Migrating your AWS offer to Microsoft Marketplace - Identity and Access Management (IAM)
As a software development company, expanding your marketplace presence beyond AWS Marketplace to include Microsoft Marketplace can open new doors to grow your customer base. Azure’s broad ecosystem and diverse user base offer a dynamic platform to enhance your application’s reach and potential. This post is part of a series on replicating apps from AWS to Azure. View all posts in this series. Expand your reach and accelerate growth by bringing your AWS-based app to Azure and selling through Microsoft Marketplace. This guide will break down key IAM differences between AWS and Microsoft Entra ID, helping you replicate your app’s identity management quickly and securely. Future posts will dive deeper into specific IAM configurations and best practices. You can also join ISV Success to get access to over $126K USD in cloud credits, AI services, developer tools, and 1:1 technical consults to help you replicate your app and publish to Marketplace. To ensure a smooth app replication, start by understanding the key differences between AWS IAM and Microsoft Entra ID. A clear grasp of these distinctions will help you transition identity management effectively while optimizing security and performance on Azure. This guide will highlight these differences, map comparable services, and provide actionable steps for a seamless IAM replication. This article addresses Identity and Access Management (IAM) and select Identity Services: Amazon Cognito vs. Microsoft Entra ID. Identity and Access management (IAM) Identity and Access Management (IAM) is essential for securing and managing who can access resources, under what conditions, and with what specific permissions. AWS and Azure both offer robust IAM solutions to manage identities, roles, and policies, but they differ significantly in architecture, integration capabilities, and ease of use, particularly for software companies building SaaS solutions migrating from AWS to Azure. Users, Groups, and Roles AWS IAM creates users within an AWS account, grouping them into IAM User Groups, while Azure IAM manages users as directory objects in Microsoft Entra ID, assigning permissions via Azure RBAC. Both support MFA and identity federation through SAML, Azure enforcing Conditional Access based on location, device state, and user risk. AWS IAM grants permissions using JSON-based policies, allowing roles to be assumed by users, AWS services, or external identities without permanent credentials. Azure IAM assigns permissions via RBAC to users, groups, and service principals, offering predefined and customizable roles. Azure supports federated identity for hybrid environments, while Azure integrates with on-premises Microsoft Entra ID. Permissions and Policies AWS IAM employs JSON-based policies for granular permissions across AWS services. Policies can be identity-based, directly attached to users or roles, or resource-based, applied directly to resources such as S3 buckets or DynamoDB tables. AWS supports temporary credentials via roles, which can be assumed by users, AWS services, or external federated identities. Azure RBAC leverages predefined roles (e.g., Global Administrator, Contributor, Reader) or custom roles, offering clear hierarchical permissions management across resource, resource group, subscription, or management group levels. AWS also allows conditional permissions through advanced policy conditions (e.g., IP address, MFA status, tags). Azure IAM employs Conditional Access Policies, adjusting access based on location, device state, and user risk. AWS IAM grants access only when explicitly allowed, whereas Azure IAM evaluates role assignments and conditions before permitting actions. For multi-account and cross-tenant access, AWS IAM enables secure cross-account roles, while Azure IAM supports External Identities for inter-tenant collaboration. AWS IAM delegates administrative rights using roles and policies, whereas Azure IAM assigns administrative roles within organizations for delegated management. AWS IAM enables controlled, temporary access to S3 objects using pre-signed URLs, which grant time-limited access to specific resources without modifying IAM policies. These URLs are often used for secure file sharing and API integrations. In Azure, a similar concept exists with Shared Access Signatures (SAS) Keys, which provide scoped and time-limited access to Azure Storage resources like Blob Storage, Table Storage, and Queues. Unlike pre-signed URLs, SAS keys allow granular control over permissions, such as read, write, delete, or list operations, making them more flexible for temporary access Integration with External Identities Both platforms provide Single Sign-On (SSO). AWS IAM uses AWS SSO. Microsoft Entra ID also supports SSO with SAML, OAuth, and OIDC. For federated identities, AWS IAM allows external users to assume roles, while Microsoft Entra ID assigns roles based on its access model. Hybrid environments are supported through on-premises directory integration. AWS IAM connects to Active Directory via AWS Directory Service, while Microsoft Entra ID integrates with on-prem AD using Microsoft Entra ID Connect, enabling hybrid identity management and SSO for cloud and on-prem resources. Both support automated user provisioning: AWS IAM utilizes AWS SSO and federation services, while Microsoft Entra ID supports SCIM 2.0 for third-party applications and syncs on-prem AD via Entra ID Connect. AWS IAM enables ECS, EKS, and Lambda workloads to pull container images from Amazon Elastic Container Registry (ECR) using IAM roles. These roles grant temporary permissions to fetch container images without requiring long-term credentials. In Azure, Azure Container Registry (ACR) authentication is managed through Service Principals and Managed Identities. Instead of IAM roles, Azure applications authenticate using Entra ID, allowing containers to securely pull images from ACR without embedding credentials. Access Control Models AWS IAM uses a policy-based access model, where permissions are defined in JSON policies attached to users, groups, or roles. In contrast, Azure separate's identity management via Microsoft Entra ID from access management via Azure RBAC, which assigns roles to users, groups, service principals, or managed identities to control access to Azure resources. Both provide fine-grained access control. AWS IAM sets permissions at the resource level (e.g., EC2, S3), while Azure uses Azure RBAC to assign Microsoft Entra ID identities roles that apply hierarchically at the resource, subscription, or management group levels. Both follow a default "deny" model, granting access only when explicitly allowed. For multi-account and multi-tenant support, AWS IAM enables cross-account roles. Microsoft Entra organizations can use External ID cross-tenant access settings to manage collaboration with other Microsoft Entra organizations and Microsoft Azure clouds through B2B collaboration and B2B direct connect. Delegation is managed through IAM roles in AWS and RBAC role assignments in Azure. Conditional access is supported—AWS uses policy-based conditions (e.g., time-based, IP restrictions), while Microsoft Entra ID relies on Conditional Access Policies (e.g., location, device health, risk level). AWS allows cross-account policy sharing, while Microsoft Entra ID enables role-based delegation at different organizational levels. Both support cross-service permissions, AWS IAM policies can define access across multiple AWS services, while Azure uses Azure RBAC to assign Microsoft Entra ID identities permissions across Azure services such as Blob Storage, SQL Database, and Key Vault. For workload authentication, AWS IAM roles provide temporary credentials for EC2, Lambda, and ECS, eliminating hardcoded secrets. In Azure, Microsoft Entra ID enables Managed Identities, allowing applications running on Azure services to authenticate securely to other Azure resources without managing credentials. Additionally, Microsoft Entra Workload Identities allow Kubernetes workloads—especially on AKS—to authenticate using Entra ID via OpenID Connect (OIDC), streamlining access to Azure services in containerized and multi-tenant environments. In AWS, containerized workloads such as ECS, EKS, and Lambda use IAM roles to securely authenticate and pull images from Amazon ECR, avoiding hardcoded credentials. In Azure, containerized applications