Hey Ben, great question.

This is a big part of what we're building here with ISPM because we've found that, in many cases, custom baselines don't work. Looking at 20,000 tenants managed by MSPs, with the right tools in place - secure scores are still in the mid 40's(%).

Many of those MSPs had some kind of policy deployment tool which let them build their own custom baselines and push them out. But then it's hard to assess the impact across 1000's of users over multiple tenants. Drift happens, Microsoft change licenses/features, compliance targets change and of course the hackers get trickier. The baseline never got deployed to 100% of the tenants and now the policies are out of date too. So it's just more work for the MSP team. Don't get me wrong, I know some MSPs have absolutely nailed this and it works, but as with everything Huntress, we're building for the 99%.

ISPM isn't a policy deployment toolkit, we're going to constantly keep looking at that tenant and saying "is it safe?". A big part of that will be having policies / settings built out by the team here based on what they see across millions of identities each day. So new settings / policies will come out and we'll automatically impact assess and when appropriate, auto-deploy those into the tenants.

As we move towards the summer, I think you'll like what we're building with Managed Policies, Learning Mode, CA Policy Adoption and the customization options we have.

Sorry this is a long response! This topic is a HUGE part of the problem we're solving here for our MSP partners and I'm very passionate about it! If you ever want to hop on a call, just let me know!