why-msps-and-policypak-are-an-ideal-match-0

Why MSPs and PolicyPak are an Ideal Match

The latter half of the decade has seen tremendous growth for Managed Service Providers. The MSP global market currently stands at nearly $170 billion at the close of 2019. This is a dramatic increase over the $107 billion dollar market it stood at in 2014. What’s more, this upsurge appears to have no end in the near term as the MSP market is projected to grow 12 percent a year over the next five years.

MSPs Fill an Important Void for Small Businesses

Growth such as this is due to more than just coincidence or luck. It occurs when someone fills an important need for a customer base: small and medium. These businesses need access to IT services and talent in a digital world just like the largest corporations. Unfortunately, they do not have the budget or knowledge base to create and support the necessary IT infrastructures that deliver value and stimulate innovation. That is where MSPs come in; filling in an important void that allows SMBs to leverage technologies and human talent, they don’t have access to.

PolicyPak Fills an Important Void for ISPs and their Customers

A big dilemma for ISPs is how to manage their customers’ IT estates with both granularity and efficiency.

Some MSPs are using MDM solultions with (or without) an RMM solution.

When doing so, MDM solutions allow you to manage all the devices from your customer base within a single pane of glass. MDM solutions can make a lot of sense for some MSPs since they manage their customers remotely a majority of the time.

While MDM makes it easy to manage and deliver settings to your clients’ devices, it falls way short in settings coverage. How short? Well, in the Intune world, you are missing over 3,000 Group Policy ADMX settings. Now tack on Group Policy Preferences and the number of missed settings approaches 10,000. Below is a summarized list of where MDM falls short:

  • Security Settings
  • Audit Policy
  • User Rights Assignment
  • AppLocker settings
  • 3,000+ Administrative Template settings
  • The ability to manage anything in Control Panel
  • Manage the Start Menu and Taskbar for your users
  • The plethora of available settings in Group Policy Preferences

The traditional way to garner the control of all 10,000 settings is to simply use traditional Group Policy. However, that requires accessing the AD environment of each client’s domain using some type of VPN connection. That of course is a cumbersome process and one that most MSP admins do not have time for.

That is where PolicyPak comes in. We fill an important void for MSPs by providing a modern desktop management solution that empowers them to easily configure, deploy and manage policies for all of their clients. With the PolicyPak suite of solutions, you can firstly configure all of those 10,000 settings, but additionally lock down and protect your users and desktops once and for all.

PolicyPak gives you both granularity and convenience in a single package, allowing you to manage all of your clients’ devices through the cloud or MDM.

PolicyPak Administrative Templates Manager

So let’s start with the ability to manage those 10,000 settings that MDM is simply incapable of. PolicyPak Administrative Templates Manager lets you configure and deliver all computer and user ADMX template settings to all Windows devices. Because PolicyPak integrates with Group Policy Editor, admins can create policies using a tool they are already accustomed to when creating policies.

why-msps-and-policypak-are-an-ideal-match-1

Note below that you can configure both computer and user side settings without resorting to loopback processing. PolicyPak Administrative Templates Manager gives you mastery of every available group policy setting.

why-msps-and-policypak-are-an-ideal-match-2

We also give you the flexibility to use individual item-level targeting for all policy settings. You can see a video demonstration here

PolicyPak MDM and Cloud Edition

While PolicyPak does have a Group Policy Edition, what you might refer to it as our “on prem” edition, MSPs will most likely find our MDM and Cloud Editions more pertinent to them. Let’s start out by saying that PolicyPak MDM Edition is not a substitute for your current MDM solution. What we do is make your MDM solution more comprehensive.

Here are some of added superpowers we can inject into your MDM solution.

  • Eliminate Local Admin Rights & Block Ransomware
  • Manage Settings for more than 400 applications and browsers such as Chrome, Firefox, Java, etc.
  • Manage multiple browser environments
  • Manage multiple Java environments
  • Manage Windows 10 File Associations
  • Manage Windows 10 Start Menu
  • Deploy any script throughout your MDM service
  • Manage Windows Features and Optional Features

Getting PolicyPak integrated with your Intune, MobileIron or Workspace One is easy. Simply upload our PolicyPak Client Side Extension, PolicyPak MDM licenses and your Packaged PolicyPak Settings and and you are all ready to manage MDM enrolled devices like never before.

why-msps-and-policypak-are-an-ideal-match-3

To learn how to best leverage real Microsoft Group Policy Settings into Intune, Workspace One or your own MDM service, check out this video.

Of course, you don’t need an MDM service to take advantage of cloud level management. PolicyPak Cloud Edition empowers you in the same way for all of your clients’ devices, whether they are domain joined or not. With PolicyPak Cloud Edition, you can manage stand-alone devices in the same way as domain joined. Watch this video to see how you can deliver Group Policy Admin template settings over the internet without MDM.

Complete Desktop Security Protection for your SMB Clients

Small businesses have a real disadvantage when it comes to cybersecurity. Forty-three percent of cyberattacks are aimed at small businesses, but only 14 percent are prepared to defend themselves. In other words, small businesses are targeted almost as much as large enterprises yet lack the tools and knowhow that corporations have access to. Last year, 66 percent of small businesses worldwide faced a cybersecurity attack. In fact, SMBs are reporting a significant increase in cybersecurity attacks for the third year in a row according to the Ponemon Institute.

In order to follow best security practices and protect user desktops, you need to strip standard users of admin rights. But then how do you allow them to freely do their jobs when they need elevated privileges? How do you stop them from clicking on everything that they download? The answer to these questions and others is PolicyPak Least Privilege Manager.

We created Least Privilege Manager with the notion that standard users actually CAN do their jobs without being granted local admin rights. There are two aspects to this product. First, it elevates privileges for a standard user when needed. This could be for the installation of an application, the bypassing of a UAC prompt or the ability to access designated Control Panel applets. The other component is SecureRunTM, which only lets users run applications if they are “properly installed or sanctioned by the administrator. Essentially, it provides “application white list” like protection, without the hassle of managing application lists.

Let’s focus on SecureRunTM for now. When SecureRun is on, PolicyPak Least Privilege Manager checks to see who owns a designated file executable, MSI, script, or Java JAR file. When users download files off the Internet or copy from USB drive, etc., they own the file. But SecureRunTM defines a list of “Which users or admins are sanctioned to put files on the hard drive.” The default list is shown below.

why-msps-and-policypak-are-an-ideal-match-4

So what happens when a user clicks on something that is not owned by a SecureRun Member? Well, a standard user will get what’s seen here (or a customized PolicyPak message if you wish.)

why-msps-and-policypak-are-an-ideal-match-5

As mentioned, part of stripping admin rights from standard users is giving them designated rights to do those things required to do their job. For instance, watch this video on how to enable standard users to access Control Panel applets. You can also see a complete video demonstration of the SecureRunTM protection system.

Partnering with PolicyPak

The MSP/client relationship is a partnership. Your clients entrust you with the keys to their IT estate and turn to your leadership in times of crisis and strategizing. PolicyPak values its MSP partners as well. We are dedicated to ensuring that our MSP customers have the tools and support they need to keep their own clients running and secure. Let us show you how we can add value to your services portfolio and security stack.

Jeremy Moskowitz

Founder & CTO, Microsoft MVP in Group Policy, Enterprise Mobility, and MDM

Jeremy Moskowitz founded PolicyPak Software after working with hundreds of customers with the same problem they couldn’t manage their applications, browsers and operating systems using the technology they already utilized.