Manage365 Docs

Client portal

The client portal is a white-labelled surface where your customer admins log in, see their own tenant's health, request changes, and download reports. They never see another customer's data and never reach the MSP-facing surface.

Who logs in

  • Client admin — full client-side view, includes the change-request flow and user-management requests.
  • Client viewer — read-only: compliance scorecards, monthly reports, and a scope-limited user list.

Invite them from Customer tenants → [tenant] → Portal users → Invite. They get an email at your white-label domain with a reset-password link; no Manage365 branding on the email itself.

What they see

  • Dashboard — their tenant's compliance score (Essential Eight, CIS), licence cost summary, user count, device count, open alerts. Same data the MSP sees, scoped to their tenant only.
  • Compliance scorecard — auditor-friendly presentation of the latest scans with per-strategy status. No MSP-side remediation buttons — those are for you.
  • Licence usage — who's on what SKU, unused licence detection, cost-per-user in AUD.
  • User list — read-only with request-change workflow (see below).
  • Security overview — relevant Defender alerts, breach monitoring, DNS health summary.
  • Reports — monthly summary PDFs, evidence bundles (if the MSP has shared them).

The request-change workflow

Instead of giving clients direct mutation capability, the client portal surfaces a Request change action everywhere a mutation would normally be. Clicking it opens the change-request dialog pre-filled with the target user / licence / resource. The request flows into the MSP portal'sChange requests queue (seechange requests) and routes to the MSP's tech for approval + execution. Nothing changes until the MSP approves.

Which features are visible

MSPs can toggle module visibility per client. Sensitive surfaces (the security detail view, for instance) can be hidden for clients who shouldn't see it or who rely on you to summarise. Configure underCustomer tenants → [tenant] → Portal settings.

Branding

The client portal inherits your white-label settings — seewhite-label branding. Enterprise tier puts the client portal on its own subdomain of your hostname (e.g. portal.clientname.com), fully terminated by Traefik with a dedicated TLS cert.

Audit trail

Every client-portal action (login, page view, report download, change request raised) lands in the tenant's audit log with the portal-user email and IP. Same SHA-256 chain as the MSP-side audit log.