July 6, 2022
|
10
min read
Josh Wittman
Josh Wittman, co-founder of Simeon Cloud, excels in Microsoft 365 through governance, security, and automation. An expert in SaaS, DevOps, and cybersecurity, he innovates in the digital workplace.
Microsoft 365 Multi-Tenant Management for MSPs: Why You Should Have a Baseline Configuration

Over a million businesses across the world use Microsoft 365 in 2022. 879,851 of them are from the United States. Jumping into the Microsoft 365 space is an alluring proposition for any MSP, especially if you’re using it as an entry point to get people to invest in your other services.

But, being an MSP specializing in Microsoft 365 is not without its challenges. Microsoft doesn’t play very well with most MSP toolkits. It also makes configuration management a huge pain with no automation tools and a serious lack of resources for those getting started with the platform.

But what if there was a solution that could fix that? Imagine being able to offer the entire suite of services provided by Microsoft 365 to your clients as an MSP, without having to jump through hoops to configure it.

In this article, we’re going to talk about how you can easily create and deploy a Microsoft 365 best practices baseline for all your clients as an MSP, with robust lifecycle management, drift detection, backup and restore, as well as complete regulatory compliance. Interested? Keep reading!

This article covers:

Microsoft 365 Configuration Management: A Challenge for MSPs

With hundreds of screens and thousands of properties to choose from, Microsoft 365 does not make configuring and administrating its products easy for MSPs. 

As a managed service provider, it’s your job to make sure that your clients have no trouble using Microsoft 365’s productivity, collaboration, and identity management platforms. That means giving them access to a host of resources as well as handling the day-to-day management of their Microsoft ecosystems. 

Traditionally, MSPs have used toolkits to configure and administrate the software they specialize in. However, Microsoft 365 doesn’t play well with third-party toolkits and is severely limited in the automated solutions it offers for built-in configuration management. 

So, when you’ve got multiple tenants set across different clients, each running on Microsoft 365, you have no choice but to hire administrators to point and click through thousands of individual settings each time you onboard a new customer with Microsoft 365.

If there’s an error in the configuration, as there’s bound to be with this many properties to configure manually, you may run into serious issues in security and compliance. If your client gets hacked or suffers from a data leak, then that’s all on you.

But that’s not all. Systems like these require constant updates and maintenance to function properly. If there was an update from Microsoft that required you to adjust a setting, for example, you’d have to do it manually for every single client you’ve ever had. 

Let’s face it. Standardizing configuration management for Microsoft 365 is a total pain. There are a few solutions that might help automate certain tasks, but none of them are comprehensive enough to work at scale.

The Problem With Existing Solutions and Toolkits

Right now, these are the best solutions for managing and configuring Microsoft 365 as an MSP:

  • Build an “MSP toolkit” with various tools from different vendors
  • Hire account administrators to make changes manually
  • Patch together built-in solutions like PowerShell and Microsoft Lighthouse

MSP Toolkits: Traditionally, MSPs have been getting by with using multiple solutions to automate different parts of their workflows. There are tools to help you with password management, device encryption, remote administration, system backups, and more.

But the problem with using multiple tools is that the cost can add up very quickly. When you’re paying more than $500,000 a year for Microsoft 365, it doesn’t really make sense to be paying another $500,000 for third-party tools like Okta and N-Cental.

Then, of course, there’s the fact that none of these tools work really well with each other and with Microsoft 365. Microsoft isn’t invested in making third-party integrations a big part of their value prop, so it’s no wonder that they don’t go well together.

Account Administrators: Instead of software automation, you could hire engineers to manage client accounts and manually implement changes to their configuration. But not only is this process inefficient, expensive, and prone to human error, it’ll also take up time your employees could’ve spent in doing something more useful. 

Simeon Cloud time saving illustration

According to Glassdoor, the average base salary for a managed services administrator in the US is $56,754. But the truth about Microsoft 365 configurations is that at least 90% of the recommended settings are the same across most client accounts. You’d be wasting precious resources in tasks that could have easily been managed centrally and automated with the right software.

Built-in Solutions: Some MSPs use PowerShell scripts to automate certain configuration management tasks. However, it only gets you halfway because these scripts require heavy setup and they’re just useful for the first run.

PowerShell scripts are also difficult to maintain because they break easily every time Microsoft pushes a new update. What’s worse, Powershell scripts are not bi-directional, meaning they can only be used to push out changes and not to review or document them.

A better solution is to use Microsoft 365 Lighthouse, which is a tool for administrating multiple tenants created specifically for MSPs. Lighthouse helps you secure client devices and data while also providing baseline recommendations for small and medium-sized businesses.

But even here, there’s a catch. Lighthouse acts as a portal for viewing and administrating multiple tenants. It’s not built for configuration management at scale. It doesn’t, for example, allow you to clone tenant configurations from one client to another. In its current state, Lighthouse supports only a small handful of settings.

Automating Your Microsoft 365 Configuration With Configuration Manager

MSPs have been living with these challenges for far too long. Coreview Configuration Manager for Microsoft 365, Simeon Cloud offers a better way to manage Microsoft 365 configurations with full automation across multiple tenants.

How? It starts with a baseline configuration. This is a standardized set of configuration management best practices that you can deploy across all your clients with just one click. The baseline configuration is regularly updated to stay in compliance with data regulations and prevent vulnerabilities in the network.

Of course, having a baseline isn’t enough. Microsoft 365 configurations aren’t a one-size-fits-all, so you need a process to implement custom changes to tenants with proper documentation and the ability to clone these changes between tenants. Simeon Cloud offers robust automation tools to assist with all of these. 

All your tenant configurations are backed up securely in the cloud. Any time you make a change to a tenant configuration, you get immediate alerts via email and receive a proper log for auditing purposes. If things don’t work out the way you expect, you can always roll back those changes by restoring a previous version of your tenant configuration with a few clicks.

Finally, you can also replicate complete tenant configurations across multiple clients in bulk. That makes it extremely easy to set up test tenants and have them be in sync with production tenants, or to copy changes from one tenant to another for faster setup and maintenance.

CoreView Configuration Manager, Simeon Cloud, really is the ultimate solution for Microsoft 365 configuration management. Enjoy complete control over your multi-tenant configurations without having to rely on multiple vendors that don’t play well together. Ready to give Configuration Manager a try? Request a demo to get started!

Get a personalized demo today

Created by M365 experts, for M365 experts.