AI Is the Headline — but Readiness Is the Real Story for MSPs
AI is everywhere right now. Customers are asking about Copilot. They’re curious about automation. They want faster, smarter ways to work. And on the surface, it all feels exciting—and urgent. But when you spend time with MSPs, a different story often emerges. Behind the AI curiosity are environments that aren’t quite ready. Devices are managed inconsistently. Identity hygiene varies by tenant. Security baselines drift over time. And for MSPs, holding all of this together manually—customer by customer—simply doesn’t scale. That gap between AI ambition and operational reality is becoming one of the most important conversations MSPs can have today. Why AI Success Still Comes Down to the Basics AI doesn’t fail because of a lack of innovation. It fails because the fundamentals aren’t in place. Without secure identities, compliant devices, and consistent policies, AI initiatives struggle to move beyond pilots—or worse, introduce new risk. That’s why so many Copilot conversations eventually circle back to the same question: Are we actually ready for this? This is where MSPs play a defining role. Not as AI hype merchants, but as partners who help customers build the foundation that makes AI practical, secure, and sustainable. At the center of that foundation sits Microsoft Intune. Microsoft Intune: Essential, but How Do You Scale? Microsoft Intune is already included in Microsoft 365 Business Premium. Many customers own it. Many MSPs support it. Yet adoption and consistency remain uneven. The challenge isn’t Intune itself—it’s the operational model. Managing Intune tenant by tenant, navigating multiple portals, and maintaining consistency across customers creates friction for MSPs. It’s time‑consuming, error‑prone, and difficult to turn into a repeatable service. And yet, Intune is critical. It’s the control plane for users, devices, access, and security—everything AI depends on to work safely at scale. Without Intune done right, AI readiness remains theoretical. Why the Partnership Matters: Microsoft Intune and AvePoint Elements This is why our partnership with Microsoft matters so much. Microsoft Intune provides the foundation. AvePoint Elements makes it scalable for MSPs. AvePoint Elements acts as the MSP operating layer on top of Intune—helping partners standardize, automate, and manage Intune across multiple customer tenants from a single platform. For MSPs, that translates into something very tangible: Less manual effort and portal hopping Consistent Intune baselines across customers Automated user and device lifecycle management Reduced drift, better efficiency, and healthier margins Instead of Intune being “work you absorb,” it becomes something you can package, repeat, and build a business around. From One‑Time Setup to Ongoing Value What we’re seeing with leading MSPs is a mindset shift. Intune is no longer treated as a one‑off deployment. It becomes a managed service—part of a broader story around security, governance, and AI readiness. That might mean standardized Intune onboarding, continuous device and identity hygiene, or positioning Copilot readiness as an ongoing engagement rather than a project. The outcome is powerful and familiar to MSPs who’ve made this transition before: Predictable recurring revenue Operational scale without linear headcount growth Stronger customer trust A clear path from security to AI enablement The Moment for MSPs Customers don’t just want access to AI. They want confidence that it’s being deployed responsibly. MSPs who can provide that confidence—by grounding AI adoption in strong Intune foundations—will stand out in the next phase of the market. That’s exactly what the partnership between Microsoft Intune and AvePoint Elements is designed to enable. A Note for MSP Partners If you’re an MSP thinking about how to: Scale Microsoft Intune delivery Reduce operational friction And turn AI readiness into a repeatable service This is a conversation worth leaning into now. Because in the age of AI, the partners who win won’t just deploy new tools—they’ll make them work in the real world. Join us for “From Copilot to Catalyst: How MSPs Turn AI Readiness Into Recurring Revenue” and explore how Microsoft Intune and AvePoint Elements work better together—helping you turn AI readiness into real, sustainable growth.Azure Sphere is updating its Certificate and Trusted Key Stores
Azure Sphere is updating the keys that it uses to verify service identities, and that images have been securely signed, as part of a regular security best practises refresh cycle. Customers do not need to take any action for in-field production devices, though should be aware that devices will reboot twice when installing this update. For customers with certain manufacturing, development, or field servicing scenarios, you may need to take extra steps to ensure that newly signed images are trusted by the device. What is an image signing key used for, and why update it? Azure Sphere devices only trust signed images, and that signature is verified every time software is loaded. Every production software image on the device – including the bootloader, the Linux kernel, the OS, and customer applications, as well as any capability file used to unlock development on, or field servicing of devices – is signed by the Azure Sphere Security Service (AS3), based on image signing keys held