a stack of solutions for MSPs
5:50
that's going to drive us mad. Our
5:51
finance team probably go crazy when we
5:54
talk about yet another license or
5:56
another license renewal. Another thing
5:58
we have to keep on. We're building a
6:00
skyscraper of complexity and we need to
6:04
consider particularly for this year and
6:06
moving forward with AI coming into the
6:08
forefront more cyber security risks. We
6:11
need to start a consolidation. The more
6:12
tools we have, yeah, it spreads the load
6:15
maybe in terms of risk of things going
6:17
down, but let's be transparent. most of
6:20
the this day and age we leveraging
6:22
Microsoft 365 across the globe millions
6:25
and millions of companies are using it
6:27
if if the product goes down it doesn't
6:29
matter if email doesn't work because at
6:32
the end of the day our our spam filter
6:35
is useless if it's external because our
6:37
emails are down unless we've got
6:39
redundancy with mailflow um and we can
6:42
send emails elsewhere most companies
6:43
solely rely on it so it doesn't matter
6:45
if we've got an external email solution
6:47
for fishing it's already integrated and
6:50
baked into Microsoft 365. Should we not
6:52
consider using this already? My
6:55
suggestion is probably we should. We
6:56
don't need to have another tool, another
6:58
login for ourselves to use when
7:00
Microsoft's already injected 20 billion
7:03
pounds into email or into security
7:05
within their environment. It's more than
7:07
most leading providers for EDR
7:10
solutions, security solutions out there.
7:13
We should be considering how do we
7:15
consolidate stacks of solutions into one
7:18
single tool. I think Microsoft is a big
7:20
driver for that.
7:23
What's the cost complexity?
7:25
I mean, when we look at what's been
7:27
happening over the last 5 years, we've
7:29
clearly had a 30 to 50% rise in the
7:32
costs of most of the products we're
7:34
using. That might seem like only 10 20
7:36
30p per end user, but we're then
7:39
offsetting that either by ourselves.
7:40
we're just absorbing that cost and
7:42
giving it to our third party vendors or
7:44
we're having to go to the customer and
7:45
say you need to pay let's say an extra
7:47
two pound per per user per month. We're
7:50
we're in a world where there's always
7:52
rising costs and it's going to continue
7:54
to rise. If we are duplicating costs
7:57
because we're paying for one license
7:58
that's perhaps already included in say
8:00
business premium we're using at the
8:01
moment with Microsoft. We're duplicating
8:03
value or duplicating costs that we're
8:06
then offboarding or or lending or
8:08
providing back to the customer or we're
8:10
absorbing ourselves. Should we be doing
8:12
that? I would be questioning that we
8:14
don't. And the reality is clients don't
8:17
care at what the how many tools we use
8:19
or the tools that we're using. The
8:21
reality is they only care about how safe
8:23
they can feel. and clearly and how
8:25
clearly you could prove it as an MSP.
8:28
And I will probably admit and I I will
8:31
put my hand up to this, some customers
8:32
don't even care how safe they feel. They
8:34
just want to know that it's handled by
8:36
someone else. But for us as MSPs, our
8:39
focus should be on security, compliance,
8:42
governance, and proving the value of
8:44
what we're delivering. And the one thing
8:46
we quite often forget is enforcing an
8:48
environment, i.e. the governance piece,
8:51
and and proving it. Like if a risk came
8:53
into play and we're talking to a
8:54
customer that doesn't care about how
8:56
safe they are, but they have just
8:57
assumed it's handled by you, you need to
9:00
be able to go back to them and prove to
9:01
them that you have implemented the best
9:03
policies you could based on the
9:05
conversations you've had. And it starts
9:07
with making sure that we are keeping
9:08
things safe, secure, and the real MSP
9:11
impacts are clear. We have rising costs.
9:14
We're having alert overload with
9:16
productivity down and fatigue up because
9:18
we're getting alerts from all over the
9:19
place from different portals. Fragmented
9:22
reporting, inconsistent client
9:24
visibility is a big factor when we talk
9:26
about customers that do care about their
9:28
environment, their technology. We need
9:30
to make sure that our reports are
9:32
consistent to the customer. They are
9:34
getting the right information. It's
9:35
coming from the right value. And lastly,
9:38
that single source, the audit prep,
9:40
multiple readiness is really required
9:43
nowadays. making sure that we are
9:45
providing a single source or a single
9:48
pane of glass with the right reports and
9:51
enforcer focuses around Microsoft 365
9:53
which is why I'm driving this focus on
9:55
unifying our MSP stack to to a product
9:58
that's freely available but you guys are
10:00
already leveraging Microsoft as a
10:02
multi-tenant solution currently we have
10:05
hundreds if not thousands of of tenants
10:07
that we support depending on the MSP on
10:09
this discussion and call at the moment
10:12
how do we make sure that we are leverage
10:14
ing the products we already have
10:15
available and then once we do how do we
10:18
measure and enforce those pro processes
10:21
i.e. the governance drift detection and
10:23
then more importantly proving it. We
10:25
need to be able to run reports and prove
10:27
that value to the customer and that
10:29
starts with looking at that single
10:32
source of truth and unifying the stack
10:34
that we currently have.
