In this dedicated product webinar, Syncro Senior Director of Product Management Richard Dean and CyberDrain founder and Microsoft MVP Kelvin Tegelaar walk through the full Syncro Snapshot tool: the problem it was built to solve, a live demo of the interactive dashboard and executive report, and an extensive Q&A covering security architecture, permissions, export options, third-party MFA detection, shared mailbox handling, and the roadmap for ZTNA assessments and Maester tests in SIP. Snapshot is free, requires no Syncro or CyberDrain license, and processes all data locally in the browser with no credential storage.
Key Topics Covered
- The gap Snapshot was built to fill: 75% of MSPs lack a standardized pre-sales security assessment process
- Why previous tools required too much access, too early in the sales process
- How Snapshot’s browser-based architecture keeps all data local with no server-side storage
- Live dashboard demo: tenant overview, Microsoft Secure Score, top 10 recommendations, common misconfigurations
- Application registration audit: identifying stale and unknown non-human identities
- Global administrator hygiene: count, naming conventions, and break glass account best practices
- MFA status: users without MFA, shared mailbox handling, and third-party MFA detection
- Modern authentication settings across Exchange, SharePoint, and Teams
- Inactive users, unassigned licenses, and mailbox forwarding rules
- Advanced assessment tier: conditional access policies and full mailbox protection coverage
- Executive summary report: customizable branding, toggle controls, CSV and PDF export
- Raw JSON API response access for use with AI tools
- Roadmap: custom logo support, custom URL, Intune device and policy integration
- Future SIP integration: Microsoft ZTNA assessments and Maester tests
- Access model: OAuth token expiration, enterprise app lifecycle, and removal process
Product Features Covered in This Webinar
- MFA detection for third-party providers: supported via Microsoft modern federated auth, not via ADFS
- Syncro Snapshot: free, no license required, available at snapshot.synchromsp.com
- Browser-based data processing: all computation in user’s browser, no server-side data storage
- OAuth access token model: expires in ~1 hour or on browser close, no persistent credentials
- Global admin credential requirement: read-only access, except Exchange manage permission (Microsoft API limitation)
- Basic assessment: tenant overview, Secure Score, misconfigurations, app registrations, global admins, MFA, modern auth, inactive users, unassigned licenses, mailbox forwarding rules
- Advanced assessment (Business Premium, E3, E5): all basic features plus conditional access policies, anti-phishing, anti-spam, safe attachments, anti-malware, safe links, quarantine review
- Interactive live dashboard: customizable columns, filters, CSV export per section, PDF export per section
- Raw JSON API response viewer: copy to clipboard for use with AI or custom reporting
- Microsoft Secure Score: percentage, raw score, peer benchmark comparison, security category coverage
- Top 10 Secure Score recommendations: ranked by score impact, with direct admin center action URLs
- Common misconfigurations: guest invitation permissions, tenant creation access, guest user restrictions
- Application registration audit: recently used apps and stale apps with tenant access
- Global administrator audit: count, account naming hygiene, recommended max 2-4
- MFA status: full user list, users without MFA identified, shared mailbox detection
- Modern authentication settings: Exchange, SharePoint, Teams legacy protocol detection
- Inactive user accounts: 30-day inactivity filter, license waste identification
- Conditional access policy review: enabled vs. report-only status, expandable policy details
- Anti-phishing, anti-spam, safe attachments, anti-malware, safe links policy review
- Quarantine review: email queue overview for threat pattern identification
- Executive summary report: PDF format, customizable brand color, section toggle controls, shareable
- Syncro logo removal from report (releasing imminently at time of webinar)
- Custom MSP logo addition to report (planned future release)
- Custom URL option for white-labeling (planned, pending feature request)
- Intune device and policy coverage (planned future release)
- SIP integration: Microsoft ZTNA assessments and Maester tests (planned)
- Enterprise app cleanup: app remains post-session but can be deleted manually
Welcome and Introductions
Richard Dean: Welcome, everyone. My name is Richard Dean, Senior Director of Product Management here at Syncro, focused on Microsoft 365. Joining me is Kelvin Tegelaar, Microsoft MVP and founder of CyberDrain. Snapshot has been live for about a week and a half at this point and we’re seeing great traction. Before we dive in, please use the Q&A module for questions and chat for general comments. We’ll do a giveaway at the very end: a pair of Ray-Ban Meta Smart Glasses. Fill out the form that goes out at the end to be eligible.
