July 2022

The Partner Opportunity For Microsoft Security, Compliance, And Identity And Access Management Solutions

A Total Economic ImpactTM Partner Opportunity Analysis

Microsoft logo

A Forrester Total Economic Impact™ Study Commissioned By Microsoft, July 2022

Table Of Contents

icon
Monthly expected revenue opportunity (with attach rates applied):
$36 per user

The Microsoft security, compliance, and identity and access management partner opportunity to deliver services and solutions grew by 21% in the past year. Several factors drove this growth, including customers’ need for new approaches to security and compliance in response to hybrid working models, Microsoft’s solution expansion, and partners investing in bringing new services to market. Microsoft partners that make the necessary investments have achieved increased revenues, higher profitability, and more strategic relationships with customers.

icon
Year-over-year growth
21%

*For a new enterprise customer with a 36-month journey

The past year saw several trends come together that changed how companies are prioritizing and thinking about security and compliance. First, the transition from the initial COVID-19 rush to remote working into a long-term strategic approach to hybrid working brings a whole new set of challenges and opportunities in which everyone and everything can be remote and mobile. Coupled with this is the increased adoption of public and private clouds, which fundamentally changes how companies approach security and compliance. Lastly, there is an increasing awareness (and fear) of ransomware-style attacks because of increases in attack frequency and severity, as well as increases in media coverage. All of this has created greater demand for partners’ services and created opportunities for partners to bring new security and compliance services and solutions to market.

In order to understand how partners have adapted to these new challenges and opportunities, as well as how that affects the ways in which they make money, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study.1 This study examines how partners can benefit from building and operating security, compliance, and identity and access management (SCI) practices across four areas:

“Our Microsoft-related revenues grew 600% last year. This is attributable to everything built into the [Microsoft 365] E5 licenses and using telemetry from disparate systems to do [extended detection and response] (XDR). Together, it’s the golden goose.”
  • Microsoft 365 Security.

    This workload covers activating and managing everything security-related in Microsoft 365.

  • Multicloud Security.

    This workload includes securing Azure and other public clouds’ infrastructure, apps, and data.

  • Compliance.

    Microsoft compliance capabilities include information protection and governance, risk management, regulatory posture, data discovery, and privacy.

  • Identity And Access Management.

    Identity And Access Management (IdAM) includes providing core digital identities to information and frontline workers as well as third parties; Azure Active Directory (AD); Zero Trust initiatives; and capabilities such as single sign-on (SSO) and multifactor authentication (MFA).

    To help partners understand the revenue potential, Forrester created an enterprise-customer partner opportunity model based on what leading partners achieved in the 2022 fiscal year and expect to achieve in 2023. This model quantifies the opportunities for deployment, advisory and adoption services, solutions development, and managed services. Forrester found that, accounting for attach rates, the expected revenue opportunity for a new enterprise customer is up by 21% year-over-year (YOY) with an expected value of $36.15 per user per month.2

    While partners have built highly profitable businesses around various engagement models, they generally realize a larger total addressable market (TAM) and higher margins as they move from deployment to providing managed services and building custom IP. This can be conceptualized as a good-better-best scenario.

Consulting Team:
  • Mbenoye Diagne,
  • Cassandra Halloran,
  • Jonathan Lipsitz

TEI Framework And Methodology

From the information provided in the interviews with 17 representatives at 15 partner organizations of various sizes from around the globe, Forrester constructed a Total Economic Impact™ framework for those partners considering building and growing security, compliance, and IdAM practices.
  • icon
    DUE DILIGENCE

    Interviewed Microsoft stakeholders and Forrester analysts to gather data relative to the SCI services and solutions opportunity

  • icon
    INTERVIEWS

    Interviewed 17 representatives at 15 partner organizations with existing security, compliance, and/or IdAM practices to obtain data with respect to revenue opportunities, investments, and best practices.

  • icon
    FINANCIAL MODEL FRAMEWORK

    Constructed a financial model representative of the interviews using the TEI methodology. It normalizes all results as a per user per month opportunity over 36 months.

