Get Support

Request a Quote

Platform
PSA & RMM

PSA

RMM

CPQ

Remote Access

Reporting

Documentation

Payments

Customer Feedback

Solve any challenge with one platform

Operate more efficiently, reduce complexity, improve EBITDA, and much more with the purpose-built platform for MSPs.

Explore the Platform

Innovation Webinar

See new and upcoming product enhancements in our monthly innovation webinar series!
Cybersecurity & Data Protection

MDR

SIEM

Cloud Backup

BCDR

Security Dashboard

Backup Dashboard

SaaS Security

Vulnerability Management

Ensure security and business continuity, 24/7

Protect and defend what matters most to your clients and stakeholders with ConnectWise's best-in-class cybersecurity and BCDR solutions.

Explore Cyber and BCDR

Innovation Webinar

See new and upcoming product enhancements in our monthly innovation webinar series!
Hyperautomation

RPA

Sidekick

Integrations

Integrate and automate to unlock cost savings

Leverage generative AI and RPA workflows to simplify and streamline the most time-consuming parts of IT.

Explore Our Marketplace

Innovation Webinar

See new and upcoming product enhancements in our monthly innovation webinar series!
Solutions
By Use Case

Client Onboarding

Increase agility and reduce complexity

Service Desk Ticketing

Deliver fast and efficient service

Cyber Remediation

Deliver holistic cybersecurity and data protection

Billing Reconciliation

Error-free invoicing and revenue protection

Patch Management

Automate patching across all your endpoints

The first and only true MSP platform

 
By Market

MSPs

Purpose-built MSP solutions to accelerate profitability and growth

IT Departments

IT service management (ITSM) software and cybersecurity for IT teams

Managed Print

Print security, event management, and monitoring

VAR

Proven as-a-service offerings and integrations

The first and only true MSP platform

 
By Category

Business Management

Streamline end-to-end business management with robust professional services automation

Unified Monitoring & Management

Unlock workflows, automation, and insights you can’t get anywhere else with one suite of solutions

Cybersecurity & Data Protection

Get the software, services, and support you need to sell and secure your clients 24/7

Expert Services

Expert MSP Support and Help Desk Services

The first and only true MSP platform

 
Community
IT Nation

IT Nation Evolve™

Accelerate your MSP business growth with the premier annual membership program and peer experience focused on planning, accountability, and success

IT Nation Connect™ Global 

Join the groundbreaking MSP community at the can't-miss industry conference for education, inspiration, and networking. Attendees return year after year to be part of a collaborative community focused on helping individuals solve business challenges and grow. 

Service Leadership, Inc.®

Drive financial performance and Operational Maturity Level™ through benchmarking, advanced peer groups, industry best practices, education, and speaking.

Let’s meet up at the industry’s largest MSP event! 
Events

IT Nation Connect Global

November 5-7, 2025 | Orlando & Virtual

IT Nation Connect Europe

March 9-11, 2026 | London

IT Nation Connect ANZ

August 20-22, 2025 | Sydney

IT Nation Secure

June 8-10, 2026 | Orlando

IT Nation Grow

August 13, 2025 I Denver

PitchIT

Apply Today for your chance at $100K in prize money!

Explore ConnectWise Events

Join fellow IT pros at ConnectWise industry & customer events!

Explore Today

Let’s meet up at the industry’s largest MSP event! 
University

Product Training

Calendar

What's New

University Log-In

Check out our online learning platform, designed to help IT service providers get the most out of ConnectWise products and services.

ConnectWise University

Explore our product training course catalog.
Resources

Webinars

Blog

eBooks

Case Studies

Resources

Feature Sheets

On-demand Demos

Live Demos

Cybersecurity Center

Explore the ConnectWise Resource Center

Search our resource center for the latest MSP ebooks, white papers, infographics, webinars and more!

Explore Today

Explore the latest product innovations designed to enhance your ConnectWise experience.
About Us
About Us

Mission & Values

Careers

Leadership

Board of Directors

Philanthropy

Experience the ConnectWise Way

Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.

Learn More

Transform your business with the ConnectWise community
News & Press

Press Room

Awards

Case Studies

Experience the ConnectWise Way

Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.

Learn More

ConnectWise Partner Success Stories
ConnectWise

3/4/2025 | 3 Minute Read

MSPs: The masters of SMB cybersecurity (but what about themselves?)

Topics:

Contents

    ConnectWise SaaS Security™

    Unlock new ways to efficiently deliver, manage, and monetize cloud security.