Why We Built Snapshot: The Gap in MSP Pre-Sales
Richard Dean: From interviews, PAC meetings, and data over the past year, we found that about 25% of MSPs have a standardized methodology and toolset for security or network assessments. The remaining 75% are struggling through it: hodgepodge tools, no process at all, and no way to show value immediately in a pre-sales context. Three things stood out. First, the lack of standardization. Second, the inability to prove value quickly and build trust before a customer signs a contract. Third, the data question: if you’re collecting my data and writing a report for me, where does that data go? Nobody wants their prospect data being stored, analyzed, or used for AI training.
Kelvin Tegelaar: This was real even for my MSP, which is a large and mature one. For M365 specifically, we were still using Excel sheets and estimates. There was no way to have read-only access to assess a tenant and build trust without also asking for complete control over the environment before a relationship had even started. That’s a huge trust ask. Richard and I looked at this and said, this just doesn’t exist, and we need to build it.
Richard Dean: It reminded me of my pre-sales engineering days doing data migrations. You had to go in, run scripts, do exports, compile data manually because no vendor would ever build a free frictionless pre-sales tool. It just wasn’t in their interest. I’m glad we’re solving this after 20 years.
What Snapshot Is Built to Do
Richard Dean: Syncro Snapshot delivers an immediate visual posture assessment to spark meaningful conversations, help MSPs prove value before a contract is signed, and do all of that in a way that is completely secure: no data collected, no credentials stored, read-only access. Those were the non-negotiable design principles.
Kelvin Tegelaar: One of the things that makes it so powerful is the speed. Most of the time you’d have to jump through 10 different portals to gather all this data: Azure, Entra, Exchange, Security Center. We brought it all into a single snapshot. And it leads directly into a broader conversation: this is your current state, and here is how we are going to help you fix it and maintain it.
How Snapshot Works: The Five Steps
Richard Dean: Five steps: initiate the assessment, authenticate with your Microsoft 365 global admin account, select basic or advanced report type, generate and download the report, and have the conversation. That is it. The tool processes everything in your browser. Nothing leaves your browser and goes to our servers.
Kelvin Tegelaar: The complete list of permissions is read-read-read all the way down. The one exception is the Exchange manage permission, and that exists only because Microsoft has never made a read-only permission available for Exchange. We have no choice if we want to cover Exchange security. That said, everything is done in your browser and we only access the data that is needed.
Live Dashboard Demo
Richard Dean: Note: the demo experienced brief delays at the start due to the high volume of attendees running Snapshot simultaneously during the webinar. Kelvin confirmed that 300 new tenants were snapshotted in the first hour, and approximately 400 by the end of the session.
Richard Dean: Starting on the dashboard: first you see tenant scope information, when the tenant was created, SMTP domains registered, total users including cloud users, guests, and hybrid. This frames the conversation before you get into security data.
Richard Dean: Microsoft Secure Score: the demo tenant is at 63%, against a peer average of 83%. This is where you start: we can see your secure score, we can see where you compare against your peer group, and there is a clear path to improvement. The top 10 recommendations are sorted by the score impact they would have if implemented. Each recommendation includes a direct action URL linking to the relevant Microsoft Global Admin Center so you can make the change immediately.
Richard Dean: Every grid in the dashboard is customizable: add or remove columns, apply filters, export to CSV, export to PDF. You can also view the raw JSON API response for any section, which you can copy and paste into any AI tool to compile a custom report.
Kelvin Tegelaar: Common misconfigurations is one of my favorite sections because it immediately surfaces critical issues. In this demo tenant, everything is showing red. The guest invitation permission is set to allow everyone. That means a phishing email with a guest invite link could bring a hacker directly into the environment. And with default guest user restrictions, once they’re in as a guest, they can read conditional access policies, all user accounts, all email addresses. This section immediately makes the case for why the current state is dangerous.