  • icon
    CASE STUDY

    Created a case study that explains the benefits and investments a partner can expect when building SCI practices. The case study also explores the best practices partners have identified, which have made them successful.

DISCLOSURES

Readers should be aware of the following:

This study is commissioned by Microsoft and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential benefits that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in creating security, compliance, and IdAM practices.

Microsoft reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Microsoft provided the partner names for the interviews but did not participate in the interviews.

NEXT SECTION: Market Trends

Customers’ Perspective

Forrester Analytics Global Business Technographics® surveys query thousands of technology purchasers and from around the world. This data set reveals macro trends that drive customers’ decisions concerning security and compliance solution adoption and selecting partners. In the 2021 Forrester Analytics Global Business Technographics Priorities And Journey Survey, 282 security decision-makers said that 30.18% of their organizations’ IT budget is spent on security.3 This is split evenly between products and services, representing a very large opportunity for Microsoft partners.

Software-as-a-service (SaaS) adoption is another big driver of security-related services adoption. In the Forrester 2021 Software 2 Survey of 2,766 software decision-makers, 34% said “data security and protection against cybercrime” was their organizations’ biggest concern with using SaaS solutions.4 Additionally, the Forrester Analytics Business Technographics Security Survey of 3,088 decision-makers found that the largest portion of their security budget goes toward cloud security (15.2%).5

As for why organizations are interested in outsourcing security services, 2,386 survey respondents in the Business Technographics survey said that their organizations’ top reasons are to improve quality of protection (39%), increase competency or specialized skills (33%), improve speed of implementation and deployment (32%), and improve regulatory compliance (31%). When it comes to selecting a security partner, the top criteria were expertise in new technologies (25%), industry expertise (24%), end-to-end capabilities (24%), and process and technology expertise (24%).

Within the IT security space, 2,466 security technology decision-makers selected their organizations’ top priorities for the next twelve months. Microsoft’s solutions, and the related partner opportunities, play across most of the top ten priorities:

Top IT Security Priorities For The Next 12 Months
Improving application security capabilities and services 21%
Improving threat intelligence capabilities to proactively identify security threats targeted to your organization or industry 18%
Improving identity and access management tools and policies 18%
Improving security analytics capabilities 18%
Implementing artificial intelligence (AI) technologies to improve security 18%
Securing internet of things (IoT) within the enterprise 17%
Improving mobile security capabilities and services 16%
Establishing and/or enhancing eDiscovery practices 16%
Securing industrial control system (ICS) or operational technology (OT) environments 16%
Moving security services to the cloud 15%

Base: 2,466 security technology decision-makers
Source: Forrester Analytics Business Technographics Security Survey, 2021

Lastly, the reasons 1,129 security decision-makers purchased identity and access management technologies over the past twelve months represent a large opportunity for partners to deploy and manage solutions. They also tie in the broader security and compliance opportunities. The top four drivers were regulatory compliance (39%), cloud migration, which required new identity and access management (IAM) solutions (31%), reduced administrative and overhead costs (23%), and ripping and replacing existing IAM that was ineffective or too costly (23%).

Partners’ Perspective

Interviewed partners provided their views on the high- level trends driving their security, compliance, and IdAM opportunities. These included:

  • Increased adoption of Microsoft Teams.

    The use of Microsoft Teams has continued its rapid expansion in the workplace. Microsoft’s most recent announcement puts monthly active Teams users at 270 million.6 Partners said that this growth is increasing their total addressable market (TAM) and that, as Teams becomes the hub for work, it increases the need for more security and compliance.

  • The move to hybrid working models.

    Partners said that the move to hybrid working creates additional security and compliance opportunities because of added complexity and the overall newness of this for their customers. This is consistent with Forrester Research findings that 51% of HR leaders are adopting an office + anywhere hybrid model. The top initiative to support hybrid office + remote work based on a survey of 719 senior HR leaders is “optimizing the adoption and use of existing collaboration technology.”7 Optimization needs to be done within the context of proper security and compliance, which is driving more opportunities.

  • Companies either do not want to manage security in-house or do not have the resources to do so.