authenticate to Azure Container Registry (ACR) using Microsoft Entra ID identities—either Managed Identities or Service Principals. Permissions such as AcrPull are granted via Azure RBAC, enabling secure image access. Azure’s model supports cross-tenant authentication, making it particularly useful for ISVs with multi-tenant containerized SaaS deployments. Cross-account storage access in AWS uses IAM roles and bucket policies for Amazon S3, allowing external AWS accounts to securely share data. In Azure, Microsoft Entra ID B2B and RBAC assignments. This model avoids the need to share credentials or manage access via SAS tokens, streamlining collaborations in multi-tenant environments. Audit and Monitoring AWS IAM and Microsoft Entra ID both provide robust audit logging and monitoring. AWS CloudTrail logs IAM and AWS API calls for 90 days by default, with extended retention via CloudTrail Lake or Amazon S3. Microsoft Entra ID logs sign-ins, including failed attempts, retaining data for 7 days in the free tier and up to 30 to 90 days in Premium tiers. For longer retention, Log Analytics or Sentinel should be used. For real-time monitoring, AWS CloudWatch tracks IAM activities like logins and policy changes, while Microsoft Entra ID Premium does so via Azure AD Identity Protection. AWS uses CloudWatch Alarms for alerts on permission changes, whereas Microsoft Entra ID alerts on suspicious sign-ins and risky users. AWS GuardDuty detects IAM threats like unusual API calls or credential misuse, while Microsoft Entra ID’s Identity Protection identifies risky sign-ins (Premium P2 required). AWS Security Hub aggregates findings from CloudTrail and GuardDuty, while Microsoft Entra ID integrates with Azure Sentinel for advanced security analytics. For IAM configuration tracking, AWS Config monitors policies and permissions, while Microsoft Entra ID’s Audit Log track's role, group, and user changes. AWS Artifact provides downloadable compliance reports. Microsoft Purview Compliance Manager enables customers to assess and manage their compliance across services like Entra ID and Azure using built-in control assessments. AWS CloudTrail logs IAM activity across AWS Organizations, and Microsoft Entra ID Premium supports cross-tenant access monitoring. Azure Lighthouse enables cross-tenant management for service providers, integrating with Microsoft Entra ID for delegated access without guest accounts. It applies RBAC across tenants and manages shared resources like Azure Blob Storage and virtual machines, streamlining ISV operations in marketplace scenarios. Pricing AWS IAM and Microsoft Entra ID provide core IAM services for free, with advanced features available in paid tiers. Both platforms support unlimited users for basic IAM functions, with AWS offering free user, role, and policy creation, while Microsoft Entra ID allows up to 500,000 objects (users/groups) at no cost. Additional users can be added for free, though advanced features require a paid plan. MFA is free on both platforms, but Microsoft Entra ID includes advanced MFA options in Premium tiers. AWS does not have risk based Conditional Access for free. Microsoft Entra ID includes it in Premium P1/P2 tiers (starting at $6 per user/month) Custom policies for fine-grained access control are free in AWS and Azure. Identity federation is free in AWS IAM, while Microsoft Entra ID requires a Premium P1/P2 plan. Microsoft Entra ID includes Self-Service Password Reset (SSPR) in Premium P1/P2, whereas AWS IAM does not offer it for free. Both platforms support RBAC at no extra cost. Directory synchronization is available via Microsoft Entra ID Premium P1/P2. AWS Directory Service is a paid managed AD service, not part of IAM. AWS IAM doesn’t have a direct “guest user” concept; instead, you configure federated access or cross-account roles, but Microsoft Entra ID requires a Premium tier for Azure AD External Identities. Full API and CLI access for user, policy, and role management is free on both platforms. Advanced security monitoring is available through AWS GuardDuty and Security Hub at an extra cost. Microsoft Entra ID provides advanced security monitoring, such as risk-based conditional access, within Premium P1/P2 tiers. Both platforms offer free support for service principals, enabling secure application access and role assignments. Amazon Cognito vs. Microsoft Entra ID Amazon Cognito provides identity and access management for applications in AWS, while Azure offers this through Microsoft Entra ID, centralizing IAM tools for ISVs. Both differ in authentication, integration, and target audiences. User management Amazon Cognito uses User Pools for authentication and Identity Pools for federated identities. Microsoft Entra ID serves as a central identity directory for Azure, Microsoft 365, and third-party apps, integrating with on-prem AD. Authentication methods Both support password-based login, MFA, passwordless authentication, and social sign-in. Amazon Cognito can be extended to support passwordless authentication with magic links, OTPs, and FIDO2 using AWS Lambda. Microsoft Entra ID supports native passwordless options like FIDO2, Windows Hello, and OTPs, plus risk-based conditional authentication. Identity Federation & SSO Amazon Cognito supports SAML, OAuth 2.0, and OIDC. Microsoft Entra ID offers enterprise SSO with SAML, OAuth, and WS-Federation, plus cross-tenant federation via Entra ID B2B. Access Control & Security Policies AWS relies on AWS IAM and custom logic for built-in RBAC or Attribute Based Access Control (ABAC). Microsoft Entra ID includes RBAC, ABAC, and Conditional Access Policies for granular security control. Self-Service & User Management Amazon Cognito allows self-registration and password resets, with workflow customization via AWS Lambda. Microsoft Entra ID offers SSPR, access reviews, and an enterprise portal for account management. Security & Compliance Amazon Cognito provides monitoring via AWS CloudTrail and GuardDuty, compliant with HIPAA, GDPR, and ISO 27001. Microsoft Entra ID integrates with Microsoft Defender for Identity for threat detection, with compliance for HIPAA, GDPR, ISO 27001, and FedRAMP, plus risk-based authentication in premium tiers. Migration best practices tips When migrating IAM from AWS to Azure, organizations should: Assess existing AWS IAM policies and roles, mapping them carefully to Azure RBAC roles. Leverage Microsoft Entra Connect for seamless integration with existing on-premises Active Directory environments. Use Azure's Managed Identities and SAS tokens strategically to minimize credential management complexity. Implement Conditional Access Policies in Azure to dynamically secure and simplify access management. Key Resources: Microsoft Azure Migration Hub | Microsoft Learn Publishing to commercial marketplace documentation Pricing Calculator | Microsoft Azure Azure IAM best practices Configure SAML/WS-Fed identity provider - Microsoft Entra External ID Maximize your momentum with step-by-step guidance to publish and grow your app with App Advisor Accelerate your development with cloud ready deployable code through the Quick-start Development ToolkitSharePoint Embedded security features: A comprehensive Q&A guide