10:36
So I want to talk about the shift. I
10:39
think particularly the last five years
10:42
and I think particularly more critically
10:44
the next five years people are going to
10:47
start focusing on Microsoft being that
10:48
central pillar. It started as just a
10:51
single piece of the puzzle i.e. email
10:54
maybe some share filing for shareepoint
10:56
but a single piece for that complex
10:59
security
11:00
product. Whereas now Microsoft with
11:03
their $20 billion injection of security
11:06
improvements, we now have Entra ID, the
11:09
identity protection and governance
11:10
piece. We have Intune device compliance
11:13
and management. We've got the purview
11:15
piece that data governance, the data
11:17
loss prevention and auditing platform.
11:18
That's the area we're looking at for
11:20
reporting and ongoing governance of an
11:22
environment. We have I've put 365e5
11:26
licensing because I'm a lover of that
11:27
product or license, but I know that
11:29
we've got business premium, defender
11:31
suite for business, which covers more
11:33
than enough for our SMB customers. Um,
11:36
and then we've got the XDR suite that
11:38
that license uplift with defender suite
11:40
for business really covers that single
11:42
security plane that we discussed with
11:43
our customers.
11:45
This is really critical. Microsoft have
11:48
basically said, look, we know that you
11:50
guys are using different companies. is
11:52
we know that there are competitors out
11:54
there, but let us build you a single
11:56
unified platform for you to be able to
11:58
deliver the best practice for your
12:00
customers. This is targeted for
12:01
enterprise businesses. There's no doubt
12:03
about it. Um, and Microsoft are openly
12:05
admitting this with Intune for MSPs.
12:08
They're deliberately saying use Enforcer
12:11
to focus on a unified multi-tenant
12:13
management solution. So you can leverage
12:15
those enterprise platforms but from a
12:17
single source i.e. enforcer for MSPs
12:21
that means you can replace those six
12:23
vendors with one stack i.e. Microsoft
12:26
and then leverage those outcomes and
12:28
those deliveries with enforcer that
12:30
single pane of glass even Microsoft's
12:33
power doesn't solve the last piece of
12:35
the puzzle. So it doesn't solve
12:37
necessarily that proof and that's the
12:39
gap when we talk about defend govern and
12:41
improve. Microsoft are taking defense
12:43
they're giving us that configuration
12:45
piece the ability to configure and
12:47
manage those policies providing that
12:50
entry id in tune perview the fender
12:53
suite that encompass solution. They're
12:55
allowing us to govern it with the right
12:57
licensing. We've got data governance.
12:58
We've got governance in identity
13:00
protection with conditional access.
13:02
Governance isn't just about data.
13:05
is about making sure that what we
13:07
implement and configure is enforced
13:09
across the business and we can measure
13:10
that enforcement but we need to be able
13:12
to prove that value and that's really
13:15
where that gap sits and that's where I
13:17
think enforcer provides that gap and
13:20
this is why we talk about defend govern
13:22
and prove that compliance gap the
13:25
evidence that we need to be able to
13:26
prove that we are implementing these
13:28
things and we're providing the value for
13:30
the customer and I think the statement
13:32
we always get with at least one if not
13:34
several customers every year is what am
13:36
I getting for my money when I'm paying
13:38
you per user or per device per month?
13:41
And the reality is we give customers a
13:44
reactive report. This is how many
13:46
tickets we're providing you a support
13:48
resolution. But I really challenge an
13:50
MSP to look further past just a reactive
13:53
measure. We always talk about being
13:55
proactive. For the first time, I think
13:57
in years, we have the ability to
13:59
demonstrate governance and proof as a
14:02
proactive measure to customers. We don't
14:04
want to just do a single deployment,
14:07
make sure it's configured, a single
14:09
point configuration, and then foxtra
14:11
Oscar to the next project. We need to be
14:13
able to go to the to from professional
14:15
service one-time delivery to ongoing
14:18
managed governance delivery. Governance
14:20
as a service isn't just data governance.
