r/msp

Google recently made some HUGE changes. Google search by default is AI powered search. Same with Ask Youtube and Google Spark.
This is going to have a big impact on traditional marketing and SEO where you could just make blogs with keywords like IT services near me and have inbound calls coming in. That blog post you paid someone to write with “ managed IT services near me” stuffed into every paragraph? The AI just read it, summarise it and answer your Prospect question without them ever clicking your link.

No visit, no call, no lead, unless you show up as AI suggested answer. The ones that figure out how to get sorted by AI instead of just ranking by Google are going to eat everyone else’s lunch for the next decade.

Because right now, even your top performing blog or mention is getting buried under an AI suggested answer and then four sponsored links.

Hello All,

I'm looking for something to aid with MS Tenant Admin. Was watching u/bearded365guy (not sure if he's on reddit) talking about 365sentri.com. Just triggered in my mind that I should audit the tools we're using.

What are you good folks using for multitenant MSP admin over customer tenants. (poorly phrased but I'm sure you get my meaning).

Thanks!

Edit

Okay, focusing on CIPP. Already signed up for the NFR account for 365sentri and have a demo for the upcoming product from Huntress in two weeks but it sounds like CIPP is the way to go.

Thank you all again!

We've had a client for ~15 years that recently has become quite hostile towards us. They've started asking for administrative rights to everything, taking issue with how we've been managing things, complaining about our cost, the owner stating "there's no way in hell I would have signed your contract" (his previous ops manager did).

I am planning to offer him a "break glass" global admin account if he agrees to not use it except in cases where we have violated our SLA with prior notice in writing.

In addition to this, I'd like to just get out of our contract with them. It's not worth this current headache. The complicating factor is they have a few open invoices.

I'm willing to let them out of their contract without having to pay it out (as it is written in the termination clause), but I don't want to offer this until we've received or are sure we'll get payment for those open invoices.

They've also asked for documentation and passwords to all other infrastructure. This was requested in the name of business continuity, which I understand. Would you wait until the termination of the agreement to turn this over as well?

How would you handle this?

I have this ongoing ticket for a few months now. It's with one of those accounts that want everything to work, except they aren't going to pay for it. Nice people but exhausting sales process.

Claude is hooked into my ticketing via read-only API (yeah it's in our privacy policy) I asked Claude to review the ticket, and found the response an interesting read and thought I'd share it.

-------------------------------------------------

This is a phenomenon every MSP knows intimately, and there's actually solid psychology behind all of it.

Why business owners resist spending on IT

The core issue is that technology is invisible when it works. It's what psychologists call a zero-sum perception of maintenance spending — money spent preventing a problem produces no visible outcome, so the brain categorizes it as waste. You can't point to "the server crash that didn't happen." Compare that to a new sign out front or a piece of equipment — you can see it, touch it, show it to people.

There's also loss aversion at play (Kahneman's work). Spending $500/month on managed services feels like a guaranteed loss. A potential $50,000 outage from a ransomware hit feels abstract and distant. The brain dramatically underweights probabilistic future losses versus certain present costs.

Business owners who built their companies through hustle also tend to have a control bias — they believe their judgment and effort can overcome most problems, which works great for sales and operations, but catastrophically misapplies to infrastructure risk.

Why they explode when things break

This one's interesting. When technology fails, it triggers something called dependency panic — suddenly they realize they have zero control, zero knowledge, and zero ability to fix it themselves. That helplessness converts almost instantly to anger, because anger at least feels like agency. It's the same reason people punch dashboards.

There's also a phenomenon called expectation anchoring without investment. They've mentally categorized their computers as appliances — like a refrigerator. Refrigerators just work. Nobody maintains them. So when the "appliance" breaks, it feels like a betrayal of a basic social contract, not a predictable consequence of neglect.

The contradiction — is it insane?

It's not insane, but it is a genuinely irrational cognitive trap called magical thinking combined with outcome ownership mismatch. They want the outcomes of a well-run infrastructure without bearing the costs — and crucially, they don't connect those two things as cause and effect. In their mental model, IT spending and IT reliability exist in separate buckets. Spending goes in the "waste" bucket. Reliability goes in the "I deserve this" bucket.

The clinical term for holding two contradictory beliefs simultaneously without recognizing the conflict is cognitive dissonance, and humans are remarkably good at sustaining it indefinitely when money is involved.

What actually works when dealing with them

The MSPs who crack this tend to reframe the conversation away from cost and toward revenue impact. "Your POS system was down for 4 hours last Tuesday. What did that cost you in sales and staff time?" That math, done in front of them, often exceeds a year of managed service fees — and it's their number, not yours. You're not selling IT, you're selling the absence of that feeling they just had when everything stopped working.

