Graham Morrison, Microsoft 365 Team Lead at inforcer, is joined by Graham Stead from Growth Habits and Tom Lovell from Infinity Group to unpack how MSPs can build successful practices by standardizing on Microsoft.
Watch our on demand webinar to explore how to inform your MSP's strategy by understanding the needs of your SMB customers.
Graham Morrison
Good afternoon and welcome, everyone. I hope you are all doing well. Thank you very much for joining us today. I am joined by Graham Stead and Tom Lovell, and we will be presenting The Modern SMB.
We will cover why security is the non-negotiable foundation for every modern SMB, what SMBs really care about and how they are measured by stakeholders, and practical steps for aligning technology with business goals across compliance, cost control, customer success and innovation.
For introductions, we have two Grahams, which may make this slightly confusing, and Tom, which makes things slightly less confusing. A quick bit about me: I have been in the MSP space for around eight years, primarily in technical roles before moving over to inforcer. I was previously at a Microsoft-focused MSP in the south of the UK, where I left as Head of Technical Pre-Sales. That involved running engagements and helping people get value from Microsoft 365. At inforcer, I am now the Microsoft 365 lead, helping MSPs unlock the full potential of Microsoft 365 and Copilot. Over to you, Graham.
Graham Stead
Fantastic, thank you. We may need to make me GS and you Graham Morrison between us.
Hi everybody. I have spent my whole career in the MSP world across three MSPs. The first was one I founded as a technical founder, probably before MSP was even a term. It was very much in the break-fix IT world, and we grew and evolved that business into what we now know as an MSP. I exited that business in 2016, and from that point I was able to focus fully on sales and marketing rather than juggling all the different hats many MSP founders wear day to day.
Around a year ago, I left MSP World, and earlier this year I started Growth Habits. The focus is helping MSPs that are still founder-led in sales, or that have smaller emerging sales teams, to get their sales engine going.
Graham Morrison
Awesome. Thanks, Graham. Tom, over to you.
Tom Lovell
I work for Infinity Group and have been in the MSP space for about 15 years, pretty much all of that with Infinity Group. The organisation has grown from around 12 employees when I joined to just under 200 now.
I have done a bit of everything in that MSP as it grew, from field services through to technical pre-sales and consulting, and now acting as a virtual CTO for our clients. Before that, I spent five years in a large corporate of around 10,000 employees, working through the IT service desk and cutting my teeth in the early part of my IT career.
Graham Morrison
Awesome. We are very MSP-focused today, so let’s get into it.
The market is evolving. Hopefully, the slide in front of you reflects how you have seen the MSP market evolve over the last 20 years. It highlights how quickly the market has had to adapt, particularly since 2015. Around 2020, remote working really highlighted the need for the modern workplace, with Microsoft entering the modern workplace conversation and increasing demand for SKUs like Business Premium.
Off the back of that, we saw MSSPs forming as concerns around taking data home and working from home securely increased. There was also a shift away from relying only on perimeter security, or at least a greater focus on identity security and the ability to monetise it through managed security services.
Now, in 2025, we are branching into two different areas. It is either messy or exciting, depending on your point of view. AI is in the mix, managed intelligence providers are emerging, and customers increasingly expect compliance and consultancy services. This means moving away from the traditional IT support role and reinforcing that partnership methodology. It is more important than ever to differentiate in a crowded and commoditised market, which means constantly evolving and looking at new solutions.
We can thank Microsoft for a lot of this change. Microsoft has been embedded in everyone’s ecosystem for a long time. People have been buying boxed copies of Microsoft Office forever, and they have stuck with it because they like the product. But it is not only Office anymore. It is a security platform and a productivity platform.
Graham Stead
Could I add a point there? It gives some context to a couple of my slides later.
If we go back to the first part of your slide, when we were in IT support and break-fix, and then transitioned into the MSP model as we know it now, what we effectively did was take a support revenue stream that was up and down depending on how much support clients needed and move it into a recurring model. That recurring model is what MSPs are after.
But our project revenue streams are still often lumpy because they depend on how much project work we do. One thing MSPs need to think about as we move forward from 2025 is how to move that project revenue stream into a recurring project revenue stream. I will leave that thought with people, and we will pick it up later.
