Setup and Use Guide for MSPs

Setup and Use Guide for MSPs

ScoutDNS is built for Managed Service Providers (MSPs) to deliver robust DNS protection to their customers and end users. Setup is straightforward, thanks to our object-based configuration approach. Here is a brief outline of what this guide covers. 
Idea
Want to get into quick testing for your trial?
Just use the quick start setup guide to deploy sites or roaming clients for testing. You can reference this guide later for actual tenant deployment.

Setup Overview

  1. Create Global Objects – Start by defining global policy templates and allow/block lists. These will serve as the foundation for your configurations.
  2. Add Tenants – In the Organizations tab, name the individual tenants for the businesses you manage.
  3. Configure Deployments – Create control point objects and assign appropriate settings based on deployment needs:
    1. Sites for WAN/LAN configurations
    2. Profiles for roaming client deployments
    3. Personas for Active Directory (AD) or Entra ID group-based filtering
  4. Invite Internal (your team) and External (third party/co-managed) system users

Key Assignment Structure

  1. Non-global Allow/Block are set to individual policies.
  2. Policies are assigned to networks (Sites), devices (Profiles), or AD/Entra ID user groups (Personas).
More info on configurable objects and their associations. 

Step 1 - Create Global Objects

To get started, we need to create global objects and templates. 

Create Global Allow/Block List 

Configure Global Allow/Block lists to manage domains you want to control across all policies for all tenants. This is commonly used to ensure your important tools are always allowed even when blocking some application types for added security. We will configure organization or policy specific allow/block lists later.

Create Template or Global Policies

Create Template polices to act as your baseline polices. These can be used as global policies across multiple accounts or can be copied into customer specific polices as needed. We will create organization specific policies later. 

Configure default Block Page

Edit the default block page to add your logo instructions as needed. We will configure customer specific block pages later. 

Step 2 - Add Tenants

ScoutDNS is a multi-tenant platform providing easy segmentation for deployments, management, and reporting while still allowing for global level visibility and management when desired. Toggle between All Organizations or select a Specific Organization from the tenant selector at the top right. This will change the view of any tab/object based on your selection. 

From All Org View

The Organizations tab itself is only available from the All Organizations view. Start here to create your organizations/tenants. 

Create Organization

Create organization based custom block pages (if needed)


From Tenant/Org View

You can create any object from the All Organizations view however, doing so requires manually linking key objects like profiles and sites to their actual organizations because we have no other way to know to which tenant they belong to. A better way is to first select the Organization from the tenancy selector and then creating objects from the set organization view. This automatically links the object to the organizations and applies organization tags for objects like polices and allow/block lists. This is important as it allows external Organization Operator Managers to be able to edit these objects. 

Create customer specific allow/block list (if needed)

You can create customer specific allow/block lists that can be assigned to customer specific policies. These can be used to allow list customer specific applications or manage block lists for specific tenants.  

Create Organization specific polices (if needed, can be copied from templates)

Create customer specific polices. Otherwise, you can just assign your global policies/template as desired.    

Step 3 - Configure Deployments 

You can create and configure deployments based on what and how you want to filter. 

Create/Deploy Sites

Configure sites to set DNS at the WAN or LAN network levels at office or site locations. This is great for BYOD/guest users, headless devices, or any other devices that will not be using the roaming clients.  

Create/Deploy Roaming Clients

Configure Roaming Clients to install on Windows and MacOS devices for use in and out of the office/site locations. 

Create/Deploy User/Group based polices (if desired)

Configure Personas if you need to set different content policies based on end user groups as defined in Active Directory or Entra ID. 

Step 4 - Invite Internal and External Users 

Invite Internal Users

ScoutDNS provides role-based access for your internal teams. You can manage your team's access direct in ScoutDNS, or within Entra ID.
Or

Invite External Users (Org Operators)

Org Operates are external third-party users with limited access rights that are assigned on a per organization level. This is mainly used for co-managed IT environments. 
You will need to ensure any configurable objects that you wish for Org Operators to edit have organization tags. 
Create and assign roles within the Access Management tab. 


    • Related Articles

    • Quick Start Setup Guide - WAN Forwarding

      There are three methods you can use to protect your networks and users with ScoutDNS. 1) WAN Forwarding: involves configuring ScoutDNS with your WAN IP address and then forwarding DNS queries from inside your network us our anycast resolver IPs. ...

    • Relay - Setup and Configure

      ScoutDNS supports a Relay configuration which allows operators to install a lightweight service inside their network. The relay is a local forwarding resolver service that processes queries inside the operator network while relaying public queries to ...

    • Organizations - Configuration and Management of Multi-Tenant Use

      ScoutDNS provides two levels of tenancy. The primary inherent level allows any operator to be a member of any number of accounts and could have different roles depending on each account setting. The second level enabled though the Organizations tab ...

    • Roaming Clients / Device Agents - Setup, Configure, and Manage

      ScoutDNS provides device agents for organizations what wish to cover devices with DNS layer protection on and off the network. The ScoutDNS device agent is an extremely lightweight application best installed on managed devices where administrative ...

    • Dynamic IP Setup

        ScoutDNS supports dynamic DNS IP address integration with almost any dynamic DNS provider. Popular Dynamic DNS solutions include:   No-IP ChangeIP DynDNS FreeDNS Once you have an account with any of these or similar solutions, you can configure ...