![test-full-word-logo.png]](https://k12panel.com/hs-fs/hubfs/test-full-word-logo.png?height=35&name=test-full-word-logo.png){kind=logo}
Cross Org Alerts
Cross Org Alerts is your MSP triage board. It shows, for every client organization you administer, the things that need attention — active threats, devices waiting to be adopted, open alerts, and modifiers that are failing — all in one matrix. It's designed to be the first screen you open each day, so you can see across your whole book of business and decide where to focus.
Who Can Use It
Cross Org Alerts is part of MSP Tools and is visible only to users who are Admin or higher in two or more active organizations.
Finding It
Open MSP Tools in the left navigation menu and choose Cross Org Alerts.
What the Matrix Shows
Each row is one client organization. For each client you see four counts plus a combined total. The counts are loaded per row as the page populates, so a large list of clients stays responsive.
| Column | What it counts |
|---|---|
| Active Threats | Active, uncontained, unacknowledged Microsoft Defender detections in that client. These are the threats Defender allowed or failed to remediate — the ones that need a human. |
| On-Ramp | Devices waiting to be adopted into the client — assets sitting on the On-Ramp, including machines that were recently imaged and are requesting enrollment. |
| Alerts | Open organizational alerts in that client (for example subscription warnings, sync errors, suspended-modifier alerts), shown at the role level you hold there. On-ramp items are excluded here because they have their own column. |
| Modifier Trouble | Distinct Modifiers that are currently suspended on at least one asset in that client — i.e., automation that has failed repeatedly and stopped running. |
| Total | The sum of the four columns, so you can sort clients by overall attention needed. |
Each client row also reflects that organization's default Defender monitoring setting, so you can tell at a glance whether a client is set up to report threats in the first place.
A note on Active Threats and roles: the Active Threats count is shown only for clients where you hold Admin (this matches the per-org Detections badge). In an org where you hold a lower role, that count shows as zero.
Acting on a Count: Jump to the Right Place
The matrix is a launch pad, not a dead end. Click any count and K12Panel switches your active organization to that client and drops you on the matching per-org page, ready to act:
- Active Threats → that client's Detections view.
- On-Ramp → that client's On-Ramp, to adopt or reject the waiting devices.
- Alerts → that client's Dashboard, where the alerts live.
- Modifier Trouble → that client's Modifiers list, to investigate and clear the suspensions.
After you finish in the client, return to Cross Org Alerts from the MSP Tools menu.
Scoping Which Clients Appear
By default, Cross Org Alerts shows every active organization you administer. If you've created a default Cross Org List — a saved group of clients — the matrix seeds its scope from that list, so you can focus on just the clients you're responsible for. Only active (enabled) organizations are included, and the list is always intersected with the organizations you currently administer.
Frequently Asked Questions
What's the difference between "Active Threats" and "Alerts"? Active Threats counts uncontained Microsoft Defender detections specifically. Alerts counts K12Panel's broader organizational alerts (subscription warnings, sync errors, suspended-modifier notices, and so on), excluding on-ramp items.
Why does one client show zero Active Threats even though I know it has detections? The Active Threats count is shown only where you hold Admin in that client. If you have a lower role there, the count displays as zero. Defender monitoring also has to be enabled for that client to report threats at all.
What counts as "Modifier Trouble"? A Modifier that has failed to run several times in a row gets suspended on the affected asset. This column counts the distinct Modifiers currently suspended on one or more assets in the client. Clearing the underlying failure resolves it.
What happens when I click a count? K12Panel switches your active organization to that client and opens the relevant per-org page (Detections, On-Ramp, Dashboard, or Modifiers). It changes which organization you're actively working in.
Why don't I see all of my clients in the matrix? Either you have a default Cross Org List that narrows the scope, or some organizations are disabled. Only active organizations you currently administer appear. Adjust or clear your default list to widen the view.
How is this different from each client's own Dashboard? The per-org Dashboard shows one client's alerts. Cross Org Alerts rolls the key signals up across all of your clients into a single sortable matrix, then lets you jump into any client to act.