    Learn More

    MSPs are amazing at crafting defenses for their SMB clients to keep them aware of and protected from cyberattacks. We preach MFA, endpoint defense, security awareness, and proper backup, helping our clients focus on growing their businesses instead of worrying about cyberthreats.

    But here’s an uncomfortable truth: sometimes, MSPs don’t follow their own advice.

    MSPs handle some seriously sensitive stuff, including client data and access to their critical systems. A slip-up with security for an MSP could open the door for hackers to gain access to their client’s environments.

    With the financial, reputational, and community impact of an MSP breach being so high, we’ve listed three security solutions below that every MSP should consider implementing in their Microsoft 365® environment to help protect themselves and their clients from data loss or extortion.

    Conditional access policies: Enforcing security standards

    • Muti-factor authentication: This is often a minimum for MSPs, but consider how your MFA is deployed and how susceptible it is to man-in-the-middle or SIM attacks. While we may lose a bit of efficiency, the positive impact of limiting access and refresh tokens to shorten the window between multi-factor authentication requests significantly outweighs a few 2FA requests throughout the day.
    • Location-based restrictions: Consider un-trusting specific countries or risky locations from accessing Microsoft 365 environments.
    • Device-based restrictions: Only allow access from trusted devices and applications.

    Privileged identity management: Just-in-time access for administrative functions

    • Multi-factor authentication part two: Enhance traditional MFA to leverage FID02 hardware-based authenticators for administrative access.
    • Location-based restrictions part two: Improve locations by disallowing public Wi-Fi or forcing SASE connections to ensure end-to-end security.
    • Set time limits: Set a strict time limit for administrative functions.
    • Require approval: Define a list of activities that would require approval to ensure it limits client risks.

    Regular account reviews: Critical to finding and eradicating risk

    Monthly account reviews performed by the service or operations leader are critical to ensure that security is properly maintained and that any “Move/Add/Change” operations inside your MSP did not create an unknown risk. Keeping a list of these reviews and having new team members attend the review process can also provide education for client account reviews.

    • User account inventory: Ensure all active users are still active.
    • Admin account inventory: Ensure all administrators still need this level of access.
    • Conditional access policy review: Review all conditional access rules to ensure they are enforced, up to date, and meet current security demands.
    • Microsoft cybersecurity baseline: Measure baseline to monitor progress and changes to the underlying platform that could add risk to the current configuration.

    Conclusion

    MSPs are so busy building protection for others that they can sometimes miss the mark with their own internal cybersecurity processes and procedures. However, keeping them from exposing themselves and their clients to third-party risk is crucial.

    While security for an MSP has many more steps and solutions to maximize protection, adding conditional access, privileged access management, and regular account reviews to your Microsoft 365 environment can increase your cyber resilience while also giving you bragging rights to your prospects and clients on how you protect their information.

    If you are looking for a straightforward way to check and update security in your Microsoft 365 environment, check out ConnectWise SaaS Security™.

    By leveraging the Microsoft Secure Score framework report or any of the eight IT security frameworks we support, you can run baselines regularly against your own Microsoft 365 tenant, allowing you to see and manage changes that affect security. In addition to setting your own baseline, you can use ConnectWise SaaS Security to remediate open issues, change the status of non-compliant controls, and document how or if they are addressed.

    Learn more about the Microsoft 365 Security Baseline >>

    Topics:

    by Jim Peterson

    Related Articles

    Blog

    EDR vs. SIEM: How they differ and why you need both

    03/07/2025

    EDR and SIEM software shouldn’t be an “either or” scenario. Learn why you need both of these powerful tools to help your clients.
    Blog

    What is attack surface management?

    03/03/2025

    Learn about the critical role of attack surface management in identifying, reducing, and protecting your organization's digital vulnerabilities.
    Blog

    How to prevent ransomware: Mitigation strategies for MSPs

    03/10/2025

    While it’s not possible to prevent ransomware attacks, we can significantly reduce the potential and impact of a ransomware event. Learn essential detection and mitigation techniques.
    Blog

    Phishing prevention tips: 8 ways MSPs and SMBs can prevent attacks

    12/17/2024

    Discover essential phishing prevention tips for MSPs and SMBs. Learn how to stop phishing attacks and protect sensitive data with these expert strategies from ConnectWise. 
    Blog

    10 common cybersecurity threats and attacks: 2025 update

    02/18/2025

    Learn about the top most common cybersecurity threats and attacks that are used today and how to prevent them with ConnectWise.