Two-way ticket sync between ConnectWise and NinjaOne with idempotent retries — agents write once, both systems converge.
ConnectWise PSANinjaOnen8n
ServicesFour practices.
Four practices.
One MSP engineering team.
Most MSP automation rots in someone's M365 tenant — half a Power Automate flow, a SharePoint list, and a senior tech who knows what it does. Xentek replaces that with versioned, tested, observable code across the four areas of MSP work where engineering discipline pays back the fastest. PSA · RMM, Microsoft 365, security, and the custom software your stack can't sell you.
01 / PSA · RMM Automation
Stop double-entering everything between your PSA and RMM.
The PSA is the source of truth for billing. The RMM is the source of truth for what's actually happening on the endpoint. Vendors have been promising the bridge between the two for a decade, and the bridge keeps showing up as a CSV import job a tech runs at 11pm on a Tuesday.
What this means in production
We engineer the seam properly. Two-way ticket lifecycle, asset and agent reconciliation, time entries written from RMM events, agreement and SLA tracking, billing reconciliation against distribution. Everything idempotent, retried with backoff, observable in Grafana, and version-controlled in git.
The deliverable is a system you'd hand a new senior tech on day one and they'd understand it. Not a flow only the original author can debug at 2am.
- Ticket LifecycleTwo-way create / update / close between ConnectWise (or Autotask, HaloPSA) and the RMM, with idempotent retries.
- Asset SyncAgent inventory reconciled into PSA configurations — site, contact and agreement attribution included.
- Time CaptureRMM script and patch events written to PSA time entries against the right agreement, automatically.
- ReconciliationPax8 / distributor seat counts compared nightly against PSA agreements with a drift report by client.
- RunbooksTriggered RMM scripts wrapped behind an approval queue so junior techs can run senior playbooks safely.
- ObservabilityPer-flow dashboards, alerting on retry storms, and a single page to answer "did sync run last night."
In production — example scenariosTicket sync Time capture Reconciliation
Patch and script events from Datto RMM written as PSA time entries — billable hours stop falling on the floor.
Datto RMMConnectWisePostgres
Pax8 license usage reconciled nightly against PSA agreements — no more "where did this seat come from" at month-end.
Pax8 APIConnectWise agreementsPostgres
02 / Microsoft 365 · Graph
Multi-tenant Microsoft operations that don't require a person.
M365 is the part of the stack where MSPs lose hours to clicking. Onboarding a new user across thirty tenants is the same five tasks done thirty times — different admin centres, different MFA prompts, the same three things forgotten on tenant twelve.
What this means in production
Graph API removes the clicking. We engineer the tenant operations that actually run an MSP at fleet scale: onboard / offboard sequences with rollback, license rightsizing reports, conditional access policy templates that drift-check nightly, group lifecycle, baseline enforcement across Defender and Intune. All authenticated through partner consent or per-tenant app registrations, all logged to an audit trail.
The deliverable is fewer admin centres open at any moment, and an answer when a client asks "what's our security baseline" that doesn't start with "let me check."
- OnboardingPer-tenant new-hire flow — user, mailbox, licenses, group membership, Intune policy, welcome.
- OffboardingLicense revoke, mailbox conversion, OneDrive handover, sign-in block, manager handoff — auditable.
- License PostureUsage reporting across tenants with rightsizing recommendations — per-client, per-SKU, dollarised.
- Conditional AccessVersioned policy templates pushed across tenants with drift detection and approval gates.
- Baseline DriftNightly compare of Defender, Intune and Entra config against a known-good baseline per client tier.
- Audit TrailEvery Graph write logged with actor, tenant, before / after — defensible at audit time.
In production — example scenariosOnboarding Drift check License posture
New-hire flow that creates the M365 user, assigns licenses, books NinjaOne policy, posts welcome to Slack — in under 90 seconds.
Microsoft GraphNinjaOnePax8
Conditional access policies compared across tenants nightly — drift surfaces in Slack before the client finds it.
