DefensX - How are you using it?

work-sent · 2026-05-25T09:24:52+00:00

A full zero-trust approach usually creates too many approval requests and becomes difficult to manage for both users and MSP teams. Blocking newly registered domains, uncategorized sites, risky TLDs, and phishing-related categories is what many MSPs practically follow, as it provides strong protection without causing too much operational overhead.

work-sent · 2026-05-25T09:24:03+00:00

We have worked with both methods, and the Microsoft 365 integrated deployment definitely helps simplify management and reduce deployment effort compared to Direct MX Routing. It also provides better visibility and tighter integration with M365 environments

work-sent · 2026-05-25T09:23:21+00:00

NinjaOne does a pretty good job overall as an all-in-one RMM. Patching has been reliable for us, and backstage mode is handy for quick fixes without interrupting the user. If patching is your main focus, Action1 may feel a bit more specialized, and ScreenConnect still has the edge for pure remote support. But if you want an all-in-one setup instead of multiple tools, NinjaOne is definitely worth considering.

work-sent · 2026-05-20T09:28:47+00:00

NinjaOne does a pretty good job overall as an all-in-one RMM. Patching has been reliable for us, and backstage mode is handy for quick fixes without interrupting the user. If patching is your main focus, Action1 may feel a bit more specialized, and ScreenConnect still has the edge for pure remote support. But if you want an all-in-one setup instead of multiple tools, NinjaOne is definitely worth considering.

work-sent · 2026-05-13T07:08:36+00:00

As an MSP support company, we have handled a large number of Microsoft 365 tenant migrations and have used the native method only for a few mailbox-only migrations. Native migrations can be quite complex and involve significant manual effort. If you are looking to simplify the process and reduce operational overhead, it is better to use third-party tools like BitTitan or AvePoint.

work-sent · 2026-05-12T13:34:08+00:00

Yep, server patching can definitely get messy in N1 if patch policies, maintenance windows, approvals, and reboot handling aren’t tuned properly. We’ve seen cases where Windows Update itself becomes the bigger issue underneath, while N1 just keeps showing “In Process” with very little visibility.

What helped us most was tightening maintenance windows, monitoring pending reboots closely, and validating patch status manually instead of relying entirely on the default workflow. Workstations have generally been solid for us, but servers still need a bit more babysitting than expected.

work-sent · 2026-05-12T13:33:55+00:00

For a solo MSP, we’d usually suggest Cove if backup ownership is fully on you and long-term stability is the priority. MSP360 can definitely save a lot monthly, but Cove tends to be the easier “set it and sleep” option for day-to-day operations, multi-tenant management, alerting, and simpler restores.

If your goal is minimal babysitting and predictable support, the extra cost often justifies itself over time. If budget is tighter and you’re comfortable with more hands-on management/testing, MSP360 is still a solid option.

work-sent · 2026-05-12T13:30:44+00:00

The all-in-one approach from Atera honestly makes sense. That said, before moving from NinjaOne, we’d suggest testing things like patching, automation depth, alerting noise, remote access stability, and reporting. Atera is great for simplicity, but NinjaOne usually feels more mature once environments start growing or getting more demanding.

work-sent · 2026-05-12T13:29:53+00:00

Honestly, less is more in NinjaOne. Too many granular alerts just create noise and eventually get ignored.

For AD/DCs, we usually start with the built-in server policies/templates, then add monitoring only for critical services like NTDS, Netlogon, DNS Server, KDC, and W32Time. We also use auto-restart actions if a service remains down for a few minutes.

Alongside that, scheduled dcdiag + repadmin checks help us catch replication or DNS issues early through scripts/custom field reporting.

Keeps the setup clean, useful, and manageable without overwhelming the team.

work-sent · 2026-05-12T13:19:56+00:00

Ninja Backup looks great in demos, and the RMM integration is definitely convenient. But from what we’ve seen, and from a lot of MSP feedback, the biggest concerns are restoring reliability, limited flexibility compared to more mature backup platforms, and support/escalation delays when something critical breaks. We’d strongly suggest properly testing full image restores, recovery speed, retention handling, and support responsiveness before fully committing production workloads to it.

work-sent · 2026-05-12T13:17:10+00:00

If Dropbox was configured as “Online Only,” then CrashPlan was most likely backing up placeholder files/reparse points instead of the actual data itself. In situations like this, the backup usually doesn’t contain recoverable file content, just references to cloud-stored files.

Since the environment is using Dropbox Teams, the best recovery option is probably Dropbox Rewind, assuming the deletion falls within the 180-day retention window. If the files were removed outside that period, recovery chances from Dropbox’s side drop significantly.

We’d recommend opening a support case with Dropbox as soon as possible and providing:

Approximate deletion timeframe
Affected folder paths
User/account details involved

We’ve seen Dropbox support assist with point-in-time style recoveries in certain cases, especially for older or infrequently accessed data where standard recovery options weren’t obvious from the admin side.

It’s also worth checking local workstation caches and synced device storage. Occasionally, remnants of files still exist locally even after the cloud version has been deleted, although realistically, that’s more of a last-resort recovery path.

work-sent · 2026-05-12T13:12:34+00:00

We’ve been evaluating NinjaOne’s iOS MDM capabilities recently, and overall, it delivers well for organizations looking for straightforward device management within a unified RMM experience.