14:23
It's making sure that the
14:24
implementations we've configured stick.
14:27
So when we have an exclusion, someone is
14:29
excluded from a policy or a policyy's
14:31
changed, we need to measure that change.
14:33
We need to identify what change was
14:35
made, the metric that's been made, why
14:37
it's been made, who made it, and should
14:39
it have been made. That's governance as
14:41
a service. That's ongoing protection.
14:43
That's ongoing security analysis. All of
14:46
that sits with the governance piece. And
14:48
fundamentally, we then need to prove it.
14:51
So with Enforcer, we can dive drift
14:53
detection. we can make sure that we are
14:55
keeping customers aligned continuously,
14:57
whether that's partial alignment or a
14:59
full alignment to our best practices in
15:01
MSP.
15:03
And I say this and I'll always say, I'll
15:04
probably even say it in the next episode
15:06
and the episode after that, an MSP
15:08
doesn't need to have a unique security
15:10
baseline. It needs to be secure. And
15:13
that's secure across the board. Every
15:15
single person that we talk to, anyone
15:17
that's reading this or listening to this
15:19
uh this YouTube series now, it's not
15:22
about being unique. Every customer is
15:24
going to have some unique policies, but
15:26
the foundations of a good governed and
15:28
well-defensed environment or defended
15:31
environment starts with the same
15:33
security measures. And there are lots of
15:36
people out there that provide
15:37
recommendations of security measures
15:38
they could put in place. But
15:40
fundamentally, it's all about being
15:41
secure. And then we have to govern that.
15:43
Governing
15:46
Enforcer to make sure drift detections
15:48
in place for those alerting single day
15:50
value, day one value. when we talk about
15:52
bringing on all our customers into a
15:54
single platform like Enforcer is can we
15:57
make sure that we are governing that
15:59
environment? Can we make sure that
16:00
changes made we're being alerted to it?
16:02
And if you haven't got them in a single
16:04
source like Enforcer, you're not going
16:05
to get that governance piece. The second
16:08
part is the evidence. So let's take away
16:11
the governance. How do we prove that
16:13
value? So that statement, what am I
16:15
getting for my money? Rings true for
16:17
most of our customers. How do we
16:19
demonstrate we are providing that
16:21
governance piece? How do we make sure
16:23
that we are proving that? And that
16:25
starts with reporting. Starts with drift
16:27
detection email alerts to say, "Hey,
16:29
look, we are being proactive. We've
16:30
received an alert to say Jeffrey is the
16:33
head of IT for your business has made a
16:34
change. We've previously agreed with you
16:36
we wouldn't make any changes to this, so
16:38
we've reverted it." Or perhaps it's an
16:40
auto remediation. It's autoreverted back
16:42
based on your alignment piece. It's that
16:44
multi-tenant blind spot. We need to see
16:47
a unified platform, a single pane of
16:50
glass to make sure our customers are on
16:52
track to being secure and readily
16:55
available. And proof doesn't sit with
16:56
just the customer. Proof sits with your
16:59
business owners, the CEOs that are
17:00
watching this, the ones that want to
17:02
make sure that the customers they're
17:04
supporting really are secure. That
17:06
multi-tenant blind spot is so important.
17:08
We need to make sure we can see our
17:10
customers and they're aligned to our
17:12
best practices, our security values. And
17:14
when I say owl, I mean your best
17:16
practices in security. Almost all of us
17:18
will have the same security measures.
17:20
They just could be named differently.
17:22
Different named policy, different
17:23
configuration, maybe something that
17:25
doesn't matter for one industry that
17:26
does for another. Um when we talk about
17:29
industries that we support, financial,
17:31
medical, pharmaceutical, and so on. And
17:34
the last thing is being able to provide
17:36
that evidence. So running those
17:38
alignment reports that you have within
17:40
Forscer, the ability to produce a report
17:42
that shows you you are aligned to our
17:44
best practice. We can measure that with
17:46
policy tagging to determine this policy
17:49
aderes to door configurations for
17:51
example. We can leverage those that
17:53
we've got configured and we can
17:54
demonstrate that with an alignment
17:56
report. It's prospecting. We're bringing
17:58
on a customer that's going to start that
18:00
three that three tier pillar with us.
18:02
Defense, governance, proof. We need to
18:04
be able to prove this is where you were
18:05
from day one and this is where you are
18:07
for day two and this is where you're
18:09
going to be at day 143. And the next
18:12
episode I'm going to be talking about
18:13
which is coming up shortly is fixing
18:16
that framework understanding those
18:17
steps.