Richard Dean: Application registrations: this shows apps used in the last 90 days and apps that are stale. Non-human identities are the fastest growing attack surface. Clients often see applications in this list they don’t recognize and ask why those apps have mailbox access. This section drives a very important audit conversation.
Richard Dean: Global administrators: the demo tenant has 11. The target is 2 to 4, with at least 2 of those being break glass accounts with separate MFA and separate credentials, stored securely and not used for day-to-day access. Several users in this demo tenant have their personal accounts assigned global administrator, which is a significant security risk: if that account’s password is phished, there is no extra layer between the attacker and full administrative control.
Richard Dean: MFA: the demo shows 41 users without MFA. MFA prevents 99% of identity-based attacks when properly configured. Every user in red here needs to be addressed. Inactive accounts are just as valuable to an attacker as active ones, and they are often left with licenses, which is also a cost issue: 35 inactive accounts means 35 licenses being paid for with no benefit.
Richard Dean: Modern authentication settings cover Exchange, SharePoint, and Teams separately because each has its own authentication controls and history. All legacy protocols need to be disabled and replaced with modern OAuth. Mailbox forwarding rules and unassigned licenses round out the baseline assessment.
Richard Dean: The advanced section, for Business Premium and above, adds conditional access policy review, including which policies are enabled versus in report-only mode, which is often forgotten after initial setup. It also covers anti-phishing, anti-spam, safe attachments, anti-malware, safe links, and quarantine review. All of these have Microsoft default policies that are easy to enable, and the quarantine overview lets you see patterns in incoming spam and targeted domains.
Executive Summary Report
Richard Dean: The executive summary report is a separate PDF document pre-generated from the same data. You can customize the brand color, toggle off any sections you don’t want to include, and remove informational infographic pages. It is designed specifically for non-technical stakeholders: every section provides a plain-language overview of the risk, the data, and what to do about it. It can be downloaded and shared immediately after the assessment runs.
Kelvin Tegelaar: The key design principle for the report was that it had to be a genuine executive summary, not an audit report. Audit reports are overwhelming and full of technical jargon. This report is designed so that an actual executive at a company can read it and understand what it is telling them and what action is needed. Custom logo support is coming in the next release.
Q&A
Q: Is Snapshot open source?
Kelvin Tegelaar: No. It cannot be open source because of the specific application registered in the tenant as part of the security model. We could not maintain the security architecture if the application itself were open source. Feature requests and bug reports are welcome through Syncro Community or directly to CyberDrain.
Q: Does it use AI or large language models to process the data?
Kelvin Tegelaar: No. There is no agentic AI and no LLM processing your data. Everything runs in your browser. Your data is your own. The privacy model is stated explicitly on the first screen of the tool.
Q: Which Syncro plan is required to use Snapshot?
Richard Dean: None. Snapshot is completely free and requires no Syncro license. You can go to snapshot.syncrosecure.com right now and run an assessment. We do plan to bring it into the Syncro product at some point but have not determined when or where.
Q: How is access established to pull the assessment data?
Kelvin Tegelaar: An enterprise application is created inside the tenant during setup, and we request an OAuth access token scoped to the list of read permissions. That token expires in approximately one hour. When you close the browser, the token is gone immediately and we no longer have any access. The enterprise application remains in the tenant but is non-functional without a valid token. You can delete the app from the tenant after the assessment for cleanliness.
Q: What are the export options?
Richard Dean: The executive report is PDF only. However, every individual data grid in the dashboard can be exported to CSV or PDF. Each section can also expose its raw JSON API response, which you can copy and use in any AI tool or compile into any format you need.
Q: Does the MFA report show MFA enabled via conditional access policy?
Kelvin Tegelaar: Yes, absolutely.
Q: Can shared mailboxes be excluded from the MFA report?
Kelvin Tegelaar: No, because shared mailboxes are technically accounts with usernames and passwords that can be used to log in. The correct remediation is to disable the shared mailbox accounts. Once disabled, they no longer appear in the MFA exception report.
Q: Is there a way to remove the Syncro logo from the report?
Richard Dean: Yes, coming imminently. The page containing the Syncro diagram can already be removed today. Full logo removal and custom MSP logo support are in the update shipping shortly.
