Deploying Claude Desktop Behind Entra ID: The No-Backend Architecture MSPs Need
Posted in

Deploying Claude Desktop Behind Entra ID: The No-Backend Architecture MSPs Need

Claude Desktop ships with a shared API key in a local config file — no per-user identity, no MFA, no audit trail. For MSPs with regulated clients, that’s a non-starter. Microsoft just published an architecture that routes Claude Desktop through Entra ID and Azure API Management with zero custom backend code. Per-user identity, Conditional Access, auditable, and the config can be pushed via Intune. If your clients are asking for sanctioned AI desktop tools alongside their existing M365 stack, this closes a real governance gap.

Two Endpoint Changes MSPs Should Act On: Defender Linux Scans + Edge Release Cadence
Posted in

Two Endpoint Changes MSPs Should Act On: Defender Linux Scans + Edge Release Cadence

Microsoft Defender for Linux now supports scheduled scans, and Edge Stable shifts to a two-week release cycle on August 27. MSPs need to make two configuration decisions now: close the Linux scan gap and choose the right Edge channel per client.

Microsoft’s GSA Operations Guide Is Out — Here’s What MSPs Need to Review
Posted in

Microsoft’s GSA Operations Guide Is Out — Here’s What MSPs Need to Review

Microsoft just dropped the GSA Operations Guide on Microsoft Learn — for MSPs who’ve been hesitating on Entra’s secure access features, this is the structured deployment and Day 2 operations playbook that was missing. If your GSA rollouts have been ad-hoc, it’s time to realign.

Copilot Health and Computer-Using Agents: Two AI Frontiers MSPs Need to Govern Now
Posted in

Copilot Health and Computer-Using Agents: Two AI Frontiers MSPs Need to Govern Now

Microsoft shipped two things this week that sound unrelated but aren’t: Copilot Health Preview brings regulated medical data into the M365 tenant, and Copilot Studio’s computer-using agents can now drive legacy desktop apps without APIs. Together they point to a future where an AI agent detects a lab result and schedules the follow-up by clicking through an EMR—no human, no API. If you’re managing M365 tenants, the governance questions start now. Who can use Copilot Health on managed devices? What’s your credential vaulting policy for agents that act like authenticated users? How do you audit a workflow that has no API call to log?