    Partners reported that, more and more, companies want to get out of managing their own security. This is because of the increased complexity of vulnerabilities and threats, since the typical IT-security estate has grown so large and regulatory requirements are increasing. Additionally, the “Great Resignation” has made it even harder to recruit and retain security professionals. Partners are particularly excited about this development, because almost every interviewed partner has made growing managed services a top priority.

  • Microsoft 365 E5 and other Microsoft SCI solutions create more opportunities.

    Partners reported that customers are moving to the E5 solutions — either full Microsoft 365 or the security and/or compliance upgrades. The expanded SCI capabilities have increased the way in which partners can create and attach their services as well as their own solutions/intellectual property (IP) that they create to wrap around what Microsoft has built.

  • Partners are moving beyond their traditional sweet spot.

    Nearly every interviewed partner had one workload that they considered their specialty and how they got their start. There is increased effort to move beyond this one workload to provide a wider range of services to customers. This is true even for the most specialized partners. The expansion is partly because of a feeling that money is being left on the table and partly due to fear that they will lose existing customers to other Microsoft partners. This is driving investment to build up the competencies to be credible in these new workloads.

  • Frontline worker opportunities are growing.

    Frontline worker add-on opportunities were explored in this study as well as the companion study looking at the more general collaboration opportunity for Microsoft Modern Workplace partners.8 Partners said that, although customers do not like to spend as much on a per-user basis for frontline workers compared to information workers, the opportunity can still be large because of the volumes involved in some industries. On average, frontline workers increase the total deal size from 7.5% to 20%, depending on the workload.

“The market for compliance has evolved. We are seeing a big uptick in opportunities around data discovery within Teams because of everyone quickly implementing it during the start of [the COVID-19 pandemic].”
“We are still helping some clients revisit decisions made hastily during the COVID-19 work-from-home rush, but most of our effort is around helping customers formulate better hybrid-working strategies.”
“Ninety percent of the companies we talk to need to outsource their IT security if they want to be properly protected. We are bundling together the E5 and Azure pieces into a single managed services offering.”
“We continue to bet on Microsoft as the go-to-market leader for security. We will continue to invest in our Microsoft 365 and Azure security practices to take advantage of this growth.”
NEXT SECTION: Microsoft Security, Compliance, And IdAM Partner Opportunity

Total Opportunity Overview

  • The trends discussed above resulted in the growth in partner opportunities across all solution areas (i.e., workloads) and across all partner services — deployment, advisory, solutions development, and managed services — in the 2022 fiscal year. This was true for both total revenues, which reflects an increase in what partners are offering, and attached revenues, which is an indication of increased customer interest. The total expected revenue opportunity (with attach rates applied) grew by 21% for a new enterprise customer with a mix of information and frontline workers beginning a three-year journey. Overall, the opportunity was approximately 40% for Microsoft 365 Security, with the remainder spread evenly across the workloads.

chart

  • Deployment opportunities grew by 34%.

    The large increase in deployment opportunities was largely driven by the increased scope associated with the E5 solutions and expansion into new workloads. The largest growth was in Multicloud Security as many more customers need to secure their cloud environments. An increase in competitive takeaways as part of post-COVID-19-rush vendor consolidation also contributed to the increase in deployment opportunities.

  • Advisory services grew by 28%.

    Advisory services became more important as complexity has increased. These services include upfront strategy and planning work as well as adoption and change management (ACM)-related services. Partners are increasingly making it a requirement to include some advisory services, especially around ACM, to ensure successful rollouts and ongoing usage.

  • Solutions development grew by 14%.

    The largest driver of the increase in solutions development was related to the increased security information and event management (SIEM) and security operations center (SOC) opportunities. Partners have created a lot of their own IP to drive efficiencies in their service offerings as well as to sell these solutions to customers. There is also a large advanced-integration opportunity to scoop up as much telemetry as possible for extended detection and response (XDR) services.

  • Managed services grew by 18%.

    An overwhelming majority of interviewed partners are most interested in managed services. Many of the deployment and solutions development services are designed to ultimately result in a managed services contract. Microsoft Sentinel provides many partners with the foundation and framework upon which to build their own managed services. Partners have also created managed services around evergreen support across all workloads, support/help desk, and specialty compliance offerings such as eDiscovery-as-a-service.

