Microsoft 365 Multi-Tenant Management with Syncro XMM

Richard Dean: Welcome, everyone. Thank you for joining us today on this nice hot summer day — at least here in Pennsylvania. We’re excited to introduce you to the XMM platform. XMM merges RMM and PSA capabilities and underpins it with Microsoft 365 multi-tenant management and security, all in one place. The platform is designed to simplify your operations, secure your customers and your users, and help you scale your business.

My name is Richard Dean. I’m the Director of Product Management, focused on Microsoft 365 integrations and functionality — that’s why I’m here today. And my partner in crime, our demo master today, is Steven Horne, Strategic Account Executive. Steven, you want to take a second to introduce yourself?

Steven Horne: Yeah, and we still have some people trickling in. My name is Steven, I’m on the sales team, and I’ll be the one demoing the platform today. I’ve been here about four years, so I’m excited to answer all your questions and get things moving in the right direction.

Richard Dean: All right — we’ll give folks another minute to trickle in, and then we’re going to unpack why we think you should be considering Syncro, jump into exactly what XMM is, and then Steven is going to give you a demonstration of many of the new capabilities we’ve introduced this year.

So let’s talk about how Syncro helps MSPs streamline operations, serve more clients, and grow their profitability.

Number one is our unified platform. Syncro brings together the RMM and PSA capabilities you’re familiar with — ticketing, endpoint management, patching, and scripting. But it also brings together Microsoft 365 multi-tenant management and security capabilities. And it goes well beyond that: we have over 50 integrations, including things like Pax8 billing that allow you to do third-party billing of your services, accounting integrations like QuickBooks and Xero, and the Syncro Marketplace, which lets you buy tools like Bitdefender or Proofpoint with no minimums. We also allow you to bring your own remote access if our native Splashtop isn’t to your liking. Everything is under one single platform, so you can manage it all in one place.

Number two is maximizing your efficiency and profitability. We have built-in AI around search and ticketing, advanced scripting capabilities that let you script in any language you prefer, and advanced auto-remediation built into both alerts and ticketing. That gives your technicians the ability to do more with less — freeing up capacity and boosting your bottom line.

Number three is rapid implementation and return on investment. With Syncro, you’re going to be able to quickly onboard and see immediate improvements in your business workflows — a return on investment in days, not months.

And finally, number four: simple, predictable pricing designed for growth. Our per-user pricing with no contracts or onboarding fees means you can scale confidently without financial risk.

That’s how we support managed service providers. But what if you’re managing an internal IT team instead of external clients? Let’s take a look at what Syncro can do there.

For internal IT teams, Syncro helps simplify your day-to-day operations and improve service delivery without adding complexity — because we know complexity is death.

Number one is unified management and automation. With our unified platform, you can discover and manage your users, devices, and all your network assets in one single place. You can automate routine work with AI search, advanced scripting, and auto-patching to free up time.

Number two is accelerating issue resolution and end-user satisfaction. We give you smart ticketing that routes issues faster and lets you customize workflows, so your team resolves requests quickly and meets your SLAs.

Number three: you gain strategic focus and reclaim your time. With less manual work, your team can focus on bigger projects that move the business forward.

And number four is dedicated support and community resources. You get direct access to experts and a strong peer community that we’re building and growing every day. Whether you’re managing external clients or internal users, Syncro gives you the tools to simplify, secure, and scale.

So let’s get into what we’re actually talking about today. What is XMM? XMM stands for Extended Management and Monitoring.

What Steven will be demonstrating are some of our new capabilities centered around Microsoft 365 multi-tenant management — things like managing users and their access, and assessing, monitoring, and reporting on your Microsoft 365 security posture. Not just for a single tenant, but across all of your customer tenants.

Syncro XMM’s goal is to simplify your tech stack, help you secure your users and the environments you’re managing, and help you scale your business by merging together the capabilities of RMM, PSA, and now Microsoft 365.

And now it’s demonstration time. I’ll stop sharing and hand it over to you, Steven.

Steven Horne: All right — that was all great information. Now it’s time for the fun stuff.

Before I dive in: there is a live Q&A portion of this session as well, so please ask your questions in the Q&A section. The chat is tough to keep track of, but we can see and respond to questions from the Q&A form. I’ll probably remind you of that a couple more times.

So let’s kick things off. The first portion we’re going to walk through is how we connect Microsoft 365 and what flows from there. But right now we’re looking at Syncro’s Assets page. You can filter and customize this with different columns, but the key thing is you always have access to the information you need at a glance or with a single click.

Part of that ties into quick-view modules that are available throughout the platform. Not a lot of people notice this, but anytime there’s an asset, you have a quick view — any custom fields, system details, the ability to run a one-off script, and so on.

