Most MSP automation lives in Power Automate flows someone built once and everyone's been afraid to touch since. We work the way an engineering team should: stack review first, target architecture before code, two-week build increments with version control and tests, then a real run-state with on-call and SLAs. Boring on purpose.
Two weeks. We sit with your operations lead and your senior tech, walk the stack the way it's actually used — ConnectWise queues, NinjaOne policies, the M365 tenants that drift, the shared credential store everyone forgot about — and write down what we see.
We map the round-trip: where a ticket comes in, every handoff it survives, every system it touches, and which of those handoffs is a Power Automate flow held together with hope. We pull a real sample of P1 and P3 tickets and trace them.
No slide deck. We leave with a written point of view: what's automatable now, what's a baseline problem first, and which 6-week sprint pays back fastest.
The ticket queue is the operating model. We start there, not on the integrations roadmap your last vendor left.
If your conditional access policy doesn't match across tenants, that's a bug. We surface drift before we propose a build.
We don't recommend tools first. We measure where the human minutes are going, then choose the tool that removes the most.
One week of design. We draw the target state — data flow, system of record per object (ticket, asset, user, agreement), idempotency keys, retry semantics, where the queue lives, what the on-call surface looks like.
We pressure-test against your existing security posture (Entra app registrations, scopes, secret rotation), your compliance reality (SOC2, HIPAA where it touches), and the boring stuff that kills projects in week five: rate limits, webhook delivery guarantees, what happens when ConnectWise is down.
Output is a short architecture doc your senior tech can review and a sequencing plan your ops lead can defend to the team.
Every webhook, every retry, every replay must converge to the same state. If it doesn't, we redesign it before code.
Tickets live in PSA. Assets live in RMM. Agreements live in PSA. We sync, we don't fork. Forking is how you get drift.
We agree on freshness, latency and error budget before the first commit. Without that, "done" is a vibe, not a target.
Two-week increments. Production-quality from day one — code in your or our git, tests against the real PSA and RMM APIs, structured logs, metrics, alerts wired to a real on-call surface (PagerDuty, Opsgenie, whatever you use).
We pair on the first integration with your senior tech so they own it on day one rather than day ninety. Everything is reviewable, every change is deployable, every flow has a runbook checked into the same repo as the code.
By the end of week 3 of a 6-week sprint, something real is running in your environment under load. Not a demo, not a sandbox. The actual integration.
No "we'll harden it later." First merge runs against the real APIs with the real auth and the real observability.
The on-call doc lives in the repo. PR doesn't merge without it. If the flow is unrunnable at 3am, it isn't done.
We route traffic gradually from the old Power Automate mess to the new one. Cutover happens when error budget says it's safe.
Real run-state. We watch the integration with you for the first 30 days — queue depth, error rate, latency, drift, the boring numbers that tell you whether the thing actually works under your load.
When there's a P1, we're on the call. We pair on the first incident with your team so the muscle memory transfers. Change control is real — every config change goes through PR, every secret rotation has a runbook, every dependency upgrade has a deploy window.
When the system is boring enough that you stop looking at it, you have two choices: keep us on retainer for the next thing, or take it home. Either way, we leave the lights on.
Your senior tech is on the bridge with us. Muscle memory transfers in real time, not in a Notion handover doc.
Things break. We optimise for how fast you find out and how fast it's fixed — not for the fantasy that nothing fails.
The goal of operate is that you stop thinking about it. If you're checking the dashboard daily by month two, we did it wrong.
The four-step method runs inside one of these shapes. Sprint 01 is the most common starting point — it's where the toil compounds fastest in a 20–200-person MSP.
Two-way sync between your PSA and primary RMM — tickets, assets, time entries, contracts. The integration you've been promised by every vendor.
M365 and Azure tenant operations at fleet scale — onboarding/offboarding, license rightsizing, conditional access, baseline drift detection.
EDR and MDR alerts (Huntress, SentinelOne, Defender) routed into PSA with enrichment, dedup, and severity-aware queueing.
Senior engineering capacity on demand — for the work that doesn't fit a sprint shape. Custom portals, dashboards, AI ticket triage, the integrations no one else will build.
Not a slide deck. Not “a few weeks of integration.” A short SOW with line items, sequencing, and exit criteria you can hold us to.
Six weeks. Five line items. Each ships behind the previous one's exit criteria. No “phase 2” that never lands.
These show up in every sprint we run. If a constraint forces us to break one, that's a conversation — not a quiet exception.
Every webhook handler, every retry, every replay. If the contract isn't idempotent, we redesign the contract.
If your conditional access drifts across tenants, that's logged, owned, and fixed like any other defect.
Operator docs live in the same repo, reviewed in the same PR. Build and operate are one workflow.
Structured logs, metrics, traces and queue dashboards land before performance work. No premature speedups.
Cutover when error budget says it's safe. Big-bang rewrites of someone's Power Automate mess fail every time.
Your senior tech is on the call with us when it first breaks in production. Muscle memory transfers in real time.