18:19
So let's look at framework here. We've
18:22
spoken about that unified piece. I
18:23
probably spoken about these slides
18:25
already but the framework sits for us
18:29
around defense governance and proof. And
18:31
this is the triangle the pillar that we
18:33
talk about when we unify a solution and
18:35
we talk specifically around enforcer.
18:38
Microsoft covers the defense. Microsoft
18:41
is giving us the ability with a single
18:42
tool to understand defender entra. So
18:47
defender for office defender for
18:48
endpoint identity protection device
18:51
management. All of that's available in
18:53
that single source that defending piece.
18:56
Then we want to look at governance. And
18:58
that governance sits with data
18:59
governance, device governance ongoing.
19:02
But if we take data governance to start
19:04
with, that's purview. That's data loss
19:06
prevention. That's policies across your
19:08
estate. We need to be able to measure
19:10
and protect against that. So that
19:12
ongoing governance piece starts with
19:14
leveraging drift detection, utilizing a
19:17
single pane of glass and enforcer for
19:19
your alignment piece, making sure
19:20
they're governed correctly. We are using
19:23
Enforcer not just to provide the right
19:25
security deployments for policies and
19:27
your best practices, but we're governing
19:29
it by making sure they're aligned to our
19:31
best practice and we're receiving drift
19:32
detections for that proactive step to to
19:36
sort out remediations. And then finally,
19:38
on top of that pillar, the area that we
19:40
always forget, and this is really where
19:42
Enforcer gives day one value is that
19:45
proof. running those reports, looking at
19:48
those measurements, demonstrating the
19:50
value that we bring as a business, as an
19:52
MSP to our customers. All of that's
19:55
available with the proof that we're
19:56
looking for with Enforcer.
19:59
I think this is the new MSP model and
20:01
that's why we're doing this series. This
20:03
is why this eight-part series covers
20:05
this. We need to defend our co our
20:07
clients. We need to govern the
20:09
environments we're looking at. We need
20:10
that single single pane of glass for all
20:13
of our tenants, not just a handful. When
20:14
we on board customers, I often see 20,
20:18
30, 40 tenants being added of an estate
20:20
that maybe has a thousand. That's not a
20:22
single pane of glass. We might be
20:24
looking at using it just to make sure
20:26
it's we're comfortable with the tool,
20:27
but the reality is we're leveraging
20:29
tools like Enforcer for that day one
20:31
value, being able to govern the
20:33
environments we're seeing through that
20:35
value. And the last point of that is the
20:38
proof of the value. making sure that the
20:39
tools you're using, we can demonstrate
20:41
the value for our customers, demonstrate
20:43
the value for our business owners,
20:45
demonstrate the value for regulatory
20:46
businesses, uh the reg regulatory
20:49
bodies, auditors, all of that starts
20:52
with making sure we have the right
20:53
products, the right reports under that
20:55
single pillar and that's that triangle
20:58
for us. The pyramids that we're talking
21:00
about, Microsoft do this really well
21:01
with their own pyramids of solutions
21:03
they offer um and it covers it
21:05
perfectly. But for when we talk about
21:07
the the three pillars defend, govern and
21:09
prove all of that sits here. The ability
21:12
to leverage Microsoft utilize governance
21:15
through purview through enforcer and
21:17
prove that value leveraging enforcers
21:20
environment.
21:22
So moving forward, what's next? So I've
21:25
spoken to you and I hope this has been
21:27
really valuable seeing where we should
21:29
be going as MSPs and what we could look
21:31
at. But next episode I want to do is
21:34
about managed email security managed
21:36
stack that we're using, what we've used
21:38
previously versus what we can be
21:39
leveraging. Now this is going to be a
21:42
small demo. We're going to go through a
21:44
few slides. We'll go through what
21:46
Microsoft has to offer currently in the
21:48
security suite around email security and
21:51
then we might dip into some of the
21:53
enforcer product as well depending on
21:55
time. Hope this has been really useful.
21:57
Any questions at all? Again, reach out
22:00
to Enforcer, get some demos booked, look
22:02
at ourselves, see the platform, see what
22:05
we're trying to deliver through those
22:06
three pillars. Um, and let's get you
22:09
guys in a unified MSP moving forward.
22:11
Look out for episode two, three, four,
22:14
five, six, seven, and eight. Um, and
22:15
hopefully this is proving some value.
22:17
Thank you very much for your time,
