cat services --verbose
> The full picture.
I manage your entire IT environment — not a piece of it. This page breaks down everything that's included, how it works, and what you can expect. No marketing fluff. Just what I actually do.
01 // core_platform
Microsoft 365
Your M365 tenant is the foundation. Everything else depends on it being set up correctly — and most tenants aren't. I build yours from scratch or inherit whatever your last IT person left behind, bring it up to baseline, and keep it there. Every tenant I manage gets the same security and configuration standards applied from day one.
User & License Management
Account creation, group lifecycle management, and license deployment. When someone joins, I create their account, assign the right licenses, add them to the right groups, and set them up with everything they need before their first day. When someone leaves, I disable their account, revoke access, convert their mailbox, and take care of data retention — all within 5 business days of notification, usually faster.
Exchange Online
I manage your entire email environment. That means spam filtering and policy configuration through Exchange Online Protection, mail flow monitoring so you know things are working, shared mailbox lifecycle management, and DLP and retention policies to keep sensitive data from leaving your organization. If mail isn't flowing or spam is getting through, I'm already looking at it.
SharePoint & Teams
Site creation, monitoring, and lifecycle management for SharePoint. Teams creation and management so you don't end up with 40 abandoned channels nobody uses. I set these up to match how your organization actually works — departments, projects, shared resources — and maintain them over time.
OneDrive
Lifecycle management and policy enforcement. Your data stays in the cloud where it's backed up and accessible, not scattered across local hard drives. I set up Known Folder Move so Documents, Desktop, and Pictures sync automatically. When someone leaves, their data is preserved according to your retention policies.
Intune (Endpoint Manager)
This is the device management system. Every Windows PC, Mac, iPhone, and iPad gets enrolled here. I build and maintain baseline device configuration profiles, compliance policies, and Windows Autopilot deployment profiles. When a new device gets turned on, it pulls its configuration from Intune automatically — apps installed, policies applied, security hardened — without anyone touching it. More on this in the Devices section below.
Microsoft Defender
Baseline setup, ongoing scanning, hardening, and reporting. Defender is included in your licensing and I make sure it's actually configured correctly — not just turned on and forgotten. It works alongside the rest of the security stack (Huntress, Blackpoint) as one of several layers of protection.
Office Apps
Deployment, patching, and general care of Word, Excel, Outlook, and the rest of the Microsoft 365 suite. I keep apps up to date, troubleshoot issues, and provide user support. If something breaks after a Microsoft update (it happens), I fix it.
// tenant_baseline_standards
Every tenant I manage gets these applied. No exceptions.
✓ Unified Audit Log enabled
✓ Conditional Access (replaces Security Defaults)
✓ MFA enforced on all accounts
✓ Modern Authentication enabled
✓ Basic Authentication disabled
✓ Admin consent required for apps
✓ Password expiration disabled (per Microsoft guidance)
✓ Self-service password reset enabled
✓ Shared mailbox sign-in disabled
✓ Auto-expanding archives enabled
✓ Spoofing warnings for Outlook
✓ Self-service license purchases disabled
02 // defense_in_depth
Security
I'm an MSP, not an MSSP. I'm upfront about that. I don't run a security operations center (we have Huntress for that) and I'm not going to pretend to. What I do is deploy and manage a layered security stack and partner with dedicated security firms who do this 24/7. I follow vendor best practices across every system I manage, and when something needs a security specialist, I have them on call.
That said — no security setup is bulletproof. I strongly recommend every client carry cybersecurity insurance and invest in employee security training. The best tools in the world can't stop someone from clicking a phishing link, but training and layers of protection make it much harder for that click to turn into a disaster.
Next-Gen Antivirus (NGAV) + EDR
Huntress · Microsoft Defender for Business
NGAV uses AI, behavioral detection, and machine learning to block known and unknown threats before they execute. This isn't the antivirus that runs a scan once a week. It's real-time, it's learning, and it catches things traditional antivirus misses entirely. Combined with EDR (endpoint detection and response), it gives visibility into what's actually happening on every device.