The other lever is social proof from peers. A business owner will resist your pitch for months and sign in a week after their golf buddy tells them about the ransomware attack that nearly killed his company. Peer loss narratives bypass the abstraction problem entirely.

TLDR - "People don't value what they can't see working, and they panic-rage when they lose control over something they never understood.

They cheap out because preventing problems produces no visible result. They freak out when things break because helplessness turns into anger fast. And they don't connect the two because in their head, "spending money on IT" and "things working reliably" live in completely separate buckets."

Starting in the last week, two users at one client have reported seeing this warning - once in Outlook and once in the MS admin site.

Of course, MFA is enforced, and the sign-in logs indicate "MFA requirement satisfied by claim in the token."

Also, enforcement began in February...of 2025, so why are we seeing this now?

This warning is in error, right?

GitHub Official X Post

"We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity."

Dark Web Informer says "GitHub source code allegedly offered for sale: Internal orgs and private repositories claimed

A threat actor using the alias TeamPCP claims to be selling GitHub source code and internal organization data.

The actor claims the dataset includes around 4,000 private repositories and says samples can be provided to interested buyers to verify authenticity.

━━━━━━━━━━━━━━━━━━━━
Target: GitHub
Country: United States
Sector: Technology / Software Development / Source Code
Incident Type: Alleged Source Code Sale
Claimed Exposure: Around 4,000 private repositories
Actor: TeamPCP
Price: Offers over $50,000
━━━━━━━━━━━━━━━━━━━━"

Edit: adding xcancel link, thanks jykke!

Update from GitHub:

1/ We are sharing additional details regarding our investigation into
unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device
involving a poisoned VS Code extension. We removed the malicious extension
version, isolated the endpoint, and began incident response immediately.

2/ Our current assessment is that the activity involved extiltration of GitHub-
internal repositories only. The attacker's current claims of ~3,800 repositories
are directionally consistent with our investigation so far.

3/ We moved quickly to reduce risk. Critical secrets were rotated yesterday and
overnight with the highest-impact credentials prioritized first.

4/ We continue to analyze logs, validate secret rotation, and monitor for any
follow-on activity. We will take additional action as the investigation warrants.

5/ We will publish a fuller report once the investigation is complete.

Hey team,

Looking for some magical solutions from the group. We've got a client that has ~5 critical 3rd party applications, and these applications have other 3rd party add-ins.

Our trouble, is these add-ins require updates once every month or three. We can automate the update, but to update the add-in, the main 3rd party application it integrates with must be closed. The client's fleet is also almost entirely laptops, and they work from home ~75% of their week.

The issue, as you can imagine, is regardless of how much communication (group-wide emails, pop-ups the afternoon prior, fugg'n texts.. etc), we can never get more than 60% of the staff to leave their shit on. We provide a report to the client of machines that were online and offline during the start of the maint window (and to whom they belong), we enable WOL, disable sleep & hibernation, etc, but consistently, routinely, people just straight up don't comply.

I know the respectable lot in this crew will say "this is an HR / management problem at the client and not a technical nor service delivery issue" and I don't at all disagree, but I'm constantly looking to challenge my mindset and approach to things and see if there is a better way things can be done.

Thoughts and ideas?

Every post here is market research disguised as a professional question!!! Individuals or companies seeking insight or feedback on products, services, etc… The exact definition of market research!!! Just because someone frameworks a question based on some hypothetical situation to gain insight from others doesn’t mean it’s NOT research!!! Just because people put a “perspective” on it does NOT change the root objective!

DEBATE IT, GO!!!!

Small MSP owner here.

I’m running into something I can’t quite pin down, and I’m curious if anyone else has dealt with this.

We’ve heard from a couple of clients recently that:

“Things don’t feel quite right.” "There is a perception that things are getting resolved."

The problem is, when we look at the actual data, nothing obvious jumps out.

• No major unresolved tickets
• SLA metrics look fine
• Help desk satisfaction is good
• No specific technician or team member has been named as the issue
• Project work is moving along
• Proposals are being delivered
• Deployments are happening
• vCIO meetings are still on cadence

But the perception is there. And once that perception takes root, it can be hard to undo.

A few things I’m trying to figure out:

Is this really a communication cadence issue? Are we not doing a good enough job showing the work we’re doing behind the scenes? Could one person in the client’s leadership team be driving the narrative even if the rest of the organization doesn’t feel the same way?

For those of you who have successfully turned around a “vibes are off” problem before it became a real relationship issue:

What did you change?

Appreciate any advice. This feels like the kind of thing that’s much easier to fix now than after a renewal starts going sideways.

We have been notified of a 20% price increase in Essentials, effective from July 1. Anyone else seeing the same?