🔐 Authentication & identity management Q: How does SharePoint Embedded integrate with Microsoft Entra ID? A: SharePoint Embedded requires all users to authenticate through Microsoft Entra ID Single sign-on (SSO): Seamless authentication across Microsoft 365 services Multi-factor authentication (MFA): Configurable per-organization security policies Guest access: Secure B2B collaboration using Entra ID B2B guest accounts Key requirement: All users accessing SharePoint Embedded containers must exist as either: Member users in your Entra ID tenant Guest users invited through Entra ID B2B collaboration Q: What's the difference between delegated and application permissions? A: Understanding these permission models is critical for security and auditability: Delegated permissions (recommended): Application acts on behalf of an authenticated user User context preserved in audit logs Users must authenticate before accessing containers Enables file search capabilities within containers Use case: Interactive applications where user identity matters Application-only permissions (restricted Use): Application acts without user context No user tracking in audit logs (shows as application) Search capabilities are limited Use case: Background jobs, system integrations, automated processes Best practice: Use delegated permissions whenever possible to maintain proper audit trails and security accountability. Q: How do we secure service principals and application secrets? A: SharePoint Embedded supports multiple secure authentication methods: Managed identities (Most Secure): No secrets or certificates to manage Identity tied to Azure resources Cannot be used outside your Azure environment Eliminates credential exposure risk Certificate-based authentication: More secure than client secrets Longer validity periods Can be stored in Azure Key Vault Client secrets (use with caution): Store in Azure Key Vault, never in code or config files Enable automatic rotation (recommended: 90-day rotation) Configure expiration alerts Security hardening: Apply Conditional Access policies to service principals Restrict to corporate IP ranges using Named Locations Implement Privileged Identity Management (PIM) for credential access Enable Azure Policy to enforce certificate-based authentication Domain limitations if applicable 🛡️ Container-level security features Q: What security controls are available at the container level? A: SharePoint Embedded provides granular security controls for each container: Sensitivity labels: Enforce encryption and access policies Automatically applied to all content in container Integrated with Microsoft Purview Information Protection Block download policy: View-only access for high-sensitivity content Prevents data exfiltration Supports watermarking in Office web apps Container permissions: Four permission levels available: Owners: Full control including container deletion Managers: Manage content and permissions (cannot delete container) Writers: Add, update, and delete content Readers: View-only access Q: How does SharePoint Embedded handle external user collaboration? A: SharePoint Embedded supports secure external collaboration through multiple mechanisms: Authentication options: Entra ID guest users: External users invited as B2B guests Email-based sharing: Send secure access links with expiration Anonymous links: View-only or edit links without authentication (configurable) Security controls: Container-level sharing policies may supersede tenant default settings; however, they do not impact other configurations within the tenant. Link expiration dates and access revocation Audit trail for all external user activities Integration with Data Loss Prevention (DLP) policies Sharing configuration best practices: Enable guest sharing only for required applications Require email verification for sensitive content Monitor external access through Microsoft Purview audit logs Real-world scenarios: Legal firms: Share case documents with external counsel using time-limited guest access Construction projects: Collaborate with subcontractors while maintaining security boundaries Financial services: Enable secure document exchange with clients using DLP policies 📋 Compliance & data governance Q: What Microsoft Purview features are supported? A: SharePoint Embedded integrates with the full Microsoft Purview compliance suite: Audit logging: All user and admin operations captured in unified audit log Enhanced with ContainerTypeId for filtering Search and export capabilities through Microsoft Purview Retention up to 10 years (with E5 license) eDiscovery: Search across all SharePoint Embedded containers Place legal holds on container content Review content to determine if it should be tagged and included in the case Export content for litigation or investigation Data lifecycle management (DLM): Apply retention policies to containers Automatic deletion after retention period Hold policies for litigation or investigation Label-based retention rules Implementation: Retention policies apply to "All Sites" automatically to include SPE containers Selective enforcement using container URLs Graph API for programmatic label application Data loss prevention (DLP): Identify and protect sensitive information Prevent external sharing of classified content Policy tips and user notifications Automatic encryption and access restrictions DLP policy enforcement: Real-time scanning of uploaded content Block external sharing based on content type Business justification workflows (app-dependent) Integration with sensitivity labels Q: How are DLP policies enforced in SharePoint Embedded? A: DLP works similarly to SharePoint Online with some considerations: Supported scenarios: Automatic detection of sensitive information (PII, financial data, etc.) Policy enforcement on upload, download, and sharing Alert generation for policy violations Integration with Microsoft Purview compliance center Application responsibilities: Since SharePoint Embedded has no built-in UI, applications must: Display policy tips to users when DLP flags content Handle business justification workflows for policy overrides Implement sharing restrictions when DLP blocks external access Use Graph APIs to retrieve DLP policy status Best practice: Test DLP policies on pilot containers before organization-wide deployment. 🔒 Advanced security scenarios Q: How do we implement least-privilege access for SharePoint Embedded? A: Follow these principles for robust security architecture: Q: What are common security misconfigurations to avoid? A: Learn from real customer experiences: ❌ Common Mistake 1: Assigning application permissions to user activities Problem: No audit trail, all actions appear as "application" Solution: Use delegated permissions for interactive scenarios ❌ Common Mistake 2: Storing secrets in application code Problem: Credential exposure in version control Solution: Use Azure Key Vault with managed identities ❌ Common Mistake 3: Ignoring conditional access configuration Problem: Service principals accessible from any network Solution: Configure named locations and conditional access policies ❌ Common Mistake 4: Not testing admin consent flow Problem: Consuming tenant onboarding failures Solution: Use admin consent URL method: https://login.microsoftonline.com/{tenant-id}/v2.0/adminconsent?client_id={client-id}&redirect_uri={redirect-uri} 🏢 Enterprise security best practices Q: What security hardening steps should we implement? A: Follow this layered security approach: Level 1: Basic hardening Access controls: [ ] Implement least privilege principles [ ] Use delegated permissions for user-facing operations [ ] Regular permission audits (quarterly) [ ] Remove unused API permissions Authentication: [ ] Enable certificate-based authentication [ ] Configure MFA for all admin accounts [ ] Implement password-less authentication where possible [ ] Use managed identities for Azure-hosted apps Network security: [ ] Configure Conditional Access policies [ ] Define trusted IP ranges (Named Locations) [ ] Block legacy authentication protocols [ ] Enable sign-in risk policies Level 2: Advanced hardening Monitoring & alerting: [ ] Enable Microsoft Defender for Cloud Apps [ ] Configure alerts for suspicious activities: Unusual download volumes Access from unexpected locations Permission changes Guest user additions [ ] Integrate audit logs with SIEM (Sentinel, Splunk) [ ] Establish baseline for normal activity Compliance: [ ] Apply sensitivity labels to containers [ ] Implement DLP policies for sensitive data [ ] Configure retention policies [ ] Regular compliance assessments Incident response: [ ] Document container emergency access procedures [ ] Define escalation paths for security incidents [ ] Test access revocation processes [ ] Maintain audit log retention for forensics Level 3: Zero trust architecture Continuous verification: [ ] Device compliance requirements [ ] Session-based access controls [ ] Real-time risk assessment [ ] Automated response to anomalies 📚 Additional resources Official documentation Security and Compliance Overview Container Permissions API Microsoft Purview DLP Conditional Access Policies Security best practices SharePoint Embedded Admin Guide Entra ID Application Security Zero Trust Security Model Have more questions or want to talk to the team, contact us: SharePointEmbedded@microsoft.comDecember edition of Microsoft Marketplace Partner Digest