Managed Detection & Response (MDR) + Threat Hunting
Huntress
Human-powered threat hunting that goes beyond what automation can find. Real analysts reviewing real alerts, 24/7. When something suspicious shows up that a scanner would miss — persistence mechanisms, living-off-the-land attacks, lateral movement — the MDR team is already investigating. This is the difference between having software and having people watching the software.
Security Operations Center (SOC)
Huntress · Blackpoint Cyber
A full-service SOC monitors all client systems around the clock. They watch the NGAV/EDR telemetry, detect malware, filter out false positives, and escalate real threats immediately. I get alerted and so does the SOC. This is the layer that means someone is always watching, even at 3 AM on a Saturday.
DNS Filtering
Cisco Umbrella
All web traffic is analyzed at the DNS level. Malicious domains are blocked before the connection even happens. Traffic is decrypted, scanned for malware, and filtered based on rules I set up with you. This works on-network and off-network — so laptops at home or on public wifi still get the same protection.
Privilege Escalation Control
AutoElevate
No user runs as a local admin. When an app needs elevated privileges, it's blocked and I get a real-time notification. I review the request — is this app safe, does the user actually need it, is there a better way to install it — and approve or deny. This stops malware from running with admin rights and gives me full visibility into what's being installed across the environment.
Security Awareness Training
Huntress
Phishing simulation campaigns, video-based training, and dark web monitoring for breached credentials. Your people are the first line of defense and the biggest attack surface. I run regular phishing tests so they learn to spot the fakes, and I monitor the dark web for your organization's compromised credentials. When an employee's password shows up in a breach, I know about it.
Password Management
Keeper Security Enterprise
Enterprise password manager with SSO integration and browser plugins. Every password is complex, randomly generated, and stored encrypted. Users have one strong master password (or SSO), and the manager takes care of the rest. No more shared passwords on sticky notes, no more using the same password everywhere. This is one of the simplest things that makes the biggest difference.
Email Security & Authentication
SPF, DKIM, and DMARC configured and monitored. These are the DNS records that prove your email is actually coming from you and not someone pretending to be you. I set them up, monitor the reports, and adjust policies as needed. Combined with Exchange Online Protection's spam and phishing filters, this keeps your inbox clean and your domain reputation intact.
Conditional Access
All clients are required to have Business Premium or F3 licensing, which supports Conditional Access. This replaces the basic Security Defaults with granular, policy-based access controls — who can sign in from where, on what devices, under what conditions. Unmanaged device trying to access company data from another country? Blocked. This is the gatekeeper for your entire M365 environment.
03 // endpoint_management
Devices
Every device your people use — Windows laptops, Macs, iPhones, iPads — is enrolled in Intune and managed from day one. I handle procurement, deployment, configuration, patching, security, and ongoing support. The goal is zero-touch: a device ships directly to the user, they turn it on, sign in, and everything is already there.
Windows PCs
I source hardware through Dell Premier — the right specs for the role, competitive pricing, no markup games. Every new PC is registered in Windows Autopilot before it ships. When the user opens the box and connects to the internet, Autopilot enrolls it in Intune, joins it to Azure AD, installs apps, applies configuration profiles and compliance policies, deploys RMM and remote support software (Action1, ConnectWise ScreenConnect), deploys NGAV and threat hunting agents, sets up privilege escalation controls, and configures printers. The user signs in and it's ready. If something needs to change later — new software, policy update, security patch — I push it remotely.
Apple Devices
iPhones, iPads, and Macs managed through Intune with Apple Business Manager. I interface with Apple and resellers to procure devices and get them added to ABM. I maintain the Apple Push Certificates and the MDM connection. Configuration profiles deploy automatically — apps, restrictions, wifi, VPN, web content filtering, DNS filtering. Devices show up ready to work with company data protected and personal data kept separate. All through Intune. No extra platforms.