by Microsoft. As for any modern public/private key system, keys are rotated every few years to reduce the risk of exploitation. Note that once an image is signed, it generally remains trusted by the device. There is a separate mechanism based on one-time programmable fuses to revoke older OS software with known vulnerabilities such as DirtyPipe and prevent rollback attacks – we used this most recently in the 22.09 OS release. When is this happening? The next update to the image signing certificate is targeted for March 30th. When that happens, all uses of AS3 to generate new production-signed application images or capabilities will result in images signed using the new key. Ahead of that, we will update the trusted key-store (TKS) of Azure Sphere devices, so that the TKS incorporates all existing keys and the new keys. This update will be automatically applied to every connected device over-the-air. Note that device TKS updates happen ahead of any pending updates to OS or application images. In other words, if a device comes online that is due to receive a new-key-signed application or OS, it will first update the TKS so that it trusts that application or OS. We are targeting update of the TKS for March 23rd. The next time that each Azure Sphere device checks for updates (or up to 24 hours later if using the update deferral feature), the device will apply the TKS update and reboot. The TKS update is independent of an OS update, and it will apply to devices using both the retail and retail-eval feeds. Do I need to take any action? No action is required for production-deployed devices. There are three non-production scenarios where you may need to take extra steps to ensure that newly signed images are trusted by the device. The first is for manufacturing. If you update and re-sign the application image you use in manufacturing, but you are using an old OS image with an old TKS, then that OS will not trust the application. Follow these instructions to sideload the new TKS as part of manufacturing. The second is during development. If you have a dev board that you are sideloading either a production-signed image or a capability to, and it has an old TKS, then it will not trust that capability or image. This may make the “enable-development” command fail with an error such as “The device did not accept the device capability configuration.” This can be remedied by connecting the device to a network and checking that the device is up-to-date. Another method is to recover the device – the recovery images always include the latest TKS. The third is for field servicing. During field servicing you need to apply a capability to the device as it has been locked down after manufacturing using the DeviceComplete state. However, if that capability is signed using the new image signing key and the device has been offline - so it has not updated its TKS - then the OS will not trust the capability. Follow these instructions to sideload the new TKS before applying the field servicing capability.Azure Sphere is Retiring in 2031 - What you need to know
On 20 March 2026, Microsoft publicly announced that the Azure Sphere service is retiring and will stop supporting customer application, OS, bug and security updates, along with DAA certificate issuance, on 31 July 2031. This date will also mark the end of extended support for the MT3620 microcontroller. Why is this happening? Azure Sphere pioneered secure IoT connectivity, combining bespoke hardware, a secure Linux-based OS, and a cloud-based security service, elevating industry standards for microcontroller security. As the IoT landscape advances, customers are now able to access secure microcontrollers from a wide range of silicon vendors and pair these with Microsoft next-generation solutions for greater flexibility and scalability. Key dates to be aware of Through 31 July 2031, Azure Sphere devices will continue to operate as they do today. After this date, devices will no longer receive application or OS updates, bug fixes, or security patches. After 31 July 2031, The Azure Sphere Service, including Device Attestation and Authentication (DAA), will be retired, which will affect device authentication and connectivity to Azure IoT and other upstream services. On 31 July 2026, the MT3620 silicon will become end-of-life, as announced by the silicon manufacturer. These timelines are intentionally long to allow for thoughtful planning and validation. What this means for your solutions Existing devices can continue running throughout the support period without interruption. Solutions that need to operate beyond the retirement timeframe will require updated hardware designs using alternative silicon. Customers with OEM license agreements will receive formal notice regarding support timelines. If additional production is required ahead of 2031, there will be a final opportunity by 31 July 2026 to renew existing agreements. Planning ahead Many customers are already using this period to refresh device designs, align future hardware roadmaps, and evaluate modern Azure IoT services for connectivity, identity, and device management. Microsoft and our partners are available to support you as you assess options and plan forward. Recommended action Plan for hardware redesign to replace MT3620 silicon in future product iterations. Consider PSA/SESIP Level 3+, or similar, certified silicon as a guideline for silicon