Remote work IT capabilities have long been used to augment an organization’s primary IT model. But “work from anywhere” or WFA has become the primary mode for almost all organizations during the pandemic and remained as such for many even after COVID-related restrictions were lifted. In the coming years, many more organizations will move to a WFA model and a minority will operate in the legacy “work-in-office with remote capabilities” mode.
Almost all organizations will, at the very least, provide employees with the technical capability to work remotely on an “as needed” basis.
This evolution of workplaces and workspaces will be led by organizations whose IT environments are easier to transform including:
- New organizations who are just starting out; they will certainly opt for the WFA IT model from inception.
- Smaller organizations with simple, existing IT environments, such as the many SMBs that are managed by MSPs.
- Organizations with large IT teams and budgets who view this IT transformation as a strategic move for their business. They will invest heavily to be competitive in the market when it comes to employee acquisition and retention.
It is interesting to explore the technologies that enabled such a massive market shift. There are some obvious enablers that you’ll find mentioned in any discussion of IT and COVID. These include video conferencing solutions like Zoom and Teams, collaboration platforms like Microsoft 365 and G-Suite, ubiquitous internet connectivity, powerful mobile devices, etc.
However, I’d like to explore the less obvious underlying technologies and trends that are enabling this transformation, how they will continue to evolve, and what this means for MSPs –the behind-the-scenes drivers of WFA and modern work environments.
Must-have IT Stack Components for Modern MSPs
What does this modern, WFA IT model look like from a technology perspective? What is the underlying plumbing that allows employees to be secure and productive from anywhere?
There are five core IT technology stack areas that enable this capability.
Security for MSPs
No longer is there a concept of a trusted corporate network to which users must connect, either physically or via VPN, to access company applications and data. This is a core concept in the now popular Zero Trust security model where data can be accessed from anywhere in a “never trust, always verify” fashion.
Identity for MSPs
A single, modern, unified identity source must exist to enable access to all corporate IT resources in a secure and auditable manner. This identity source (e.g., Azure AD) underpins the ability to implement a Zero Trust security model since user identify must flow through all components of the IT stack.
Data for MSPs
Data is no longer centralized in a server closet or data center. Corporate data will be stored and accessed in one or more public clouds. The trend of consolidating all types of data in the cloud, rather than having it spread out across data centers and individual endpoints, will continue and accelerate.
Endpoints for MSPs
Devices used by employees to access corporate resources have become critical for security and productivity. Physical endpoints come in two flavors:
- Corporate-controlled and secured devices. These endpoints will have the ability to connect directly to data and applications (after meeting enforced compliance requirements).
- BYOD devices. These devices will not be tightly controlled or secured by the organization and will only have secure access to corporate IT resources via a desktop virtualization layer (e.g. Cloud PC or Azure Virtual Desktop) or to browser-based applications.
Applications for MSPs
The ultimate purpose of all above components is to enable secure access to applications and data. These applications fall into one of two categories:
- Modern apps. Client-less, mobile app or browser-based applications (e.g., Quickbooks Online, Office 365). These apps can run efficiently and securely on both corporate-secured endpoints and BYOD endpoints, but many organizations will opt to secure their data and apps by requiring users on BYOD endpoints to connect through a Cloud PC or virtual desktop layer.
- Legacy apps.Client/server line-of-business applications (e.g., Quickbooks desktop, legacy apps, custom apps). These applications must run on a virtual desktop close to the data in the cloud and can be accessed from any type of physical endpoint.
SMB Customer Needs & Scenarios
The five components mentioned above provide MSPs with the building blocks to create a modern IT environment for each customer’s unique requirements. But let’s take a look at the typical use cases and customer scenarios to see which requirements are covered in each delivery type.
There are three predominant use cases that cover most modern IT requirements. With Microsoft being the dominant player in all technologies mentioned above, we’ll narrow the scope of our discussion to the Microsoft ecosystem of products but substitute your favorite alternative where needed.
Newly started companies and those looking to simplify their technology will opt for this cloud-only, SaaS (software-as-a-service)-driven IT model.
