Managed Services Opportunities within Microsoft 365

Back to Blog
12Jun2020

Managed Services Opportunities within Microsoft 365

I still regularly receive questions from independent IT consultants as well as Managed Services Providers about Microsoft 365 in relation to “regular maintenance” tasks and the like, which can be translated into Managed Services opportunity. Everyone intuitively understands that something like this is possible, but they do not know where to start, and how to connect the dots. Let’s see if we can remedy that here today.

Security is a major opportunity area

The largest opportunity, or one of the largest anyway, is around security. Contrary to popular belief, the cloud is not “Secure by Default.” It is as secure or unsecure as you are willing to make it (like any technology platform). Risk is something that can be accepted or reduced, as the customer sees fit (but most of them are woefully ignorant on this subject matter). To name just a few ways that you can offer valuable consulting and on-going services to customers:

Enable the Unified Audit Log and configure Alert policies to send notifications into your helpdesk or SOC when certain activities take place in the tenant; follow up with any (especially privileged actions) that appear suspicious or that you did not initiate or talk about with the customer in advance. Regularly validate that the unified audit log is still enabled and working (if I compromised an admin account in your tenant, disabling the unified audit log would be my very first move). Supported in all plans.

Take this even further with Microsoft Cloud App Security, which grants much more granular searching and policy building capabilities. Bonus: it can do the same for many third-party cloud products, too! This is an add-on for most plans but is included with E5 (and I recommend it highly).

Application Consent requests allow you to disable an end-user’s ability to freely approve their own software integrations and permissions with Microsoft 365. But when a request is made, you can get a notification and review their request in the admin portal–choosing to approve or deny the request based on your review and a policy or process that is determined in advance with the customer. Requires Azure AD Premium P1 (which is included with Microsoft 365 Business Premium)!

Regularly review security reports such as the reports in Office 365 ATP. As well, look at some of the Exchange Online auditing reports such as the non-owner mailbox access report and the administrator audit log, or review user submissions (if you have deployed the Report Message add-in). All plans, additional ATP reports with Office 365 ATP P1 / P2.

Use Secure Score (or an independent framework) to manage continuous improvement of the tenant posture, regularly bringing the next few recommended items to the customer: “What do you want to accomplish this quarter? Which risk should we work to reduce next?” All plans support this (but chasing the score will lead you to upgrade or add-on most likely).

Device management via Intune including inventory and control of hardware and software on Windows, Mac, Android and iOS devices. Regularly prune stale devices in Azure AD. Enable Conditional Access and review, on a regular basis, the devices with access to sensitive corporate data. You should aim for a plan that includes Intune such as Microsoft 365 Business Premium or higher.

Using Microsoft Threat Protection, including Microsoft Defender ATP, you can gain much better visibility as well as detection and response capabilities on the endpoints (which are often ground zero for cybersecurity incidents). This includes the ability to take responses such as isolate at-risk machines, proactively manage threats and vulnerabilities, perform threat hunting, and more. You may even consider shipping all the security data from Microsoft Threat Protection out to Azure Sentinel, a cloud-native SIEM, and fully managing Incident Response for customers (I wrote a whole book about this opportunity–check it out). MDATP is also an E5 feature, but is available as a standalone now as well, for use with any other subscription.

Compliance

There is probably even more room to explore here than I am presently aware of, but that is good news. More and more as we move into the future, National or State-enforced compliance requirements such as GDPR, CCPA, HIPAA and more will come to bear on businesses. Make no mistake–these laws are a burden most organizations would rather not have to deal with.

That’s where you come in! Help your customers simplify their compliance journey with tools in Microsoft 365, such as Compliance Score and Compliance Manager. Be the leader, and actively inform them about their risks in relation to their digital real estate in Microsoft’s cloud. Bonus: as with Secure Score, these continuous assessment tools will uncover more professional and managed services opportunities for you as you work with the customer to improve their position. This should be accessible to all plans, however as you start to address the score you will be pushed to upgrade or add-on.

Build your customers a whole new information system with rich Data Governance features such as Data Classification (Sensitivity labels), Retention labels and policies, as well as Data Loss Prevention, built-in eDiscovery tools (as well as Advanced eDiscovery) and more. Microsoft 365 Business Premium and E3 have “Core” eDiscovery and manual labeling–for “Advanced” eDiscovery and auto-labeling you must move up to E5.

With qualifying Enterprise plans you can go further to help customers structure information barriers within their organization, or to monitor against insider threats, or to perform regular supervision (communication compliance). Take a look also at access reviews! All E5 features.

Adoption and Change management

Microsoft 365 is an ever-evolving platform of inter-connected tools and services. No one person can track all of this information anymore, and it takes some effort to stay current and know which tools to use when, and what options are going to be best for a given situation. Plus, people are hungry for training, and it can be hard to find good resources. In my opinion, nothing beats live instruction with instructor Q&A time. So consider that!

But even something as simple as staying up-to-date with the Message Center, and distilling the most important upcoming changes that can impact the businesses you serve–this would be a very valuable service to many.

Available in all subscriptions, this is also another prime area for you to uncover opportunities to apply new technology to solve real business problems for your customers.

Consider taking work content out of people’s day, too! Leverage tools like PowerAutomate (Flow) and PowerApps to make certain repeatable tasks easier, and even (potentially) accessible from a mobile device. Many customers are just not going to dive into these things on their own, but they may gladly outsource the work to get the benefit!

Conclusion: What IS Microsoft 365, Anyway?