Graham Morrison
I think all three of us will be hammering that home today, so it is good to see we are aligned.
This is an opportunity for me to tell a story about what I saw in the MSP space. Having come from one, hopefully my perspective on working with SMBs will be useful. I joined the MSP market just before the MSSP era as a technical consultant. I was technically focused and boots on the ground. Then I moved into technical pre-sales and thought I knew it all, before realising that SMB owners and leaders were not as excited as I was about plumbing in new technologies, such as Intune projects.
That was the inflection point: what do SMBs actually want and need? What gets them excited enough to move to the next project or managed service?
I believe they want three things. First, secure infrastructure. Everyone wants to be secure, but SMBs typically do not care about specific tools like Microsoft, SentinelOne or other security products. It is about trust. They come to you because they trust you to make them secure and look after them.
Second, they want low costs. There is not always hard data behind this; it is often a feeling. They need to feel that the amount they spend on IT is the right amount and that they are getting good value.
Third, and most importantly, they want IT that helps generate revenue. Endpoint management and wireless infrastructure were exciting to me technically, but business leaders did not see those projects as helping them make money. They saw them as a cost. So the question is how we translate those technologies into real business value and get customers engaged.
I want to go through each of these three sections: the foundations, how we get the managed service right, how we make costs sensible and palatable for customers, and finally how we use technology to generate revenue.
Graham Morrison
Let’s start with secure infrastructure. This is a Microsoft-titled webinar, so of course Microsoft is underneath it. Your customers are not interested in your security stack. It is a trust piece. But everyone needs to sleep at night, so how do you secure customers in a way that gives everyone confidence?
When was the last time you evaluated your tech stack? Graham and Tom, how often did you evaluate your tech stack in the MSP world?
Graham Stead
Not very often. Changing suppliers is not easy. You do not keep switching from one to another because you create a whole load of back-end work for yourself. In the past, we were a Sophos Gold partner and put everything in with them. It was a good product at the time, but we would not have simply picked everything up and moved somewhere else.
Graham Morrison
That is what we are seeing in MSP. Speaking to people about Microsoft 365 all the time, we see tools stacking up that MSPs have had for years. They have built trust with vendors, they perceive that they make money on those tools, and they work well enough. But tool fatigue is real. Many MSPs have a lot of tools across the organisation, and it is sensible to consider consolidation.
The Microsoft stack is a compelling offer. Within Microsoft 365 Business Premium, arguably there is everything you need for a modern SMB, including the productivity suite. Tools such as inforcer make this more viable for MSPs because the historical blocker has often been manageability. The underlying Microsoft stack is fantastic.
You are not just adopting an EDR. You also get identity protection and endpoint protection, and it becomes an XDR because signals are shared between tools. If you have disparate tools, they often cannot talk to one another unless another third party is introduced, which means yet another tool. In this case, keeping everything in one basket can be sensible because you are in safe hands with Microsoft.
A large number of businesses already use Microsoft 365, which shows the level of trust in the platform. People like the tools, they have been using Microsoft Office for years, and they are fully embedded in that platform. These are enterprise-created tools, and Microsoft has given SMBs a sensible entry point with Microsoft 365 Business Premium.
Microsoft is also investing heavily in security, both through AI and through real people working on its security stack. Every vendor will talk about how many security signals they process, but Microsoft has significant visibility across multiple platforms, which helps it understand zero-day threats and act on them quickly. That is a compelling offer to help MSPs sleep at night.
Graham Morrison
It would not be a webinar if I did not show a Gartner quadrant. The point here is how quickly Microsoft is moving. Looking back to 2018 and then looking at where Microsoft has moved to now, it is much closer to the top right.
Tom, Secure Score is an important metric. How often do you use it internally at Infinity Group, and how does it resonate with customers?
Tom Lovell
It is something I was going to talk about later, but it drives the core of how we measure ourselves in terms of what we deliver to customers. It is certainly the first thing we look at when we visit a new customer: where are they on the journey?