Entra IDPowerShell SDKn8n
Unused E3 and Business Premium seats flagged per tenant — renewals get rightsized before the bill lands.
Microsoft GraphPax8 APIPostgres
03 / Security Pipeline Plumbing
EDR and MDR alerts in your PSA — enriched, deduped, prioritised.
Every MSP has the same security pipeline problem. Five vendors push alerts at you, each in a different shape, none with the context the on-call tech needs to act. The alerts pile up in shared inboxes and Teams channels until a real one gets buried under a hundred informationals.
What this means in production
We build the plumbing between the security tools and the PSA so signal arrives where the work happens. Webhooks normalised, host and user enriched from PSA and RMM, severity routed to the right queue or pager, deduplication on the asset / signature pair, closed-loop status sync back to the EDR when the ticket resolves.
The deliverable is a SOC-style intake your team already had the data to build, but never had the engineering hours.
- IngestionWebhook + API ingestion from SentinelOne, Huntress, Defender for Endpoint, MDE for Cloud, SIEM.
- NormalisationVendor-specific payloads mapped into a common alert schema — host, user, signature, severity, action.
- EnrichmentAffected asset matched to PSA configuration, owning client, last logged-on user, and tier.
- RoutingSeverity-aware queue placement, on-call paging via PagerDuty, after-hours rotation honoured.
- DeduplicationSame-signature, same-host alerts within a window collapse onto one ticket — counter visible.
- Closed LoopPSA ticket closure writes status back to the EDR / MDR — analyst notes survive across systems.
In production — example scenariosAlert routing Dedup Closed loop
Huntress alert lands as an enriched ConnectWise ticket — with the right tech assigned and the affected user already paged.
Huntress webhookConnectWisePagerDuty
SentinelOne threat clusters collapse on signature + host within a 15-minute window — one ticket, not forty.
SentinelOne APIPostgresn8n
Defender alert closed in PSA pushes resolution back to the console — the analyst note travels with it.
Microsoft DefenderConnectWiseWebhooks
04 / Custom MSP Software
The tools your PSA can't give you. Built to spec.
Some of the most valuable MSP tooling doesn't exist in any vendor's roadmap. A client portal that combines tickets, assets, M365 posture and security signal on one branded surface. A NOC dashboard that mixes Auvik, RMM and PSA in a way nobody sells. An AI-assisted triage layer for the ticket queue that drafts the first reply.
What this means in production
We build it as real software. Next.js + TypeScript on the front, Postgres and typed APIs on the back, Azure or AWS for hosting, OpenAI or Anthropic for the AI layer. Auth via Entra or Auth0, RBAC modelled to your hierarchy, audit trails on the writes, and a CI / CD pipeline so the next change is a pull request — not a midnight RDP session.
The deliverable is software you'd ship to a paying client. Not a Streamlit prototype with an API key in the source.
- Client PortalBranded surface — tickets, assets, M365 license posture, security signal, invoices — under your domain.
- NOC DashboardsRMM, network, EDR and PSA combined into the views your senior techs already sketch on whiteboards.
- Triage AssistAI-drafted first replies, classification, routing — with citation back to the runbook it pulled from.
- ReconciliationDistributor invoice vs PSA agreement vs M365 posture — the worksheet that shouldn't be a worksheet.
- White-Label AppsProductised internal tools repackaged for resale to your clients on your own pricing.
- Pipeline · AuthSSO via Entra or Auth0, RBAC, audit logs, observability, CI / CD — production from day one.
In production — example scenariosClient portal AI triage NOC dashboard
Client-facing portal showing tickets, assets, M365 license posture and security signal — one branded surface, three vendor APIs.
Next.jstRPCPostgres
Inbound ticket triage that classifies, routes and drafts a first reply — your senior techs see fewer "where do I click" tickets.
OpenAIVector storeConnectWise
Auvik, NinjaOne and PSA combined into a single live view — one screen on the wall, the room agrees on reality.
Next.jsAuvik APINinjaOne
Pick a practice. Or bring all four.
Either way, we start with a stack review.
Outcome-tied pricing on first engagement.