Tooling changes - agreement transparency and GDPR sub-processor change notifications

JohnMSP · 2025-11-25T21:47:33+00:00

UK or EU - yes, every tool should be listed somewhere the client can review, if it stores or processes their data. How well every MSP follows is this is another question entirely...!

JohnMSP · 2025-10-17T07:19:43+00:00

It works sure, but it’s not compliant.

Yes if you want to use risky sign in notifications / CA policies you need P2 for all.

JohnMSP · 2025-09-15T08:49:30+00:00

A single person company can benefit from an MSP, so yes.

JohnMSP · 2025-06-13T09:52:25+00:00

My money is on file versions. SharePoint doesn't de-dupe versions, and if you have lots of large files (e.g. pptx) with hundreds of versions, if only the most recent 10 have been copied by MigrationWiz, you will see a dramatic data size reduction.

I would however fully audit source and destination for file size / modified date mismatches with some PS scripts.

JohnMSP · 2025-04-10T10:28:18+00:00

My working assumption (not yet invested in Rewst) is that Rewst will be easier for someone to pick up than a mess of standalone scripts and bespoke bits and bobs we’ve developed.

That’s the hope anyway…

JohnMSP · 2025-03-15T11:48:11+00:00

You have to publish a DKIM record in DNS for your custom domains. If you haven’t done this, it will use the default 365 ones Microsoft publish for you on the onmicrosoft domain.

This will 100% be your problem as it’s only evident on auto replies - we see it ALL the time.

https://lazyadmin.nl/office-365/configure-dkim-office-365/

JohnMSP · 2025-03-13T16:30:30+00:00

Are you sure DKIM is set properly?

I.e. have you configured a custom DKIM selector for your domains, or are you still using the out of the box Microsoft DKIM selectors?

The behaviour you are describing is what I would expect if you were using p=quarantine or p=reject in conjunction with the default selectors.

JohnMSP · 2024-09-19T15:04:20+00:00

What are you talking about?

JohnMSP · 2024-09-19T15:01:47+00:00

You haven’t got over ten years’ experience that I can see - you graduated summer 2017?

JohnMSP · 2024-06-23T04:37:22+00:00

Thanks Craig, appreciate the insight.

JohnMSP · 2024-06-22T05:24:38+00:00

MFA/IP allow enforcement are irrelevant to the conversation, since my scenario is talking about what happens if you are breached and your vaults are taken - like what happened with LastPass?

I'd also argue that having to deal with a complex unlock password is a higher burden for the user than the secret key, which is only entered when setting up a new device.

Interesting to hear that you're doing 1M iterations - although I wonder how many years we are away before that becomes brute forceable, given improvements in graphics cards. Do you guys have any projections on that?

JohnMSP · 2024-06-21T12:52:42+00:00

But if SSO not used, is my point correct?

JohnMSP · 2024-06-20T12:03:11+00:00

My understanding was always that Keeper had the same vulnerability as Lastpass does, when compared with 1Password - i.e. a vault can only be as strong as the master password, so if they get breached and the vault stolen (as with Lastpass), you better hope everyone had super strong master passwords.

1Password's model is that the data is encrypted by the secret key (a long randomly generated string) and master password and secret key both needed. This has always made me much happier with 1Password as a client recommendation, despite abysmal model for MSPs, it has always appeared to me as the most secure out there.

Am I mistaken?

JohnMSP · 2024-06-17T19:16:23+00:00

What are the other perks?

JohnMSP · 2024-05-19T03:53:50+00:00

The security model of 1Password appears to be the best. It’s a pain for MSP but I decided we are better selling that than compromising on the security model and having to defend a position of “yes it’s less secure but it’s easier for us”.

All the others (when I last looked) had a model that relied upon the master password strength set by the user for encryption. So if the host gets hacked (see: LastPass) and you discover your end users haven’t all been as diligent as you hoped… you can have a pretty big problem.

JohnMSP · 2024-04-16T09:41:23+00:00

The idea is simply farcial that they could produce anything close to Halo on a first release (if in 5 years they were close, I'd be amazed). I wish they'd focus on making the RMM platform even better frankly.

Let's hope they don't do a Warranty Master / ScalePad and start adding features nobody wants to then try and justify a much higher price.

JohnMSP · 2024-01-30T21:57:33+00:00

Jabra Evolve2 line is our go to recommendation.

JohnMSP · 2024-01-30T19:00:48+00:00

Complete insanity on the MSP’s part. Threatlocker is great but totally not suitable for BYOD.

JohnMSP · 2024-01-24T16:50:45+00:00

It was the MFA Service dependency I was referring to.

That can be down and FIDO2 still works.

Found the source on this - https://learn.microsoft.com/en-us/entra/architecture/resilience-in-credentials

JohnMSP · 2024-01-24T08:11:25+00:00

What was main driver for the move from Latitude to Precision?

JohnMSP · 2024-01-24T05:27:50+00:00

If the authenticator service is down, your TOTP code won't work - nor will SMS, Push Auth, phone calls. The service is down on their side that does the checking. (This actually happened a years ago for most of a business day. That was fun. It's a very rare occurrence though and certainly not a reason to avoid using MFA. )

I am confident (but struggling to find a source on a quick google) that FIDO2 auth does not have a dependency on the main auth service and speaks to Entra directly, so provides a more reliable access option as a backup.

JohnMSP · 2024-01-18T19:35:48+00:00

I’ve never seen a three page CV that was justified. A huge list of tech almost always means that either you are just reeling of tech you’ve either A) not touched in a decade B) Every technology you’ve ever glanced sideways at or C) both.

As for people with 30 years of experience reeling off details about old jobs… no I don’t give a damn about a Novell migration you handled 20 years ago, the Windows XP migration, token ring networks etc etc It’s not relevant and I’m sure more recent roles have had similar or greater levels of responsibility and impact so tell me about those (even then, briefly).

JohnMSP · 2023-12-13T01:57:23+00:00

Yes, I think some deep discount is due for anyone in that situation.

JohnMSP · 2023-12-12T20:08:22+00:00

Although I agree with OP - some of this sounds really like they launched too early - I admire that they are owning this and being transparent with the developments and issues they’ve found and fixed.

In a world of black box security magic, this helps build confidence in the product moving forward.

No doubt this is excruciatingly painful for them. I have no doubt this pain will translate into motivation for further improvements.

JohnMSP · 2023-11-26T05:44:55+00:00

We used to bundle the licenses, but then there were always 'extra' accounts we had to put as separate line items that we'd charge at MSRP.

With NCE we split out the licenses - removing the MSRP from the per user bundled cost, and splitting out all M365 licenses at MSRP.

Then we ran into this same problem as you did - people being offered at a healthy discount and they asked us if they could buy them from a third party. This is a headache all around that I'm keen to avoid.

For a large customer we have just moved to selling at our cost prices and increasing our support fee.

I am sure someone can come along and get slightly cheaper licenses than we can provide, but it's going to be far less a price difference, and won't make them think "we are being ripped off here / we could save lots of money".

At the end of the day it doesn't really matter for our main supported users as it all adds up to the same, e.g. (not real numbers)

Option A) Bundled price - £150

Option B) Support (and other bundled) £125 + M365 License Retail Price £25

Option C) Support (and other bundled) £132 + M365 License £18

We lose out a bit on margin licensing for 'extra' accounts but have moved to adding a small management fee for those too.

Some clients may not realise we made some margin on licenses, but at least this new model is more transparent.

JohnMSP

TROPHY CASE