In the world of cybersecurity managed service providers (MSSPs), onboarding a new customer has long been synonymous with friction. Traditionally, to supervise an IT system, it was necessary to deploy software “agents” on each server and each workstation.
Today, in the face of mature cloud ecosystems like Microsoft 365, this agent-based approach is not only obsolete, it constitutes a potential security vulnerability and a financial drain. Let's decipher why API enrollment (via oAuth) is emerging as the new industry standard.
The limits of the agent-based approach
1. The deployment nightmare
Installing a security agent (third-party EDR or SIEM log collector) on a client's fleet of 500 employees takes weeks. You have to create deployment packages (GPO/Intune), manage antivirus exceptions, ensure that mobile laptops connect to the VPN to receive the update, and manage forced restarts. This production delay (Time-to-Value) is a period of vulnerability where the customer pays for your service without yet being protected.
2. “Shadow IT” and blind spots
An agent only protects the machine on which it is installed. If an employee logs into their Microsoft 365 email from their personal smartphone or a hotel computer, the local agent is blind. In a world focused on identity (Zero Trust), monitoring only the computer ("the endpoint") is no longer enough to counter the theft of an Entra ID session token.
3. Agent security vulnerabilities (Supply Chain Attacks)
An agent requires "System" privileges to function. If the agent publisher suffers a compromise of its supply chain (Supply Chain Attack, like the infamous SolarWinds case), the attacker gains "System" access to your entire customer base.
API integration and Admin Consent (Zero Agent)
Rather than installing spyware on hardware, modern architectures like Akuity SOC plug directly “on top” of the customer’s cloud tenant. This is the Zero Agent approach.
For an MSSP to control a customer's Microsoft Defender, the customer simply has to click on a secure enrollment link. This link uses the standardized protocoloAuth 2.0and redirects to a Microsoft authorization page ("Admin Consent").
Granular security (The principle of least privilege)
Unlike an agent who obtains full powers on Windows, oAuth integration requiresExtremely granular Microsoft Graph API permissions. The Akuity SOC orchestrator asks for example:
Directory.ReadWrite.All: To revoke the sessions of a compromised user.DeviceManagementManagedDevices.ReadWrite.All: To instruct Intune to isolate an infected workstation.SecurityActions.ReadWrite.All: To inject a malicious Hash (IOC) into the Defender for Endpoint blocklist.
These rights are clear, audited by Microsoft and restricted to what is strictly necessary. The MSSP does not need to create a permanent "Global Administrator" account which could be hacked.
Immediate “Cloud-to-Cloud” protection
As soon as the Admin Consent is validated, supervision begins within the second. The MSSP has immediate visibility into phishing attempts, malware, and suspicious connections from Tor networks, no matter what device the customer's employee is using.
Conclusion: The Competitive Advantage of Speed
For an MSSP, offering “Zero Agent” onboarding is a major selling point. You reassure IT directors (CIOs) who do not have to modify their internal architecture, you reduce your integration costs to zero, and you guarantee cloud-native security with no blind spots.
Ready to accelerate your customer onboarding?> Find out howAkuity Multi-Tenant SOC Platformcentralizes oAuth enrollment for immediate supervision.