with similar security properties. Express any required purchasing intent and OEM license renewals via Avnet by 31 July 2026, if additional production is needed. Evaluate alternative IoT solutions, including: Azure IoT Hub with Azure Device Registry (ADR) and X.509 Certificate Management for Device Identity and Fleet Management. Azure IoT Hub for Device Connectivity and Data Ingestion. Device Update for Azure IoT Hub for Firmware Updates. Microcontrollers with a PSA Certified Attestation API, or similar, for integration into your chosen Attestation solution. FIPS 140-3 compliant crypto libraries for trustworthy At-rest and In-transit Data Encryption. You can find further information about alternative Azure IoT services at the Azure IoT Documentation and Azure IoT solutions pages. Help and support If you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and need technical help, create a support request.From Copilot to Catalyst: How MSPs Turn AI Readiness Into Recurring Revenue
AI interest is surging—but most customers aren’t ready to scale it securely or successfully. Gaps in device management, identity hygiene, data governance, and operational consistency often stall AI initiatives before they deliver real value. For Managed Service Providers, this challenge creates a powerful opportunity. In this webinar, you’ll learn how MSPs are using Microsoft Intune as the foundation for helping manage and secure devices, and extending it with AvePoint Confidence Platform: Elements Edition to standardize, automate, and scale AI-ready environments across customer tenants. Together, they enable MSPs to move beyond one-off AI projects and deliver AI readiness as a repeatable, revenue-generating managed service. This session focuses on turning AI demand—starting with Copilot—into a long-term services motion that improves margins, reduces operational friction, and positions your MSP as a trusted AI partner. In this webinar, you will learn how to: Turn AI readiness into recurring revenue Learn how MSPs are packaging AI readiness—starting with Copilot—into repeatable, high-margin managed services customers renew and expand. Scale securely without adding overhead See how Microsoft Intune, extended with AvePoint Confidence Platform: Elements Edition, enables standardized, automated delivery across multiple customer tenants. Move from AI pilots to real outcomes Get a practical blueprint to replace one-off AI projects with scalable services that position your MSP as a trusted AI partner. Register now: From Copilot to Catalyst: How MSPs Turn AI Readiness Into Recurring Revenue
Building a Resilient Nonprofit: Practical Steps to Strengthen Your Digital Security
Nonprofits today operate in an increasingly complex digital landscape. Whether your organization supports humanitarian aid, education, animal welfare, climate action, or community health, one thing is true across the sector: security can no longer wait. According to the Microsoft Digital Defense Report, nonprofits and NGOs remain among the most frequently targeted sectors by nation‑state actors, largely because of the sensitive humanitarian, political, and demographic data they hold. The rise of remote work, increasing data sensitivity, and rapid AI adoption mean nonprofits must be proactive—not reactive—when it comes to cybersecurity. The good news? Strengthening your digital security doesn’t require an overhaul. It starts with five practical, foundational steps. Below is a breakdown of the core guidance from Microsoft’s security recommendations, reinforced with insights from the Microsoft Digital Defense Report. 1. Gain Buy‑In From Leadership “Security is a mission‑critical priority, not a back‑office function.” — Microsoft Digital Defense Report The MDDR emphasizes that leadership alignment is one of the strongest predictors of an organization’s security resilience. Boards, executive directors, and senior leaders must champion security policies and investments. Microsoft notes that organizations with executive‑level commitment experience significantly fewer successful attacks, because security becomes embedded in culture—not treated as an IT afterthought. 2. Build Security Awareness and Skills Across Your Team “Human-operated attacks continue to exploit the weakest link: people.” — Microsoft Digital Defense Report Human error remains one of the largest contributors to breaches. Nonprofit staff, volunteers, and partners need: • Phishing awareness • Password hygiene training • Safe data handling practices • Clear guidelines around remote or hybrid work The MDDR stresses that attackers are increasing the speed, sophistication, and social engineering quality of phishing campaigns, making ongoing training essential—not optional. 3. Create and Document Security Policies “Organizations with documented security policies respond faster and recover faster.” — Microsoft Digital Defense Report Consistent, written policies set expectations and reduce risk. Key policies nonprofits should maintain include: • Acceptable use • Password and identity management • Device and access control • Incident response procedures • Data classification and retention The MDDR highlights that clear governance reduces the impact of breaches and improves organizational resilience. 