This is a long story and an important warning, but I will try to be as concise as I can for the sake of this review. If you're Avatara and considering suing me for this, know that I've signed no NDA and am framing this as my opinion.
Signing a contract with Avatara was the worst decision my company ever made. We were originally looking for a local MSP who could manage our GCC High Environment, and there weren't many on the approved list from Microsoft. So we broadened our search and called an MSP we had dealings with in the past only to find out that they're now basically a glorified Avatara salesman. But senior leadership suggested we at least hear them out, so that's what we did.
We work in the GSA space so CMMC compliance is huge for us. As in not optional. Our work with a large assortment of government agencies requires some pretty strict security standards to be met, one of the most visible of which being our use of hardware authentication tokens such as IdenTrust tokens and CAC cards. Avatara assured us during every stage of negotiation that they have plenty of GSA customers and are perfectly suited to handle these tokens. Well they weren't. They were never able to get the tokens on the local system to pass through reliably to the virtual desktops they wanted us to work from - but we were able to work around that by means of using local desktop profiles for key applications such as Outlook. They were fine with this and even helped get the local profiles setup during our migration.
But everything changed once the trial period of was over. Without consulting us and without our consent they modified our DNS records and shut down our ability to setup new local Outlook profiles. This meant that everytime a workstation needed to be replaced we would be limited from that moment forward to only ever working within the Avatara Virtual Desktop environment, in which we couldn't use our authentication tokens and thus could not work.
Some of our users, such as our CFO, have had her virtual desktop environment pegged at 100% disk utilization in task manager for weeks, causing the environment to be so slow and unresponsive that even something as simple as opening the task manager can take minutes at a time.
Tier 1 support has proven useless not only because they never seem to understand what is being asked of them but because they lack the permissions within their organization to do much of anything except flag a ticket as resolve so as to misrepresent their SLAs. Anything and everything else requires your company's Avatara POC to submit a work order. Not to approve one -- Tier 1 support can't start a work order on your behalf that your POC then approved or denies -- your POC (who in my case is one of the owners of the company) has to stop what they're doing, log into Avatara's systems, access their management portal which doesn't actually allow them to manage anything so much as request changes, then submit a work order telling Avatara everything that Tier 1 has already been told. Then, if you want a response in less than 3 days, they'll need to email that work order to any and all contacts they have within Avatara and even that doesn't guarantee anything will be done.
Avatara is very fond of claiming they can't do things (regardless of whether or not they'd previously done them or what your migration agreement was) on grounds of security and CMMC compliance. But not only has Avatara never provided us with Schedule D of our service agreement telling us what cybersecurity coverages they're responsible for, they have never provided us an SSP, POA&M, SRM, or any of the requirements for CMMC compliance.
And worst of all: this company that denies us our every request on the grounds of security, ACTIVELY REFUSED TO TURN OVER OUR LOGS TO THE FBI following a hack that cost us tens of thousands of dollars and would (in my opinion) have not been possible from outside of Avatara's own data center.
Our CFO has made it clear we want out of this contract. Most of the time that request is ignored. When it isn't ignored it is extorted for payment of the next 2.5 years up front and without any assurances that they'll return our data to us. Their behavior has been so malicious in my opinion that I genuinely don't believe their goal is to get money out of us for doing nothing, so much as it is to crush our business.
If you are considering doing business with Avatara, Avatara Cloud, Avatara Platform or anything else these people choose to call themselves, I would encourage you to instead pile all your IT equipment together and set it on fire. That will not only be cheaper and result in less downtime, but you'll be able to rebuild faster. read more
