MSPs rely on a wide mix of tools in their technology stack, such as RMM, PSA, backup, AV, monitoring, documentation, and ticketing, often brought in at different times by different teams. Over time, these tools can overlap in functionality or go underused, creating unnecessary cost and complexity.
A structured tech stack audit helps MSPs identify where their technology stack is bloated, redundant, or underutilized. Regular audits reduce overlapping functionality and redundant licensing, identify underused features and shelfware, streamline technician workflows, and improve client profitability and tool visibility.
Optimize and streamline IT tool inventory with NinjaOne’s powerful features.
Steps to audit your MSP tool stack
Before starting your audit, ensure you have the right access and tools in place to accomplish this task.
📌 Prerequisites:
- Admin access to licensing and billing portals is required to review costs, subscription details, and license assignments.
- You need access to user and device activity logs from RMM and SaaS dashboards.
- PowerShell and CMD access must be available to gather local usage and installation data.
- You will need Registry access to validate whether tools are installed or active on client devices.
- Defined categories of tool functions like backup, antivirus, and patching, to map each tool to its proper role
💡 Tip: Optional: NinjaOne can be used to automate software inventory, usage reporting, and remote script deployment for faster audits at scale.
Step 1: Inventory installed tools across client devices
The first step in your tech stack audit is to inventory the tools you’ve installed across client devices. This step will give you the baseline required to spot overlap, waste, and underutilization.
📌 Use Cases:
- This method confirms which tools are deployed across all endpoints.
- Maps each tool to its functional category, such as backup, endpoint security, or patching.
📌 Prerequisites:
- PowerShell 5.1 or higher must be available on target devices to run the commands.
- Administrator rights are required to access registry paths where Windows stores information about installed software.
To use PowerShell to collect software inventory, run this command:
| Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, Publisher, InstallDate | Export-Csv “C:\Reports\InstalledTools.csv” -NoTypeInformation |
You can also use the Command Prompt. Run this code to get it done:
wmic product get name, vendor, version > C:\Reports\InstalledTools.txt
After exporting the results, normalize tool names and map each one to a function in a spreadsheet or Power BI dashboard.
Step 2: Tag tools and endpoints in the Registry for comparison
The next step is to mark which categories of tools are on each device. Storing this info in the registry will make it easy to query later and compare across clients.
📌 Use Cases:
- This step will help you classify tools by function.
- This makes overlap easier to identify when comparing multiple endpoints.
📌 Prerequisites:
- Administrator rights are required to make and edit registry keys.
- You will need an RMM or script execution method to query Registry data at scale.
To use Registry entries to indicate known tool categories or overlap risk, run this command on PowerShell:
| New-Item -Path “HKLM:\SOFTWARE\Org\ToolAudit” -Force Set-ItemProperty -Path “HKLM:\SOFTWARE\Org\ToolAudit” -Name “AVProvider” -Value “SentinelOne” Set-ItemProperty -Path “HKLM:\SOFTWARE\Org\ToolAudit” -Name “BackupTool” -Value “Datto” |
You can then query these keys via RMM or script to build a cross-client matrix of tools by function.
Step 3: Audit licensing usage and logins per vendor portal
The next step is to review each vendor’s admin portal to compare what you are paying for against what is actually used. Pull seats, logins, and feature usage, then calculate utilization to spot waste, shelfware, and overlap.
💡 Note: Vendors are companies that sell you the tool, like SentinelOne, Microsoft, etc
📌 Use Cases:
- Find licenses and features that are not being used so you can cut costs or downgrade plans.
- Spot tools that do the same job as others or add little benefit to technician workflows.
📌 Prerequisites:
- You will need to have administrator access to each vendor portal with permission to export reports.
- A list of core tools and the features you pay for, plus a defined time for usage analysis
Here’s how to audit licensing and usage:
- Collect license and usage data from each portal. You can use data like:
- Seats paid
- Seats assigned
- Active users in the last 30-90 days
- Other data, like backups run, alerts handled, and tickets logged.
- Export reports to CSV for analysis. Note that most vendor portals let you export license and activity data.
- Next, you can build a simple tool utilization table like this:
| Tool | Seats Paid | Active Users | Utilization | Overlap Risk |
| SentinelOne | 100 | 97 | 97% | Low |
| Acronis | 120 | 45 | 38% | Medium |
| Automox | 50 | 0 | 0% | High |
- Consolidate and validate usage by merging all CSVs into Excel or Power BI, add utilization columns, check which features are actually enabled, and confirm real activity through SSO or identity provider logs.
Step 4: Evaluate tool redundancy with script and policy checks
Next, locate overlapping tools on endpoints, helping you remove duplicates, cut waste, and avoid conflicts.
📌 Use Cases:
- Identify devices running more than one tool in the same category per endpoint, like multiple AVs or dual patch managers.
- Confirm real overlap before deprovisioning or consolidating licenses.