Secure Score is benchmarked against industry standards. It pulls back to CIS controls and ISO 27001, and it tells you what you need to do. From an SMB perspective, it is a helpful metric because it simplifies the conversation: you are a certain percentage secure. There are nuances, and some of it needs explanation for technical accuracy, but generally, a high Secure Score is a good thing.
Having something that can be simplified for an SMB is not only a great selling tool; it can also help win business. You can show that the customer is currently at one level and that your standard security service can get them to a higher level. Everyone using Microsoft 365 has that score available.
Graham Morrison
Not only is it a selling tool, but it can also help with conversations around cyber insurance.
Graham Stead
One of the key things for me with Secure Score is that it is not just a measure of what you have done to secure the environment. It is also a measure of how well you maintain that environment over time. It is sensitive to things you do not do. If you secure your devices but later have a stack of devices that have not been turned on for months, that will hurt your Secure Score. It points to your maintenance regimes.
Graham Morrison
Exactly. Just as we commit to maintaining and patching servers over time, we should be committing to maintaining, updating and improving Microsoft 365 tenants. Microsoft is adding useful features that need to be kept on top of, and that becomes a differentiator in a crowded market. Other vendors do not necessarily give you that holistic Secure Score across identity, devices and other security functions.
I would assume many people on this webinar lean heavily on the Microsoft 365 Business Premium stack. Even if you have third-party tools, it often makes financial sense, even if you are only using Intune or Entra ID P1, to take the whole Business Premium stack. Many customers are not aware how much is included, and they may become aware because they are paying for it.
It is not only the productivity suite. It includes Intune for device management, Entra ID P1 for identity, conditional access, Microsoft Defender for Business for endpoint protection, and Microsoft Defender for Office 365. There is a lot of value in the licence.
Graham Morrison
This is something we talk about on the inforcer website, and I think it resonates with MSPs: the Microsoft 365 tenant is the new server. Just as Active Directory servers hosted identities and devices, the Microsoft 365 tenant now does that too. You should treat it with as much respect and attention as you did with Windows Server updates.
Many MSPs still think in terms of protecting the perimeter. That remains important because many people still have networks and servers to look after. But in addition to, or sometimes instead of, that perimeter, you now have an identity attack surface. The user identity holds the keys to a lot of information in the organisation. It is attached to SaaS accounts, guest accounts, BYOD, single sign-on and third-party services. If people can sign in to Outlook or Teams using Entra ID, that identity must be protected.
Traditional tasks such as Windows updates can be likened to configuration updates and maintenance in Microsoft 365. We back up Microsoft 365 data, and we should also back up the configuration. This highlights the importance of looking after identities and treating the tenant with respect. It also highlights the need for a tool like inforcer.
Why manage it? There have been many major and meaningful updates for MSPs across Microsoft 365. You need to stay on top of them, maintain tenants, remove stale devices and users, keep Secure Scores high and make sure Microsoft 365 tenants are up to date.
Graham Morrison
What does this look like from a foundational perspective for an MSP? Today, you may buy third-party tools and align them to service offerings. For example, SentinelOne might be sold as endpoint protection. In a Microsoft 365 security practice, sign-in protection can be delivered with Entra ID P1, Defender for Office 365 can displace other email security tools, and Defender for Business can deliver endpoint protection. All of this is baked into Microsoft 365 Business Premium, and your service offering can align to those products.
Many MSPs like to define a baseline level of protection, where everyone gets a required minimum level, and then offer higher tiers for customers that need more. Microsoft has that available through Business Premium, plus the Defender suite and the compliance suite. If Business Premium is not enough, or if a customer is larger or in a regulated industry, you can bring in higher-level licensing at a reasonable cost. Tom, do you see that happening a lot?
Tom Lovell
We see it in more mature businesses. There is a line you have to step over in terms of leadership maturity before you get there. Certain industries have a valid requirement for Defender for Cloud Apps, particularly with the rise of shadow AI, and Defender for Endpoint P2 where customers are sensitive to vulnerability management.
Graham Morrison
There is the technical reason to do this, but it also shows that Microsoft has flexibility in licensing SKUs aimed directly at SMBs. It is not only Defender; it is also Purview. For MSPs going down the Copilot, AI and compliance journey, you can supplement what is already in Business Premium and add E5-level features at a reasonable cost. With Business Premium, the Purview suite and the Defender suite, customers can reach an E5 level of security without the full E5 cost.
