Remote Work and MSPs

March 2020 changed everything.

One week, your entire IT infrastructure was in one building with a controlled network, managed devices, and an IT person down the hall.

The next week, 50 people were working from their kitchen tables on questionable home Wi-Fi, accessing company systems from personal devices, and your IT person was answering support calls whilst simultaneously homeschooling three children.

 

 

Five years later, remote and hybrid work isn’t temporary—it’s permanent. And managing IT for distributed teams requires a fundamentally different approach than managing a single office.

Here’s how MSPs actually support remote workforces, what’s changed, and what you need to know.

The Remote Work IT Reality Check

What Changed (And What Didn’t)

The old model:

• Controlled environment (office network)
• Managed devices (company laptops)
• Perimeter security (firewall protects everything inside)
• Local support (IT person fixes problems in-person)
• Predictable bandwidth (office internet)

The new model:

• Uncontrolled environments (home networks, coffee shops, airports)
• Mix of managed and personal devices (BYOD)
• Zero-trust security (assume every connection is hostile)
• Remote-first support (everything solved via phone/video)
• Variable bandwidth (dodgy home broadband to 5G)

What leading MSPs figured out: The tools and processes for managing remote teams aren’t “temporary work-from-home solutions”—they’re permanent operational requirements.

The challenge some MSPs still face: Remote work isn’t “support the same way but via Zoom.” It requires different architecture, different security, different processes.

The Remote Workforce Technology Stack

Modern remote-work support requires:

1. Identity and Access Management (IAM)

The problem: Users connecting from anywhere, on any device, to access company resources.

The solution MSPs deploy:

Multi-Factor Authentication (MFA):

• Microsoft Authenticator, Google Authenticator, Duo
• Mandatory for all cloud applications
• Biometric authentication (fingerprint, Face ID)
• Hardware tokens for high-security environments

Single Sign-On (SSO):

• Azure AD, Okta, OneLogin
• One login to access all applications
• Centralized access control
• Audit trail of who accessed what, when

Conditional Access Policies:

• Require MFA from untrusted locations
• Block access from high-risk countries
• Enforce company device requirements
• Allow/deny based on user risk scores

Why this matters: Password-only security is dead. 81% of breaches involve stolen credentials. MFA blocks 99.9% of automated attacks.

2. Endpoint Management

The problem: You can’t physically touch user devices anymore. Everything must be managed remotely.

The solution MSPs deploy:

MDM (Mobile Device Management):

• Intune (Microsoft), Jamf (Apple), VMware Workspace ONE
• Remote device enrollment
• Application deployment
• Security policy enforcement
• Remote wipe capability

What MSPs do with MDM:

• Deploy security configurations automatically
• Push software updates remotely
• Enforce encryption
• Track device inventory
• Remotely lock/wipe lost/stolen devices

Compliance monitoring:

• Is antivirus running?
• Is encryption enabled?
• Is OS up to date?
• Are backups working?

Non-compliant device? Blocked from company resources until fixed.

3. Secure Remote Access

The problem: Users need access to company systems from untrusted networks.

Traditional solution (VPN):

• Virtual Private Network
• Encrypts traffic from user to company network
• Makes remote device “appear” on company network

Modern solution (Zero Trust Network Access – ZTNA):

• Assume every connection is hostile
• Verify every access request
• Grant minimal necessary permissions
• Monitor continuously

What MSPs implement:

VPN for legacy systems:

• Still necessary for some on-premises applications
• But being phased out in favour of ZTNA

Cloud-based ZTNA:

• Cloudflare Access, Zscaler, Perimeter 81
• No company network to VPN into (everything’s cloud)
• Application-level access control
• No “inside the network” trust

Split tunneling:

• Corporate traffic through VPN/ZTNA
• General internet traffic direct (faster)
• Reduces VPN bottlenecks

4. Collaboration Tools

The problem: Teams can’t walk over to each other’s desks anymore.

What MSPs manage:

Microsoft Teams / Slack:

• Chat, video calls, file sharing
• Integration with other business apps
• Governance (who can create channels, retention policies)
• Security (guest access controls, DLP – Data Loss Prevention)

Video conferencing:

• Zoom, Microsoft Teams, Google Meet
• Licensing management
• Security settings (waiting rooms, password protection)
• Recording policies and storage

Cloud storage and file sharing:

• OneDrive, SharePoint, Google Drive
• Permission management
• Version control
• External sharing policies

MSP role:

• Deploy and configure
• Train users
• Manage licenses
• Enforce security policies
• Troubleshoot issues

5. Security Operations (Different for Remote Teams)

The problem: Perimeter security (firewall) doesn’t protect remote devices. Each endpoint is its own perimeter.