Now, the Microsoft 365 integration is handled in the Administration section. Under the admin tab, you’re essentially onboarding a new Microsoft tenant. The cool thing about this is it can be done as a single tenant or in a CSP format. Your team will have potentially hundreds of tenants you’re managing in a single pane of glass — no longer logging into each one to handle identity management, security baselines, or other daily tasks that might take 10 to 15 minutes each. You can now do all of that within Syncro.

All the documentation and quick-access guides for connecting your tenants, mapping them, and enabling the Entra sync are readily available. We already have tenants connected here, and they were synced pretty recently. Let’s click into the Guardians of the Galaxy tenant. Once we’re in here, we can see some base information about this tenant — their Secure Score, how many users they have, and the setup options for what users sync over. You can control which organizations, which departments, which groups of people, and even filter by license status. That’s what kicks off your Entra sync to pull that information into Syncro.

Richard Dean: And this keeps the user data in sync — I believe it’s every two hours. So any deletes or changes to user metadata will be reflected here.

Steven Horne: That’s correct — it syncs on a schedule, so you don’t need to do it manually. Any changes will update automatically.

Now, once these tenants are connected, the next step in onboarding a new organization is network discovery — being able to easily scan, find what’s out there, and then take action on it.

This is what’s new, Richard — the network discovery UI used to be a pop-up, and it’s now in a side panel on the right. You create scan profiles based on specific criteria, connecting to a node that’s already on the network. That node is the device that goes out and does the scanning. From here you select an IP range and subnet, and now you have additional options — including the ability to scan via SNMP all the way up to v3, with credential management, authentication protocols, contact names, whatever you need for that scan.

In addition, any device we can deploy an agent to, we will — as long as the credentials are correct — and then apply the correct policies to those specific devices.

And you might be thinking: okay, that’s great, but if it only runs once, it’s not very useful. During the discovery setup, you can set these scans to run on a recurring schedule — say, once a day. Any time it finds a new device, you can be notified before taking action on it, so you always have a continuous view of what’s going on in that environment.

All of that information filters into your Devices section, where you can see the full device table, filter by IP address or other attributes, pin columns, and — importantly — see at a glance what’s managed and what’s unmanaged.

For example, I can see here that one device had a failed agent install. If I hover over it, it tells me exactly why — wrong credentials in this case. From here, I can just update those credentials and re-attempt the install. Once that goes through, it’ll deploy the agent.

I can’t tell you how many times I’ve heard this story: an MSP signs up a new client who says they have 10 devices, and then you run a discovery and there are 40. This lets you get a clear scope of what’s actually out there and control the environment more securely.

Richard Dean: Steven, can I ask a quick question? On the network scan profiles — is there generally a need to have more than one per org, or is one usually enough?

Steven Horne: One is usually enough. There are situations where you might use multiple — in larger internal IT environments with multiple subnets, it might be easier to track devices with separate scan profiles. But for a single organization at one location, one profile should be fine.

Now, as the agent gets installed, it’s going to start triggering things based on the policy assigned to it. Those policies do a few things in the background: applying Windows patch policies, deploying software, and setting up monitors for things like low hard drive space or failed login attempts. As those monitors kick in, you’re going to start seeing activity in the Alerts tab.

From Alerts, you can filter by name or organization, and you can see which alerts already have tickets — which might have been created by automation running in the background. You can create a ticket from here, or you can create a remediation that runs automatically. For something like low hard drive space, you can build an automation to run a cleanup script, clear the alert without any human interaction, and move on. You can also do things like post to Teams or convert alerts to tickets — it all depends on what actions or workflows you want to set up. Automation really comes into play everywhere here.

Now let’s move into what happens when an end user has an issue. There are a lot of ways for end users to submit tickets. I’m going to act as one of our end users here, going through the system tray — which in practice would look like the end user submitting it from their device. This is a policy-specific system tray that allows you to create customized menus offering things like live chat and the ability to enter a support ticket.

I’ll create a ticket here: Microsoft 365 — locked out of my account. If needed, they can include an image of their screen, and then they send the request. Even if they can’t access their email, they can still enter a ticket this way. Everything is branded to your organization, not to Syncro.

Once that comes in, it flows into the ticketing section. From here, you can handle changes directly inline without needing to open the ticket, and we’ve set up different views — some people call them boards — that let you organize tickets by issue type. In this case, I have a view specifically for anything Microsoft 365-related. I can see tickets, how long ago they came in, and who submitted them.

Let’s open this one up. They’re locked out and need a password reset. From within the ticket: I can track time, I can see the asset was automatically attached because they submitted via the system tray, I can remote in with Splashtop, run scripts, use backgrounding tools, or live chat the end user at any point. Now, since this is specifically a Microsoft 365 issue, I can click the View User Details button on the assigned contact on the left side of the ticket, which opens the user details. From here, I simply hit Reset Password. It asks for confirmation, and once reset, it gives me a temporary password to share with the end user and signs them out of all their devices.