This is bulletpointed to make it as black and white without any emotion behind it as I have argued both sides of this in our office but want to get thoughts from the community.

We have a customer who is 10 minutes drive away.

They are part owned by Jeff… Jeff used to have both companies IT, Internet, the whole shebang with us.

Jeff then moved his main company to another IT and a different company for connectivity.

Jeff left one company with us to support his IT for 3 users of his smaller company.

Jeff sold his main company so we now just support IT for 3 users and this company now sublets an office space from the sold company.

3 weeks ago, they lost internet so we went and looked, a router reboot fixed this issue.

This week, same again. Internet has gone offline for them.

What would you do?

Go to site again to troubleshoot and pass to internet company to fix once we have troubleshooted?

Go to site, troubleshoot and try to resolve?

Tell them that this is unsupported by us?

Or anything else that you would do?

Sorry for the long post but I have too many conflicting ideas as someone who want to help the customer but also someone who want to make sure our Helpdesk and company is as efficient as we are selling out

Edit: Sorry, got removed by Reddit filters, so I had to republish it

Small dental office, 18 seats, been with us since we started.

On a fully managed contract, endpoints, backup, M365, and the works.

For the last year they kept buying their own equipment without telling us.

Random Amazon switches, a NAS someone's nephew recommended, a "smart" UPS that talked to nothing.

We'd find out when something broke. Every time we'd explain why it was a problem, the office manager would nod and do it again three months later.

The final thing was a ransomware scare turned out to be nothing, but it burned two days of our time and traced back to a device they'd plugged in without telling us.

When I brought it up on the call, she said, "Well, you should have caught it sooner."

I gave them 30 days' notice the next morning. Felt sick about it for a week.

They were $2,800/month and had been with us forever. But the team was visibly relieved when I told them.

We replaced the revenue within 4 weeks, and I sleep better.

What made you finally pull the trigger on a client? And did you second-guess it after?

We started using Avanan years ago and when Check Point took over we slowly adopted things from the Infinity part of things. By now we use the Endpoint solution, Browse Protection and some extra's sprinkled in. Most of it is amazing.

Today we were in talks with a potential new client with specific compliance needs (mostly stuff around NIS 2.0 - we are based in the Netherlands). So they asked what our stack looked like. Everything was fine except Check Point was crossed out everywhere.

Mind you we have been keeping up with everything and have never seen Check Point raised as a dealbreaker. But to this client it is. When asked why the owner stated he would not deal with any Israeli company. Obviously I thought I was dealing with racists but the owner is Jewish. His explanation was that he does not trust Israeli companies that are subject to Israeli law with any form of data.

This is an absolute first for me and we have semi-government as clients who seem to be fine with us using Check Point...

Have any of you had any push back at all surrounding any software?

Just after some people experiences with creating reports that will collate data from a couple of systems (RMM and HaloPSA).

I already have some of the data in dataverse for an AI agent to reference but looking to see if people are custom creating their reports or using a platform to ingest the data and make something prettier.

We currently use Halo to generate these with their composite reports but struggling to make them impressive.

Does anyone have any recommendations for how they do it?

We have been using TL for years, but have not implemented the Network Control module.

I have an increasing number of users who are doing a VPN/RDP to their office computers and was reading up on Network Control and how it could potentially replace the VPN part of it.

Is anyone using that module for the same or similar?

Hi,

How do you manage Tailscale across multiple clients? Is there an MSP-focused version available? I wasn’t able to find much detail in their documentation.

If you’re currently using it, are there any limitations when operating in an MSP model? Also, if we route traffic through an exit node in our datacenter, would we need to deploy a separate VM per client, or can this be shared across tenants? how is the RBAC roles? Thanks

Small dental office, 18 seats, been with us since we started. On a fully managed contract, endpoints, backup, M365, and the works.

For the last year they kept buying their own equipment without telling us. Random Amazon switches, a NAS someone's nephew recommended, a "smart" UPS that talked to nothing. We'd find out when something broke. Every time we'd explain why it was a problem, the office manager would nod and do it again three months later.

The final thing was a ransomware scare, turned out to be nothing, but it burned two days of our time and traced back to a device they'd plugged in without telling us. When I brought it up on the call, she said, "Well, you should have caught it sooner."

I gave them 30 days notice the next morning. Felt sick about it for a week. They were $2,800/month and had been with us forever. But the team was visibly relieved when I told them.

We replaced the revenue inside 4 weeks and I sleep better.

What made you finally pull the trigger on a client? And did you second-guess it after?

Hi everybody, we are located in the northeast and have clients that have msp needs and we don't ever touch it at all, (rmm, backups, etc) Also installers but only in ct. I am just looking to connect with some in NA down the east coast. thanks