    Forrester discussed with partners the likelihood of customers buying any given offering; this is referred to as the attach rate. For existing services and solutions, attach rates have improved. Newer services attach at lower rates as delivery lags services development and sales, but attach rates are increasing quickly. Specialized partners, such as those focused on legal compliance, may have higher attach rates than the more generalized attach rates included in this study. Partners should take their areas of specialization and existing attach rates into consideration when thinking about their opportunities.

Security, Compliance, And IdAM Opportunity Mix

chart

Base: 17 representatives at Microsoft-partner organizations with existing security compliance, and/or identity practices.

Source: A commissioned study conducted by Forrester Consulting on behalf of Microsoft, July 2022.

Enterprise Customer Revenue Opportunity By Partner Service

Partner Service Total Per User Per Month Blended Attach Rate Expected Per User Per Month YOY Growth (Expected)
Deployment $15.05 55% $8.35 34%
Advisory $3.95 65% $2.55 28%
Solutions development $38.15 30% $11.35 14%
Managed services $40.65 34% $13.90 18%
Total $97.80 37% $36.15 21%

Enterprise Customer Revenue Opportunity By Solution Area

Solutions Area Total Per User Per Month Blended Attach Rate Expected Per User Per Month YOY Growth (Expected)
Microsoft 365 Security $38.00 32% $12.25 20%
Multicloud Security $22.05 34% $7.50 36%
Compliance $17.65 27% $4.85 21%
Identity And Access Management $20.10 57% $11.55 13%
Total $97.80 37% $36.15 21%
“A Microsoft 365 Security journey can be 100 times the initial phases. Microsoft keeps adding capabilities which means we can continue to grow.”

Microsoft 365 Security

Microsoft 365 Security is about activating and managing Microsoft 365 workloads securely. The opportunities for partners have increased proportionally with all of the additional capabilities that Microsoft has added to both the E3 and E5 SKUs, although the move to E5 is the biggest driver.

  • Core deployment services consist of E3 to E5 migrations and standing up the range of Microsoft 365 Security solutions.

    An increasing number of these opportunities are beginning with one or more workshops, and Microsoft often funds these. A complete deployment journey can be 100 times the value of upfront workshops and pilots. Competitive takeaways in this space can range from $50,000 to $250,000. A full Sentinel deployment and associated services are typically around $200,000.

  • Advisory services have increased and generally equate to a 15% to 30% uplift on deployment revenues.

    The upfront strategy and planning piece has increased because of the added complexity associated with more solutions and supporting hybrid work. There is also more effort going into defining a proper change management and governance plan and then rolling that out. Partners are emphasizing this more and often requiring customers to take at least a light version of these offerings, which has resulted in a 70% attach rate.

  • Resalable IP is the largest component of solutions development, but there are also custom development and integration opportunities.

    Most of the IP that partners are building now is designed to ingest signals from disparate systems for SIEM and SOC offerings along with management, monitoring, and remediation tools. Partners are selling these solutions to customers for internal use (what is quantified in this subsection) as well as for their own use in managed services. There are also one-off integration projects tied to ingesting and analyzing telemetry. Custom development can be up to 30% more than what is spent on core development services.

  • Managed services has grown in depth and breadth as companies struggle to staff in-house security teams.

    Sentinel continues to enable partners’ creation and delivery of managed services. Customers have an increased interest in SIEM and SOC services, especially those that are fully on the Microsoft stack. Detection and remediation services are packaged separately so that a customer can buy only what they need. More traditional outsourced managed services around ensuring a proper security posture using the E5 security solutions, ongoing audits and planning, and various levels of user support continue to grow.

chart

“We are helping a lot of customers in their digital transformations of moving to the cloud. This includes infrastructure, data, and applications. Multicloud makes these initiatives bigger for us.”

