This time last year, I did a comprehensive review of Robopack, which you can read here. Robopack truly elevates the application packaging game alongside other great platforms like PatchMyPC.
Today, we are going to look at their latest product from their parent company SoftwareCentral called TenantManager.
TenantManager is a comprehensive platform that lets a MSP or potentially a customer with numerous environments manage their Intune footprint from a single pane of glass. Today, we will cover these areas:
- What is Tenant Manager?
- Onboarding Tenants
- Tenant Manager Templates
- Tenant Dashboards
- RBAC
- Final Thoughts
What is Tenant Manager?
As Andy eloquently mentions on the Tenant Manager website, there have never been good options for managing multiple tenants in Intune. I’ve had customers who stayed on Workspace ONE for that EXACT reason believe it or not.
Tenant Manager helps with this problem by surfacing multiple tenants into a single platform, delivering several great capabilities:
- Multi-Admin Approval
- Tenant Backups
- Tenant Restores
- Gold Tenant (for MSPs)
- Drift Management
- Tenant Templates to simplify policy deployments
- Role-based Access Control
- Auditing
- Synchronizing policies between tenants
- Secure Score monitoring
- Robopack Integration
- Evaluating tenant security against CIS benchmarks
- Customer Portals (for MSP)
Overall, Tenant Manager helps address the major issues that plague many Intune deployments, like ensuring changes are made with purpose, accuracy, and protecting admins from making mistakes. It’s a major issue that people have with a really great price point. Enterprises pay 2000 euros for the first 1500 endpoints and it scales from there.
We’ll dive into different aspects of Tenant Manager, so you can get deeper insight into how the product works.
Onboarding Tenants
Onboarding Tenants in Tenant Manager is pretty easy. You start by going into the “Tenant” section inside of Tenant Manager and clicking “Register a New Tenant”:
The process as I said is simple. I recorded a short YouTube video, which will outline what the process looks like. The video will show you what to look for and what to expect:
Tenant Manager Templates
So, everyone loves the word template, right? Let’s explain what this means in the world of Tenant Manager.
We create templates, which are collections of policy settings for Intune and Entra, that we use to deploy settings down to tenants. A nice example would be building a template that you deploy to all of your customers in their net new Intune deployments.
So, you noticed when we added the tenant that it asks if it should be the “Gold” tenant, which is essentially your “Gold Standard” tenant. Think of this as the place where your best practices are deployed. We know the “gold” term from the VDI world as that gold or master image.
In terms of templates, you will have templates you create custom and templates that have been built by Software Central to deploy, but you cannot modify them for good reason. The built-in templates available are:
- EUC Toolbox
- CIS Level 1
- CIS Level 2
- SWC Baseline
- NCSC Baseline
- Essential Eight (ACSC)
- Hotpatch
- SecureBoot Fix
With those built-in templates, you can select one template, select the settings you want, and deploy them. For context, these are various baseline policy settings from EUC Toolbox (Andy Taylor’s tool), CIS, NCSC (National Cyber Security Center for you Americans like me), Software Central, ACSC (Australian Cyber Security Centre), settings to deploy Hotpatch, and a remediation that fixes SecureBoot.
Now, let’s move onto creating a template so we can see this more in action.
Creating Templates
It’s always good to have your own custom templates, which let us combine things you like about different base templates that exist and putting your own spin on it. Creating the template itself isn’t too bad.
You select what Gold Tenant backup you want to use, whether it’s the Tenant Manager one or your own. From there, you can start selecting the policies that are part of your template.
If you want to use SWC-IntuneManager-Gold, you will need to first make your own backup. That was a requirement for me to get started working with that.
Overall, it’s really nice because you can select individual policies, and select specific settings to add to the template you’re trying to create:
This pliability enables you to craft templates for specific use cases and how to structure your templates as customers have requests e.g. “Deploy Windows Hello” or “Deploy Hotpatch” etc.
You can entirely do things however you see fit. In the video below, we will both creating and updating existing templates, which is fairly user intuitive:
Deploying Templates
Deploying Templates are just about as easy as creating them. You will simply select the tenant, template, and the policies you want to push down and watch it do its magic!
The cool thing is you get this “Change Control” dialogue where the admin needs to explain why they’re taking the action:
Now, let’s check out a short video demo covering all of the magic behind deploying these templates:
Tenant Dashboards
Tenant Dashboards are very interesting. You can see below, once you drill into a tenant there’s a comprehensive dashboard that shows the drift status, secure score, CIS score, and some overall metrics of the tenant overall:
Some of the items within are clickable like the ability to automatically remediate hotpatch being missing:
You can also click on your drift. It will tell you how your tenant is tracking against CIS for example, which is very cool. Shows certain CIS policies are missing and you can easily remediate them:
Some of the capabilities appear to be in progress like secure score and CIS score backup against live, but are very nice looking:
In addition, there’s some nice capabilities around drilling into a given device. I especially love this “Device Timeline” feature, which groups device events by dates giving you a really nice and rich interface around device activities.
You can also take different device actions as you can see below:
Even the application section provides some nice info around your apps:
RBAC
The last section I wanted to show is RBAC. Overall, it’s pretty basic and lets you grant very specific access permissions for a perspective user:
- MSP Settings
- Roles
- Managed Tenant Access
- Managed Tenant Registration
- Managed Tenant Deletion
- Backup
- Restore
- Restore Gold
- Deploy
- Template
- Drift
- Logs
Final Thoughts
This was the first time I’ve looked at Tenant Manager since July, and I am really excited about how much progress they’ve made on the platform. They’ve grown quite a bit and I can’t wait to see how much more it progresses.
