How the ConnectWise Customer Portal Enhances Client Retention: Best Practices for MSPs
Client retention is the backbone of every successful Managed Service Provider (MSP). Keeping clients happy and showing them they’re getting real...
4 min read
Josh Peterson
:
Aug 6, 2025 11:00:00 AM
Is your MSP business truly in control of who’s logging into ConnectWise platforms? Or are you crossing your fingers and hoping for the best? With remote access, privileged IT support, and more credentials in circulation than a Vegas poker table, tracking login attempts is about more than just compliance. It’s about being the grown-up in the server room.
This guide tackles why and how to monitor login attempts in ConnectWise (including Automate and Control), explains the difference between vigilance and paranoia, and gives you a blueprint for proactive, auditable security built for MSPs who value uptime and sanity. Because neither fortune nor fate favors the careless.
You might trust your team, but can you trust every endpoint, every remote session, and every outside contractor who lands in your environment? Doubtful.
Here’s what’s at risk if you ignore authentication monitoring:
The honest truth? Cybersecurity isn’t optional, and neither is logging. But there’s no need for alarm bells to ring every time Gary in accounting fat-fingers his password. Treat login attempt tracking as the seatbelt in your IT operations vehicle. It’s standard. It’s sensible. And it keeps everyone safe without fuss.
Wondering where to start? It seems overwhelming, and you need more than just a vague “security posture”, but it can be tough to just…start. Here’s a step-by-step approach you can implement today:
ConnectWise is wide-reaching. The main login surfaces you want to monitor include:
Each of these platforms maintains logs, but some are more verbose than others. Ensure your current deployment (especially on-prem builds) is running the latest version (no excuses, see CVE-2024-1709 for what happens when you snooze on patches).
ConnectWise provides audit logs for all practical activities:
Don’t try to watch every log line manually. ConnectWise Control and Automate allow you to create triggers:
Bonus: Customize these triggers for your business’s risk profile. Are you working with financial or healthcare clients? You may need extra notifications for file transfers, script executions, or admin role changes.
Centralized, normalized logging is a must. SIEM integrations aren’t just for Fortune 500s. With ConnectWise SIEM or Perch, you can:
Pro Tip: Normalize your logs to a standard format. This makes trend spotting and forensics drastically easier and reduces the chance your next compliance audit will run four days late.
Set a recurring date to review authentication logs and trigger activity. It’s not about micromanagement; it’s about knowing what’s “normal.”
Consistent quarterly reviews help you catch the spark before it becomes a wildfire.
Not every failed login deserves IT’s nuclear option. But the right monitoring can reveal:
Respond with tiered playbooks:
Need proof that login tracking matters? Consider one of the most damaging tactics used in recent MSP attacks: credential hopping.
In several real-world cases, attackers gained access to an MSP’s remote monitoring and management (RMM) platform using weak or reused credentials. From there, they pivoted across clients—installing ransomware, stealing data, and disabling backups from inside the trusted system.
The result? Dozens of businesses compromised. Hours of recovery. And months of trust lost.
The takeaway: monitoring logins isn’t optional.
Authenticate. Monitor. Review. Repeat.
If you’re new to ConnectWise or still building your security posture, don’t guess your way through the setup.
Check out our blog on Your First 100 Days with ConnectWise: A Complete Setup Roadmap—it walks through the critical (and often overlooked) security configurations every MSP should lock down from day one.
Try these pre-meeting conversation starters:
Add a little splash of irony, and you’re just a compliance audit away from security enlightenment.
Some call this line of work herding cats. The reality? With proper login attempt tracking in ConnectWise, you’re more like a conductor ensuring harmony than a zookeeper putting out digital fires. Security is necessary, but it doesn’t have to mean panic.
Make authentication and log review a core MSP discipline. Your clients may never thank you for attacks that didn’t happen, but you’ll thank yourself (and Bering McKinley) for building a reliable, trustworthy, and resilient practice.
Want help bringing your ConnectWise deployment from “just working” to “rock-solid secure”? Reach out to Bering McKinley for expert support and strategies that grow with you.
Take your MSP’s security from guessing to knowing. Because the only thing worse than not knowing who logged in is pretending it doesn’t matter.
Client retention is the backbone of every successful Managed Service Provider (MSP). Keeping clients happy and showing them they’re getting real...
If you’re a Managed Service Provider (MSP) or IT professional, you’ve likely heard of ConnectWise. Known as a leading PSA (Professional Services...
If you work in IT or manage an MSP (Managed Service Provider), you're no stranger to ConnectWise Automate. This powerful tool helps streamline IT...