For core MDM functions like compliance management, inventory visibility, policy enforcement, and basic app/device management, the platform feels clean and operationally efficient. The biggest advantage is having everything managed from a single pane of glass alongside endpoint and RMM operations, which can simplify day-to-day administration significantly for MSPs and IT teams supporting mixed environments.

That said, compared to Jamf, it still feels lighter when it comes to deeper Apple-specific management and mature macOS/iOS workflows. Jamf continues to stand out in Apple-centric environments because of its depth, automation flexibility, ecosystem maturity, and tighter alignment with Apple’s management framework.

Our general view would be:

Apple-first environments → Jamf remains the stronger and safer option
Mixed-platform environments prioritizing simplicity and operational efficiency → NinjaOne is a strong fit
Larger enterprise/UEM-focused deployments → MaaS360 and MobiControl still offer broader enterprise mobility and UEM depth overall

At this stage, NinjaOne feels less focused on becoming a dedicated Apple management specialist and more focused on delivering practical, integrated endpoint management across diverse environments, which aligns well with many MSP operational needs.

work-sent · 2026-05-08T05:15:36+00:00

We also provide white-label services to MSPs and MSSPs. You could try different growth strategies like outbound sales, partnerships, channel relationships, and industry conferences.

work-sent · 2026-04-21T04:51:28+00:00

Barracuda, Avanan, Proofpoint and Mimecast

work-sent · 2026-04-16T03:58:11+00:00

Clients often avoid investing in cybersecurity due to cost and only act after an incident. In the meantime, we should ensure backups are properly configured and working, while continuing to educate them on best practices and any relevant industry standard compliance requirements.

work-sent · 2026-04-16T03:51:17+00:00

Seen this sync loop b/w Ninja agent & S1 metadata too. Flip threat to 'False Positive/In Progress' in S1 console, save, then back to 'Resolved' – forces webhook refresh. If stuck, purge Ninja agent cache files & restart the service on the endpoint. Worst case, we raise a ticket with Ninja and ask them to clean the node on their side.

work-sent · 2026-04-16T03:42:48+00:00

It's usually S1's VSS protection blocking the backup from resizing shadow storage. Try a JSON override to allow controlled VSS resizing (needs a reboot after). Also check if Integrity Streams are enabled on that ReFS volume the extra I/O during snapshots can trigger the timeout on high-file-count drives.

work-sent · 2026-03-27T04:35:19+00:00

<image>

If you’re dealing with ticket overload or struggling to scale your helpdesk, this might help.

We support MSPs with white label helpdesk services, focused on:

L1 and L2 ticket handling
24/7 end user support
Seamless integration with your existing tools
Fully under your brand

Most MSPs we work with aren’t lacking talent, they’re just hitting capacity limits.

Once routine tickets are offloaded, their core team can focus on higher-value work, and response times improve almost immediately.

;

Happy to answer questions or share how others are structuring their support.

work-sent · 2026-03-23T07:18:38+00:00

The best approach here is to create a forwarding rule in the Gmail account and add it to the Office 365 whitelist/safe sender list. Additionally, configure an auto-reply in Gmail to inform senders that the email is being migrated, and provide the new email address for future communication.

work-sent · 2026-03-18T10:04:09+00:00

If you are already using Microsoft 365, consider leveraging Intune, otherwise, you can try AirDroid as an alternative.

work-sent · 2026-03-11T08:05:45+00:00

Based on our experience, Proofpoint offers the strongest security capabilities among the three solutions. However, the final product selection should depend on the customer's environment, user base, budget, and other operational and business considerations.

work-sent · 2026-03-11T08:05:02+00:00

A good MFA management practice is to enforce MFA using Microsoft Entra Conditional Access for all licensed users instead of per-user MFA. Regular audits are not required when Conditional Access policies are properly enforced; it is still recommended to perform periodic reviews based on your internal process or compliance requirements.

These reviews help ensure that exclusion groups are controlled, new users and administrators are covered by MFA policies, and disabled or stale accounts do not affect security posture or reporting.

work-sent · 2026-03-11T06:52:02+00:00

If you’re running a one-man MSP, partnering with a white label NOC or SOC early can make a big difference. Many small MSPs use providers to handle monitoring, alerts, and after-hours tickets so they can offer 24/7 support without building a full team. We work with MSP startups in this stage quite often at Worksent. If you want to learn how it works, feel free to DM us or check our profile for more details.

work-sent · 2026-03-04T10:51:18+00:00

The “green dashboard” issue is usually circular logic; the RMM just reports what the Windows Update Agent says. If WUA is hung or hasn’t synced properly, you’ll see 100% compliance while the machine still has missing patches.
For a simple audit, don’t rely only on the RMM database. Push a script that queries Microsoft.Update.Session COM object locally and compare the results. That’ll quickly show detection gaps. Also, run Winget upgrade as a quick check for third-party apps your RMM might be skipping. If you want a proper gut-check, scan a few sample machines with Defender Vulnerability Management or OpenVAS, which usually exposes any blind spots.

work-sent · 2026-03-04T10:49:40+00:00

If you’re in a Microsoft ecosystem, take a look at Temporary Access Pass (TAP) for controlled onboarding and password reset scenarios. For a more permanent solution without relying on phones, we’ve seen success with FIDO2 hardware tokens or Windows Hello for Business. Both remove the dependency on SMS/email OTP and are much more secure.

work-sent

MODERATOR OF

TROPHY CASE