Patching & Updates
Windows updates, Office updates, driver updates, firmware updates — managed and monitored. I don't just set auto-update and hope for the best. Updates are tested, deployed in rings where appropriate, and monitored for failures. When Microsoft pushes something that breaks things (regular occurrence), I know about it and I fix it.
Software Support
All Microsoft 365 software is fully supported. Non-Microsoft business software is supported where I determine it integrates with your covered systems and I can support it effectively. I'm upfront about what I can and can't support — if something is outside my expertise, I'll tell you and help you find the right person. Operating systems covered: current Windows and macOS. Linux supported on a best-effort basis.
04 // backup_recovery
Backup
Microsoft doesn't back up your data. They provide redundancy for their infrastructure, but if someone deletes a mailbox, overwrites a SharePoint library, or a bad actor encrypts your OneDrive, Microsoft's retention only goes so far. That's where I come in.
I run cloud-to-cloud backup of your entire Microsoft 365 environment — Exchange email, OneDrive, SharePoint, and Teams — three times a day. Shared mailboxes are backed up on request. I perform regular data restoration tests to verify backups are actually working (not just running), and I monitor backup logs for failures. When you need something restored — an accidentally deleted email chain from six months ago, a SharePoint site someone wiped, a OneDrive folder that got encrypted by malware — I recover it.
// current_product
AFI.ai — connects to your M365 tenant and runs automated backup of all covered data. Licensed through ATS as part of the agreement.
Data on local workstations is not backed up. I set up Known Folder Move so user data syncs to OneDrive automatically. Data should live in OneDrive, SharePoint, Teams, or email — not on a hard drive. Workstation-level backup is available on an as-needed basis for facilities systems.
05 // infrastructure
Network & On-Prem
If it's on your network, I take care of it. I install, configure, patch, and monitor all network hardware. I handle ISP liaison so you don't have to sit on the phone with Comcast. If you have a networked site, lifetime hardware upgrades are included after the initial purchase from ATS.
Network Hardware
Installation, configuration, updates, patching, and active monitoring. Firewalls, switches, access points — all managed. Third-party vendor-installed hardware (like ISP equipment) should be warranted by the vendor, but I'll work with them on your behalf for compatibility issues.
DNS Records
Full DNS record management including SPF, DKIM, and DMARC setup and ongoing monitoring. These authenticate your email and protect your domain from spoofing. I set them up correctly from the start and provide reporting on DMARC compliance.
Printing
I deploy company printers, maintain configurations, handle user adds and removals from the address book, set up email scanning and SMTP integration, and deploy cloud printing capability. Physical printer maintenance — toner, paper jams, hardware repair — is not covered. That's on the vendor or lease company. I don't carry a toolkit for printers.
Phone System
User extension management, voicemail-to-email setup, and call forwarding configuration. Level 1 and Level 2 troubleshooting and vendor management. If something more complex comes up, I coordinate with the phone vendor directly.
Security System
Card access system management, software maintenance, camera system changes, and network health monitoring for security hardware. Level 1 and Level 2 support, vendor management, and end user support.
Website Infrastructure
Management of your company website infrastructure — user login configuration, domain mapping, and web host liaison. Content creation and management is not included. I keep the lights on; you (or your marketing person) decide what's on the page.
06 // strategic_advisory
Trusted Technology Advisor
Some MSPs call this role "vCIO." I deliberately avoid that term — it implies executive-level authority within your organization, which I don't have and won't assume. I'm a strategic advisor. I provide guidance on best practices, industry standards, technology planning, and process improvements. All decisions stay with your leadership team. I give you the information you need to make good ones.
Technology Business Reviews (TBRs)
Regular, scheduled reviews where I report on system health, best practice adherence, budget priorities, IT roadmaps, and how your technology aligns with your business goals. These replace ad-hoc "hey can we meet about this tech thing" conversations with a structured cadence. Everything gets covered, nothing falls through the cracks.
