This guide walks you through every actionable step in your first month as a Gridlock MSP. By day 30, your environment will be fully baselined, your clients will have their first security reports in hand, and all six AI agents will be running on autopilot. Follow the timeline in order — each week builds on the previous one.
Have the following ready before Day 1: your organization name, the email addresses of any team members you want to invite, and the names of your top three client accounts. You do not need any technical credentials yet — the Onboarding Agent will walk you through collecting those.
Day 1 has one goal: get Gridlock connected to at least one client environment so the agents have real data to work with. The entire process takes 10 to 20 minutes per client.
Go to lockthegrid.com/dashboard and register with your business email address. During registration you will be asked for your organization name, the industry vertical you primarily serve (healthcare, legal, financial services, etc.), and your approximate number of managed endpoints. These answers let the Onboarding Agent set smarter defaults for scan schedules and compliance frameworks from the start.
From the dashboard, navigate to Agents → Onboarding Agent and click Add Client. Enter the client's name, their primary domain, and their industry. The agent will immediately begin an asset discovery sweep across the domain — enumerating subdomains, open ports, exposed services, and DNS records. This takes three to five minutes depending on the size of the environment.
Once the sweep completes, you will see a list of discovered assets with an initial risk score for each. Do not try to act on every finding today. Your job on Day 1 is simply to confirm the inventory looks accurate and add any assets the agent missed (internal IP ranges, for example) using the manual asset form.
Go to Settings → Alerts and choose how you want to receive critical findings: email, webhook (Slack, Teams, PagerDuty), or in-app only. Set the severity threshold for immediate alerts to High or above for now — you can tune this down to Medium once you understand the noise level in your specific environments.
You should have: at least one client account created, an asset inventory populated by the Onboarding Agent, and notification preferences configured. If you have reached this point in under 30 minutes, you are ahead of pace.
Week 1 is about collecting data, not taking action. The agents need a few days of observation before their findings are meaningful. Resist the urge to immediately remediate everything — your goal this week is to understand the true current state of each client environment.
The Threat Researcher agent runs a CVE correlation pass against every service version detected during the Day 1 sweep. By morning of Day 2 you should have a prioritized list of known vulnerabilities. The agent maps each CVE to the CVSS score, lists affected assets, and links to the relevant NVD entry. Your task today is to tag each finding as Confirmed, Accepted Risk, or False Positive. This feedback trains the agent to produce cleaner results for that client going forward.
Threat Researcher tip: Sort findings by CVSS score descending and focus your triage on anything 7.0 or above. Findings below 4.0 can generally wait until the end of the week. The agent will not alert you for low-severity findings unless you explicitly configure it to do so.
Navigate to Agents → Compliance Agent and assign one or more frameworks to each client. The available frameworks are SOC 2 Type II, HIPAA, NIST CSF, NIST 800-53, PCI-DSS 4.0, and CIS Controls v8. If you are unsure which framework applies to a client, use the following as a starting point:
After you assign a framework, the Compliance Agent will perform an initial gap assessment — comparing the asset inventory against the control requirements of the selected framework. This generates a baseline compliance score, typically expressed as a percentage of controls met. Do not be alarmed if the initial score is low: 40 to 60 percent is normal for a fresh client account before any remediation work has begun.
Return to Settings → Alerts and add client-specific thresholds. By default, Gridlock uses the same thresholds for all clients. In practice, a regulated healthcare client needs more aggressive alerting than a small retail business. Key thresholds to review:
Repeat the Day 1 process for each of your remaining active clients. The Onboarding Agent processes clients in parallel, so you can queue multiple sweeps simultaneously without waiting for each to complete. By end of Day 5, every client account should have a populated asset inventory and an assigned compliance framework.
The Threat Researcher agent publishes a daily threat briefing each morning at 06:00 in your account timezone. The briefing surfaces new CVEs published in the last 24 hours that match any software version across any of your client environments. It also includes MITRE ATT&CK technique mappings for active threat campaigns relevant to your clients' industries. Read the first two or three briefings to understand the format before configuring which parts you want forwarded to clients.
At the end of Week 1, spend 30 minutes reviewing the dashboard as a whole. The metrics you want to note are:
Write these numbers down or take a screenshot. You will compare them to the Week 4 numbers when generating your first monthly report.
Do not enable auto-remediation during Week 1. You need to observe the agent behavior and verify findings are accurate before allowing automated changes. Enabling auto-remediation too early on a miscalibrated environment can cause unnecessary tickets and damage client trust. Wait until Week 2 at the earliest.
