Best Practices to Secure the application (ServiceDesk Plus - MSP & Supportcenter Plus)

Best Practices to Secure the application (ServiceDesk Plus - MSP & Supportcenter Plus)

This document is common for ServiceDesk Plus MSP and Supportcenter Plus application

Best practices to avoid threats:
  • Upgrade to the latest version and builds.
  • Reset the password of bundled accounts (administrator and guest)
  • Enable two-factor authentication. 
  • Reset default scheduled backup password 
  • Enable account lock configuration to avoid brute force attack. 
  • Enable periodic backup and store the backup in a remote location. 
  • Disable concurrent login. 
  • Enable HTTPS mode.
  • Need to buy & apply genuine third party SSL certificate. User can apply the genuine SSL certificates under Admin->General->Import SSL Certificate page
  • We recommend to choose strong protocol (TLSv1.2) and ciphers under Admin->General->Security Settings page
  • We recommend to configure necessary security response headers available under Admin->General->Security Settings page
  • We recommend to reset the password of bundled "administrator" and "guest" account password
  • To avoid brute force attack, we recommend to configure the "Configure account lockout threshold and duration" available under Admin->General->Security Settings page. The configuration is used to block the unauthorized access
  • We recommend to enable password polices in Active Directory/SDP MSP application to avoid brute force attack.
  • We recommend to install the SDP MSP application in dedicated server machine to avoid unauthorized access
  • Configure appropriate session timeout for both web and mobile apps.
  • Disable Domain Filtering during login.
  • Enable Antivirus scanning for file uploads if possible.
  • Enable Password Policy.
  • Need to enable password protection for all exported files from SDP MSP application. Can configure this under Admin->Privacy Settings page
  • Enable attachment black/white list configuration to avoid malicious file uploads. 
  • Enable mandatory password reset on the first login. 
  • Disable all non-login features (Approval, Solutions, etc) 
  • Enable password protection for file attachments.

Also, we recommend referring to the below link to secure the instance from security threats. Below is applicable for SDP MSP too.


Please have additional security to protect the instance by installing third-party WAF/Firewall



      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products