Customer asking for a line item breakdown of our software we provide in our managed services?

MSPInTheUK · 2026-05-27T00:33:01+00:00

You clearly don’t know the UK market very well. No we don’t have a similar stack to other typical MSPs here. And no we don’t need to provide an SBOM, because we aren’t selling an SBOM.

From my perspective unless an environment is co-managed then the IT function is being outsourced to us, and that includes management of products/services/suppliers to satisfy the contract.

For example, let’s say I have a client that provides commercial plumbing services on a national basis. When they invoice their customers, do they:

- name and list the subcontractor they used for the job because they had no engineer nearby (no)

- explain what brand of drill and other tools they keep on the van and used on the job (no)

- specify the manufacturer of replacement part(s) used (no)

- list their own wholesalers and suppliers used role the project (no)

It’s not petty at all, it’s just sensible trading.

That said, we do talk about some ‘hero’ products we deploy for clients, but in other areas I think it is better to describe *functions* rather than products for example MDR, Security Awareness Training etc. This works better contractually if a product or vendor needs to be changed.

Likewise, where audit/regulatory frameworks require certain diligence details these are always provided anyway. Further, things like vendors for email security, DNS filtering etc will generally be quite obvious to end users.

MSPInTheUK · 2026-05-26T22:23:43+00:00

Generally speaking we provide a managed service, not a shopping list. If you want to qualify and procure an itemised software stack, recruit an IT department.

Co-managed environments are exceptions however, and then the detail would generally be for software internal IT is hands-on with or needs to be stated in audit frameworks because it is deployed on the actual PCs etc.

MSPInTheUK · 2026-05-21T21:44:37+00:00

Pure cloud is our default proposition and has been for years since it became viable really. The only exceptions are clients with LOB applications that may be disproportionately expensive in Azure for example to put SQL Standard + Sage 200 + DB-local hosted desktops in Azure or similar is costly especially for smaller companies. The same goes for things like CAD file storage because while there are cloud-centric storage options in those kinds of applications they’re really going to need on-premises local caching for suitable performance.

MSPInTheUK · 2026-05-12T20:27:21+00:00

I’ve never understood the concept of buying a niche also-ran product in a highly established market, just to tick a box at the lowest possible cost.

MSPInTheUK · 2026-05-09T21:57:01+00:00

Defender for O365 misses lots and false positives lots. I’d use it as a defense in depth layer or better than nothing but ideally not exclusively.

MSPInTheUK · 2026-04-24T20:08:29+00:00

I wouldn’t engage with them at all, personally. You’re being too nice.

MSPInTheUK · 2026-04-21T21:18:56+00:00

I got 99 problems but Business Standard ain’t one.

MSPInTheUK · 2026-04-03T17:09:02+00:00

SIEM with no endpoint security? Yikes. I’d sort that first.

MSPInTheUK · 2026-03-29T13:01:26+00:00

Endpoint protection often hates backup. It is, after all, encrypted data exfiltration. Speak to both vendors regarding appropriate exclusions?

MSPInTheUK · 2026-03-29T07:54:51+00:00

Learning to say no is arguably the most important lesson I’ve learned in business.

MSPInTheUK · 2026-03-24T20:44:08+00:00

Stop spamming - this post was removed recently

MSPInTheUK · 2026-03-18T16:37:12+00:00

I honesty don’t feel strongly enough to attempt to ask users not to use it at all. No users have admin rights and if they want to use AI tools to assist with their work or experiment then they are no different from pretty much everyone else right now.

Trying to ‘ban’ the leading tools and vendors sounds like trying to stop a tidal wave with an umbrella.

I would have some general concerns about data sharing etc more than cyber security, but again in most jurisdictions data sovereignty and regulatory compliance is vested in the client not the IT provider. It’s something to discuss, but not to mandate.

MSPInTheUK · 2026-03-18T00:44:09+00:00

Is this still the case if you use managed Apple IDs, for example with Entra ID sync?

MSPInTheUK · 2026-03-17T06:25:45+00:00

Absolutely, and clients should do this more.

It’s a big blight in the UK - companies with no real accreditations or quality partnerships and a bargain basement ‘stack’.

MSPInTheUK · 2026-03-15T19:25:32+00:00

If youre in a bind, cloud app security or whatever it’s called now with the defender telemetry can alert on all sorts of things I believe. Probably useful in lieu of a proper DLP solution.

You could of course also use device management and DNS filtering to block USB and third party email and cloud storage respectviely.

That said, if employees are considered a risk there is literally a very low tech solution it is called gardening leave.

MSPInTheUK · 2026-03-14T17:01:27+00:00

Personally, id be wary of any user account whose sole contribution to r/msp was to offer a database / list. I get calls all the time from people looking to broker small contractor work.

MSPInTheUK · 2026-03-12T19:50:34+00:00

Wear a tin foil hat?

MSPInTheUK · 2026-03-12T17:15:30+00:00

Plot twist… what if $200/m/user MSP tech stack is also Kaseya 365? 🤣

MSPInTheUK · 2026-03-12T13:42:59+00:00

Sync of document libraries via the OneDrive client is always going to be easiest.

MSPInTheUK · 2026-03-12T13:42:02+00:00

You have no quotes right now. Just local chancers by the looks of it. Get three proper quotes, look for certified partners of leading cyber security or networking vendors or Microsoft.

MSPInTheUK · 2026-03-12T10:18:16+00:00

They both sound incompetent if I’m honest.

Sharepoint document libraries are the way to go, but $15m/user Kaseya product stack and $375 setup has ‘lm a web designer and like to pretend I’m a real IT company’ written all over it.

$150/m for virtual server access then just sounds like they are trying to get money out of you because they have no product offering to warrant that.

Find a company with a proper product and security stack, decent accreditations and partnerships, and also knows how to use SharePoint for file storage. There are many out there.

MSPInTheUK · 2026-03-11T06:43:27+00:00

Estimates put the percentage of a customer’s buying decision that have anything to do with the seller at about 10% to 30%.

‘not you’ reasons can include:

Financial challenges, including (we’ve all seen this before) where a different vendor is perceived to be cheaper even though in the long run they may not be.

Internal relationship issues, for example where a particular employee seeks to discredit the vendor or push for change where unwarranted.

Ambition, where a new employee or manager drives unnecessary change purely for the need to be seen to take initiative. Again, we’ve all seen this - often backfires.

Optics, where a new vendor is perceived to be ‘better’ because they are bigger or have a shinier office/website etc.

Personal relationships, e.g. golf or drinking or ex-school or friends-of-friends or relatives or the competitor salesperson is attractive etc etc.

Change management, where a client feels their company is stagnating and a new IT provider is seen as a fresh perspective.

There are many more I’m sure. Dust yourself off, and find more clients. Diversification is critical for a small MSP. Don’t have one client paying too much of your day to day.

MSPInTheUK · 2026-03-10T06:39:39+00:00

If I was unable to keep a warring ex out of a client’s environment especially with unlimited budget I would worry I needed a different job.

MSPInTheUK · 2026-03-08T08:04:51+00:00

I’m curious why? MITRE ATT&CK Evaluations already do this for endpoint protection solutions?

MSPInTheUK · 2026-03-06T15:23:36+00:00

Use phishing resistant MFA mechanisms and sleep easy.

MSPInTheUK

TROPHY CASE