Graham Morrison
Hopefully I have convinced everyone that consolidating on the Microsoft 365 stack is a strong option from a security perspective. Now let’s move to the low-cost piece.
The idea is to make customers feel they are getting great value. Customers are already paying for Microsoft 365. As MSPs, we love ROI and want our tools to work hard. Customers want the same return on investment.
In technical pre-sales, this was what made people listen. You could speak to someone who had Microsoft 365 Business Premium but also a host of other tools they were paying for separately. The compelling conversation was: we can help you consolidate onto the Microsoft 365 tools you already pay for, potentially reducing or removing the cost of those third-party tools and bringing the work into a managed service.
You can also reduce the barrier to foundational requirements. For customers who have not yet adopted Business Premium, one barrier may be the consultancy uplift required to configure new features. You can pre-package baseline deployments so everyone gets a baseline level of protection when they move to that suite. That reduces the barrier to entry and makes customers more likely to adopt it. The more customers are on the same licensing, the more return on investment the MSP can get through a bring-your-own-licence model. inforcer can help pre-package those tools and deploy them.
Graham Morrison
Another way to reduce the barrier to entry is to get customers onto the same level of technology. If you offer a per-user, per-month, all-you-can-eat service with fair usage, standardisation is critical. Customers with very old technology can be time-consuming and difficult to support. If you can reduce the barrier to entry through pre-packaged Microsoft 365 deployments and get customers onto the right licensing, you can save money for your business and for the customer, while improving perceived value.
We have now covered the foundations: standardising on Microsoft 365, improving return on investment by consolidating tools, and bringing customers to a good level of security and technical supportability. The next piece is revenue growth.
This was the part I was missing when I moved into technical pre-sales. How do you get customers excited about managed services and project work that is not endpoint protection or device enrolment? Business leaders want to understand that what they buy will help them generate more money or improve efficiency.
Graham Morrison
The modern MSP needs to focus on business outcomes. What is the business trying to achieve, and how can the technology provider help them get there? That means focusing on customer success instead of maintenance. Maintenance is a given.
We are moving away from servers, although real life still exists and many customers still have servers. But the direction is largely SaaS, zero trust, identity-centric security, automation wherever possible, and Microsoft 365 Modern Workplace as the foundation.
What does this look like in real life? One example was a charity in Sussex whose goal was to become net zero by 2030. The question was: how can technology help them meet that goal? Remote working was an obvious answer, enabled through Intune, Autopilot and Teams Premium. They did not need to know it was an Intune, Autopilot or Teams Premium project. They were buying a remote working project linked to the goal of net zero by 2030, with a measurable outcome, powered by Microsoft 365 and delivered by the MSP.
Another example was a call centre that wanted to reduce operating costs. Two major cost issues were a large UK office and hiring people in the UK who needed to speak foreign languages. They could improve operating hours and hire in-country for lower salaries, enabled through technology. What they needed technically was an Intune, Autopilot and Defender project. But they were not buying that as technology; they were buying an outcome with measurable ROI. That was a conversation that resonated with SMB leaders.
Graham Morrison
In practice, this became strategic roadmaps. We engaged with organisations to understand their business goals rather than going cap in hand asking for project revenue. We had conversations with business owners and leadership to understand what they were trying to achieve. Most businesses have at least an idea of where they want to be in two or three years.
Understanding those goals allows you to create a roadmap aligned to what they want to achieve. A nice part of this is the clear ROI. If the goal is to reduce operating costs, they often know how much they want to reduce them by, even if only as a percentage. You can then say, for example, that the project costs a certain amount but saves more than that. The drivers come from the business, so it feels like they are coming to you rather than you asking for project revenue.
The structure was roadmap as a service or virtual CTO. Based on the roadmap, you create a high-level scope of works. If the customer needs Intune, Autopilot, Copilot and efficiency improvements, and you estimate 120 days of work over 24 months, the customer can commit to five days per month.
