Configuration drift is one of the most underestimated risks in multi-tenant Intune environments. In our webinar on 28.5.2026, Microsoft MVP, Sami Laiho and Plentics Head of Product, Aapo Kettunen explored why small tenant-level deviations can quietly grow into major operational and security problems for MSPs.
TOP 5 takeaways
- Configuration drift usually starts with small exceptions
- Drift increases cost-to-serve across customer tenants
- Drift weakens security and makes incident response harder
- The goal is not zero variance, but controlled variance
- Drift only becomes manageable when detection and remediation are part of daily operations
1. Configuration drift usually starts with small exceptions
Drift rarely begins with a major architecture change. More often, it starts with a quick fix, a temporary exception, or a customer-specific adjustment that never makes it back to the baseline.
For MSPs, that is the real danger. One small deviation in one tenant is manageable. The same pattern repeated across dozens of customers is not.
2. Drift increases cost-to-serve
As tenants drift apart, support and engineering work becomes less repeatable. Troubleshooting takes longer, onboarding new team members gets harder, and automation delivers less value because environments no longer behave consistently.
In practice, unmanaged drift reduces the scalability MSPs depend on.
3. Drift weakens security
Configuration drift is also a security issue. If policies evolve differently across tenants, security posture becomes uneven. That makes it harder to know what “normal” looks like, harder to detect problems quickly, and harder to restore a known-good state when something goes wrong.
As Sami Laiho emphasized in the webinar, standardization is not a limitation. It is what makes security enforceable at scale.
4. The goal is controlled variance
MSPs do not need every tenant to be identical. Different customer requirements, legacy applications, and business constraints make some variation unavoidable.
The key is making those differences visible, documented, and intentional. If a tenant differs from the baseline, there should be a clear reason for it.
5. Drift must be managed continuously
Periodic audits are not enough. MSPs need an operational way to compare tenants against a baseline, detect changes, understand what has changed, and take corrective action before the gap grows too wide.
That was also the context for Aapo Kettunen’s presentation of how Plentics helps MSPs compare configurations across tenants, identify differences, and maintain alignment more efficiently over time.
From visibility to action
One of the most practical parts of the webinar was the preview of Plentics’ upcoming configuration drift feature set, which is designed to help MSPs move from one-off comparisons to continuous drift visibility.
The capability will include change timelines, visibility into changed, new, and deleted policies, detailed change information, alerts, and remediation options. For MSPs, this matters because drift management is only useful when it leads to faster action.
Final thought
Configuration drift is not just a technical detail. For MSPs, it directly affects service consistency, security, efficiency, and growth.
The more customer tenants you manage, the more important it becomes to make drift visible — and manageable.
Download the Product Overview
Want a closer look at how Plentics helps MSPs standardize, compare, and manage Microsoft environments across multiple customer tenants?
👆 Download the Plentics Suite Product Overview to explore the platform’s tenant management, endpoint management, analytics, and operational capabilities.
Book a demo
If you want to see how Plentics can help your team identify configuration drift, maintain baseline alignment, and reduce operational overhead across customer tenants, book a demo with our team.