4. Choose Technology Designed for How People Work “Identity is the new attack surface.” — Microsoft Digital Defense Report Nonprofits need tools that blend security + productivity. Microsoft emphasizes deploying solutions that support real‑world nonprofit workflows such as: • Volunteer onboarding • Donation processing • Sensitive constituent data management • Cross‑organizational collaboration Microsoft 365, with built‑in identity protection, encryption, threat detection, and AI‑powered safeguards, helps nonprofits stay protected without adding friction to daily operations. 5. Collaborate With Experienced Experts “Security is a shared responsibility across governments, industry, and civil society.” — Microsoft Digital Defense Report You don’t have to navigate cybersecurity alone. Microsoft encourages nonprofits to leverage: • Security Program for Nonprofits • Free or discounted security assessments • AccountGuard for nation‑state attack notifications • Training paths and skilling opportunities for staff These resources provide nonprofits with enterprise‑grade protection at nonprofit‑friendly prices. Why This Matters: Nonprofits Are High‑Value Targets “NGOs remain the most targeted sector by nation‑state actors.” — Microsoft Digital Defense Report According to Microsoft’s research, nonprofits—especially NGOs—are targeted because they manage: • Humanitarian data • Political and demographic insights • Sensitive community information • High‑value donor and partner data Breaches are costly not only financially, but also in terms of: • Donor trust • Staff productivity • Program continuity • Organizational reputation Digital security isn’t just an IT responsibility—it’s central to mission protection. Dive Deeper: Download Microsoft’s Free E‑book This article highlights only a portion of what’s included in the Microsoft resource. For detailed checklists, leadership conversation starters, user training recommendations, and technology guidance, download the full e‑book here: Strengthen Your Nonprofit’s Digital Security https://aka.ms/StrengthenNonprofitDigitalSecuritySafeguarding Trust: The Critical Role of Security in Today’s Nonprofits
Nonprofits run on something deeper than funding, programs, or technology — they run on trust. Communities trust you with their stories, their data, and their wellbeing. Donors trust you to steward resources responsibly. Staff and volunteers trust you to create a safe environment where they can do their best work. And in today’s digital world, protecting that trust starts with security. Digital Tools Are Now Essential — and So Is Security As nonprofits increasingly rely on cloud platforms, digital communication, and data-driven programs, the responsibility to safeguard information grows. Cyberthreats aren’t just an IT issue anymore; they’re a mission issue. A single breach can disrupt services, compromise sensitive data, and erode the trust that took years to build. But strong security doesn’t have to be complicated or out of reach. Security Should Be Accessible for Every Nonprofit Nonprofits deserve security solutions that are: Strong enough to defend against evolving threats Simple enough for small teams to manage Affordable enough to fit within limited budgets Aligned with the mission, not a distraction from it When your systems and data are protected, your team can focus on what matters most — delivering impact with confidence. Keep Your Mission Moving Forward Security isn’t just about reducing risk. It’s about empowering your organization to operate boldly, innovate freely, and serve your community without hesitation. That’s why taking the first step toward stronger security is so important. Is Your Nonprofit Prepared to Level Up Its Security? Discover how to strengthen your nonprofit’s security — visit Microsoft Nonprofits for LinkedIn to watch the video and take the free assessment. Your mission deserves protection. Your community deserves confidence. Take the first step today by heading to LinkedIn!Why Nonprofit Security Needs Urgent Attention
Nonprofits are facing a rapidly evolving security landscape. Cyberattacks are becoming faster, more targeted, and more sophisticated—driven in part by AI tools that make it easier for threat actors to automate reconnaissance, personalize phishing, and exploit vulnerabilities. Many nonprofits don’t discover breaches for months, leaving sensitive data and mission‑critical operations at risk. At the same time, nonprofits working in humanitarian aid, human rights, health, and advocacy are becoming more visible in a tense global environment. According to the 2025 Microsoft Digital Defense Report, nongovernmental organizations are now among the sectors most frequently targeted by nation‑state actors, often more than finance or healthcare. Yet nonprofits often have the fewest resources to defend themselves, despite holding highly sensitive information about donors, volunteers, and the communities they serve. How Microsoft Is Responding Microsoft is evolving the Security Program for Nonprofits into a practical, step‑by‑step security journey designed for real nonprofit constraints. Key elements include: • Free security assessments to identify risks and build a prioritized roadmap • Grants and discounts through Microsoft Elevate, including 60% off security suites • Microsoft AccountGuard for enhanced nation‑state threat monitoring • The Security Advisors Program for direct engagement with Microsoft experts • Security skilling to help teams detect and respond to threats more effectively The goal is simple: make strong security achievable, affordable, and aligned with mission needs. Read the Full Article This post summarizes key insights from the original LinkedIn article. You can read the full piece here: Microsoft for Nonprofits.How to Re-Register MFA