Microsoft Ignite 2025 - Marketplace highlights Microsoft Ignite was packed with announcements and insights for Marketplace partners. From new commerce capabilities to AI-driven innovations, here are some key takeaways: Global expansion of Microsoft Marketplace - Microsoft announced that the reimagined Microsoft Marketplace, which launched in the U.S. earlier this year, is now globally available. This expansion includes new APIs for distribution partners, enabling them to link their own cloud marketplace with Microsoft’s, opening significant opportunities for software companies in SMB and mid-market segments. 🎬 Watch a recorded webinar with TD SYNNEX on the power of distribution to accelerate SMB marketplace sales. Global availability of Resale Enabled Offers - This capability allows software development companies to and channel partners to resell software solutions directly through Marketplace, simplifying transactions, expanding reach, and scaling revenue. 👉 Read more about this announcement and get started Introducing App Accelerate - A unified offer that brings together incentives, benefits, and co-sell support across the Microsoft Cloud. App Accelerate provides end-to-end technical guidance, developer tools, and go-to-market resources so software development companies can innovate and scale. Previews are beginning now, with full availability planned for 2026. ✅ Sign up to receive updates Enhanced Partner Marketing Center - Discover, customize, and launch campaigns faster with intelligent search and AI-powered tools—all on one connected platform. The current Partner Marketing Center will remain available as the new and enhanced Marketing Center platform launches in early 2026 with 24 campaigns-in-a-box, aligned to FY26 solution plays. ✨ Get ready for the new era of partner marketing Frontier Partner badge – New customer-facing badges recognize top services, channel, and software development company partners that are driving AI transformation with customers and offer them an opportunity to differentiate themselves from the competition. 🛡️Differentiate your AI-first leadership Catch up on Microsoft Ignite sessions Ignite 2025 delivered powerful insights and announcements for Marketplace partners, and now you can catch up on the sessions you missed. Explore these recorded keynotes to learn about new capabilities, partner programs, and strategies to accelerate growth through Microsoft’s ecosystem. Ignite opening keynote Ignite partner keynote: Powering Frontier Partnerships Additionally, we’ve compiled recordings of relevant Marketplace partner and customer sessions so you can watch on-demand. Revisit Marketplace-focused sessions and resources. Just look for the ✨ icon below. Partner sessions: PBRK415 Grow your business with Microsoft AI Cloud Partner Program Find out how the Microsoft AI Cloud Partner Program helps you grow with new benefits, designations, and skilling opportunities. This session covers updates like the Frontier Partner Badge, Copilot specialization, and streamlined Marketplace engagement—all designed to accelerate your AI transformation journey. PBRK416 Accelerate Growth through Partner Incentives Explore how Microsoft is boosting partner growth with streamlined incentives, AI-first strategies, and new designations like Frontier Distributor. This session covers expanded investments in Azure Accelerate, Copilot solutions, and security practices—plus insights on how to capitalize on evolving programs and co-sell opportunities. PBRK417 Partner: Connect, Plan, Win – Enhancing Co-sell Engagement Discover how to enhance collaboration, optimize joint efforts, and drive success in shared initiatives. Gain insights into improving interactions with Microsoft sellers and leveraging opportunities, along with guidance on proactive co-selling to align your goals with Microsoft's for sustained growth. PBRK418 Partner: Benefits for Accelerating Software Company Success Learn about the resources and benefits available for software development companies across all stages of the build, publish and grow journey in MAICPP. Whether you’re developing a new agent solution or working toward a certified software designation, there are targeted skilling opportunities, technical resources, and GTM benefits to help. Tap into new investments for AI apps and agents and hear from your peers on how they’ve used rewards such as customer propensity scores and Azure sponsorship. PBRK419 SI & Advisory Partner Readiness: Accelerating the Journey to Frontier Understand how Microsoft is empowering our SI and advisory partners to accelerate frontier firm readiness for our Enterprise customers by driving AI transformation with agentic solutions and services. ✨PBRK420 Executing on the channel-led marketplace opportunity for partners See how Microsoft’s unified Marketplace drives partner growth with resale-enabled offers, creating scalable channel sales and co-sell opportunities. This session shares practical steps to build a sustainable Marketplace practice and leverage the partner ecosystem for greater reach and profitability. PBRK421 Enabling a thriving partner ecosystem: New CSP Authorization Criteria Dive into what’s new for Cloud Solution Providers, including updated authorization requirements and designations that help you stand out. This session covers steps to choose the right tier, build trust as a customer advisor, and prepare for growth with AI-driven solutions and Copilot offerings. PBRK422 The Future of Partner Support: Customer + Partner + Microsoft Discover ‘Unified for Partners,’ Microsoft’s new support model designed for CSP partners to deliver customer success at scale. This session introduces the Support Services designation, offering faster response times, financial incentives, and integrated tools to strengthen your support capabilities. PBRK423 Partner Execution at Scale with SME&C Explore growth opportunities in the high-potential SME&C segment. This session highlights investments in co-selling, AI-first strategies, and what it means to become ‘customer zero,’ with examples of frontier firms driving innovation at scale. ✨PBRK424 Marketplace Success for Partners—from SMB to Enterprise Learn how to build, publish, and monetize AI-powered solutions through Microsoft Marketplace. This session shares a proven approach to align your Marketplace strategy with your sales motion and unlock new revenue opportunities. PBRK272 Accelerate Secure AI: Microsoft’s Security Advantage for Partners Explore Microsoft’s integrated security solutions and learn how to help customers strengthen their defenses in the AI era. This session highlights partner opportunities, resources to grow your security practice, and what it takes to lead as a next-generation security partner. Customer Sessions: ✨Microsoft Marketplace: Your trusted source for cloud solutions, AI apps, and agents | STUDIO47 Hear from Cyril Belikoff, VP of Commercial Cloud & AI Marketing, sharing the reimagined Microsoft Marketplace—the gateway to thousands of AI-powered apps, agents and cloud solutions—all built to accelerate innovation and drive business outcomes. Discover how customers benefit from faster deployment, seamless integration with Microsoft tools, and trusted solutions, and how partners can scale their reach, accelerate sales, and tap into Microsoft’s global ecosystem. Azure Accelerate in action: Confidently migrate, modernize, and build faster Join Cyril Belikoff for a rapid Q&A that spotlights real-world customer success and the transformative impact of Azure Accelerate. Hear how customers like Thomson Reuters achieved breakthrough results with our powerful offering that provides access to Microsoft experts and investments throughout your Azure and AI journey. ✨BRK213 Microsoft Marketplace: Your trusted source for cloud and AI solutions Discover how the reimagined Microsoft Marketplace is reshaping the future of cloud and AI innovation. In this session, we’ll explore how Microsoft Marketplace—unifying Azure Marketplace and Microsoft AppSource—empowers organizations to become Frontier Firms by streamlining the discovery, purchase, and deployment of tens of thousands of cloud solutions, AI apps, and agents. ✨BRK215 Boost cloud and AI ROI using Microsoft Marketplace As organizations embrace an AI-first future, cloud adoption is accelerating to drive innovation and efficiency. This session explores practical strategies to optimize cloud investments—balancing performance, scalability, and cost control. Learn how Microsoft Marketplace enables rapid solution deployment while maintaining governance, compliance, and budget discipline. Build a resilient, cost-effective cloud foundation that supports AI and beyond. Community Recap Partner of the Year Award Winners Congratulations to the winners and finalists of the 2025 Microsoft Partner of the Year Awards in the Marketplace category! 