We’re pleased to announce the release of MSPMagic’s Variable Manager as part of our Microsoft Endpoint Manager (MEM) Policy Manager. This is a major capability addition for the MSPMagic solution, and we’re excited to see it in production.
Policy Management Workshop
We are also pleased to offer a series of complimentary workshops aimed at creating and deploying policies efficiently and effectively.
If you have a number of clients with Business Premium (or higher) already using Endpoint Manager or Conditional Access, or you’re in the process of deploying either, let us show you how MSPMagic’s new features can assist your business.
Migration to GDAP
In preparation for the roll-out of Granular Delegate Admin Permissions (GDAP) by Microsoft in the coming months, partners will need to re-authorize MSPMagic by the 1st of November 2022. Please follow the instructions at the bottom of this email.
Removal of Global Account
Earlier this year, we removed the need to create a Global Admin account in each tenant. To date, a large number of partners have not removed the MSPMagic Global Admin account from their customers’ tenants.
On the 1st of November 2022, MSPMagic will automatically delete these accounts from any tenant that is still onboarded.
Partners are able to manually delete this account themselves ahead of the 1st of November.
MSPMagic’s Variable Manager helps solve the problem of managing customer-specific differences across standardised policies, allowing MSPs to deploy, update and maintain consistent Microsoft Endpoint Manager configuration profiles and policies across all their customers.
Two New Settings
We are announcing the release of two new settings;
- Exchange Online
- Toggle legacy TLS opt-in for SMTP clients
- SharePoint Online
- Set OneDrive for Business retention for deleted users
This Release in Detail
Managed Variables for Policy Manager
With MSPMagic’s Variable Manager, MSPs can use predefined variables, such as a customer’s TenantID or create their own variable, such as Group to Exclude from CA Policies, which they use to automatically replace parts of configuration profiles or policies before deploying to different customers.
There are many variable types available, allowing extensive substitutions to be made. The most common are:
- User(s) (selector of users from the destination tenant)
- Group(s) (selector of groups from the destination tenant)
- Profile/Policy (selector of profile/policies from the destination tenant)
This gives MSPs the flexibility they need to standardise their policies, allowing them to deploy them en masse quickly and easily.
A great example of where MSPs commonly use a substituted variable is the configuration profile OneDrive for Business Known Folder Move. This profile automatically redirects the user’s Desktop, Documents and Pictures folders to their OneDrive, backing up any data saved to those folders.
Because MSPMagic’s Variable Manager lets MSPs easily and automatically inject the customer’s TenantID, MSPs can quickly and easily deploy that same policy across all their customers’ tenants.
Toggle legacy TLS opt-in for SMTP clients
By default, legacy TLS (1.0 and 1.1) are disabled as a security measure.
This setting helps to ensure that legacy TLS does not get enabled inadvertently and thus allow an insecure legacy protocol to be used.
However, in certain circumstances, it may be necessary to override this setting and enable the legacy versions of TLS if there is no viable alternative.
In 2021 Microsoft announced that they would deprecate TLS 1.0 and 1.1 from Office 365 and Microsoft 365 (more info). For MSPs supporting legacy environments, there are often devices such as multi-function printers/scanners and legacy software applications that rely on TLS 1.0 and 1.1 to connect to Exchange Online via the SMTP email protocol.
Best practice would always say that disabling legacy TLS protocols is the ideal option, and that is what we recommend.
Set OneDive for Business retention for deleted users
When an Office 365 user is deleted, their OneDrive for Business data is retained for a defined retention period and access can be delegated to other users, such as a manager or nominated user, until the retention period lapses, after which it is deleted. The default retention period is 30 days.
Use this setting to extend the retention period up to 3,650 days (10 years).
- MSPMagic’s Templates for Microsoft Endpoint Manager (Intune) Policies and Best Practice Settings
- Release Update – November 2022
- MSPMagic’s Pre-Made Policies for Microsoft Endpoint Manager (Intune)
- Release Update – October 2022
- COMP-DV05: Windows 10 and later Microsoft Defender for Endpoint Enabled and Clear of Risks