What MSPs deploy:

EDR (Endpoint Detection and Response):

• CrowdStrike, SentinelOne, Microsoft Defender for Endpoint
• Monitors each device for threats
• Automated response to attacks
• Behavioural analysis (not just signature-based)

Email security:

• Advanced phishing protection
• Link sandboxing (test suspicious links safely)
• Attachment analysis
• Spoofing prevention

DNS filtering:

• Block malicious websites
• Prevent malware downloads
• Content filtering (block risky categories)

SIEM (Security Information and Event Management):

• Collects logs from all systems
• Correlates events to detect attacks
• Alerts on suspicious patterns
• Compliance reporting

24/7 Security Operations Centre (SOC):

• Human analysts watching for threats
• Incident response
• Threat hunting
• Forensic investigation

6. Help Desk Tools for Remote Support

The problem: Can’t walk over to someone’s desk to fix their computer.

What MSPs use:

Remote desktop tools:

• TeamViewer, AnyDesk, ConnectWise Control
• See user’s screen
• Take control to troubleshoot
• Transfer files
• Chat during session

Ticketing systems:

• Automatically route tickets to right specialist
• Track SLA compliance
• Document resolutions
• Knowledge base for self-service

Asset management:

• What devices exist?
• Who has what?
• What software is installed?
• Warranty/license expiry tracking

The BYOD Dilemma (Bring Your Own Device)

The Question Every Remote Business Faces

Do you allow employees to use personal devices for work?

Arguments for BYOD:

• Employees already have devices
• Cost savings (no company device purchases)
• Employee preference (their own device, their settings)
• Flexibility

Arguments against BYOD:

• Security challenges (limited control over personal devices)
• Compliance risks (company data on unmanaged devices)
• Support complexity (supporting every possible device/OS combination)
• Data ownership (what happens when employee leaves?)

How MSPs Handle BYOD

Option 1: Full BYOD (High Risk, Low Cost)

Allow personal devices with security controls:

• MAM (Mobile Application Management) – manage apps, not entire device
• Container approach – company data in secure “container”
• Conditional access – only allowed if security requirements met

MSP responsibilities:

• Deploy MAM solution (Intune, VMware Workspace ONE)
• Configure security policies
• Monitor compliance
• Support corporate applications (not personal device issues)

Challenges:

• Limited control over device
• Can’t enforce all security policies
• Data leakage risk
• Device diversity complexity

Option 2: Corporate Devices Only (Low Risk, High Cost)

Company provides and manages all devices.

MSP responsibilities:

• Procure, configure, deploy devices
• Full MDM deployment
• Complete security control
• Standard hardware = easier support

Advantages:

• Complete control
• Consistent security
• Clear data ownership
• Better compliance

Option 3: Hybrid (Medium Risk, Medium Cost)

Corporate laptops, allow personal phones/tablets with restrictions.

Most common approach: This balances cost, security, and flexibility.

MSP configuration:

• Corporate laptops: Full MDM, complete management
• Personal mobile: MAM for email/apps only, limited access

Supporting Remote Teams Across Timezones

The Challenge

Your team spans:

• London (GMT)
• New York (GMT-5)
• Singapore (GMT+8)
• Sydney (GMT+11)

How does MSP support work?

MSP Support Models for Global Teams

Model 1: Follow-the-Sun Support

MSP has support teams in multiple timezones:

• EMEA team (covers Europe, Africa, Middle East)
• Americas team (covers North/South America)
• APAC team (covers Asia-Pacific)

Advantage: Local timezone support, language/cultural fit

Disadvantage: Expensive, only large MSPs offer this

Model 2: 24/7 UK-Based Support

UK support team works in shifts to cover 24 hours.

Advantage: Consistent team, one accent/culture

Disadvantage: Graveyard shift coverage may be thinner

Model 3: UK + Offshore Partner

UK-based support during business hours, offshore (India, Philippines) for after-hours.

Advantage: Cost-effective 24/7 coverage

Disadvantage: Potential language/cultural differences, handoff complexity

What to ask MSPs:

• “Where is your support team physically located?”
• “What timezones do you cover?”
• “Is after-hours support in my timezone, or am I calling overnight in another region?”
• “Do you have dedicated teams per timezone or shared coverage?”

Home Network Security (The Weakest Link)

The Uncomfortable Truth

Your company security is only as strong as your employee’s home Wi-Fi.

And most home networks are:

• Using default router passwords (“admin”/”password”)
• Running outdated firmware
• Sharing Wi-Fi with neighbours
• Connected to IoT devices with no security (smart TVs, baby monitors, security cameras)

What MSPs Do (And Don’t Do) About Home Networks

What MSPs CAN do:

VPN/ZTNA: Encrypt traffic from home to company systems (protects against home network compromise)

Endpoint security: Even if home network is compromised, endpoint protection prevents device infection

Network access control: Block devices from company resources if they’re on risky networks

User education: Provide guidance on securing home networks

What MSPs generally DON’T do:

Configure home routers: Not practical to manage thousands of home networks with different ISPs/routers

Support home network issues: “My Wi-Fi is slow” isn’t an MSP problem (unless it affects work)

Your Responsibility

Provide guidance to employees:

• Change router default passwords
• Enable WPA3 encryption (or WPA2 minimum)
• Create separate guest network for IoT devices
• Keep router firmware updated
• Use strong Wi-Fi passwords

MSPs should provide this guidance as best practice documentation.