Multicloud Security

Multicloud Security includes the services and solutions partners offer around Azure and other public clouds running Microsoft solutions. Most of the interviewed Microsoft 365 Security partners are in the process of or planning to move into this area because there are so many opportunities to attach services. This includes security services around data, virtual server, networking, and applications. There are also opportunities around advanced workloads, such as AI and machine learning.

  • Deployment services cover all aspects of Azure as well as support of multicloud security.

    All of the partners Forrester interviewed with a cloud security practice had an emphasis on Azure. However, they support their customers across public clouds and their multicloud customers represent some of their largest opportunities. Partners provided many examples of cloud-related deployments, including server migrations, application migrations, and general efforts around standing up and configuring the full Azure stack with proper security. Partners reported that Microsoft Defender For Cloud has become a very important enabler of the deployment and follow-on work they are doing.

  • Secure cloud migrations require significant upfront strategy and planning advisory services.

    Due to the newness of cloud security at many companies and a corresponding lack of in-house skills, partners are doing sizeable strategy and detailed planning work, typically 20% on top of other deployment work. There is also other work being done around governance and training for IT and end users. There is an intersection point between cloud security and compliance because of hosting information in the cloud complicating privacy.

  • Partners are creating a lot of solutions around migrating and operating securely in the cloud.

    Partners can use these tools either in the delivery of managed services or sold to customers in a SaaS model. Partners also reported large integration and development opportunities, especially in hybrid and multicloud scenarios. As customers increasingly move to cloud-based applications, partners expect these opportunities to become much larger.

  • Managed services is the largest opportunity and where partners are focusing most of their attention.

    Consistent with the other workloads, partners said that their customers increasingly want to get out of managing IT. This is especially true for cloud because they traditionally do not have strength in this area or a deep bench of resources from which to draw. Examples of partner offerings include cloud SOC services (tied into cloud network operations center [NOC] services); evergreen support of Azure to ensure new capabilities are implemented and kept secure; maintaining and updating cloud applications; and fully outsourced security management of all levels of a cloud-based infrastructure.

chart

“We saw two years ago that compliance is where Microsoft was going to be placing their big bets. We pivoted our SharePoint consulting team to information protection, giving us a quick entry.”

Compliance

Security partners are continuing to move into the compliance space as Microsoft’s investment in compliance solutions makes it easier to credibly speak about and provide services. Entry points for these partners tend to be around information protection, communications governance, and insider risk, which are natural extensions of security practices. More specialized partners continue to be the ones with the necessary skills around advanced eDiscovery/legal hold and records management.

  • Deployment work often begins with workshops leveraging Microsoft Compliance Manager.
    Deployment projects in areas such as information protection are typically around 10 times the upfront spend on workshops and pilots. Partners with mature compliance offerings are seeing an increase in very large information protection deployment opportunities that can last a year or longer and cost up to $1 million. These opportunities can involve the migration of more than a petabyte of data and complex integrations.
  • Governance advisory services are central to the successful adoption of Microsoft compliance solutions.

    To a large extent, compliance is all about governance for both the IT organization and the thousands of business users at an enterprise customer. Partners are doing a lot of upfront work around defining governance models and, in many cases, managing them for customers. There is also a large educational component so that business users understand the importance of governance and have the training and knowledge necessary to help ensure compliance.

  • Partners are wrapping their own IP around Microsoft’s solutions at an increasing rate.

    Although this is still largely confined to specialized compliance partners, the more general security partners are starting to look at this area. Some examples include off-the-shelf connectors, advanced eDiscovery tools, unstructured-data compliance tools, and evergreen compliance capabilities. Partners are starting to list some of these in the Azure Marketplace. There can also be extensive integration opportunities to connect disparate information repositories for an enterprisewide compliance initiative.

  • Compliance-related managed services is the newest and fastest-growing area for most partners.

    The more generalist partner has been investing in compliance-related managed services over the past two years. Their investments are paying off with a 44% YoY growth. For these partners, information protection and data loss prevention are the biggest opportunities area, and prices at around $2.40 per user per month. They are also doing more around ensuring basic compliance of Microsoft 365. More advanced partners have managed service offerings for outsourced administration of eDiscovery, ongoing audits, and packaged hours for legal hold. There is a general trend to replicate SOC-type models as a compliance-as-a-service model, although only a couple of partners were far enough along to have offerings for sale.

chart

“We are seeing large competitive takeaway opportunities across many areas of identity, including SSO and MFA.”

