Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Processes Attic ↔ MSP

Operational responsibilities and service alignment between Attic Security and MSP partners

This process overview describes the operational alignment between Attic Security and Managed Service Providers (MSPs). Its purpose is to create clarity around responsibilities, expectations, and collaboration within day-to-day security operations.

The overview is intentionally kept compact. Attic operates largely through automation; this overview provides MSPs with sufficient guidance to align their internal processes with Attic’s services.

Operational process alignment

Onboarding 

Onboarding involves the process of activating Attic services for a new or existing customer.

MSP will initiate this process from within Partner Portal (or API-based) and may complete it with.

Attic:
  • Provides and keeps available the self-service onboarding feature in Partner Portal (PP) interface and API.
  • Provides on-demand support in case of issues or questions.
MSP:

  • Selects desired subscription from PP and follows on-boarding steps as provided through PP. 

  • Performs authorization steps into clients cloudservice (e.g. M365) or, in case permissions not available, forwards onboarding request to another admin using the forwarding option in PP.
Customer:
  • (optional) Performs specific authorization step per request by MSP 

Recommendations

Attic is built to allow MSP to manage security by exception, following a singular process of suggested recommendations. Whenever something needs MSPs attention, Attic will notify and provide clear instructions. 

Attic will initiate this process automatically.

Attic:
  • Maintains infrastructure which regularly checks for configuration improvements and suspicious behavior in connected tenant. 
  • Generates incidents for said events, including recommended resolutions (Fix). 
  • Notifies partner through automated channels (e-mailaddress(es), webhook) as per partners configuration
  • Maintains prioritization engine to prevent overload of incidents, limiting amount of simultaneous incidents 
    • Automatically launch new theme on Theme Tuesday. 
    • No auto incidents for configuration recommendations within themes that have not been covered before.
    • No auto incidents for configuration recommendations that have been muted before (<4 weeks ago) or ignored
    • Always auto incident for monitoring checks and rules (covering suspicious behavior)
  • Provides on-demand support in case of issues or questions.
MSP:

  • Consider recommendation and choose follow-up: Approve, Mute (4 weeks) or Ignore

    • Fixes may constitute configuration changes or mitigating steps like disabling an account or isolating an endpoint
  • (optional) Request auto-approve fix for similar recommendations for this and/or other customers.
  • Consider Incident Response for further investigation following a monitoring incident
  • Initiate new incident for configuration recommendations that have not (yet) automatically triggered an incident.
Customer:
  • (optional) Consider recommendation and chose follow-up: Approve, Mute (4 weeks) or Ignore, when granted access by Partner via Mobile App.

Incident Response (IR Retainer)

Where the basic incident handling service of Attic ends at containment, it may be desired to perform further investigation. For instance to learn how a compromise started or what data was stolen. Attic can perform these kinds of incident response activities as part of the IR Response Retainer (Strippenkaart).

MSP will initiated the Incident Response process.

Attic:
  • Respond to on-demand request by partner for incident response 
  • Administer credits spend
MSP:

  • Initiate incident response by contacting Attic through support lines (Chat / E-mail / Telephone)

  • Be available as first point of contact for investigator throughout investigation
  • Follow-up on recommendations 
Customer:

Off-boarding 

Offboarding involves the process of deactivating Attic services for a particular customer. As a result, Attic will be disconnected while the configuration in M365 remains intact.

Off-boarding will be initiated and performed by MSP.

Attic:
  • Schedule data removal
  • Deactivate user accounts if necessary
MSP:
Customer:  

Additional notes

  • Attic operates as an automated security operator, not a traditional MSSP.

  • MSPs remain primarily responsible for customer relationship management, IT operations, and communication.

  • Any deviations from this standard matrix can be agreed upon separately per partner.

For questions or partner-specific alignment, please contact the Attic partner team