For an MSP, that moves projects into a managed service agreement. The revenue becomes committed and contracted as monthly or annual recurring revenue. It also helps with load planning, because it is difficult to find talent that can deliver these projects. You know which skills you will need and when you will need them.
So the structure is: build the security service foundation, make costs sensible by consolidating licensing and tools, and then offer roadmap as a service, turning project services into a managed service aligned to measurable ROI.
Graham Morrison
Graham, over to you.
Graham Stead
Thanks, Graham. That was a really interesting introduction and flow, showing how the industry has changed and how customer requirements are changing. I want to take a few slides from a sales and marketing perspective: how we package these services, how customers buy them from us, and why they buy from us rather than competitor MSPs.
There has been a lot of talk about business outcomes, and if you have been to MSP or vendor events over the last few years, business outcomes have been high on the agenda. Part of this is about really understanding how we immerse ourselves in our customers’ world.
It is easy, when we are in the technical world and MSP community, to be shaped and influenced by what we see in our world. So it is important to step into the customer’s shoes and ask what would make them say yes to our services. The challenge I see with MSPs is that many say, ‘Come and work with us; we will keep you secure. We have great toolsets and great teams.’ But increasingly, that is a familiar story.
For me, it is about stepping into the customer’s shoes and looking at the results that matter to them: revenue, gross profit, happy teams, winning new customers and other typical measures. We need to tell the story in our packaging and messaging about how we help them achieve their business outcomes and objectives.
We also need to think about the individual decision-maker: their personal reasons for choosing us and their accountability to their stakeholders, whether that is the board, investors or customers. How do they judge and demonstrate what they are doing? Understanding that helps us differentiate in a crowded market.
Graham Stead
How do we do that? We have touched on Secure Score and Productivity Score. We need to differentiate ourselves. A question I often ask MSPs is: when you ask customers how they will determine the success or impact of your MSP services on their business, what do they tell you?
It is surprising how many MSPs have not asked that question directly. If we rely on Secure Score alone, and many MSPs are already using Secure Score and talking about it, then by default we are not differentiating ourselves. We need to go further.
For example, if an MSP works with architects, what matters to them? Net fee income per employee, bid win rate, design cycle time, project throughput and billable utilisation are all examples. The point is to understand the benchmarks and KPIs that are important to the customer, because those are the measures their boards and stakeholders use to judge business outcomes.
We do not want to talk superficially about business outcomes, such as reducing risk, improving security or increasing productivity. We want to understand how those outcomes are measured by the business and the decision-makers, then bring that through into our proposition.
Graham Stead
The powerful part is how MSPs make themselves accountable to those outcomes. If we tell a customer we will make them more secure, use Secure Score and other metrics, maintain a certain level, and help with compliance standards such as Cyber Essentials or ISO, how do we hold ourselves accountable?
That accountability adds real impact. It is almost skin in the game. If you were an employed CTO, you would have responsibility to stakeholders and the board. If you failed to maintain the required compliance, measures or metrics, your role would ultimately be at risk.
It is about mindset: understanding the true business outcomes, understanding how customers measure them at a business and contact level, and holding yourself accountable. That level of accountability can become a strong differentiator in the market.
As an example from my own work: I am a fractional sales coach and fractional sales leader. If I say to MSP clients, ‘I will help you grow sales,’ that is a superficial outcome. Instead, we align to metrics, set growth targets and make sure a percentage of our fee is aligned to those targets. If we fail, we do not charge the fee in the same way. If we over-succeed, there can be a bonus. There is financial skin in the game.
There is opportunity in the MSP world to look at doing something similar.
Graham Stead
The final area is the buyer journey. Once your services are packaged and differentiated, how do buyers buy from you? I saw a stat recently that the typical MSP buyer has shifted, and more buyers are now in the Gen Z age group. They were born with technology, buy differently and expect to go online and get information about your MSP without having to speak to a salesperson.
That means thinking carefully about the buyer journey. When interacting with customers or prospects, lead with business discovery questions. Tools such as ScoreApp, which is used in the MSP community, can help customers through that journey. They help ask questions that align the right service to business outcomes and educate the buyer along the way, without necessarily needing a sales conversation straight away.