🏆 Explore all winners and finalists Fivetran earned the top honor as Marketplace Partner of the Year for its innovation in automating data movement on Microsoft Azure, enabling enterprises to accelerate AI and analytics initiatives. Varonis Systems Inc. and Bytes Software Services were recognized as finalists for delivering exceptional solutions and driving customer success through Marketplace. What’s Coming Up AI-powered acceleration: Scale faster in Microsoft Marketplace 📆 Thursday, December 04, 2025, at 9:00 AM PST Microsoft Marketplace is no longer just a procurement convenience; it’s a strategic revenue engine. Dive into operational readiness, CRM-native automation, seller engagement, trust signals, and AI-enabled acceleration. Whether you're just getting started or looking to optimize your Marketplace motion, this session will provide you with information that will turn your first sale into a repeatable growth engine. Scale smarter: Discover how resale enabled offers drive growth 📆 Friday, December 05, 2025, from 11:00 - 12:00 PM GTM+1 Discover how resale enabled offers help software development companies to scale through the Microsoft Marketplace by simplifying transactions, expanding reach and accelerating co-sell opportunities. Chart your AI app and agent strategy with Microsoft Marketplace 📆 Thursday, December 11, 2025, from 8:30 - 9:30 AM PST Organizations exploring AI apps and agents face a critical choice: build, buy, or blend. There’s no one-size-fits-all—each approach offers unique benefits and trade-offs. Tune in for insights into the pros and cons of each approach and explore how the Microsoft Marketplace simplifies adoption by providing a single source for trusted AI apps, agents, and models. Office hours for partners: Marketplace resale-enabled offers 📆 Thursday, December 18, 2025, at 8:30 AM PST Tune in to explore resale enabled offers through Microsoft Marketplace. This recently announced capability enables software companies to expand into new markets globally, at scale, and without additional operational overhead. Dive deep into the workflow and requirements for these deals. Learn about reporting and best practices from those that are already selling globally with resale enabled offers. Microsoft Ignite will return to San Francisco next year 📆 November 17-20, 2026 Sign up now to join the Microsoft Ignite early-access list and be eligible to receive limited‑edition swag at the event. 💬 Share Your Feedback! We truly appreciate your feedback and want to ensure these Partner Digests deliver the information you need to succeed in the marketplace. If you have any feedback or suggestions on how we can continue to improve the content to best support you, we’d love to hear from you in the comments below!Ignite 2025: Drive the next era of software innovation with AI
Artificial intelligence is unlocking new possibilities and redefining what’s achievable. Software companies, startups, ISVs and AI Natives are leading the charge, using AI to speed up delivery, scale effectively, and unlock new business potential. Microsoft empowers software companies to unlock growth through AI-driven innovation, empowers their developers to ship faster and scale through programs, incentive and Microsoft Marketplace. There is clear momentum in AI innovation, led by forward-thinking software companies. For instance, Microsoft Marketplace now offers 4,000+ AI Apps and Agents—more than any other marketplace—as well as additional cloud solutions designed to help customers accelerate their innovation. Software company acceleration at Microsoft Ignite. This week at Ignite, Microsoft is empowering software companies across three key areas: 1. Unlock growth with AI Software companies can access a broad choice of models, tailor them to their use case, and create AI apps and agents that deliver outcomes while using responsible AI to protect data and reduce risk. New announcements: Unified tools catalog in Microsoft Foundry (Public preview) New Microsoft Foundry updates in preview will enable developers to enrich agents with real-time business context, multimodal capabilities and custom business logic through a unified Tools catalog of Model Context Protocol (MCP) servers built with security and governance in mind. The catalog includes Unified tool discovery, deep business integration, new tools for prebuilt AI services, and custom tool extensibility. Managed instance on Azure App Service (Public preview) Enables organizations to move web applications to the cloud with just a few configuration changes, saving the time and effort of rewriting code. Whether .NET web apps are running on-premises or in virtual machines, developers will be able to modernize them into a fully managed platform-as-a-service (PaaS) environment and future-proof their infrastructure. The result is faster app modernization with lower overhead and access to cloud-native scalability, built-in security and Azure’s AI capabilities. Cohere joins Microsoft Foundry’s first-party model lineup (Public preview) Cohere’s leading language models (Command A, Embed 4 and Rerank) are now available directly from Azure, giving customers fast, secure, and compliant access without third-party dependencies. Delivered with Azure-native governance, observability, networking, and billing, Cohere on Azure enables organizations to build high-performance retrieval, classification, and generation workflows at enterprise scale. Introducing Anthropic's Claude models in Microsoft Foundry (Public preview) Microsoft and Anthropic are expanding their existing partnership to provide broader access to Claude for businesses. Customers of Microsoft Foundry will be able to access Anthropic’s frontier Claude models including Claude Sonnet 4.5, Claude Opus 4.1, and Claude Haiku 4.5. This partnership will make Claude the only frontier model available on all three of the world’s most prominent cloud services. Azure customers will gain expanded choice in models and access to Claude-specific capabilities. 2. Accelerate development Ship faster with AI-assisted workflows, build across clouds and open-source stacks, and use databases that speed data access and analysis to quickly move from prototype to production. New announcements: Systems innovation (Private preview) Remote storage throughput of up to 20 GBps, up to 1 million remote storage IOPS and network bandwidth of up to 400 Gbps, enabling significant performance improvements for the latest Azure VM series. Azure Boost is a server subsystem designed by Microsoft consisting of purpose-built software and hardware that offloads server virtualization processes traditionally performed by the hypervisor and host OS. Various storage and network intensive workloads will benefit the most from these new performance specifications. Microsoft Defender for Cloud + GitHub Advanced Security (Preview) With Microsoft Defender for Cloud and GitHub Advanced Security, you can protect cloud-native applications across the full app lifecycle from code to cloud. This natively integrated solution helps connect software developers and security teams while staying in the tools they use every day; to prioritize the most critical risks exposed in production and fix these risks faster with AI-powered remediation. Azure HorizonDB PostgreSQL (Private preview) A new PostgreSQL cloud database service delivering high speed and elastic scalability for building or modernizing mission-critical applications. Integrated with Microsoft Foundry, Microsoft Fabric, Visual Studio Code and more, Azure HorizonDB streamlines development. Modern authentication with Microsoft Entra ID and security features like Microsoft Defender and private endpoints support enterprise-grade protection. 