- Applications: Modern only (e.g., Microsoft 365, Quickbooks Online)
- Server infrastructure: None
- Endpoints: Managed and secured
Companies that require flexibility and want to lower the burden of management of their IT will leverage cloud-hosted virtual desktops to securely access data and applications. As the reliance on legacy apps goes away, these organizations will move to the Simple IT delivery model.
- Applications: Modern and Legacy
- Server infrastructure: Azure for legacy apps
- Endpoints: BYOD and virtual desktops (e.g. Cloud PC, AVD)
Organizations with stringent security and compliance requirements will require users to connect from corporate-managed endpoints and access all data and apps through a desktop virtualization layer to ensure standardization and privacy. Even if no legacy apps technically require a virtual desktop to access the apps, the benefit of increased security, control, and ease of support will drive these organizations to adopt Cloud PCs and AVD-type solutions.
- Applications: Modern and Legacy
- Server infrastructure: Azure for legacy apps
- Endpoints: Managed and secured, and virtual desktops for legacy apps
Today, and in the short to medium term, Flexible and Highly Compliant scenarios will be the most popular ones because of flexibility and cost structure advantages. Simple IT delivery model offers the most simplicity but will initially be less broadly applicable because it assumes a very basic IT environment. As the market evolves and more apps are modernized (no reliance on corporate-managed back-end infrastructure, i.e., SaaS) this scenario will grow in popularity, especially among smaller businesses.
Ultimately, a significant decision that will drive the IT model selection for most organizations will be how far IT wants or needs to go in controlling and securing physical endpoints. Decoupling corporate IT responsibilities from the user’s physical endpoint allows a significant reduction in management scope and reduces IT costs. It also creates the most flexibility by being able to deploy several types of virtual desktop strategies (e.g., Cloud PCs, AVD personal desktops, AVD pooled desktops, AVD RemoteApps).
Modern MSPs’ Unique Challenges
From speaking with thousands of MSPs, we have identified the following six unique challenges when building a modern practice.
Native tooling is not designed for MSPs.
Microsoft creates its software and platforms for large enterprise organizations who are focused on managing a single large IT environment (their own) with almost an infinite number of flexible, configurable options. MSPs manage many smaller, far less complex IT environments and simple, unified, multi-tenant and cross-tenant management capabilities are key to building a successful modern MSP practice.
Azure and Intune are complex and difficult to approach.
There are many services and configurable options in Azure and Intune (and other Microsoft cloud services) that are not relevant to MSPs’ SMB customers. These additional capabilities make these products difficult to approach, learn, implement, and support.
Insanely rapid rate of change.
The rate at which Microsoft innovates, changes its technologies, and introduces new ones is head spinning and difficult to keep up with. This adds costs to MSPs and make finding, training, and retaining talent difficult.
Bespoke, per-customer configuration is expensive.
A lack of unified, multi and cross-tenant management capabilities across Azure, Microsoft 365, Intune, Azure AD, and Defender make the MSP’s job of configuring each small customer in a bespoke manner expensive, error-prone, and inconsistent.
Consumption-based models carry margin risk.
Consumption-based (Azure) and license-based (Microsoft 365) cloud services carry an inherent margin risk for the MSP. Not being super vigilant about what is being purchased or consumed by the customer can cause MSPs to lose margin or even be upside down with a customer. Technicians doing their job to solve a customer problem can be careless in assigning licenses, increasing sizes of VMs, and adding storage without a proper workflow for capturing, approving, and ultimately billing any changes to the customer.
Security risk due to agent-based RMM model.
As recent incidents have shown, RMMs are ripe targets for cyber criminals who are looking for the highest leverage for the criminal activity.
Let’s dig in a bit more to the context of some of the above challenges and broaden the discussion to other struggles common for MSPs.
The cloud reduced the scope of IT administration by removing the need to manage underlying physical infrastructure, the server operating system in case of PaaS (platform-as-a-service), and even the actual application in case of SaaS. At the same time, the move to the cloud brings with it amazing flexibility, significant complexity, and disparate management.