Q: Can Snapshot be self-hosted?
Kelvin Tegelaar: Not currently. A custom URL option is being investigated as a future feature so you could white-label it with your own URL.
Q: Does Snapshot detect Duo or other third-party MFA solutions?
Kelvin Tegelaar: Yes, if the third-party MFA provider is integrated using Microsoft’s modern federated authentication options. If you are using older methods like ADFS pass-through, Snapshot will not detect that MFA is in place.
Q: Do you have to sign in separately for every tenant you want to assess?
Kelvin Tegelaar: Yes. Snapshot is designed as a per-session pre-sales tool. You authenticate at one tenant at a time. For ongoing multi-tenant management and monitoring, that is handled through Syncro XMM or SIP, which already have multi-tenant access models.
Q: Does Snapshot compare against CIS controls?
Richard Dean: Not in the free Snapshot tool, which is designed as a pre-sales assessment. For CIS, NIST, and compliance framework mapping, that is where Syncro XMM and SIP come in.
Kelvin Tegelaar: This leads to the roadmap spoiler. We are adding Microsoft ZTNA assessments and Maester tests to SIP in the next release, delivered in an executive report format similar to Snapshot but within the ongoing monitoring platform. Watch for that announcement.
Q: Is Intune device and policy coverage planned?
Kelvin Tegelaar: Yes, that is on the list for future releases.
Q: Does this replace or supplement the security assessments in the Syncro Team plan?
Richard Dean: It supplements them. Snapshot is a standalone tool designed for a specific pre-sales use case. The Team plan security assessments and baselines are for ongoing management. We plan to bring Snapshot into the Syncro product at some point, but the integration timing and approach are still being determined.
Closing:
Kelvin Tegelaar: This collaboration between Syncro and CyberDrain reflects both companies’ commitment to pushing the MSP industry forward. We want to help you, we want to make you better, and we hope you enjoy it. 400 tenants were assessed in the roughly 90 minutes of this webinar. That is incredible adoption.
Richard Dean: Thank you, Kelvin, for the partnership. It’s been a great first collaboration, and I look forward to many more. Happy holidays, everyone.
See How Syncro Powers Your Business
Schedule a one-on-one walkthrough with a product expert to see the Syncro platform in action. No fluff — just a personalized look at how to unify endpoint management, service operations, and M365 workflows.
Frequently Asked Questions
Syncro Snapshot is a free Microsoft 365 security assessment tool built by Syncro in partnership with CyberDrain. It is designed for MSPs to run point-in-time security assessments on their own tenants or prospect tenants without requiring any setup, integration, or persistent access. About 75% of MSPs lack a standardized methodology or toolset for security assessments, according to research conducted during Snapshot’s development. Snapshot is meant to fill that gap by giving MSPs an immediate, credible, and data-driven way to start security conversations and demonstrate value before a client signs a contract. It is available free to anyone, regardless of whether they are a Syncro or CyberDrain customer.
Syncro Snapshot is architected with a browser-based model: all data processing happens in the user’s browser, not on Syncro or CyberDrain servers. No credentials are stored. The tool requests only an OAuth access token, which expires approximately one hour after the session, or immediately when the browser is closed. After that, Syncro and CyberDrain no longer have any access to the tenant. The enterprise application registered during setup remains in the tenant but is non-functional without a valid token. It can be deleted from the tenant at any time for cleanliness. No AI or machine learning is run against the data, and the tool does not collect or retain tenant telemetry. Syncro and CyberDrain cannot identify which tenants have been assessed.
Syncro Snapshot surfaces the Microsoft 365 security posture across multiple risk areas in a single interactive dashboard. It displays tenant scope information, Microsoft Secure Score with peer comparison, the top 10 Secure Score recommendations ranked by score impact, common misconfigurations such as guest invitation permissions and user tenant creation access, app registration audit showing recently used and stale applications, global administrator count and account hygiene, MFA status for all users, modern authentication settings across Exchange, SharePoint, and Teams, inactive user accounts, unassigned licenses, and mailbox forwarding rules. The advanced assessment tier, available for Business Premium, E3, and E5 tenants, also includes conditional access policy review and mailbox protection policy coverage across anti-phishing, anti-spam, safe attachments, anti-malware, safe links, and quarantine.