Pricing on the website is also important. Many MSPs still do not put pricing on their website. In consumer buying behaviour, if I am looking to buy something online and cannot get the information I want, such as pricing, delivery method or speed, I move to the next website that gives me that information. MSPs need to think about that journey too.
It is also important, especially in security plans and packaging, to be clear about what lower-level plans do not include. Customers may assume that because you are their support company, security is included. If they choose a lower-level plan, you need to make clear what is not included to avoid confusion or awkward conversations later. HubSpot does this well: it shows locked features in the interface so users know the functionality exists but is not included in their plan.
Graham Stead
Thinking about the future of the MSP, we want to move project revenue into managed recurring revenue. Traditional MSP support is often the ‘keep the lights on’ plan, and in many markets that sits around a certain per-user level. Security capability increases the value because it reduces risk.
Where we need to move now, with Copilot, AI, automation and productivity tools, is towards deeper niche focus. Not superficial niche focus, but a real understanding of workflows and how cash is generated in the customer’s business.
For example, in recruitment it is not enough to say you understand a common CRM. You need to understand workflows, how the business services customers and how value is created. The virtual CTO role does this by understanding the business deeply and aligning technology to business outcomes.
If MSPs can move there, they can push towards higher per-user, per-month pricing. More importantly, it moves project revenue into a recurring revenue stream, which stabilises the MSP, helps with resourcing and reduces peaks and troughs. From the customer’s perspective, they are not faced with a large one-off project fee. They see a lower ongoing fee that is easier to sign off, so it becomes a win-win.
The key takeaways are to think clearly about differentiation, tie deeply into customer business outcomes and measures, and introduce accountability or skin in the game wherever possible. Then, think about niche focus and how to have a real impact through automation, AI and productivity.
Graham Morrison
Thanks, Graham. That was really interesting. The buying habits piece was particularly interesting, especially how Gen Z is changing the way people buy products and services.
Tom, over to you to tell us how this works in real life.
Tom Lovell
Thanks. I am here as a guest speaker from an organisation that has tried, and I believe succeeded relatively well, in doing what we have been discussing.
Some background on us: we began as a traditional MSP. Alongside that, we have a mature Modern Work consultancy practice and an organically grown Dynamics practice. Yesterday, we were announced as Microsoft Business Central Partner of the Year award winners, so we are riding a wave of happiness at the moment.
That consultative approach has evolved from break-fix and reactive support. Because of our broad skills across the Microsoft stack, we have become very Microsoft pure play across infrastructure, Modern Work, business applications and more. In many cases, we are not just providing desktop, infrastructure and network support. We are providing CRM, finance and ERP solutions across a common platform.
Because user identities are spread across all of those solutions, we needed repeatable, initially pre-canned consultative pieces of work, particularly after the launch of Business Premium. These helped us standardise our client base. Our support desk cannot log into many tenants that are all configured differently and chase problems through them. They need consistency.
That created an opportunity to standardise, reduce pressure on the service desk, improve client security and productivity, and remove the spread of third-party tools we had previously used to deliver security. When Microsoft wrapped Defender for Business into Business Premium, it became a complete all-in solution.
Tom Lovell
We set ourselves the initial objective of creating reusable professional services deployments, but it made more sense to set a wider objective: maximise utilisation and value within the Business Premium licence and keep that evergreen.
The Microsoft stack evolves all the time. You cannot set and forget. You cannot do a piece of professional services work once and then say the environment is secure, because it will not remain that way. We wanted to maintain an organisation’s Secure Score between 70 and 80%, get it there and hold it there over time. The only way to do that is to evolve what we do as part of a managed service.
Most of the clients we work with are either cloud-only already or transitioning to the cloud model. In the old world, we hardened domain controllers and delivered server updates on a regular schedule. Now, the tenant has replaced that. It is the source of identity protection, group management and device management. If we ignore the security of the tenant, it is like ignoring the security of a domain controller. The tooling and landscape are evolving much faster in the cloud than they ever did in the server environment. If we do not look after that, our service desk will be blamed for not keeping pace.