3. Scale with confidence Turn innovation into revenue with Microsoft Marketplace by expanding your reach through the partner ecosystem, unlocking go-to-market benefits, and differentiating with offers that stand out. New announcements: Global release of Microsoft Marketplace (General availability) Microsoft Marketplace — your trusted source for cloud solutions, AI apps, and agents — is now globally available following its launch in the United States in September. All traffic from legacy storefronts (Azure Marketplace and AppSource) is now redirected to Marketplace.Microsoft.com. Featuring the industry’s largest catalog of AI apps and agents, Marketplace extends the Microsoft Cloud, helping customers accelerate their AI-first transformation with tens of thousands of vetted solutions from our partner ecosystem. These solutions integrate easily with Microsoft products, delivering faster time-to-value. Microsoft Agent 365 (Preview) Extend the existing infrastructure that you use for managing people to agents. Agent 365 equips your agents with the same apps and protections, tailored to agent needs, saving IT time and effort on integrating agents into business processes. It includes leading Microsoft security, productivity and collaboration solutions: Defender, Entra and Purview to protect and govern agents; Microsoft 365 productivity and collaboration apps and Semantic Index to accelerate their productivity; and Microsoft 365 admin center to manage agents. We're already seeing great examples from Devin, Genspark, Glean, Kasisto, Manus AI, n8n, ServiceNow, Workday, and more. Unified programs for software companies – App Accelerate (Public preview) Our Partner Program is focused on delivering more value for software companies, and we’ve identified an opportunity to simplify the Microsoft AI Cloud Partner Program (MAICPP) offers available to software companies today. We're announcing a new offering for software development companies, available in 2026—combining incentives, benefits, and co-sell resources across existing offerings such as ISV Success, and Marketplace Rewards—into one streamlined pathway for partners. App Accelerate brings together ISV Success, Marketplace Rewards, and more into a single-entry point, creating a unified and simplified experience to help partners accelerate their growth through Microsoft Marketplace. Early access to co-sell benefits (Pilot) As part of our new unified offer, we’re creating an additional route for software companies to access co-sell benefits. This pathway is designed for partners who may not have reached the $100K milestone in Marketplace Billed Sales (MBS) or Azure Consumed Revenue (ACR) but demonstrate readiness in other critical areas. This early access option is nomination-based, with eligibility determined by criteria such as Microsoft Azure Consumption Commitment (MACC), customer traction, and pipeline strength. Resale enabled offers (General availability) Analysts estimate nearly 60% of cloud marketplace business will be channel-led by 2030. With a partner ecosystem of 500K+ —Microsoft Marketplace is fully embracing the channel-led Marketplace opportunity with the general availability of resale enabled offers. Resale enabled offers enable software companies to empower channel partners to manage their Marketplace listings through a repeatable model designed for scale. This helps software companies break through to new markets without adding overhead while channel partners maintain their customer relationships while getting the added value of Marketplace. Sales of eligible solutions also count toward customers’ Azure consumption commitments, opening the door to larger, more strategic deals funded by pre-committed cloud budgets—creating stickier relationships and fueling growth. Featured Ignite sessions Whether you're attending Ignite in person or joining online, these sessions are designed to help software companies build smarter, scale faster, and unlock new growth opportunities. Tuesday, November 18 – 1:00pm PT Agents, apps, and acceleration: Helping software companies grow Explore the opportunity for AI apps and agents. Learn how to build experiences that matter and get best practices from other leading software companies. Wednesday, November 19 – 10:15am PT Benefits for accelerating software company success Discover resources available across the build, publish, and grow journey in MAICPP. Hear how peers are using AI investments and go-to-market benefits to grow. Wednesday, November 19 – 5:00pm PT Executing on the channel-led Marketplace opportunity for partners Discover practical strategies across diverse dealmaking scenarios to grow business and deepen Microsoft partnerships. Keep the momentum going—explore more Ignite sessions and activities created with software companies in mind. Let’s create the future together You are redefining what’s possible with AI. Microsoft is here to help you create the future. Get started Get resources to help grow your software development company Use ISV Success to build faster with AI tools, services, and expert support Publish your solution and reach millions of customers on the Microsoft Marketplace Access App Advisor and get step-by-step guidance to build, publish, and sell your app or agentFrom listing to sale: Microsoft Marketplace made easy
Kyle Heisner is a veteran GTM and Cloud Marketplace leader at Suger with extensive experience helping software companies scale through strategic partnerships and co-sell programs. He is known for transforming complex cloud ecosystems into clear, repeatable revenue motions. __________________________________________________________________________________________________________________________________________________________ You’ve built an amazing product and listed it on Microsoft Marketplace. Now what? For many software development companies, that’s where progress stalls. Your listing is live, yet transactions aren’t flowing. You’re in the Marketplace, but not yet part of its commerce motion. Going from “listed” to “transactable” is the turning point. It’s when your Marketplace presence becomes a measurable pipeline, eligible for co-sell, incentives, and enterprise purchasing. This guide walks through how top software companies go transactable, combining AI, automation, and integrations to make it simple and scalable. Why Microsoft cares about transactable software companies Microsoft is doubling down on transactable listings as the foundation of its marketplace strategy. Transactable offers enable customers to buy directly through their Azure commitments, simplifying procurement and making cloud adoption measurable. For Microsoft, this shift drives predictable consumption, cleaner billing, and stronger alignment with enterprise buyers. For partners, it opens access to co-sell programs, incentives, and higher placement in Marketplace search. Being transactable isn’t optional anymore. It’s the cost of entry for the next generation of cloud GTM. Why being transactable benefits software companies For software companies, transactable listings transform Marketplace visibility into a repeatable revenue channel. Microsoft handles billing, invoicing, and disbursements, so customers can purchase through existing Azure agreements without new vendor onboarding or security reviews. When your listing is transactable: Enterprise buyers purchase through committed Azure spend. You qualify for Marketplace Rewards and co-sell incentives. Microsoft sellers can align on deals that generate mutual pipeline. Your revenue data flows directly into payout and forecasting systems. Transactable listings reduce friction for buyers, streamline sales cycles, and create a scalable path to growth alongside Microsoft. Aligning your sales methodology Microsoft Marketplace isn’t a side motion; it’s a core sales channel. The best software companies fold Marketplace into their qualification and closing process, turning it into a repeatable path that accelerates deals and reduces friction across teams. Role-based actions for Microsoft Marketplace success Partner & Alliances Identify customers with Azure consumption commitments that can fund your deals. Build joint account plans with Microsoft Partner Development Managers (PDMs). Share pipeline regularly and flag co-sell-eligible opportunities early. Sales Reps Ask early if buyers have Azure budgets or enterprise agreements. Present Marketplace as the fastest purchasing path. Tag Marketplace opportunities in CRM and trigger co-sell workflows. Sales Management Review Marketplace pipeline in forecasts and QBRs. Set targets for the percentage of deals closing through Azure. Align compensation to reward Marketplace adoption. RevOps Standardize CRM fields and automate referral submissions. Track cycle time and win rates versus direct deals. Measure Marketplace impact on deal velocity and CAC. Finance Reconcile payouts with Partner Center data. Sync invoices and taxes into your accounting system. Forecast Marketplace cash flow accurately. Embedding Marketplace into sales motions creates a repeatable, low-friction channel that scales across every team. Go from listed to selling fast