SuperMSP Suite

Overview

SuperMSP is a comprehensive security assessment and management platform purpose-built for Managed Service Providers. It enables your team to automate Microsoft 365 security assessments, manage customer portfolios, and deliver executive-quality reports — all from a single, multi-tenant platform.

SuperMSP integrates directly with the Microsoft Graph API to pull live security data, runs AI-powered analysis across 50+ security controls, and surfaces prioritised, actionable findings for every customer you manage.

Automated Assessments

Schedule and run M365 security assessments across your entire customer base automatically.

AI-Powered Insights

AI models analyse findings, prioritise risk, and generate plain-language recommendations.

Executive Reporting

One-click QBR-ready and annual reports, branded for your MSP.

Customer Portals

White-labelled portals so your customers can view their own security posture.

Multi-Tenant

Manage dozens or hundreds of tenants with full data isolation and scoped permissions.

Microsoft Secure Score

Track Secure Score trends and benchmark customers against industry averages.

Getting Started

Follow these steps to get SuperMSP set up for your MSP organisation.

Sign in with Microsoft

Navigate to the SuperMSP platform and sign in using your Microsoft 365 account. SuperMSP uses Microsoft OAuth2 — no separate credentials to manage.

Go to Sign In

Configure your MSP organisation

On first login, complete the MSP organisation setup — add your company name, branding (logo, primary colour), contact details, and notification email. These appear on all customer-facing reports and portals.

Settings → MSP Settings → Branding

Connect Microsoft Graph credentials

Register an Azure AD app in your tenant and provide the Client ID, Tenant ID, and Client Secret in the Graph Credentials section. SuperMSP uses these to read security data from customer tenants.

// Minimum required Graph API permissions:
User.Read.All
SecurityEvents.Read.All
Reports.Read.All
Directory.Read.All
Policy.Read.All

Add your first customer

Go to Customer Portfolio → Add Customer. Enter the customer's Microsoft tenant domain and contact details. SuperMSP will validate the connection and begin the onboarding workflow.

Run your first assessment

Navigate to M365 Assessments → New Assessment. Select the customer, choose which security modules to run, and click Start. Results are typically ready in 2–5 minutes.

Generate a report

Once the assessment completes, go to Reporting Hub → Generate Report. Choose report type (QBR, Annual, Technical), select the assessment, and export as PDF or share a live link.

M365 Assessments

Assessments are the core of SuperMSP. Each assessment runs a set of security modules against a customer's Microsoft 365 tenant and produces a scored, prioritised report.

Assessment modules

Identity & Access — MFA, conditional access, privileged identity, guest users.

Email Security — SPF, DKIM, DMARC, anti-phishing, safe attachments.

Endpoint Protection — Intune compliance, Defender for Endpoint status.

Data Protection — Sensitivity labels, DLP policies, SharePoint external sharing.

Microsoft Secure Score — Live Secure Score, improvement actions, score trends.

Compliance Posture — GDPR, ISO 27001, NIST CSF coverage mapping.

Assessment statuses

Scheduled

Running

Completed

Failed

Customer Portfolio

The Customer Portfolio gives you a centralised view of every customer your MSP manages. Each customer record contains contact details, assessment history, security score trends, and access to their branded portal.

Bulk onboarding

Import customers via CSV or connect via Microsoft Partner Centre.

Scoped access

Invite customer contacts to view their own portal with role-based access.

Status tracking

Active, onboarding, suspended — with automated email workflows.

Domain verification

Verify customer tenants before assessments are permitted.

Reporting

SuperMSP generates three types of reports from assessment data:

QBR Report

Quarterly Business Review — executive summary, score trends, top findings, remediation roadmap. Designed for client-facing meetings.

Annual Report

Full-year security posture review with year-over-year comparisons, compliance coverage, and forward-looking recommendations.

Technical Report

Detailed technical findings for every module, with remediation steps, configuration evidence, and risk ratings.

AI Analysis

Every assessment module optionally runs an AI analysis step that transforms raw security data into plain-language findings, risk scores, and remediation recommendations.

// Example AI finding output
{
  "finding": "MFA not enforced for 12 admin accounts",
  "severity": "critical",
  "risk_score": 9.2,
  "recommendation": "Enable Conditional Access policy requiring MFA for all administrator roles.",
  "effort": "low",
  "remediation_steps": [...]
}

AI models can be configured per workflow. SuperMSP supports multiple providers — select the model that fits your accuracy and cost requirements under Platform Settings → AI Models.

Multi-Tenant Architecture

SuperMSP is built from the ground up for multi-tenancy. Every MSP organisation operates in a fully isolated namespace — customer data, assessments, and reports are never shared between tenants.

Data isolation

Row-level tenant isolation in the database. No cross-tenant queries possible.

Branded portals

Each MSP can white-label the platform with their logo and brand colours.

Scoped permissions

Fine-grained RBAC — MSP admins, team members, and customer contacts each see only their data.

Platform admin

SuperMSP platform admins can manage and monitor all tenants from a dedicated view.

Security & Privacy

SuperMSP is designed with security-first principles throughout.

Authentication — Microsoft OAuth2 only — no passwords stored in SuperMSP. All tokens encrypted at rest.

Data in transit — All API communication over TLS 1.3. Certificate pinning on the mobile clients.

Data at rest — Database encrypted with AES-256. Secrets stored in a dedicated secrets manager.

Access control — Role-based access control (RBAC) with principle of least privilege throughout.

Compliance — WCAG 2.1 AA accessibility compliant. SOC 2 Type II aligned practices.

Audit logging — Every API call and permission change is logged with timestamp and user identity.