How can MSPs simplify security controls and tailor protections across customers?

Our platform updates help MSPs centralize security controls, cut noise, and adapt protection per customer quickly. Below are clear Q&A entries to guide IT teams through the new capabilities and how to use them.

What is the quickest change MSPs can make to reduce false positives?

Start by setting precise Defender scan exclusions—this directly lowers false alerts. The update lets teams define excluded paths, file types, and running processes across all customers or for individual clients. Applying exclusions prevents routine tools and known-safe files from triggering antivirus flags. This reduces engineer time spent chasing non-issues and keeps alert queues focused on real risks. Use the device security settings to review and refine exclusions regularly.

Can exclusions be applied company-wide or per client?

Yes — you can apply exclusions globally or tailor them per company to match each customer’s environment. Global settings speed deployment for standard configurations, while per-customer rules handle special cases or legacy software. The platform shows exclusions organized by type, name, and creation date for easy review. That visibility helps audits and ensures you can revert or adjust rules if needed. Document any per-customer exceptions so support teams know why an exclusion exists.

How does the spam management update change email handling?

The new spam controls allow MSPs to treat spam differently from high-risk threats. You can toggle spam detection on or off, and choose actions like moving messages to junk, quarantining them, or adding caution banners. A new “Spam Emails” issue type flags unwanted messages but classifies them at an informational level so they don’t trigger critical alerts. Admins can stop receiving Info-level notifications to reduce noise. This balance keeps inboxes clean without masking true phishing or impersonation risks.

What options are available when spam is detected?

When the system marks a message as spam, admins can pick one of several behaviors to match their policy. Recommended: add a banner and move the message to the junk folder to keep it visible but separated. Alternatives include quarantining the message or only tagging it with a caution banner. Those choices let you protect users while avoiding overblocking legitimate mail. Use the policy that best matches your customer’s tolerance for risk and disruption.

How has suspicious login detection improved?

Suspicious-login alerts now use a benchmark-based approach to reduce false positives. The system checks repeated User-Agents, trusted devices used frequently within the same organization, and known safe IP addresses before flagging a login. That means fewer benign logins from traveling employees will create alerts. When a genuine anomaly appears, it still raises a clear signal for investigation. This refinement cuts alert fatigue and helps analysts focus on real compromises.

How much faster are external prospecting scans now?

External scans that once took days now complete in a few hours, giving MSPs faster intelligence for outreach and triage. The platform performs full rescans to confirm fixes and reduce false reopenings of resolved issues. Quicker reports accelerate decision-making and enable more timely customer briefings. Planned improvements aim to raise scan frequency and automate rescans so data stays fresh. Faster scans translate to faster remediation and better customer responsiveness.

How do these updates improve operational efficiency?

By centralizing exclusions, spam rules, and login benchmarks, the updates reduce manual configuration and repeated investigations. Teams spend less time on noise and more time on genuine threats, raising the effective capacity of SOC staff. Built-in visibility into rules and issues makes audits and customer reporting simpler. Faster scans and automatic rescans accelerate workflows from discovery to closure. Overall, these features lower operational costs while keeping protection strong.

What visibility tools help manage these settings?

The platform lists exclusions and email issue types in one place with sorting and filtering tools. You can view exclusions by type, name, and date, and examine info-level spam issues separately from high-severity threats. Audit trails and timestamps make it easier to track who added or changed settings. That transparency supports compliance checks and handoffs between teams. Use filters to build customer-specific views for targeted reviews.

How should MSPs roll out these controls to customers?

Begin with a pilot group before applying global rules — test exclusions and spam actions on a few representative clients. Validate that legitimate applications aren’t blocked and that spam rules don’t hide critical messages. After confirming outcomes, expand global settings and document per-customer exceptions. Train support staff on where to look for info-level spam issues and how to adjust notifications. Maintain a changelog for each customer to speed troubleshooting.

What are the next improvements to expect?

Look for increased scan frequency and further automation around rescans and issue confirmation. Enhancements to benchmarking logic and device recognition are planned to continue lowering false positives. We’re also working on richer reporting and faster rollout mechanisms to reduce admin overhead. These roadmapped features aim to deliver clearer signals with less effort. Stay tuned as we refine the platform based on MSP feedback.

Quick Takeaways

• Set Defender exclusions to instantly reduce false positives and save SOC time.
• Apply exclusions globally or per customer for flexible control.
• New spam settings separate nuisance messages from real threats with Info-level tracking.
• Login benchmarks cut noise by considering device, User-Agent, and trusted IPs.
• External scans now finish in hours and include full rescans to confirm fixes.
• Pilot changes first, then scale globally while documenting exceptions.

Top FAQs

1. Will exclusions increase risk? Properly scoped exclusions lower noise without raising risk when limited to trusted paths and files; monitor and document them.
2. Can spam settings block phishing? No — phishing and impersonation remain high-severity categories; spam handling targets low-risk unwanted messages.
3. How often should rescans run? Weekly rescans are a reasonable baseline; planned automation will increase frequency where needed.
4. Do per-customer rules add management overhead? Slightly at first, but they reduce incidents long-term by accommodating unique software or legacy systems.
5. How do we measure success? Track reduced Info/false-positive alerts, faster ticket closure, and scan completion times as key metrics.

For implementation support and to explore tailored templates for your customers, visit Palisade.