Going transactable used to take months of coordination. With automation and AI, it now takes days. Suger helps Azure software companies: Connect Partner Center, CRM, and finance systems. Publish transactable offers. Automate MPOs, invoicing, and payout tracking. Visualize performance in unified dashboards. Whether you’re a startup or enterprise, the path to your first Azure sale is shorter than ever if your systems and workflows are connected. How it works step-by-step Publishing a listing is only the start. To generate revenue, connect your CRM, finance, and partner systems so deals flow cleanly from quote to cash. Many software companies get stuck on manual offers or disconnected data. The fix is automation. The fastest-growing software companies standardize the path from listing to sale. Step 1: Connect your systems You don’t need to integrate everything at once. Connect core systems early to avoid rework. Suger’s 30+ native integrations make it simple, no engineering required. CRM (Salesforce, HubSpot): Link Partner Center so listings, referrals, and private offers live inside Opportunities. Finance (NetSuite, QuickBooks, Stripe): Sync invoices, payouts, and true-ups automatically. Communications (Slack, Teams): Notify teams when offers are created, accepted, or near expiry. These integrations give every team a shared view from day one. Step 2: Build you listing with AI To transact, you need a listing that defines how your product is sold, including pricing, descriptions, and compliance details. That’s where many software companies slow down. Suger’s AI Listing Assistant speeds publishing by auto-filling: Product info (e.g. title, descriptions, and categories) Support contacts Resource links In minutes, you can publish a compliant listing with minimal effort. Suger then syncs pricing, SKUs, and entitlement configurations through your connected systems, ensuring your listing is ready for transactions. Step 3: Validate and go live Once the listing is ready, make it transactable by linking it to offer plans that define pricing, fulfillment, and entitlements. Suger automates this process end-to-end: Imports listing data from Partner Center Prefills pricing and fulfillment details from CRM and finance Validates compliance with Azure transaction rules Publishes back to Partner Center as “transactable” In minutes, your offer is connected and live, ready for reps to create private offers directly in CRM. Step 4: Enable co-sell with Microsoft Going transactable unlocks the Azure Co-Sell program, the fastest way to grow joint pipeline with Microsoft. Suger automates co-sell operations by: Sharing eligible opportunities with Microsoft automatically Enriching missing required referral details (e.g. company, website, address, industry, size, and phone) Syncing updates back to CRM as deals progress That keeps both sides aligned in real time. Step 5: Generate private offers Most software companies start with a Microsoft Private Offer , a custom quote for a specific buyer. With Suger, reps create offers directly in their CRM: Offer details auto-populate from CRM or CPQ records Approvals route through Slack or Teams Accepted offers sync back for payout reconciliation When an offer is accepted, Suger automatically: Attaches EULAs and entitlement documents to the record Notifies Finance to mark the deal as Closed Won Syncs revenue data with accounting systems for payout reconciliation The entire process—from quote to close—takes minutes instead of hours, keeping teams focused on selling instead of administration. Step 6: Automate billing and payouts Once the deal closes, automation continues. Suger’s enterprise-grade billing and metering turn raw usage into clean financial data: Converts consumption into billable records that match Microsoft’s billing format. Handles hybrid and usage-based pricing models automatically. Flags discrepancies before invoices hit Finance. Exports payouts directly into NetSuite or QuickBooks. Finance teams gain accurate, audit-ready data, and sellers gain visibility into when revenue actually lands. No spreadsheets, no missed payments, no confusion. Step 7: Measure and optimize After your first sale, visibility drives optimization. Suger unifies Marketplace, CRM, and finance data into dashboards for every team. Sales: Pipeline by region and offer type. Alliances: Co-sell progress and seller engagement. Finance: Payout timing and reconciliation. RevOps: Deal velocity and attribution. Dashboards simplify forecasting and export easily to Power BI or Tableau. Avoid common pitfalls Most teams hit the same snags. Automation turns bottlenecks into repeatable, scalable processes. Pitfall Impact Automation Fix Disconnected systems Manual entry across CRM & Partner Center Two-way CRM sync keeps data consistent Offer complexity Delays from unclear plans or pricing Guided templates with AI validation Approval bottlenecks Weeks lost in manual review Slack-based approval workflows Limited visibility Finance unsure of payout timing Unified dashboards and auto-reconciliation Scaling challenges Ops can’t keep up with deal volume No-code workflows that clone across regions Check your readiness Before transacting, confirm: Offer readiness: Transactable offer configured, approved, and tested. System readiness: CRM, billing, and Partner Center fully synced. Workflow readiness: Private offer creation and approvals automated. Visibility readiness: Dashboards tracking pipeline, payouts, and cycle time. Team readiness: Roles trained on Marketplace quoting and fulfillment. This helps ensure smooth and scalable processes after kick-off. The Suger difference Suger combines automation, AI, and native integrations in one platform built for hyperscaler marketplaces. Area What Suger Does Why It Matters CRM-native co-sell & offer creation CRM-native co-sell and offer creation Keeps reps in workflow 30+ integrations Plugs into existing tech stacks End-to-end automation Workflow automation Automates listings, enrichment, and approvals Cuts manual effort and errors Unified reporting Real-time pipeline and revenue dashboards One source of truth for every team Enterprise billing & metering Handles hybrid and usage-based pricing Simplifies revenue operations Customer-first success Named CSM, Slack support, 24/7 availability Fast onboarding and resolution This combination helps software companies go live faster and scale sustainably without adding headcount or complexity. Reignite your Marketplace listings If your Azure listing is live but inactive, start here: Convert to transactable. Use guided templates to publish a compliant offer quickly. Connect core systems. Sync CRM, Partner Center, and finance for automatic deal flow. Automate private offers and co-sell. Let reps manage everything directly from CRM. These steps unlock visibility, accountability, and revenue: the foundation for long-term Marketplace success. Impact by team Every team benefits when Azure Marketplace operations are automated and connected. Sales: Faster deal creation and fewer errors by staying inside CRM. Partner/Alliances: Real-time visibility into co-sell pipeline and cloud alignment. RevOps: Unified analytics connecting listing, pipeline, and revenue. Finance: Reliable payout data, no spreadsheets, and automated reconciliation. Engineering: Less manual maintenance thanks to productized integrations. Shared data and workflows make Marketplace revenue predictable. Going transactable is the tipping point between simply being listed on Microsoft Marketplace and generating real, predictable revenue. By connecting core systems, automating private offers, and enabling co sell, software companies turn Marketplace into a repeatable sales channel. Automation removes the operational burden and lets offers generate in minutes while data flows cleanly from CRM to finance. When teams have visibility into pipeline, payouts, and performance, Marketplace becomes easier to forecast, manage, and scale. The companies that win are the ones that treat Marketplace as a core sales strategy, not a side experiment. Start your journey Ready? Publish a transactable offer, enroll in co-sell, and share a referral to get there faster. Need help? Contact Suger for a consultation and go from listed to selling fast. __________________________________________________________________________________________________________________________________________________________________ Resources Microsoft Marketplace Trusted source for cloud solutions, AI apps, and agents Microsoft Marketplace - Marketplace publisher | Microsoft Learn How to guides for working in Microsoft Marketplace ISV Success Discover offers and benefits of ISV Success to help you take your apps and agents to the next level.SharePoint Embedded guide for software companies: Use cases make it real for customers