Tom Lovell
Designing a one-size-fits-nearly-all solution within Microsoft 365 is not particularly difficult. You define the level every customer must be brought up to, and then you can bolt additional things around it. Security is never done, but if everyone is brought to the same baseline, you alleviate a lot of typical worries.
Designing it is easy. Deploying and maintaining it at scale is much harder, or at least it was. We had hoped Microsoft 365 Lighthouse would deliver that solution. We also tried tools such as Microsoft 365 Desired State Configuration. Eventually, we deployed solutions using homegrown scripts and JSON templates pulled from a source tenant into target tenants. That got us off the ground, but it did not fix the ongoing management challenge.
In 2023, we crossed paths with inforcer and found the solution to that ongoing management problem. You cannot convert a professional services offer into a managed service until you have something you can promise to the customer, something you can hold yourself accountable for. You also cannot convert professional services into recurring revenue without that.
Using inforcer, we still need the knowledge and ability to keep up with Microsoft technology, update our baselines and understand what is changing. But we can push changes at scale to clients and keep them up to date with the latest security changes. There are still operational tasks such as stale users, stale devices and organisational changes, but the technology can be kept up to date at scale.
Tom Lovell
The result is that we have maximised value within the Business Premium licence, and where necessary extended that into E5. We have reduced the number of tools in the ecosystem and centralised around products that share signals with each other, giving better visibility and management capability.
This helps us maintain alignment to cybersecurity standards such as Cyber Essentials. When clients reach renewals, we can go through them with minimal manual intervention because we have been keeping them at the right level throughout the year. We can deliver a significant amount of the technical controls required by a standard like Cyber Essentials through the Microsoft stack.
Through tools like inforcer, we can see at a glance where a tenant is on its journey. We know if someone has made a change that causes the tenant to slip, or if stale information is creeping in and needs clearing out. Overall, Microsoft tooling combined with inforcer lets us do more with less, and we have taken what was a disparate toolset and professional services deployment and converted it into recurring revenue.
Graham Morrison
That is awesome. It is great to hear it working in practice. Graham and I are finding it validating that we are barking up the right tree.
Tom Lovell
The interesting thing was that when we first crossed paths with inforcer, it felt like someone knew we had this problem. We had a problem and thought nobody had solved it. Then suddenly there was a solution, and it was confirmation that we were going down the right track because people were designing solutions for the problems we were running into.
Graham Morrison
The team must have had their crystal ball out and looked into your mind. Thanks very much for that, Tom. We are coming to the end of time now, so I will move to questions. I cannot see anything in the Q&A, and I have given people a polite prod in chat. Graham, do you have any closing thoughts before we finish?
Graham Stead
I would pick up on Tom’s experience at Infinity. I suspect the dynamic of the relationship between Infinity and its clients has changed and will continue to change through that journey.
A big challenge in the MSP world is that many SMBs, even as recently as 10 years ago, outsourced to an MSP for support. It was about keeping the lights on because that is where the infrastructure was. If they are considering their options, that may still be their mindset because they do not know what they do not know.
We have a responsibility in the MSP community to help re-educate customers about what we now do.
Tom Lovell
That is certainly true. The greatest challenge we have had throughout is explaining to people why they need to care. In the past, especially in the SMB space, customers might say, ‘You sell us Sophos or Bitdefender, so you do our security, don’t you?’ And the answer is, not exactly. We sell you an antivirus tool. We do not necessarily do all of your security.
If it is not written into the contract that we are responsible for that, then we are on a best-efforts or reactive model. It is down to the customer and their users not to create a security incident, and you cannot leave it at that level of trust or assumption. It has to be clear that the business signs the Microsoft Customer Agreement, and it is a shared responsibility model. We can help, but the customer carries the risk. So why not let us take some of that off you and solve the problem for you?
Graham Stead
Exactly.
Graham Morrison
Brilliant. There is no Q&A, so we must have done a fantastic job of being clear with what we wanted to get across. Graham and Tom, thanks so much for joining us today, and thank you to everyone in the audience for spending time with us. I hope you found it useful, and we will speak to you all soon. Thanks very much, everyone.
Graham Stead
Thanks, everybody.
Tom Lovell
Cheers. Thanks for the invite. Goodbye.