I didn’t have to sign into the Microsoft tenant at all. I did it right from within Syncro. If this were a different tenant or a different organization, the process is exactly the same.

The Entra sync also pulls in other Microsoft user details: principal names, MFA statuses and methods, and the last time they were active. You can also see the last five actions taken on the account, and in the end user table you can see Microsoft licenses and other details. You can add and pin whatever columns are most useful. Then it’s just a matter of adding a comment to the ticket with the temporary password — or sharing it over the phone, whatever your team’s best practice is — and marking it resolved.

Now let’s round out the identity security story. The four user actions available within Syncro are: reset password, reset MFA, block sign-in, and revoke sessions. Reset password and reset MFA are fully released. Block sign-in and revoke sessions are currently in early access with an imminent release. Those last two are specifically for scenarios where you believe a user has been compromised — you can immediately block them from signing in or revoke their active sessions while you investigate, and you can create a ticket to document the whole thing right from within the end user contact record.

Next up is security baselines. This is where we can create and assign assessments based on Microsoft 365 security best practices. We currently have version one, which covers 22 rules following the CIS Level 1 framework for Microsoft 365. It’s monitored twice a day, and you can set up notifications for any specific rule you want to be alerted on. When you attach a baseline to a tenant, it runs the assessment and tells you exactly where you passed and where you failed. For any failed rule, you can click in and see the details of that rule, what category it falls into, and — this is important — prescriptive remediation instructions for how to fix it. No more guessing. Some rules also include PowerShell scripts. Version two will expand these baselines with more rules and, over time, we’re working toward automating remediations for simpler controls.

The last piece of this is the assessment export. With one click, you can generate a branded assessment from the baseline data to share with your clients. It breaks down their organizational overview — license and software usage, user counts — and benchmarks them against organizations of a similar size. It’s a great tool for demonstrating value: you can show a client they’re 25% above their peer group, or flag where there’s room for improvement. The whole thing is easy to read — you don’t need to be technical to understand that a red X means something needs attention. That’s the XMM overview.

To set up Microsoft 365 — I got a question on this — you go to your Admin section, under RMM Settings, and you’ll see Microsoft Tenant Management. The first time you access it, a setup guide will pop up in the bottom right. If you’ve previously dismissed it, just hit the question mark at the top and it’ll reopen the guide and walk you through the steps. This supports both individual tenants and CSP setups — as long as your DAP permissions are configured correctly.

On Jacob’s question: does XMM support direct integration with Pax8 for automated license assignment and management? Automated license assignment — not yet. But the Pax8 integration does allow you to pull whatever you’re purchasing in Pax8 into your recurring invoice section in Syncro, so you can bill for it seamlessly. No more accidentally forgetting to add new licenses to an invoice, and no more still billing for licenses you’ve removed. It handles that automatically.

On Pete’s question: XMM is part of the Team plan. That’s where your Microsoft 365 integration lives, along with network discovery and advanced automation features. If you’re on Core and don’t see the Microsoft 365 options under RMM, you’d need to look at upgrading to Team.

For the question about mapping the name field in the agent contact form for auto-ticket creation: it really depends on your setup. If a device is assigned to a specific user, their information will pre-populate. If it’s a shared device — like a front desk computer — that field will be blank, and it’ll be manually entered. If the person submitting is already a contact or end user in Syncro, the system will auto-pull their info and assign them to the ticket. For shared devices, I’d recommend requiring fields like first name and email address so you can tie submissions to a specific person.

On approval workflows for actions like password resets and MFA resets: there are no approval workflows in Syncro at this time, and honestly, auto-resetting passwords is probably not something you’d want by design — especially since sharing a new password over email isn’t necessarily the most secure method. That said, if it’s something you want to talk through, reach out.

For any other questions or follow-ups, feel free to email me directly at steven.horne@syncrosecure.com and I’ll make sure we get to it. If you’re a current Syncro Partner, you can also chat with us directly from within your Syncro instance, and you can head over to the Syncro Community where we post tips, updates, and you can connect with the team there as well. If you’re not yet a partner, free trials are available and everything is active in there — except features in early access — so you can test things out and see how much easier it is to manage Microsoft 365 and more.

Thanks for joining everyone. Enjoy the rest of your summer day.

Richard Dean: Thank you all for your time, your attention, and your questions — we always appreciate it. For anyone who missed any part of today’s session, the recording will be emailed out to everyone who registered, probably within a couple of days or early next week. Feel free to reach out to us or our support team in the meantime. We look forward to showing you more of Syncro soon.