Working closely with nonprofits every day, I often come across a common challenge faced by MFA users. Recently, I worked with a nonprofit leader who faced an issue after getting a new phone. She was unable to authenticate into her Microsoft 365 environment because her MFA setup was tied to her old device. This experience highlighted how important it is to have a process in place for MFA re-registration. Without it, even routine changes like upgrading a phone can disrupt access to your everyday tools and technologies, delaying important work such as submitting a grant proposal. Why MFA is Essential for Nonprofits Before we discuss how to reset MFA, let’s take a step back and discuss why MFA is a necessity for nonprofits the way it is important for any organization. In the nonprofit world, protecting sensitive or confidential data—like donor information, financial records, and program details—is a top priority. One of the best ways to step up your security game is by using Multi-Factor Authentication (MFA). MFA adds an extra layer of protection on top of passwords by requiring something you have (like a mobile app or text message) or something you are (like a fingerprint). This makes it a lot harder for cybercriminals to get unauthorized access. If your nonprofit uses Azure Active Directory (AAD), or Microsoft Entra (as it is now called), with Microsoft 365, MFA can make a big difference in keeping your work safe. Since Microsoft Entra is built to work together with other Microsoft tools, it’s easy to set up and enforce secure sign-in methods across your whole organization. To make sure this added protection stays effective, it’s a good idea to occasionally ask users to update how they verify their identity. What Does MFA Re-Registration Mean for Nonprofits? MFA re-registration is just a fancy way of saying users need to update or reset how they authenticate, or verify, themselves. This might mean setting up MFA on a new phone (like the woman in the scenario above), adding an extra security option (like a hardware token), or simply confirming their existing setup. It’s all about making sure the methods and devices your users rely on for MFA are secure and under their control. When and Why Should Nonprofits Require MFA Re-Registration? Outside of getting a new phone, there may be other situations that raise cause for reason to re-register your MFA. A few scenarios include: Lost or Stolen Devices: Similar to the scenario above, if someone loses their phone or it gets stolen, you will have to re-register the new device. Role Changes: If someone’s responsibilities change, their MFA setup can be adjusted to match their new access needs. Security Enhancements: Organizations may require users to re-register for MFA to adopt more secure authentication methods, such as moving from SMS-based MFA to an app-based MFA like Microsoft Authenticator Policy Updates: When an organization updates its security policies, it might require all users to re-register for MFA to comply with new standards Account Compromise: If there is a suspicion that an account has been compromised, re-registering for MFA can help secure the account by ensuring that only the legitimate user has access With Microsoft Entra, managing MFA re-registration is straightforward and can be done with an administrator to the organization’s tenant. How to require re-registration of MFA To reset or require re-registration of MFA in Microsoft Entra, please follow the steps below. Navigate to portal.azure.com with your nonprofit admin account. Select Microsoft Entra ID Select the drop-down for Manage In the left-hand menu bar select Users > Select the user's name that you want to reregister to MFA (not shown). Once in their profile, select Manage MFA authentication methods Select Require re-register multifactor authentication Congratulations! The user will now be required to re-register the account in the Microsoft Authentication app.Upcoming IT Management and Security in the AI Era events on Tech community!
We’re excited to invite you to IT Management and Security in the AI Era, on Thursday, February 26th, from 8:00AM to 10:30 AM Pacific. This digital event is designed to help IT and security professionals answer questions with clarity and confidence, grounded in the latest Microsoft 365 Copilot capabilities and controls. What to expect IT Management and Security in the AI Era brings together insights, demos, and deep dives from Microsoft experts, giving you a practical understanding of how to prepare your environments for Copilot and agents while managing risks responsibly. Topics covered include: Built-in protections in the Copilot platform that help proactively safeguard your organization Practical ways to reduce exposure to common attack vectors in an increasingly AI-driven digital workplace Technical guidance for protecting sensitive data while maintaining productivity Best practices for managing AI agents and controlling costs Measurement, analytics, and usage insights to understand adoption and business impact Guidance on enabling users and assessing the value of Microsoft 365 Copilot and agents across your organization Continue reading and register here!