None of these things just “happen” in Microsoft 365. And even though this is so painfully obvious and true once you start looking into it, most people still do not understand what Microsoft 365 is–in an essential sense. They still expect it to behave like static software, back when software still came on a CD or set of floppy disks.

In it’s essence, Microsoft 365 is really more like a blank canvas than a completed painting. Or better yet, it’s almost like a set of art supplies rather than a piece of completed art that you buy at an art gallery. You have to be the artist, paint the picture, carve the statue, that you want it to be.

Of course, Microsoft, being a company full of developers, almost seem to expect that the world will also want to develop. But in reality many customers have no interest in becoming the developer or the maker–they just aren’t artists themselves. But they may gladly commission a piece of custom art to accomplish something in the way that they want it done. And that’s where you come in, my friend. Some of the engagement may be in professional services, but much of it also falls under ongoing maintenance and support–a.k.a. managed services (that’s recurring revenue).

And the list above is by no means exhaustive–it’s just a short list of ideas I threw up one afternoon. I hope it gets your gears turning. Feel free to reach out to me with your thoughts on this topic. Leave a comment, drop me an email via my contact page, or reach out on Twitter or LinkedIn!

Business, Question , , , , , , , 6 Comments
Share:

Comments (6)

  • Geoff Swimer Reply

    Hi Alex,
    Any thoughts on backing up 365? Third party vendors you’d recommend?
    Thanks
    Geoff

    June 12, 2020 at 4:25 pm
    • Alex Reply

      I have written an article on this topic. Some prefer backup, some do not. Depends on your business objectives and requirements.

      June 13, 2020 at 4:27 am
  • Adam Reply

    What would be really useful is if you could note the minimum (or all) applicable subscription level for each feature. Many SMBs run Microsoft 365 Business Standard so won’t be able to use a lot of these great features.

    June 15, 2020 at 6:48 pm
    • Alex Reply

      Good point! The very minimum in my opinion to run an effective solution in the cloud is Microsoft 365 Business Premium. Anything less is the equivalent to running a workgroup in the cloud–you would never have recommended a work group back in the olden days, right? And so you should not recommend Standard today. A real business that needs security and management = Microsoft 365 Business Premium. And you can only go upwards from there if you have additional requirements.

      June 16, 2020 at 9:46 am
  • Jay Reply

    Hey Alex,

    Any thoughts around how to structure a pricing model for customers for M365 services?

    February 28, 2021 at 6:12 pm
    • Alex Reply

      Sure, I have a few ideas. But need to know more about your business and what you are offering. Feel free to email me for consulting inquiry.

      March 1, 2021 at 3:10 pm

Leave a Reply

Back to Blog

Related Posts

Can Windows 365 be a PAW?
06Jun

Can I use Windows 365 as a Privileged Access Workstation?

It has been a while since we did a question from a reader. This one has been in my inbox for a while now, but since I just recently covered Windows 365 with our peer group, my offline conversation from a few months ago came... read more
01Sep

A simpler Conditional Access baseline

Some folks have written to me about the "complexity" of my Conditional Access guide and were hoping to find something a bit simpler. This surprised me, and initially I shrugged it off. But I have heard this feedback more than once now, so I decided... read more
16Nov

Three Azure solutions to SMB problems: The first rule of Azure is you don’t sell Azure

Different MSP's out there embrace the cloud to more or less extent. Most providers are doing Office 365 nowadays, but Azure (or IaaS solutions like it) is still nebulous or even a little scary: Some providers feel threatened by services like Azure, because deploying and... read more
11Feb

Boost your security with Hybrid Azure AD Join: From Zero to Conditional Access in one afternoon

"Alex, I work at a non-profit and I would love to take advantage of the better security in Microsoft 365 Business (we have Business Premium now), but it sounds like it is for "cloud-only" customers? Is that right?? We are using Office 365 for Exchange,... read more
29Jan

Devices or Users: When to target which policy type in Microsoft Endpoint Manager (Intune)

A new reader question came across my desk the other day. In truth, it is not the first time I have answered this question, but I realized that I could probably repeat myself less if I simply write an article and publish it. The question... read more
22Dec

How to Fall in Love with your Job: Always do your best

Peter, most people don’t like their jobs. But you go out there and find something that makes you happy. –Office Space Even half a century ago, most people could not have connected with this movie as well as they do today. Memes from this modern classic can be... read more
03Nov

How Office 365 has changed the way I work

Office 365 as a Gateway to Mobility Nothing is more intriguing to me right now in our industry than the concept of mobility (and to some extent, BYOD). I am an avid fan and believer: I think that Office 365 has, more than any other product, delivered on... read more
25Aug

Poser alert: Do you think this may be leveraged for Social engineering? Or what…?

Interesting thing appeared in my WordPress comments over the weekend: it appears that someone lifted content from my blog and re-posted it as their own. Why or how WordPress picked up on this and alerted me via my comments is unknown at this time (maybe... read more
28Dec

Reader Question: Can I sync my Network Drives to Teams?

Dear Alex, I wish to know if its possible to sync files/folders on my Network Server to teams. I have read a few documentations but all seems to be just for own PCs and not for Server/network drives. Yours is the closest I could see.... read more
25Oct

12 Steps you can take to up your Office 365 Security & Compliance game

I don't mean to oversimplify things here. This is not a comprehensive guide or anything like that. Every organization has different goals and business objectives, and depending on your industry, etc., you could have very different compliance regulations or whatever, that you need to consider.... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me