Consider the complexity of managing IaaS (infrastructure-as-a-service)/PaaS in Azure portal, SaaS in Microsoft admin center, endpoints in Intune, identity in Azure AD, and licensing elsewhere. Each of these platforms has its own portal, nomenclature, and management concepts and all these are components of the three WFA customer scenarios outlined above that must be managed for each customer. Add to this the insanely rapid rate of change in these technologies and the IT admin’s job becomes more than daunting.
The job of MSPs, who manage anywhere from dozens to hundreds of SMB customers, is exponentially more difficult. With its hundreds of services and tens of thousands of configurable options, most of Azure isn’t relevant to an MSP’s typical SMB customer.
Intune is a similar story with its thousands of configurable settings, the vast majority of which are irrelevant to MSPs. A single large organization, with multiple people in its IT department, can easily justify the investment into learning, deploying, and maintaining these platforms. It’s a highly leverageable investment that will provide long-term benefits. On the contrary, MSPs, whose staff each manage multiple organizations, find it challenging to invest in first learning a rapidly changing technology (e.g., Azure, Intune) and then implementing it in a bespoke manner for each small customer. The effort and cost of this implementation can far exceed the potential payback. The lack of unified, multi-tenant, and cross-tenant management capabilities in Azure AD, Intune, Azure, and Microsoft 365 makes the service provider’s job difficult, costly, inconsistent, and risky.
An MSP’s challenges don’t stop there. The RMM (remote monitoring and management) solution has been an enabling technology to building a scalable MSP business with unified management of endpoints, servers, and network infrastructure. RMMs rely on a single command-and-control console and distributed agents that run on each endpoint. The agent communicates with the console, submits diagnostics and performance data, and can be remotely controlled from the console.
As IT evolves towards pure cloud technologies and Microsoft continues to invest into innovation and bundle Intune with Microsoft 365 at no additional charge, the role of the RMM is changing. Microsoft is in the unique position to provide the best and most secure endpoint management engine since most endpoints are running Windows. It is reasonable to assume that over time, the built-into-Windows management capabilities of Intune will catch up to and exceed RMM’s capabilities. And MSPs will find it difficult to justify not using Intune, especially if it comes for free with the Microsoft 365 licenses their customers already pay for.
How Nerdio Helps MSPs Build a Modern Cloud Practice
Nerdio’s mission has always been to empower MSPs to build successful cloud practices. We started this journey by identifying and focusing on the most challenging aspect of MSPs’ tasked with building a cloud practice – desktop virtualization with Azure infrastructure – and building deep and valuable solutions to address this challenge.
As we eliminated the most obvious challenges, we moved to other areas of MSPs’ cloud practice that needed help (e.g., server infrastructure, backup, networking, file storage, etc.).
Today Nerdio’s solutions are evolving to meet the challenges of the new WFA modern world. Nerdio is expanding its product capabilities to solve MSPs’ immediate and future problems. One major challenge is the lack of a unified, multi and cross-tenant management platform that would enable MSPs to transform their customers to a modern IT model (Simple, Flexible, Highly compliant) in a leverageable and consistent way.
Another challenge is the complexity of Intune. There is a lot of room to simplify and make Intune more “MSP friendly.” Just like Nerdio simplified Azure for MSPs by curating the available options, making it easier for MSPs to make the right choices, and automating the management, we are applying the same approach to Intune.
Nerdio Manager for MSP offers a simplified and unified, workflow-powered, multi-tenant management of all components MSPs need to transform their customers IT to the modern, WFA model. This includes unifying the management of Azure infrastructure, Microsoft 365 modern apps, Intune endpoints, Azure AD identity, and in the near future the Defender security suite, into a single cloud management platform.
Finally, MSPs are in the business of providing technology services to their customers for a fee. They need to be profitable to stay in business and margin optimization is a critical component of Nerdio’s value-added approach. Nerdio Manager also provides capabilities to help MSPs’ with their commercial success with technologies like auto-scaling, cost estimation, license reporting, and much more.