By the start of Week 2, the agents have enough data to start acting on. This week you will tune per-client configurations, enable selective auto-remediation for safe low-risk fixes, and generate your first client-facing reports.
Each agent exposes a Feedback panel in its detail view. Go through the findings for each client and confirm or reject anything you have not yet tagged. The Threat Researcher and Compliance Agent use your feedback to refine their scoring models — the more consistent your tagging, the faster the noise level drops. Aim to have a clean triage backlog (zero unreviewed High findings) before you leave for the day.
Navigate to Settings → Auto-Remediation and enable it for a narrow category of safe actions first. Recommended starting set:
Notice that none of these actually change anything in the client environment automatically — they create tasks and drafts that a human approves. This is the correct posture for Week 2. Full auto-remediation (where the agent applies the fix directly) is appropriate only after you have validated accuracy across at least three scan cycles for a given finding type.
Default scan schedules run every 24 hours. Some clients need more frequent scans; others have maintenance windows that make daily scans disruptive. Go to each client's settings and adjust:
Scan capacity note: Your plan tier controls how many concurrent scans can run. On the Starter plan this is 5 concurrent; Pro is 25; Ultimate is unlimited. If you have more clients than concurrent scan slots, Gridlock automatically queues them and distributes scans across the available time window.
Navigate to Reports → Generate Report and select a client. Choose the Weekly Summary template for this first run. The report includes:
Before sending this report to the client, review the executive summary for accuracy. The Account Manager agent generates readable prose from the underlying metrics, but it is worth verifying the framing matches your relationship with the client (e.g., tone and risk language).
The Tech Support agent integrates with your existing ticketing system or operates standalone inside Gridlock. Go to Agents → Tech Support and complete the setup:
By Day 14 you should have: per-client scan schedules configured, selective auto-remediation enabled for low-risk actions, at least one client-facing report generated and reviewed, and the Tech Support agent connected to your ticketing workflow.
Week 3 is where Gridlock shifts from tool to active teammate. The agents have enough history to surface non-obvious insights, and you have enough familiarity with the platform to trust and act on their recommendations. This week you will run your first lead generation campaign, dive into compliance gap remediation, and learn to read the metrics that matter.
Navigate to Agents → MSP Hunter and create a new lead generation task. The agent searches public data sources for businesses in your target geography and vertical that show indicators of poor security posture — expired certificates, missing DMARC records, known CVEs in public services, etc. Configure the task with:
The agent typically returns 15 to 40 prospects per task depending on geography density. Review the list, discard any existing clients or known competitors, and use the pre-drafted outreach emails as a starting point for personalized follow-up.
Return to the Compliance Agent and open the gap report for your highest-priority client. The agent organizes gaps by control family and prioritizes them by a combination of risk impact and implementation effort. Work through the top 10 gaps with the following approach:
Quick wins: Controls marked "Low Effort" can often be closed in under an hour — things like enabling MFA, configuring audit logging, or updating a password policy document. Close these first to improve the compliance score quickly.
Scheduled fixes: Controls marked "Medium Effort" require a change window — things like deploying endpoint detection or updating firewall rules. Create tickets for these using the Compliance Agent's built-in ticket generation, set a due date, and assign them to a technician.
Roadmap items: Controls marked "High Effort" (policy rewrites, architecture changes) belong in a quarterly roadmap conversation with the client, not a sprint. Flag them and move on.
Navigate to Agents → Account Manager and review the client health dashboard. Each client receives a health score from 0 to 100 based on security posture trend, open finding age, compliance progress, and engagement level (how often the client reviews reports and acts on recommendations). The Account Manager agent also surfaces:
By Day 19 you have enough data to start tracking trends rather than snapshots. The key metrics to watch and what they mean:
Navigate to Settings → Team and invite any technicians, account managers, or sales staff who need access. Gridlock supports three built-in roles:
You can also create client portal accounts that give a client limited read-only access to their own security dashboard. This is a powerful trust-building tool — clients who can see their own data in real time renew at a substantially higher rate than those who only receive periodic reports.
To enable portal access for a client, go to their account settings and toggle Client Portal on. The client receives an invitation email and is prompted to set a password. Their portal shows only their own data — they cannot see any other client account.
Week 4 closes the loop on your first month. You will generate polished monthly security reports for each client, review your ROI metrics, and plan a 90-day roadmap for each account.