📌 Prerequisites:
- Admin rights or target endpoints
- PowerShell 5.1 or higher for remote script execution
To detect multiple antivirus products, use this PowerShell command:
| Get-CimInstance -ClassName AntivirusProduct -Namespace “root\SecurityCenter2” | Select-Object displayName, productState |
To check overlapping agents like patch or updater services, run this on PowerShell:
| Get-WmiObject Win32_Service | Where-Object { $_.DisplayName -match ‘patch|update’ } | Select-Object Name, DisplayName, State, StartMode |
If the scripts find duplicate tools, have them mark the device in the Registry or return an error code. You can use this code to get it done:
| $av = Get-CimInstance -ClassName AntivirusProduct -Namespace “root\SecurityCenter2” if ($av.Count -gt 1) { New-Item -Path “HKLM:\SOFTWARE\Org\ToolAudit” -Force | Out-Null Set-ItemProperty -Path “HKLM:\SOFTWARE\Org\ToolAudit” -Name “AVOverlap” -Value “Detected” exit 1 } else { exit 0 } |
Step 5: Review technician usage and workflow friction via surveys
The next step is to talk to the people who use the tools every day. Survey technicians so you can highlight inefficiencies that raw data may not show.
📌 Use Cases:
- This will let you identify tools that slow down workflows or create extra manual steps.
- Helps you find software that is licensed but unused because technicians prefer workarounds
Questions to ask technicians to help review tool usage:
- Which tools do you log into daily?
- Which tools have confusing or redundant interfaces?
- Are there tools you are required to use but avoid because of manual workarounds?
- Are any feature gaps being filled with scripts or spreadsheets?
Does your actual login and usage data match your day-to-day experience?
💡 Tip: You can use Google Forms to obtain feedback. Moreover, cross-reference the survey with actual usage data. This will ensure you have the information to act based on actual data.
Step 6: Set policy for rationalization and replacement
After you’ve identified the overlapping and underused tools, you can then put formal policies and recommendations in place to decide what stays, goes, and what gets consolidated.
📌 Use Cases:
- This will help you standardize how your MSP handles tools that are underutilized or redundant.
- This lets you reduce wasted spend on subscriptions and unused tools while maintaining consistency across clients.
📌 Prerequisites:
- This requires completion of the earlier steps, which show utilization rates and overlap risks.
- Admin access to your GPO or RMM to enforce removal and installation.
Create a decision rubric based on your audit findings:
| Condition | Action |
| Utilization under 50% for 3+ months | Review for removal |
| Redundant with another active tool | Consolidate licenses |
| Vendor raises pricing without more use | Negotiate or replace |
| Only partially deployed across clients | Phase out or standardize |
⚠️ Things to look out for
| Risks | Potential Consequences | Reversals |
| Removing a tool early | It can disrupt technician workflows and client operations, especially if it’s still being used. | Pilot test removals with a small group, gather information about its usage, and provide alternative tools before phasing out. |
| Overlooking contract terms | Early termination fees or compliance issues may apply. | Review vendor contracts before removing or replacing tools. |
| Ignoring client-specific needs | A tool might be redundant globally, but required for one client. | Validate with client stakeholders before consolidating licenses. |
| Blocking installs too broadly | This may prevent legitimate tools or updates from running. | Define clear allow deny lists in GPO or RMM. |
Additional considerations when auditing your MSP technology stack
Security risk
Unused agents or conflicting antivirus products could create vulnerabilities that attackers may exploit. It would be best to conduct regular reviews and remove unnecessary software.
Contract terms
Note and review vendor contracts carefully, as minimum terms or early termination clauses can make it difficult to remove tools. Be sure to review the conditions of each contract and factor in commitments so unexpected costs won’t occur.
Client billing
Map tool usage to per-client profitability and ensure invoices reflect the actual value. This will help you justify spending to clients and identify tools that are not adding revenue.
Communicate changes
Be sure to announce tool changes in advance to your technicians and clients. Run pilot tests in small groups before rolling them out to see whether they work well with your team or otherwise.
Troubleshooting MSP tech stack audit issues
Inventory scripts miss tools
If your inventory looks incomplete, check both 32-bit and 64-bit registry keys to capture all installed software.
Tools are not listed
Some cloud-only tools do not install agents, so they won’t appear in local inventories. You can use login logs or vendor portal reports to capture their usage.
Registry tags missing
If Registry entries don’t show up, please confirm the script is running with administrator permissions.
Overlooked SaaS overlap
On some occasions, SaaS tools often overlap in functionality, but don’t leave traces on endpoints. For this, you can use discovery tools to spot usage and duplication.
NinjaOne services for MSP tool auditing
| What can NinjaOne do? | What it is | How does it help with MSP tool stack auditing? |
| Provides endpoint software inventory IT reports | Provides detailed visibility into installed applications across devices | This ensures you have a complete and accurate list of tools in use |
| Device tagging | Tags endpoints based on installed tools or overlap risk | This makes it easy to group devices by function and spot redundancies |
| Script deployment | Deploy PowerShell scripts to collect tool presence and Registry values | Automates data gathering and reduces manual effort for editing |
| Usage reporting | Reports tool usage across clients and tracks license consumption | Assists in right-sizing licenses and eliminating underused seats. |
| Duplicate tool alerts | Flags devices running duplicate or non-standard tools | Enables technicians to identify and remove wasted or conflicting software |
With NinjaOne, MSPs can visualize their tool stack footprint, track usage patterns, and eliminate waste without losing control over functionality or compliance.
Utilize NinjaOne to maximize productivity and aid in auditing your tool stack.
Learn more about NinjaOne’s device inventory management
Improving profitability and efficiency through MSP tech stack audits
Regularly auditing your technology stack is crucial for controlling costs, improving technician workflows, and avoiding client confusion. By checking the tools you have installed, how they’re used, and where overlap exists, you can cut waste and costs while ensuring your tools deliver maximum value.
Related topics:
