How to Engage your customers with Security Navigator and Customer Reports  

As mentioned in our recent blog post, engaging with your customers in a conversation around Security can be difficult.  My two observations from hundreds of conversations with partners are:

  • Make sure you engage with the customer’s business decision makers as well as the technical decision makers. The tone and level of the information you share needs to match the audience.
  • Gathering the right information for the right audience can be time consuming and it’s hard to know what to share.

Until now, there was a raft of information you could produce within SkyKick Security Manager, but sometimes this information could be too detailed for some audiences.

So how can you use the new Security Navigator Customer Reports report (Download example), to engage in a conversation with the customer? Below I will detail what is included and how you might want to use the information in a conversation with the customer.

New call-to-action

Secure Score Summary

In this section I would concentrate on the Secure Score graphs the top and how the customer is doing against their industry average, which is a very impactful part of this report.

  • If you find that the customer Secure Score is above the industry average, that’s essentially saying that you the partner have done a great job of securing the customer (use the Secure Score changes graph below to highly the constant improvements you have done). 
  • If you find it’s below average, turn the conversation around to highlight that others in their industry have already rolled out more security and therefore they need to engage your services to match the competition.
  • Either way, you’re showing the value of what you have done so far and highlighting there is even more you can do, as long as customers are willing.

Security Support Activity

I would first explain the differences between Incidents and Alerts i.e. an alert pertains to a single malicious/suspicious activity affecting an entity. An incident is a collection of correlated alerts in context with one another.  It is often more meaningful to review incidents with customers rather than single alerts.

Next comes the interesting bit, using the data to your advantage and focusing on what has been resolved (the past) and what is active (current & in the future).

  • Resolved Alerts/Time to Resolution – I always recommend partners use this to show the great work that they have done so far. Partners are super busy these days and sometimes it’s hard for them to explain/document everything they have been doing in the background to keep the customer safe. In the example report, a partner would explain that although these incidents/alerts have happened, most of the time they have resolved promptly without the customer being involved. Addressing incidents is vital but more importantly the data shows that you came to the rescue like a superhero on a number of occasions, fighting the forces of evil in the background.
  • Active Alerts – But the fight against ‘evil’ still goes on. Use this section to highlight everything you are still working on. 

The subtle point you want to get across here is that you never rest in the background and that the job is never truly finished. They need to keep paying for your managed services so you can keep a watch over their tenant.

Security News

This information is dynamically based on the customer’s industry. Spend time reading the articles and use this as ammunition for starting the next project with them. If you want to roll out MFA, see if there is an article about how hackers are targeting similar tenants and link it to what you want to work on next with them.

Secure Score History

Working on alerts and incidents is great for showing how you are repairing holes in the dam (Sorry – I couldn’t resist that one, our European HQ is in Amsterdam after all!). That said, you need to show them how you are not only patching the holes but making the overall structure/tenant better. 

The Secure Score History report will show the customer what you have been working on proactively in the time between the alerts and incidents. For most partners, this should be a steady upward line as the secure score improves.  You can pinpoint when you started with the customer, and any correlating improvements, and shout that from the rooftops.

Secure Score Recommendations

Just like the incidents and alerts, Microsoft constantly suggests new ways to improve the overall security of the customer’s tenant.  ‘Secure Score Recommendations’ is your conversation starter to have with the customer. 

  • The Secure Score Recommendations is a list of future projects you might want to start with the customer. Have a conversation with the customer to understand where the most Secure Score points can be achieved and agree which recommendations you will start on first.
  • Once you have an agreed list, search for the recommended actions text in Security Manager and use either a Command or Workflow to implement the improvement.

Identity and Access Security Summary

Use this section to verify everyone has the right access and agree on whose rights need to be changed.  The information displayed here will vary based on the customer’s M365 licensing, so if you find it has not brought up information the customer wants, use your own partner tenant to show what’s possible (tempting them with the additional information) and then upsell them to higher Microsoft SKUs to light up this section of the report.

Email, Teams and File Security

This section of the report has two different uses for you as a partner.

  • First, use it as an opportunity to quickly review the customers security posture across these services. Use the graphs for Team and File settings to start a conversation about a security review as part of service you offer your customers. This should not only lead to a more secure customer but has the potential to lead to conversations around increasing their Microsoft 365 licensing level, which is potentially more licensing revenue for you as well as more managed services or project revenue in the future.
  • Secondly, discuss the usage data to ensure they are making the most of what they have. Partners using this data to drive adoption not only have the opportunity to offer end user training, but also can ensure the customer maintains their current licensing level at renewal, securing the revenue and the customer for another year. Why not use this report in combination with ‘Get Microsoft 365 Copilot User Readiness Report’ as part of your NCE renewal conversation?

Endpoint Management Security

  • Not all your customers will have Endpoint Management so perhaps keep the sample report we supply to hand in order to show the customer what this could show and use it as an opportunity to not only upsell licensing but also your managed/project services too. 
  • If your customer does have data displayed in this section, bring to their attention the Defender Malware Detection Summary.  I always feel that if technology is doing its job well, you won’t know it’s there. That’s great for the end user, but for you as a partner, you want to show the value of having Endpoint protection and this chart will show the customer why they are paying for this license.

Microsoft 365 Software Licensing

Finally, we get to the licensing section of the report. Within this seemingly innocent data is a world of opportunity for you, the Partner!

  • If you have produced this report for a prospective customer, draw their attention to the ‘Available’ column which highlights unused licenses. Ask them why their current partner purchased these licenses and why they are not using them.
  • If you have produced this report for an existing customer, use the ‘Available’ column to highlight unused licenses they might want to use, or have a conversation around a reduction in the number of licenses (where applicable).  Also use the ‘Next Lifecyle Date’ column as a subtle conversation starter around prepping for renewals.  It’s a mandatory regular consultation so best to start it with lots of time to consider the options rather than them feeling rushed into a decision at the last minute.

In summary

For the customer, this report has a wealth of amazing information. The insights and the sheer amount of data leads customers to assume you spent a large amount of time to provide this, which equals huge perceived value in their minds. Some partners are using this as a free report to prospective customers while other partners are monetizing the report. Those partners then go on to offer to fully discount the cost of the report if the customers use their services to implement some of the recommended changes.

For you as a partner, it’s a great conversation starter which you should be using to not only upsell licensing, but also to offer other services from you. Last of all, it’s a way of showing the customer the great work you have done in the background to secure their tenant (but never told them about) and is also an awesome way of cementing a requirement for your ongoing services in the future.

It might only take 5 minutes to produce the report but there are days, weeks and months of services or project revenue sitting in the tables, charts, and lines of text…… just waiting for you to unlock!

Existing Subscribers
Try it now
New to Security Manager?
Book a Live Demo