MSP Stack on Alfred van Sterhttps://avanster.tech/tags/msp-stack/Recent content in MSP Stack on Alfred van SterHugo -- 0.161.1en-usSun, 03 May 2026 00:00:00 +0000Architecting Resilient TS Plus Environments for Remote Workforceshttps://avanster.tech/posts/tsplus-high-availability/Sun, 03 May 2026 00:00:00 +0000https://avanster.tech/posts/tsplus-high-availability/<h3 id="overview">Overview</h3> <p>Delivering remote applications seamlessly requires more than just opening an RDP port. In a modern Managed Service Provider (MSP) landscape, exposing internal servers directly to the internet is a critical security failure.</p> <p>This guide breaks down the architecture required to build a highly available, secure TS Plus environment that guarantees uptime while strictly controlling access via a centralized gateway and external MFA.</p> <h3 id="the-architecture">The Architecture</h3> <p>A resilient TS Plus deployment separates the access layer from the execution layer. This ensures that a spike in user traffic or a targeted attack on the gateway does not crash the underlying application servers.</p>Enforcing Zero-Trust on macOS via Jamf and SentinelOnehttps://avanster.tech/posts/zero-trust-macos-jamf/Sun, 03 May 2026 00:00:00 +0000https://avanster.tech/posts/zero-trust-macos-jamf/<h3 id="overview">Overview</h3> <p>Managing Apple devices in a predominantly Windows-centric MSP environment is often treated as an afterthought. However, relying on basic MDM profiles is no longer sufficient. To achieve true Zero-Trust, macOS fleets require the same stringent Endpoint Detection and Response (EDR) and identity controls as their Windows counterparts.</p> <p>This guide details the architectural implementation of enforcing Zero-Trust on macOS using Jamf Pro for orchestration, SentinelOne for threat hunting, and Keeper for MFA-backed identity management.</p>Zero-Touch M365 Offboarding with n8n, Docker, and PowerShellhttps://avanster.tech/posts/zero-touch-m365-offboarding/Sun, 03 May 2026 00:00:00 +0000https://avanster.tech/posts/zero-touch-m365-offboarding/<h3 id="overview">Overview</h3> <p>In a Managed Service Provider (MSP) environment, manual offboarding is a massive liability. Missing a step when revoking access can lead to data breaches, compliance violations, and wasted licensing costs.</p> <p>This guide outlines an architectural approach to &ldquo;Zero-Touch&rdquo; offboarding, leveraging a self-hosted n8n instance running in Docker to trigger a robust PowerShell workflow that interacts directly with the Microsoft Graph API.</p> <h3 id="the-architecture">The Architecture</h3> <p>Relying on technicians to manually run scripts on their local machines creates bottlenecks. By containerizing the automation engine, we achieve predictable, auditable execution.</p>