This is the second post in a series of managing Microsoft Endpoint Manager (Intune) effectively with MSPMagic; part one is available here.
The next challenge is what happens when an MSP’s pre-made configuration profile or policy contains customer-specific data. Many policies can’t just be deployed “as is” across multiple tenants, as they often need to be configured with that customer-specific data.
There are some common challenges with deploying and maintaining policies manually. Many policies need customising with customer-specific data. MSPs need to ensure these customisations are made accurately, which is often time-consuming and prone to human error.
MSPs also need to update policies over time to include new functionality from Microsoft as well as normal day-to-day customer changes. The task of auditing policies post-deployment becomes more and more difficult and time-consuming with each additional customer.
That all inevitably leads to policy misconfiguration, resulting in:
- Poor customer outcomes
- Potential security issues, and
- Increased support costs as highly skilled technicians are required to remediate the issues
How can MSPs scale efficiently while maintaining so many bespoke policies?
This is where MSPMagic’s Variable Manager helps solve the problem of managing customer-specific differences across standardised policies, allowing MSPs to deploy, update and maintain consistent Microsoft Endpoint Manager configuration profiles and policies across all their customers
Use MSPMagic to deploy one policy to all your tenants using customer-specific data.
With MSPMagic’s Variable Manager, MSPs can use predefined variables, such as a customer’s TenantID or create their own variable, such as Group to Exclude from CA Policies, which they use to automatically replace parts of configuration profiles or policies before deploying to different customers.
There are many variable types available, allowing extensive substitutions to be made. The most common are:
- User(s) (selector of users from the destination tenant)
- Group(s) (selector of groups from the destination tenant)
- Profile/Policy (selector of profile/policies from the destination tenant)
This gives MSPs the flexibility they need to standardise their policies, allowing them to deploy them en masse quickly and easily.
A great example of where MSPs commonly use a substituted variable is the configuration profile OneDrive for Business Known Folder Move. This profile automatically redirects the user’s Desktop, Documents and Pictures folders to their OneDrive, backing up any data saved to those folders.
Because MSPMagic’s Variable Manager lets MSPs easily and automatically inject the customer’s TenantID, MSPs can quickly and easily deploy that same policy across all their customers’ tenants.
If you are interested in learning more about how MSPMagic’s Variable Manager works, book a demo here: mspmagic.com/book-a-demo or follow us to find out more about other new and exciting features of MSPMagic’s Microsoft Endpoint Manager Policy Manager.
Keep an eye out for the next post, where we will be covering Pre-Made Policies by MSPMagic.
- MSPMagic’s Templates for Microsoft Endpoint Manager (Intune) Policies and Best Practice Settings
- Release Update – November 2022
- MSPMagic’s Pre-Made Policies for Microsoft Endpoint Manager (Intune)
- Release Update – October 2022
- COMP-DV05: Windows 10 and later Microsoft Defender for Endpoint Enabled and Clear of Risks