Is RMM augmentation a temporary step before full RMM replacement?

It can be, but it does not have to be. Many MSPs run augmentation indefinitely — keeping their existing RMM for scripting and remote-control work and using the augmentation layer for security, GRC, and analytics. Some MSPs eventually consolidate; the choice is preserved.

How is RMM augmentation different from XDR?

XDR (Extended Detection and Response) is a security-only category — endpoint, network, and cloud detection correlation. RMM augmentation is broader: it covers security but also patching, GRC compliance, replacement prioritization, helpdesk, and remote support. Lavawall® includes XDR-class capabilities (M365 ITDR, ransomware indicator hunting, AV/EDR correlation) but is not exclusively an XDR.

Can the augmentation layer replace my RMM if I want?

Yes. Lavawall®, for example, provides patching, scripting, remote access, and inventory — the core RMM functions — alongside the security and GRC capabilities. MSPs can run it as augmentation and later consolidate, or use it as their primary RMM from the start.

How disruptive is deploying an augmentation layer?

Minimal. If the tool deploys through your existing RMM, the rollout looks like any other RMM-pushed software. Lavawall® installs via a Datto component or a single PowerShell / bash command and produces value the day it lands.

What is RMM augmentation? Definition, components, and why it matters

Definition

A traditional RMM (NinjaOne, Datto RMM, ConnectWise Automate, N-able N-central, Atera, Kaseya VSA, Pulseway, Syncro, etc.) excels at remote scripting, basic patch management, monitoring, and inventory. RMMs were built for IT operations work — keeping the lights on, deploying software, running scripts on demand.

They were not built for cybersecurity, GRC compliance evidence, multi-cloud breach detection, or the deeper analytics MSPs now need: indicator-of-compromise hunting, ITDR, configuration vulnerability assessment against frameworks like CIS Controls, replacement prioritization based on battery cycles and TPM versions, and SaaS / shadow-AI discovery.

RMM augmentation is the procurement pattern that emerged in response. Rather than ripping out a working RMM and waiting six months for technician retraining, MSPs install a dedicated security and compliance platform alongside the RMM. The two coexist — the RMM continues to handle scripting and remote control, while the augmentation layer handles security, compliance, breach detection, and analytics.

Core components

RMM-native deployment. The augmentation tool deploys through your existing RMM as a component, script, or automation — not as a separate enterprise rollout. For Datto RMM users, that means a deployable component; for NinjaOne / ConnectWise / Atera / Kaseya VSA / Intune users, that means PowerShell or bash scripts.
Cybersecurity layer. Application control, configuration vulnerability assessment, indicator-of-compromise hunting (Akira-style ransomware staging detection), AV / EDR / MDR integration and monitoring.
GRC compliance layer. Mapping endpoint and cloud telemetry to frameworks like CMMC 2.0, NIST CSF, CIS Controls v8, SOC 2, ISO 27001, HIPAA, PCI DSS, PIPEDA, BC HIA, Alberta HIA, NERC CIP, IIROC, CPA Canada, and Australian Essential Eight — with continuous evidence collection.
Cloud breach detection. M365 / Entra ID / Azure breach detection and configuration assessment, Google Workspace breach detection, Outlook phishing intake, with endpoint correlation to drop false positives.
Replacement-prioritization analytics. Scoring endpoints for replacement based on battery charge cycles, battery capacity degradation, drive SMART data, TPM version, available RAM, and processor age — not just lifecycle dates.
SaaS and shadow-AI discovery. Curated SaaS catalog matching against email metadata to surface SaaS usage attribution, including coverage of generative-AI services for shadow-AI risk management.
Optional helpdesk and remote support layer. Per-named-agent helpdesk with device-context-aware tickets and browser-based mobile-friendly multi-tenant remote support — replacing standalone Zendesk and Bomgar / BeyondTrust deployments.

Why it matters

RMM replacement is expensive and disruptive. Migrating 200 endpoints from one RMM to another typically takes weeks of agent rollouts, scripting library translation, and technician retraining. Most MSPs cannot justify that cost just to add security and compliance capabilities.

RMM augmentation removes the migration bottleneck. The augmentation layer drops in alongside the existing RMM — typically deployed through it — and starts producing value the day it lands. The MSP can later choose to consolidate or to keep both indefinitely.

For MSPs facing cyber-insurance scans, CMMC 2.0 / CPCSC requirements, or SOC 2 / ISO 27001 audits, augmentation is also the fastest path to compliance evidence. The existing RMM does not produce that evidence; the augmentation layer does.

How Lavawall® helps with RMM augmentation

Lavawall® was designed specifically as an RMM-augmentation layer. It deploys via Datto RMM as a downloadable component, or via PowerShell / bash scripts from NinjaOne, ConnectWise Automate, Atera, Kaseya VSA, Microsoft Intune, or any other RMM that can run a script.

The pricing page describes the bundling logic: a typical 50-device, 3-technician MSP runs five-to-seven separate tools — RMM, GRC starter (Vanta/Drata-class), application control (ThreatLocker-class), M365 monitoring add-on, helpdesk (Zendesk-class), remote support (Bomgar/BeyondTrust-class), and SaaS discovery. Lavawall® consolidates the security, GRC, breach-detection, app-control, M365 monitoring, helpdesk, and remote support layers into one platform alongside the existing RMM.

For MSPs already running Huntress, Sophos MDR, or Microsoft Defender for endpoint protection, Lavawall® integrates with all three via API and surfaces incidents in the same console — avoiding the multi-tab swivel-chair problem that plagues fragmented MSP stacks.

Frequently asked

Is RMM augmentation a temporary step before full RMM replacement?: It can be, but it does not have to be. Many MSPs run augmentation indefinitely — keeping their existing RMM for scripting and remote-control work and using the augmentation layer for security, GRC, and analytics. Some MSPs eventually consolidate; the choice is preserved.
How is RMM augmentation different from XDR?: XDR (Extended Detection and Response) is a security-only category — endpoint, network, and cloud detection correlation. RMM augmentation is broader: it covers security but also patching, GRC compliance, replacement prioritization, helpdesk, and remote support. Lavawall® includes XDR-class capabilities (M365 ITDR, ransomware indicator hunting, AV/EDR correlation) but is not exclusively an XDR.
Can the augmentation layer replace my RMM if I want?: Yes. Lavawall®, for example, provides patching, scripting, remote access, and inventory — the core RMM functions — alongside the security and GRC capabilities. MSPs can run it as augmentation and later consolidate, or use it as their primary RMM from the start.
How disruptive is deploying an augmentation layer?: Minimal. If the tool deploys through your existing RMM, the rollout looks like any other RMM-pushed software. Lavawall® installs via a Datto component or a single PowerShell / bash command and produces value the day it lands.