Navigate to Reports → Generate Report and select the Monthly Executive Summary template for each client. This report is designed to be shared directly with the client's decision-maker (CTO, CISO, or owner) and includes:
Review the report before sending. Pay particular attention to the Account Manager's executive summary language — if the client has had a difficult month (many new findings, slow remediation), you may want to soften the framing before delivery.
Go to Settings → ROI Dashboard (or use the ROI Calculator) to see the business value Gridlock has delivered in your first month. Typical first-month metrics for a 10-client MSP:
These numbers vary significantly by client count, environment complexity, and how actively you engage with agent recommendations. The ROI Dashboard lets you customize the hourly rate and ticket cost assumptions to produce a figure that reflects your specific economics.
For each client, open the Compliance Agent and click Generate Roadmap. The agent produces a prioritized 90-day remediation plan organized by control family, with estimated effort for each item. Use this as the basis for your quarterly business review (QBR) deck. Clients who receive a forward-looking roadmap — not just a backward-looking report — perceive significantly more value from their MSP relationship.
Now that you have three weeks of agent behavior to review, you can safely expand the automation scope. Revisit Settings → Auto-Remediation and consider enabling:
Return to the MSP Hunter agent and configure a recurring lead generation task. A weekly cadence — running every Monday morning so you have new prospects to review at the start of each work week — is a sustainable rhythm for most MSPs. Configure the agent to skip any domain it has already surfaced in the last 90 days to avoid duplicate leads.
On Day 30, compare the metrics you recorded at the end of Week 1 to today's numbers. You should see measurable improvement in the following areas:
If any metric is moving in the wrong direction, use that as the agenda for a brief internal retrospective. The most common cause is that findings are being discovered faster than the team is resolving them — which is a staffing or process problem, not a Gridlock problem.
By Day 30 you should have: all clients fully onboarded with asset inventories, all six agents running for every client, at least one monthly report delivered per client, selective auto-remediation active, a lead generation pipeline started through MSP Hunter, and a 90-day compliance roadmap for each account.
The following ranges are drawn from MSPs who completed their first 30 days using this guide. Individual results depend heavily on client environment size, industry, and the existing security baseline at the time of onboarding.
New clients sometimes react negatively to a low initial compliance score. Frame it proactively: the score is low because nobody has measured it before, not because things got worse since you arrived. Month 2 and 3 scores will show a clear upward trend — and that trend is the value you are delivering.
The agents are powerful, but they are operating in a new environment they have not learned yet. Agents that auto-apply changes before they have been calibrated to the specific environment can create incidents — not prevent them. Follow the phased approach in this guide: approve actions manually in weeks 1 and 2, then selectively automate in weeks 3 and 4.
It is tempting to onboard your entire client base at once. The problem is that you will receive a large volume of findings across all clients simultaneously and have no capacity to properly triage any of them. Onboard in batches of 3 to 5 clients per day so you can give each set of findings proper attention.
The Threat Researcher and Compliance agents learn from your tagging. If you are inconsistent — marking the same finding type as a false positive for one client but valid for another without a reason — the agents cannot learn effectively. When tagging a false positive, always select the reason (environment-specific exception, outdated detection rule, scan artifact, etc.).
Auto-generated reports are a starting point, not a finished product. Always review the executive summary before delivery. A report that says a client's compliance score dropped from 58 to 52 with no context will cause alarm. Adding a one-sentence explanation — "this reflects the addition of three new assets that have not yet been assessed" — maintains client confidence.
The Account Manager agent surfaces churn risk indicators quietly in the background. MSPs who do not check the health dashboard regularly often discover a client is at risk only after a notice to cancel arrives. Make reviewing the Account Manager dashboard part of your weekly routine, not just when something breaks.
The daily threat briefings include high-severity CVEs that match detected software in your client environments. Not all of these are exploitable in your clients' specific configurations. Before escalating a CVE to a client, check whether the affected service is publicly exposed and whether a proof-of-concept exploit exists. The Threat Researcher notes both of these factors in each CVE entry.
The abbreviated setup path for experienced MSPs who want to skip the hand-holding.
Deep dive into what the Onboarding Agent discovers, how to tune it, and how to add assets manually.
CVE correlation, MITRE ATT&CK mapping, and how to configure daily briefing delivery.
Framework setup, gap analysis workflows, and generating audit-ready reports.
Lead scoring algorithm, outreach email generation, and CRM export configuration.
What changes when you grow from 10 to 250+ endpoints and how to prepare Gridlock for scale.