IT Budgets
I create and maintain your IT budget. Hardware refresh cycles, software licensing renewals, upcoming projects, growth projections — all planned so you're not blindsided by a $15,000 server replacement you didn't see coming.
Policy & Process Consulting
I help create and maintain technology policies — acceptable use, BYOD, data retention, security procedures. When you're rolling out a new tool or changing a process, I provide guidance on how to do it in a way that's secure, practical, and actually gets adopted by your team.
Grant & Program Support
I prepare reports and analyses for grant opportunities, new lines of business, and public-facing programs. If you're a nonprofit applying for funding that has a technology component, I know what funders want to see and I'll help you document it.
Training
Security awareness training for all users (covered in the Security section above). Beyond that, I provide group training sessions — onsite or remote — when you're rolling out new tools or processes. One-on-one training for basic technology usage is available as needed. I teach people how to use their tools, not just hand them a login and wish them luck.
07 // vendor_liaison
Vendor Management & Procurement
I maintain all your hardware and software vendor relationships. When something needs to be ordered, quoted, installed, or troubleshot with a vendor, I'm the one making the call. You shouldn't have to be the middleman between your vendors and your IT.
How Procurement Works
It depends on the vendor and your relationship with them. For resellers like Dell, I get the quote, configure what you need, and put it in the cart — your admin completes the purchase on your payment terms. For online resellers where you have an account, I send the purchase link and you buy it directly. For products where I'm the reseller, I provide the quote, you approve it, I bill via ACH or credit card, and the order goes out once payment clears. The point is: you tell me what you need, I figure out the best way to get it, and I keep you in the loop.
Third-Party Integration
When you use a third-party system that needs to talk to your covered internal systems, I handle the integration. Deployment support, configuration, and tier one troubleshooting for vendor software that interfaces with your M365 environment, network, or devices.
08 // always_on
Support
Unlimited. Flat rate. No hourly billing. No per-ticket charges. Whether you submit one ticket a month or twenty, the cost is the same. I work onsite and remote — whichever makes more sense for the situation, at my discretion. Support covers everything described on this page.
mission_critical
response: 30 minutes · resolution: 48 hours
Critical systems down (hotline, intake systems), phones out, email unavailable, organizational deadlines at risk, or security events like breaches or lockdowns. I respond within 30 minutes and prescribe a fix or workaround within 48 hours. Third-party software issues may take longer depending on the vendor.
standard_requests
response: best_effort
Everything else — new user setup, software installs, configuration changes, questions, training. Handled on a best-effort basis with priority set alongside your team leadership. Employee onboarding and offboarding handled within 5 business days of notification.
// how_to_submit_requests
Web Portal
my.abatetechnology.com
support@abatetechnology.com
Phone
860-616-6667
Requests should be submitted once, by the user who needs help. Duplicate tickets get merged. Don't email or call technicians directly — it skips the queue and creates extra work. Managers should use the same channels and only follow up if the response time window has passed.
// tooling
Products I Use
These are the products currently in the stack. Not all products are deployed to all clients or all systems. Some run side-by-side for layered coverage. I reserve the right to change, update, or replace products as technology and best practices evolve. Products marked with * are licensed through ATS and would be removed if we part ways.
Huntress *
NGAV, EDR, MDR, SOC, Security Training
Blackpoint Cyber *
SOC
Microsoft Defender
NGAV (included in licensing)
Cisco Umbrella
DNS Filtering
Microsoft Intune
MDM (Windows, Mac, iOS)
AutoElevate *
Privilege Escalation Control
Action1
RMM, Remote Desktop
ConnectWise ScreenConnect
Remote Desktop
AFI.ai *
Cloud-to-Cloud Backup
HaloPSA
Help Desk, Ticketing, User Portal
Keeper Security *
Enterprise Password Manager
Dell Technologies
Hardware Procurement (Premier)