Identity And Access Management

Identity And Access Management is both a distinct workload and a foundational component of the three other workloads: Microsoft 365 Security, Multicloud Security, and Compliance. As such, partners increasingly think of it in terms of the previously described opportunities. That said, IdAM is still a major driver of all partner security-related opportunities because of the near ubiquitous adoption of Microsoft Active Directory or Azure AD. The Zero Trust narrative is also important for partners and Microsoft in creating multiyear IdAM journeys covering solutions such as multifactor authentication (MFA), single sign-on (SSO), and passwordless authentication.

  • IdAM journeys can be multiyear and cost millions of dollars as part of a move to a Zero Trust approach.

    Increasingly, these are including the rollout of full digital identities for frontline workers. One partner described doing a B2C identity migrations for a customer’s 40 million external customers. If this becomes common, it could be a big opportunity for partners. With regards to the more tactical competitive takeaways, their cost varied based on factors such as how many applications required SSO integration and if they were web apps. These projects often grew to be $250,000.

  • IdAM is central to every user, so advisory services are very important in terms of properly defining the program and providing enough ACM support, including hands-on training.

    Partners estimated that to be truly successful, advisory services can be 20% to 30% on top of the deployment effort. These services are attaching at higher rates in part because partners are making it compulsory and because customers have been burned by past failures due to a lack of ACM.

  • Solutions development can consist of off-the-shelf IP, such as connectors and management tools, as well as some advanced integration work to try disparate systems together into a common IdAM approach.

    Application migrations are an area where partners are doing a lot of custom development work and making a lot of money. Hybrid and multicloud environments play into the size of these opportunities. Partners are also creating IP to make the managed services more profitable. The costs for this final category are usually imbedded into the managed services contract cost.

  • IdAM-related managed services are often merged with the broader user-support managed services contracts.

    There are also more specific managed services around managing the IdAM infrastructure and ensuring that capabilities such as SSO do not break when a vendor makes a change to an integrated application. Some managed service providers (MSPs) and managed security service providers (MSSPs) are doing the upfront deployment and advisory work at no charge, instead imbedding those costs into a multiyear IdAM managed services contract. In those cases. The services contract kicks in on the first day of the project rather than after going live.

chart

NEXT SECTION: Partner Investments And Best Practices

Each year, Forrester asks partners what new best practices and investments are fueling their success in terms of go-to-market and delivery. Although in past years partners always stressed building and training good teams, it was more important this year because of the increased difficulty hiring and retaining IT security professionals. This theme carries across to several of the investment/best practice areas. Specific examples include:

  • Hiring, retaining, and upskilling resources to have credible services.

    Every interviewed partner except one said that they were struggling to hire enough people across the four practice areas. Supply is currently hampering growth more than demand. The one partner exception has created a workplace brand for being the place where people want to work. Other partners should follow this example to strengthen brand reputation to other IT professionals, not just the customer community. Partners are also investing more in training and certifications to upskill existing employees. In addition to filling the skills gap and presenting credible resources to customers, upskilling helps with employee retention.

  • Improving back-office delivery and sales operations.

    Partners are striving to be more effective and efficient across all aspects of their business. This is a response to the resource shortage and because they view the SCI space as a land grab opportunity. Partners are building centers of excellence, investing in templates and methodologies to make projects more repeatable and standardized, and building out sales enablement and marketing to reach more prospects.

  • Streamlining and automating managed services.

    Much of this study described partners efforts to bring managed services to market. Doing so profitably requires standardizing, streamlining, and automating. Partners are making sizeable investments in tools and templates to achieve this. Wherever possible, partners are leveraging Microsoft tools and solutions, such as Sentinel and Lighthouse, which is an admin portal for multitenant management of Microsoft 365 services and connected devices. For more mature partners, this has translated into managed services margins of 55% or higher, while those with newer managed services offerings are often at around 30%.

