# IT Services — Abate Technology Services URL: https://abatetechnology.com/services We manage your entire IT environment — not a piece of it. This page breaks down everything that's included, how it works, and what you can expect. No marketing fluff. Just what we actually do. ## 01 — Microsoft 365 (core platform) Your M365 tenant is the foundation. Everything else depends on it being set up correctly — and most tenants aren't. We build yours from scratch or inherit whatever your last IT person left behind, bring it up to baseline, and keep it there. Every tenant we manage gets the same security and configuration standards applied from day one. - **User and license management** — Account creation, group lifecycle, license deployment. Onboarding and offboarding handled within 5 business days of notification, usually faster. - **Exchange Online** — Spam filtering, policy configuration, mail flow monitoring, shared mailbox lifecycle, DLP and retention policies. - **SharePoint and Teams** — Site creation, monitoring, lifecycle management. Teams creation and management so you don't end up with 40 abandoned channels. - **OneDrive** — Lifecycle management, policy enforcement, Known Folder Move so Documents, Desktop, and Pictures sync automatically. - **Intune (Endpoint Manager)** — Every Windows PC, Mac, iPhone, and iPad enrolled. Baseline configuration profiles, compliance policies, Windows Autopilot deployment profiles. - **Microsoft Defender** — Baseline setup, ongoing scanning, hardening, reporting. Works alongside Huntress and Blackpoint as layered protection. - **Office apps** — Deployment, patching, and care of Word, Excel, Outlook, and the rest of the M365 suite. ### Tenant baseline standards (applied to every tenant we manage) - Unified Audit Log enabled - Conditional Access (replaces Security Defaults) - MFA enforced on all accounts - Modern Authentication enabled - Basic Authentication disabled - Admin consent required for apps - Password expiration disabled (per Microsoft guidance) - Self-service password reset enabled - Shared mailbox sign-in disabled - Auto-expanding archives enabled - Spoofing warnings for Outlook - Self-service license purchases disabled ## 02 — Security (defense in depth) We're an MSP, not an MSSP. We're upfront about that. We don't run a security operations center (we have Huntress for that) and we're not going to pretend to. What we do is deploy and manage a layered security stack and partner with dedicated security firms who do this 24/7. No security setup is bulletproof. We strongly recommend every client carry cybersecurity insurance and invest in employee security training. - **NGAV + EDR** (Huntress, Microsoft Defender for Business) — Real-time, behavioral detection with endpoint visibility. - **MDR and threat hunting** (Huntress) — Human-powered, 24/7. Real analysts reviewing real alerts. - **SOC** (Huntress, Blackpoint Cyber) — Full-service monitoring around the clock. - **DNS filtering** (Cisco Umbrella) — Web traffic analyzed at the DNS level. Works on- and off-network. - **Privilege escalation control** (AutoElevate) — No user runs as local admin. Elevation requests reviewed in real time. - **Security awareness training** (Huntress) — Phishing simulations, video training, dark web monitoring. - **Password management** (Keeper Security Enterprise) — Enterprise password manager with SSO integration. - **Email security and authentication** — SPF, DKIM, DMARC configured and monitored. - **Conditional Access** — All clients on Business Premium or F3. Granular policy-based access controls. ## 03 — Devices (endpoint management) Every device your people use — Windows laptops, Macs, iPhones, iPads — is enrolled in Intune and managed from day one. We handle procurement, deployment, configuration, patching, security, and ongoing support. Goal: zero-touch. Device ships directly to the user, they turn it on, sign in, everything is already there. - **Windows PCs** — Sourced through Dell Premier. Registered in Autopilot before shipping. User opens the box, signs in, ready. - **Apple devices** — iPhones, iPads, Macs managed through Intune with Apple Business Manager. - **Patching and updates** — Windows, Office, drivers, firmware. Tested, deployed in rings, monitored. - **Software support** — Full Microsoft 365 coverage. Non-Microsoft business software supported where it integrates with covered systems. Current Windows and macOS covered; Linux best-effort. ## 04 — Backup and recovery Microsoft doesn't back up your data. They provide redundancy for their infrastructure, but Microsoft's retention only goes so far. That's where we come in. Cloud-to-cloud backup of your entire M365 environment — Exchange email, OneDrive, SharePoint, and Teams — three times a day via AFI.ai. Regular data restoration tests. Backup logs monitored for failures. Local workstation data is not backed up. Known Folder Move syncs user data to OneDrive automatically. Data should live in OneDrive, SharePoint, Teams, or email — not on a hard drive. ## 05 — Network and on-prem If it's on your network, we take care of it. Install, configure, patch, monitor all network hardware. ISP liaison. Lifetime hardware upgrades included after initial purchase from ATS at networked sites. - **Network hardware** — Firewalls, switches, access points. - **DNS records** — SPF, DKIM, DMARC setup and monitoring. - **Printing** — Deployment, configuration, user management, scanning, cloud printing. Physical maintenance (toner, jams) is on the vendor. - **Phone system** — Extension management, voicemail-to-email, call forwarding. L1/L2 troubleshooting and vendor management. - **Security system** — Card access, software, cameras, network health. - **Website infrastructure** — User login configuration, domain mapping, web host liaison. Content creation not included. ## 06 — Trusted Technology Advisor (strategic advisory) Some MSPs call this role "vCIO." We avoid that term — it implies executive-level authority within your organization, which we don't have. We're strategic advisors. - **Technology Business Reviews (TBRs)** — Regular scheduled reviews on system health, best practices, budget, roadmaps. - **IT budgets** — We create and maintain your IT budget. Hardware refresh, licensing renewals, projects. - **Policy and process consulting** — Acceptable use, BYOD, data retention, security procedures. - **Grant and program support** — Reports and analyses for grants, new programs. - **Training** — Group sessions and one-on-one as needed. ## 07 — Vendor management and procurement We maintain all hardware and software vendor relationships. When something needs to be ordered, quoted, installed, or troubleshot, we make the call. Procurement varies by vendor: Dell quotes go in your cart for your admin to complete. Online resellers send you the purchase link. ATS-resold products get billed via ACH or credit card after approval. ## 08 — Support (always on) Unlimited. Flat rate. No hourly billing. No per-ticket charges. Submit one ticket or twenty — same cost. Onsite and remote at our discretion. - **Mission-critical** — Response: 30 minutes. Resolution: 48 hours. Hotline down, phones out, email unavailable, breaches. - **Standard requests** — Response: best-effort. Onboarding/offboarding within 5 business days. ### How to submit requests - Web portal: my.abatetechnology.com - Email: support@abatetechnology.com - Phone: 860-616-6667 Submit once, by the user who needs help. Don't email or call technicians directly — it skips the queue. ## Products in the stack | Product | Purpose | |---|---| | Huntress * | NGAV, EDR, MDR, SOC, security training | | Blackpoint Cyber * | SOC | | Microsoft Defender | NGAV (included in licensing) | | Cisco Umbrella | DNS filtering | | Microsoft Intune | MDM (Windows, Mac, iOS) | | AutoElevate * | Privilege escalation control | | Action1 | RMM, remote desktop | | ConnectWise ScreenConnect | Remote desktop | | AFI.ai * | Cloud-to-cloud backup | | HaloPSA | Help desk, ticketing, user portal | | Keeper Security * | Enterprise password manager | | Dell Technologies | Hardware procurement (Premier) | \* Licensed through ATS. Removed if we part ways.