The “Work from Anywhere” Tech Stack

Modern remote work isn’t just “work from home.” It’s work from:

• Home offices
• Co-working spaces
• Coffee shops
• Hotels
• Airports
• Client sites
• Different countries

What This Requires

Cloud-first architecture:

• Everything accessible from internet
• No dependency on physical office network
• Geographic distribution of resources

Offline capability:

• Critical applications work without internet
• Local file syncing (OneDrive, Google Drive)
• Cached credentials (can log in without network)

Mobile security:

• VPN on mobile devices
• Encrypted devices (full disk encryption)
• Remote wipe capability
• Lost device protocols

Compliance for remote work:

• Data residency requirements (where does data live?)
• Cross-border data transfer
• GDPR compliance for EU employees
• Industry-specific regulations (healthcare, finance)

Remote Work MSP Services You Actually Need

Essential Services (Must-Have)

✅ 24/7 monitoring and support Users work different hours – support must match

✅ Zero-trust security architecture No perimeter = different security model

✅ MDM/MAM deployment Remote device management is non-negotiable

✅ Cloud infrastructure management Office-centric infrastructure doesn’t work remotely

✅ User training on remote security Employees are the new perimeter

Nice-to-Have Services

📊 Productivity monitoring (controversial) Some companies want visibility into remote work patterns – raises privacy concerns

📊 Home office IT procurement MSP helps employees get proper equipment (monitors, keyboards, ergonomics)

📊 Virtual desktop infrastructure (VDI) Employees access virtual desktop in cloud – nothing stored locally

Remote Work Pricing Models

How MSPs price remote workforce support:

Model 1: Per-User Pricing (Most Common)

£70-120/user/month regardless of location

Includes:

• 24/7 support
• Device management
• Security tools
• Cloud services management

Fair pricing: Same price whether users are in office or distributed

Model 2: Location-Based Pricing

Different pricing for different regions:

• UK-based users: £80/user
• EU users: £90/user (data residency)
• Global users: £100/user (timezone coverage)

Fair if: Pricing reflects actual additional costs (data centres, timezone support)

Worth questioning if: Just an excuse to charge more

Model 3: Hybrid Office Pricing

Different pricing for office vs remote users:

• Office users: £75/user (easier to support)
• Remote users: £95/user (additional tools, complexity)

Fair if: Remote users genuinely get additional services (VPN, endpoint security, etc.)

Worth questioning if: Same services, just charging more for remote

What to Watch For in “Remote Work Ready” MSPs

⚠️ “We support remote work” (but only business hours in one timezone) If your team works globally, business hours support doesn’t cut it.

⚠️ “We’ll set up a VPN” (and nothing else) VPN alone isn’t a remote work strategy. That’s 2010 thinking.

⚠️ No endpoint management capability If they can’t remotely manage devices, they can’t support remote teams properly.

⚠️ “BYOD is fine, we trust employees” Trust isn’t a security strategy. Proper BYOD requires MAM/MDM.

⚠️ No offshore support but claiming 24/7 coverage Something doesn’t add up. Either support isn’t really 24/7, or it’s offshore and they’re not being transparent about it.

Questions to Ask MSPs About Remote Work Support

Security architecture:

1. “Do you implement zero-trust architecture or traditional perimeter security?”
2. “How do you secure endpoints outside our network?”
3. “What’s your approach to BYOD security?”

Support capabilities:

4. “What timezones do you cover with native support?”
5. “What’s response time for remote workers in [specific timezone]?”
6. “How do you handle on-site support for home offices if needed?”

Tools and technology:

7. “What MDM/MAM solution do you deploy?”
8. “How do you handle VPN vs ZTNA?”
9. “What remote support tools do you use?”

Compliance:

10. “How do you handle data residency for remote workers in different countries?”
11. “What’s your approach to GDPR compliance for distributed teams?”

Experience:

12. “What percentage of your clients are fully remote?”
13. “Show me examples of distributed teams you support successfully”
14. “What’s the most complex remote setup you manage?”

The Bottom Line on Remote Work MSPs

Remote work isn’t a temporary accommodation—it’s permanent.

Your MSP needs to:

• Think cloud-first, not office-first
• Implement zero-trust security
• Support distributed users as default, not exception
• Cover timezones your team works in
• Handle BYOD properly or provide corporate devices
• Monitor and support remotely without on-site dependency

MSPs successfully supporting remote teams:

• Built their service model around distributed teams
• Use modern security architecture (zero-trust)
• Provide 24/7 coverage matching your workforce
• Have proven experience with global teams

Common gaps to watch for:

• Treating remote work as temporary
• Relying on outdated VPN-only security
• Only supporting business hours in one timezone
• Limited capability managing devices remotely

The goal is finding MSPs who genuinely understand distributed workforce support—not just traditional office IT with “remote capabilities” bolted on.

 

Interested in MSP-vendor partnerships or discovering MSPs with specific capabilities? That’s what we do at automate.marketing and globalmspdirectory.com.