any updates on this at all?? this is such a huge security hole.
This is astounding that it is not a feature. It is one of the most standardized features in the industry.
Incredible.
bump @Andy
Please can we have some indication on the status of this feature request.
High, Medium, Low…or meh?
As the original poster of this thread, I cannot tell you how frustrated I am to still be waiting for this. I first raised the issue with support in July 2021.
I’ve had to fill out several Cybersecurity Insurance questionnaires recently, where we’re ask to list vendors. I’ve just this week had my first insurance refusal based on Syncro not limiting admin access by IP. We now have to remove Syncro from this customer. Thankfully in this case they have Microsoft Endpoint Manager available via their Microsoft 365 licensing, so we still have strong controls of endpoints, but we now have to do everything else for this customer outside of Syncro.
If this keeps happening, we’re going to have to seriously reconsider Syncro as our RMM tool.
One of the reasons I signed up is because this was going to happen, well its been over a year and NOTHING. Would be nice to at least get an update? @Andy @ian.alexander ? Ian says its more difficult than we think. Can you explain why most all other RMMs do this? I understand it will break mobile app but I don’t care, I would rather have that not work than be compromised.
The mobile app is…well let’s be honest it’s not fit for purpose, is hardly used by anyone from what I can gather and is therefore a very poor reason to compromise everyone else’s security by avoiding IP restriction of admin accounts.
Agreed, we do not use it.
Yes, the mobile app is beyond useless. It crashes when trying to perform almost any function.
We don’t use mobile app either for the same reasons. Chrome browser on phone interface instead for the small stuff if out on customer site, or laptop out for the proper stuff if on the road.
As for the main topic, concerned that an obvious and major security improvement like this still has not been implemented. This should be number one with MSPs being major targets of ransomware.
We’ve helped out a separate company that was compromised and had all their customers infected via RMM. Great billable hours for us but an absolute nightmare for them. Things like that can end companies.
From the thread history, only once (12 months ago) did anyone from Syncro officially post on this thread.
Given the lack of comment…
what are we able to assume other than nothing is happening.
Is it reasonible to believe that this will be implemented in 2023?
I am not able to attend the Ask me Anything on Feb 1.
Ask Us Anything Scheduled For Feb 1st, 11am PT! - Announcements - Syncro Support Community (syncromsp.com)
Can anyone who does attend please ask the following?
- Is this Feature Request being worked on?
- If so what is the ETA for implementation and deployment to all Partners?
- If not being worked on, why not and when can we expect work on this Feature Request will begin and the subsquent ETA for implementation?
bump @Andy
Please can we have some indication on the status of this feature request.
High, Medium, Low…or meh?
How is this still not available after 2 years of being asked for this feature. It’s such a huge security hole. We’re essentially having to move away from Syncro because nobody will give an ETA at this point.
Correct, no ETA.
But it was mentioned in the latest webinar that this feature request is being evaluated and that Syncro understand its importance.
Unfortunately do we wait an unknown length of time? Could be 1 month or 20 months away. There is no way of knowing.
Maybe @kristen.costagliola can give further input on this?
But we have tagged @Andy and @ian.alexander and have not gotten much response.
Always better to be pleasantly surprised than be bitterly disappointed.
Assume this FR is 20 months away and make decisions accordingly, then you cannot be disappointed.
Then if the FR turns up in production in March, you will be pleasantly surprised.
The sad context here is that unlike many other vendors to MSPs, Syncro refuses to provide roadmaps or feature request voting.
So we have no data to base decisions on, and Syncro has no measurable data to pick which FRs to work on.
At best all we can assume is that a FR might be implemented before the current model iPhone goes out of support.
At worst, we can only assume that a FR will never be implemented.
Somewhere in the middle are those FRs that get worked on, some of which will be implemented successfully and some will fail during the implementation phase.
I think it’s safe to say this thread has been muted by the leadership at Syncro?
What do you mean muted? We don’t moderate threads unless they are abusive or doling out bad info.
Kristen, our CPTO, addressed this as an area of interest in our Ask Us Anything session today.
That recording is up here: Ask Us Anything / Mar 2, 2023 - YouTube
Perhaps it would have been more accurate to say that on this thread Syncro has been essentially mute.
Scrolling up through the thread, there has only been 2 posts from a Syncro person and they were 1 year apart.
It is excellent to hear this topic mentioned in the Ask us Anything.
But sadly only a little more information than we had back in Feb 2022 when it was posted that this topic was being investigated. The new bit is that SyncroMSP would like to implement this feature this half. Given it was being investigated from 12 months ago and we are at basically the same point, trust is low that this will be implemented this half (is that before June 30, or over next 6 months).
Can SyncroMSP either on this thread, or during the Ask us Anything, please commit to providing monthly updates on the progress of this investigation into limiting global admin access by IP address (or FQDN)?
Either that or provide support for Single Sign On / Azure AD Integration
@andy
This thread has a lot of interest, and is a common feature in other platforms. It is therefore possible to do.
Can we please have a 6 weekly update?
Has the investigation begun?
Do you have an ETA on when the investigation will be complete?
Back in Feb 2022, we were told this topic was being investigated and nothing tangible has occurred since then apart from a brief mention in Ask us Anything.
BTW: Security is going to become a much larger focus that it currently is for us in Australia, as it is likely that Australian MSPs are likely to become legally liable for data breaches of their clients. Therefore FRs like this one, the SSO with Azure, YubiKey, and the concerning news about the vulnerabilities in Background Tools are going to become higher areas of concerns.
Have a read of this strategy document.
2023-2030 Australian Cyber Security Strategy Discussion Paper (homeaffairs.gov.au)