MDM Governance for MSPs: Sometimes Excel Is Still the Right Tool

Have you ever worked for a Managed Service Provider (MSP)?

If so, you've probably seen how quickly endpoint management becomes difficult to scale. The challenge is rarely managing a single Microsoft Intune tenant or one MDM platform. It comes from supporting dozens of customers, each with their own technologies, processes, security requirements, and level of maturity.

I spent several years working for an MSP, and one of my main responsibilities was improving how we managed our customers' MDM environments.

No two customers looked the same.

Some relied entirely on Microsoft Intune. Others used Jamf Pro, either cloud-hosted or on-premises. Some had Mosyle, while others combined multiple platforms. It wasn't unusual for a single customer to use one MDM for macOS, another for iPhones and iPads, and a third for Android devices.

Managing those platforms was only part of the job.

The harder question was how to keep track of everything around them.

Which customers had already adopted our latest security baseline? Which Apple Push Certificates would expire during the next quarter? Which Apple Business Manager tokens needed to be renewed? Which environments were still using legacy connectors? Without a structured way to answer those questions, we ended up reacting to problems instead of preventing them.

An expired Apple Push Certificate is a good example. Once it expires, Apple devices stop communicating correctly with the MDM, and recovering from that situation can involve re-enrolling hundreds—or sometimes thousands—of devices.

The problem isn't the certificate itself. It's the lack of governance around it.

Building a Simple Governance Inventory

There are dedicated IT documentation, CMDB, and asset management platforms that can help with this, and many MSPs already use them.

But if your objective is simply to maintain visibility over your customers' MDM environments, a well-maintained Excel spreadsheet can still be remarkably effective.

I'm not a fan of using Excel for everything in IT, but it remains an excellent tool for tracking structured operational information.

The spreadsheet I built contained information such as:

  • Customer
  • MDM platforms in use
  • Apple Push Certificate expiration
  • Apple Business Manager enrollment tokens
  • Apps & Books tokens
  • Current security baseline version
  • Notes and operational comments

There was nothing technically impressive about it.

Its value came from giving us visibility.

Instead of discovering expired certificates after users started reporting issues, renewals could be planned months in advance. Instead of wondering which customers still needed security improvements, the answer was already there.

More Than a Certificate Tracker

Over time, the spreadsheet became much more than an inventory.

As I gradually raised the security baseline across the customer environments I managed, it became the reference point for measuring progress. Every time we introduced a new Intune baseline, updated security recommendations, or standardized another part of the operating model, I could immediately see which customers had already adopted those changes and which ones still required attention.

Rather than searching through documentation, tickets, or several management portals, the overall picture was available in one place.

That made planning easier, reduced forgotten tasks, and helped turn governance into a routine instead of something we only thought about after an incident.

Simple Doesn't Mean Ineffective

Below is a simplified version of the governance spreadsheet I built during my time at that MSP.

It certainly isn't the most sophisticated governance solution available today, and many organizations will eventually move to dedicated documentation or asset management platforms.

However, I've learned that the biggest improvement rarely comes from adding another tool. It comes from keeping operational data accurate, reviewing it regularly, and making governance part of the day-to-day operating model.

Sometimes, a simple spreadsheet is exactly what you need.


Post a Comment

0 Comments