How MSPs secure client access with Duo and Meraki
Many MSPs are helping clients build a stronger security foundation. But getting there isn't always straightforward. It takes time, resources, and alignment across teams. Yours and theirs.
Meanwhile, threats aren't waiting.
Attackers aren't breaking in anymore. They're logging in.
Many of your clients still rely on passwords and legacy access controls that weren't designed for today's attacks that target logins, not systems. Some have MFA in place, but the challenge is coverage and effectiveness. Ensuring it's enforced at the right access points and resistant to modern phishing attacks.
According to Cisco Talos' 2025 Year in Review, VPNs are one of the top identity control points attackers target because VPNs authenticate users with credentials, and credentials get stolen. Without phishing-resistant MFA on the VPN, a stolen password is all an attacker needs to create a fully trusted session and move freely as a valid user. No forced entry. No alerts.
And they're not stopping at the VPN. Talos found that MFA itself is under direct attack: device compromise attacks where attackers fraudulently register their own device as a trusted MFA factor surged 178% in 2025.
That's not a technology failure. That's your clients' exposure.
According to Microsoft's 2025 Digital Defense Report, phishing-resistant MFA blocks over 99% of identity-based attacks, making it one of the most effective controls you can deploy across your client base.
At the same time, expectations are rising.
Your clients are being pushed to adopt stronger access controls as users, devices, and applications connect from everywhere. But in practice, rolling out these frameworks introduces friction. New policies to configure, identity and device signals to align, and controls to integrate across existing systems.
For MSPs, this gets harder at scale.
Managing multiple tenants, stitching together tools from different vendors, and maintaining consistent security policies across client environments increases operational overhead, drives up costs, and pulls focus away from what actually matters: reducing client risk.
This is the gap most MSPs are feeling: high client expectations. Limited capacity.
Ready to take the first step? The Service Creation Guide walks through how to package identity-led access security into a scalable, revenue-generating managed service. If you have clients to bring along, the at-a-glance gives them a quick summary they can act on today.
Cyber insurers are also raising the bar. They're no longer satisfied with checkbox compliance. They expect continuous validation that controls like MFA are actively enforced. Your clients need to demonstrate measurable identity security to maintain coverage and manage premiums. As their trusted security partner, MSPs are on the hook to help them prove it.
So where do you start?
You don't need to overhaul everything. You need to focus on where attackers actually get in. Small steps starting with securing access can reduce client risk today while moving them toward a security model where only the right people get in, without introducing extra work for your team.
If you're looking for immediate traction across your client base, start with the access points attackers rely on most—VPN, Wi-Fi, and administrative systems. Critical access points like Remote Desktop Protocol (RDP) and server logins are often overlooked or inconsistently protected across client environments, especially in hybrid setups. Extending phishing-resistant MFA to these remote desktop and server logins closes another common gap and gives you another high-value control point to offer clients.
Cisco Duo verifies identity using phishing-resistant MFA and adaptive access policies. Meraki enforces access at the network layer.
Together, they secure VPN, Wi-Fi, and administrative access across your clients without adding complexity or slowing your team down.
Here’s what Cisco Duo and Meraki deliver:
Without Duo + Meraki | With Duo + Meraki |
|---|---|
Shared credentials across client sites | Duo verifies identity and device trust before granting access |
Siloed identity and network data | Correlated audit trails in one place |
Complex multi-vendor rollouts | Fast deployment, up and running quickly |
Reactive compliance evidence gathering | Exportable logs ready at renewal time |
Duo and Meraki give your team clear audit trails, exportable compliance logs, and fast deployment across every client. And with Duo Essentials, you also get passwordless authentication and single sign-on (SSO) — so users get a smoother login experience while your team avoids managing multiple credentials across every client.
This doesn't have to be an all-or-nothing transformation. For your clients, meaningful progress starts with securing how they get in. Lock down access first. Everything else follows.