The basic assessment is appropriate for tenants on Microsoft 365 Business Basic or Business Standard licenses. It covers tenant overview, Secure Score, misconfigurations, app registrations, global admins, MFA, modern auth settings, inactive users, unassigned licenses, and mailbox forwarding rules. The advanced assessment requires Business Premium, E3, or E5 licensing because it includes conditional access policies and full mailbox protection policy coverage, all of which require P1-level entitlements. The Exchange section requires one manage permission due to a Microsoft limitation: there is no read-only API permission for Exchange, which was a deliberate technical constraint Kelvin called out directly during the webinar.
Syncro Snapshot is specifically designed for pre-sales scenarios. MSPs can run the assessment live with a prospect in the room, or run it remotely while sharing a screen with the prospect’s global administrator providing credentials. Within minutes, the dashboard surfaces real security gaps in the prospect’s current environment, including misconfigurations their existing provider may have missed. The common misconfiguration section, which shows things like permissive guest invitation settings and excessive global administrator counts, is particularly effective for demonstrating risk to non-technical stakeholders. The brandable executive summary report can be downloaded immediately and shared with decision-makers. A custom logo option was confirmed as coming in a future update.
Every section of the Snapshot interactive dashboard can be exported to CSV or PDF. Each grid is also fully customizable: columns can be added or removed, and filters can be applied. The tool also exposes the raw JSON API response for any section, which can be copied and pasted into any AI tool for further analysis or custom reporting. The executive summary report is a separate PDF-format document with customizable branding colors, toggle controls to enable or disable individual sections, and the ability to remove informational infographic pages. The Syncro logo page in the report was confirmed to be removable in an update that was shipping imminently at the time of the webinar. A custom MSP logo option was described as coming in a future release.
Syncro Snapshot is a standalone, one-time, read-only assessment tool, whereas Syncro’s security baselines and SIP provide ongoing continuous monitoring. The intended workflow is to use Snapshot for pre-sales prospecting and initial assessment, then transition the client to Syncro’s baselines for ongoing drift monitoring and compliance reporting. Kelvin confirmed that Syncro and CyberDrain plan to add more assessment types to SIP, including Microsoft Zero Trust Network Access assessments and Maester tests, delivering those in an executive report format similar to Snapshot but within the ongoing management platform.
Syncro Snapshot detects MFA if the third-party provider is integrated using Microsoft’s modern federated authentication options. If the organization uses older integration methods such as ADFS pass-through authentication, Snapshot will not detect that MFA is in place. Shared mailboxes appear in the MFA report because they are technically accounts with passwords and usernames that could be logged into. The recommended remediation is to disable shared mailbox accounts, after which they no longer appear as MFA exceptions in the report.
Webinar Hosts
Richard Dean
Senior Director of Product Management, Microsoft 365, Syncro
Richard Dean is Senior Director of Product Management at Syncro, focused on Microsoft 365. He led the product development of Syncro Snapshot alongside CyberDrain, drawing on years of experience in pre-sales engineering and data migration consulting to identify the gap that Snapshot was built to fill. In this dedicated Snapshot webinar, Richard walked through the product vision, hosted the live dashboard and report demo, and fielded Q&A covering access control, security architecture, export options, and plans for deeper integration with Syncro XMM and SIP.
Kelvin Tegelaar
Microsoft MVP and Founder, CyberDrain
Kelvin Tegelaar is a Microsoft MVP and the founder of CyberDrain, a long-standing Syncro partner and a prominent voice in the MSP and Microsoft ecosystem. Kelvin co-developed Syncro Snapshot with the Syncro product team, contributing the technical architecture including the browser-based token model, the read-only permission framework, and the crowdsourced threat intelligence approach. In this webinar, Kelvin provided detailed technical commentary throughout the demo and covered the security and privacy model in depth during Q&A, including how access tokens work, shared mailbox handling, MFA detection for third-party providers, and the roadmap for deeper SIP integration including Microsoft ZTNA assessments and Maester tests.
Share
Related Resources