  • Investing in engineering to keep up with the pace of Microsoft’s innovation.

    Microsoft continues to innovate and bring many new capabilities to market. The most successful partners are creating their own IP to keep up with and augment what Microsoft is doing. Many of these efforts are IP around managed services, which touch on the previous best practices. Partners said that they are building more industry-specific solutions, especially for compliance, and undertaking more co-engineering work with Microsoft.

  • Partners continuing to invest in their relationships with Microsoft.

    This covers co-sell motions, joint marketing, joint delivery of workshops, and co-engineering. By in large, partners are aligning their marketing messaging to Microsoft’s to take advantage of marketing dollars and avoid creating confusion in the market. Partners are also adding headcount to their Microsoft partner management team to work more closely with the different solution areas and geographies. Partners, as in past years, said that they get back many times over the investment in time and money that they put into the relationship.

  • Making customers more secure and compliant.

    First and foremost, everything partners are doing is about helping customers navigate a rapidly changing world in terms of how people work and the threats that are out there. All of the other best practices and investments contribute to achieving this. Creating successful customers results in long-term relationships, wins new customers, and increases profitability because fixed-price managed services require less effort. This requires a culture of quality in everything partners do.

NEXT SECTION: Conclusion

FY22 was a year of rapid growth for partners across all workloads and all four solution areas. The two main reasons were the move to hybrid working and an increase in security threats, both real and perceived. Microsoft 365 Security opportunities benefited from the increased adoption of E5 SKUs, with their greater solution sets. Multicloud Security increased from the continual push to the cloud, and the added complexity of hybrid and multicloud environments. More generalized security partners pushed into the Compliance space on top of Microsoft’s increased compliance solution set and credibility, while specialized compliance partners were doing even more in compliance and moving into broader security areas. IdAM continued to be a part of security, and partners were seeing expanded new opportunities tied to strategic Zero Trust journeys and tactical competitive takeouts.

Partners believe that these opportunities will continue to grow in FY23, and they are making large investments in order to be one of the winners. These investments and best practices include upskilling and recruiting people to have credible offerings; streamlining and automating back-office delivery and sales functions as well as managed services; investing in their own IP to keep pace with Microsoft and deliver incremental value to customers; leveraging everything that Microsoft’s partner organizations have to offer; and doing all of this to make their customers more secure and compliant.

Summary Of The Microsoft Security, Compliance, And Identity Partner Opportunity*

Solutions Area Total Revenue (PUPM) Expected Revenue (PUPM) YOY Growth (Expected)
Microsoft 365 Security $38.00 $12.25 20%
Multicloud Security $22.05 $7.50 36%
Compliance $17.65 $4.85 21%
Identity And Access Management $20.10 $11.55 13%
Total $97.80 $36.15 21%

*For a new enterprise customer with a mix of information and frontline workers embarking on a new three-year customer journey.

NEXT SECTION: Appendix

Appendix A: Endnotes

1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

2 Attach rate is the percentage of all customers who purchase any given service and thought of the likelihood of selling a particular service that is part of a partner’s offering portfolio.

3 Source: Forrester Analytics Global Business Technographics® Workforce Survey, 2021.

4 Source: Forrester Analytics Business Technographics® Software 2 Survey, 2021.

5 Source: Forrester Analytics Business Technographics® Security Survey, 2021.

6 Source: Mary Jo Foley, “Microsoft: Teams now has more than 270 million monthly active users,” ZDNet, January 25, 2022.

7 Source: “Invest In Leaders And Skills To Support Your Anywhere-Work Strategy,” Forrester Research, Inc., February 28, 2022.

8 Source: “The Partner Opportunity For Microsoft Modern Workplace,” a commissioned study conducted by Forrester Consulting on behalf of Microsoft, July 2022.

About Forrester Consulting

Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scope from a short strategy session to custom projects, Forrester’s Consulting services connect you directly with research analysts who apply expert insight to your specific business challenges. For more information, visit forrester.com/consulting.

Forrester Research, Inc.© All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go to KDforrester.com.

Cookie Settings