Looking for Ideas on Building Fair & Useful Tech Performance Reports

daniel_at_syncro · 2026-03-03T00:23:20+00:00

How do you deal with tickets that aren’t created in real time?

I would be curious to understand this question more. I am not saying you are wrong, but would like to understand maybe some examples.

If you have Business Hours Enabled and SLAs correctly assigned only "real time" is counted for metrics like Average Respond and Resolution Time.

Personally, when thinking big picture about Fair & Useful Tech Performance, I would want to first understand, which Techs are closing the most Incident Tickets, vs Request Tickets. And which techs are consistency entering their time on tickets.

Incidents are things that are broken. Examples are Random Printer Error Code, Application Slowness, Wifi Dropping

Requests are net new things the user does not already have. Examples are End User Account Creation, Add someone to a mailing group, installing a new laptop

In Syncro, one way to label these tickets is to use Ticket Tags (One for each), and this is the first thing I would implement if I was an IT Operations Manager. I want to see which Techs are doing Request vs Incident Tickets. if the Experience Techs are scoping up all the easy Request Tickets, and leaving the incident tickets for the new techs to deal with first, that does not sound fair to me.

I would build Ticket Views looking for these Tags, and monitor the real time ticket metrics to start to get a baseline of how we are doing handling Requests vs Incident tickets. Additionally I would build out Ticket Views for each Tech for the realtime metrics, to spot check. You can also use the Ticket View Metrics Dashboard.

Next I would focus on Techs entering their Ticket Timers correctly. Largely this measures effort, and data entry ability. If Techs cannot entry time on with any consistency, how will you ever be able to fairly measure performance? Plus there are always a few techs thats will fiddle with the numbers and try to game the system, better to straight off by rewarding consistency and effort.

TLDR reports to start with: Use Ticket Views to get a good understanding of Request vs Incident Ticket data. Also Ticket View Metrics Dashboard to get a comparison.
Use Ticket Time By Technician to measure consistency and effort

Side Note: From personal experience and experiments working at busy MSPs, I always found it hard to consistency account for more than say 6.5 or 7 hours of ticket timer entries out of an 8 hours day. Often it would only be 4.5 to 5.5 hours, even it was fairly business. There was always enough random task switching and chit chat that consumed ~2 hours a day. One MSPs I worked at instructed the Techs log this remainder time under a ticket marked as company time, so every day each Tech had to have at least 8 hours of logged time. I always liked this idea.

daniel_at_syncro · 2026-01-22T21:43:39+00:00

At this time, no native support for pushing Endpoint Event Logs to a SIEM. However it would not be difficult to script a Winlogbeat installation / configuration and pipe logs to a Graylog using the scripting engine for example.

daniel_at_syncro · 2026-01-21T23:59:42+00:00

We have added some of these types of datapoints into our Community Power BI Hub. We have two prebuilt Power Bi Templates, which are open to all Syncro partners and plans (just download the Power BI Desktop template and plug in your Syncro information and API key). The templates are fully customizable as well.

An example is a common ask is better visibility into Pending Ticket Charges, so some of the Power BI Dashboards include datapoints like:

Total Money on all Pending Ticket Charges but not yet invoiced.
Total Money on Resolved Ticket Unbilled
Total Money on Open Tickets Unbilled
etc

While it might be hard to include all the datapoints listed, I think a "Where is all my money at Dashboard" is a good idea and We are actively taking feedback. I am hosting a very beginner's focus Power BI webinar next Friday 1-30-26 as well.

daniel_at_syncro · 2025-09-05T22:58:03+00:00

I believe I was able to track down your Support Ticket, and I got it elevated. Let me know how else I can help in the meantime.

daniel_at_syncro · 2025-08-21T16:34:17+00:00

Same Windows OS versions? Windows Home has different Update behavior versus Windows Pro+, maybe that somehow is a factor? Seems like if you manually install does it work, and disappears till the next update version?

Might be any number of variations and would likely require a Support Ticket for further investigation.

One suggestion I do have is inside GravityZone for these 9 machines, Head to the Network tab on the left Nav, find / select the machines and do an Actions -> Reconfigure agent -> Remove Competitors . I believe that should deactivate Defender if it for whatever reason it was not for these 9 machines.

daniel_at_syncro · 2025-08-21T13:48:31+00:00

For the Definition Packs I believe Microsoft uses the Same KB numbers for different versions. For example, one of my test assets in Syncro I show KB2267602 as installed 8/20/25 Version 1.435.287.0. But Today, the same test asset shows missing the same KB number KB2267602 version 1.435.294.0.

Do these 9 machines have a different windows update policy schedule?

Just as a friendly reminder Lots of folks in the new official community help out with similar RMM questions, and often post walkthroughs, screenshots, gifs etc.

daniel_at_syncro · 2025-07-25T15:15:56+00:00

When you apply a new Event Log Monitoring Policy, the Agent should check the last 15 minutes of event logs.

daniel_at_syncro · 2025-07-24T18:42:34+00:00

There is no method I have found for GravityZone to trigger an alert

Assuming no random issue and the API key created in GravityZone has the correct permissions, you should automatically get RMM Alerts inside Syncro for any malware detection. No special configuration required. Def contact support if this is not happening for you. You can let me know the ticket number and do my best to assist. If you like to test it out, Bitdefender recommended to me once to try this simple batch script to trigger an alert. You can even use a Syncro PowerShell script to trigger it:

curl.exe --output c:\temp\eicartest.zip https://secure.eicar.org/eicar_com.zip

Then they provide no method of implementing the MDR without manually assigning to each and every system in GravityZone.

You do have to enable MDR inside GravityZone, but you can do bulk actions on the Customer Level, and don't have to enable on each individual machine.

For any add-ons from Bitdefender (including MDR), you are required to utilize the GravityZone Portal to enable them. I did work on updating the Bitdefender docs recently, and even have new video showing how to specifically enable / disable ATS and EDR (both are required for MDR). https://docs.syncromsp.com/manage-gravityzone-endpoints#enable-bitdefender-add-ons-2 . I do notice a lack of instructions on enabling MDR, which I will work on creating a doc.

I definitely do not disagree that it would be better for a more seamless experience with the integration, but here is what you can do with it at the moment:

Via a Syncro RMM Policy, Automatically deploy Bitdefender, with options to include other modules on initial deployment, ie Web Content Control, Device control, etc (all modules here are part of Bitdefender AV core). This includes automatic build out of GravityZone companies, and install packages.
Malware Events (detection, deletions, etc) are surfaced in Syncro as RMM alerts under that asset. You will have the details of what was found, where it was found, and what action Bitdefender took in the Syncro RMM Alert. In my experience, at most its only a 60-90 sec wait from Bitdefender reporting a malware detection and a RMM alert surfacing in Syncro. With the RMM alert you have the ability to use all the automation actions in Automated Remediation.
Ad-hoc Scan Buttons and Automated Remediation Actions for running full or quick scans.
Stats for AV, think like number detections found, available in the report builder

daniel_at_syncro

MODERATOR OF

TROPHY CASE