Getting Started: The Foundation Q: "We're a SaaS platform with multiple customers—how do we keep their data separate?" A: The most successful multi-tenant software companies use the owning and consuming tenant approach. Once you have developed your application and it’s ready to be deployed to a customer, customers want to maintain control of their data, use the security configuration they have configured and compliance controls across their entire data estate. What they don’t want to do is store data outside of their tenant. When using SharePoint Embedded, you control the application, your customer controls their data. Software companies create their application in the owning tenant. When you’re ready to bring on a new customer, you simply register SharePoint Embedded on the consuming tenant (your customer). As documents are added through your application, they reside in the consuming tenant and all the security boundaries they have configured. Scale reality check: You can create millions of containers per tenant, with each container holding up to 30 million documents. That's serious enterprise scale. Q: Our customers demand specific geographic data storage and compliance. Can SharePoint Embedded handle this? A: SharePoint Embedded inherits Office 365's data residency capabilities, which often exceeds what most software companies can provide on their own: Geographic controls: Data stays within customer-specified regions Government clouds: FedRAMP support for government tenants or contractors Compliance inheritance: Customers leverage their existing Microsoft compliance investments Game-changer example: Customers need FIPS compliance and ITAR support for government contractors. Rather than building this infrastructure themselves, they leverage Microsoft's existing certifications. Q: What's the real story on costs? How do software companies handle SharePoint Embedded billing? A: When a software company is ready to deploy their app there are two primary billing models: Pass-through model: Customer pays Microsoft directly through an Azure subscription they choose. The software company handles integration, customer handles billing Customers maintain control over their data and costs Works well for enterprise customers with existing Microsoft relationships Software company-standard model: Software companies include SPE costs in their pricing and then invoices the customer Easier for customers, but software companies must manage costs closely. Storage: ~$0.0067/GB/day + API transaction costs + egress costs Works well for SMB customers or all-inclusive service models Success Pattern: Legal sector software companies typically use pass-through, while financial management apps include costs in their SaaS pricing. Document collaboration: it’s all about the user experience Q: Our customers hate our current document editing experience. What changes with SharePoint Embedded? A: The collaboration transformation is usually immediate and dramatic: Before SharePoint Embedded: Web-only editing with limited functionality Version conflicts and manual merging External users need full software licenses Downloading a document to edit it and then re-uploading it increases risk After SharePoint Embedded: Native desktop Office applications with full feature sets Real-time co-authoring with automatic conflict resolution External users collaborate without Office licenses Zero custom integration maintenance Customer impact story: A Construction Cloud customer was frustrated with web-only Office editing. With SPE, their construction teams can collaborate on specifications in desktop Word, cost sheets in Excel, and project presentations in PowerPoint—all simultaneously. Customer satisfaction scores improved immediately. Q: How do we handle external users—clients, contractors, reviewers—who aren't employees? A: This is where SharePoint Embedded really shines for software companies: Guest user support: External users can collaborate using their existing email addresses No license requirements: Guests don't need Office licenses to edit documents Time-bound access: You can grant temporary access for specific projects Granular permissions: External users see only what they need to see, and you control this through existing Entra ID security practices. Real-world scenario: A pharmaceutical customer needs external regulatory reviewers to collaborate on drug approval documents. These reviewers (often using Gmail accounts) can access specific documents, make comments, and track changes—all while maintaining strict security controls and audit trails. Q: What about industries with specialized document formats? Will SharePoint Embedded work? A: SharePoint Embedded handles standard Office formats natively, and provides extensibility for specialized formats: Native support: Word, Excel, PowerPoint can be viewed or edited using the browser or full desktop experience. Custom formats: Through Power Platform connectors and custom viewers depending on how you built the user interface. Industry-specific: Many software companies build viewers for CAD files, proprietary image documents or medical records. This is the real value add for your app. Specialized example: Engineering companies use CAD files and Office documents, relying on custom viewers for technical drawings as well as built-in Office collaboration tools for handling specifications and project documentation. AI and intelligence: The future-forward Q: Everyone talks about AI, but what are software development company customers really using? A: Based on real implementations, customers are getting value from three AI capabilities: In app experience Customers can find information across documents using natural language "Show me all contracts with renewal clauses" instead of keyword searches Provides a robust alternative to the custom search solutions that many find challenging to develop effectively. Document summarization Automatic summaries of meeting notes, reports, contracts Executives get briefings without reading full documents Particularly valuable for legal and consulting software companies Content extraction Automatic metadata extraction from uploaded documents Classification and tagging without manual effort Useful for compliance and organization AI success story: A market research platform uses AI to mine insights from massive survey result repositories. They can identify patterns across client studies and provide competitive intelligence that drives premium service offerings—capabilities that would have required a dedicated AI team to build. Q: How does SharePoint Embedded content fit into the Microsoft AI story? A: Content is king and when it’s stored in SharePoint Embedded you can use the Microsoft AI stack to reason over it. Copilot Studio – Build custom agents that can access and reason over your SharePoint Embedded content, enabling tailored workflows and conversational experiences for your business scenarios. Azure AI Foundry – Use advanced AI models and orchestration tools to analyze documents, extract insights, and apply generative reasoning directly on your embedded content (coming soon). M365 agents – Empower Microsoft 365 Copilot and domain-specific agents to leverage your SharePoint Embedded data securely, delivering contextual answers and automation across apps like Teams, Outlook, and Word. Control flexibility: You can disable Copilot at the container level, so customers only pay for what they use. This lets you offer different service tiers based on AI capabilities. Q: How much prep work do our documents need for AI to be effective? A: The software companies seeing best AI results focus on structured metadata and information architecture fundamentals. Document organization: Clear document types (contracts, reports, specifications) Consistent metadata fields across document types Permissions, sensitivity labels and container architecture reduce the accidental data leakage risk. Users simply add the document to a container through your application and SharePoint Embedded does the rest by automatically indexing the content, which adds it to the semantic index, so you get all the reasoning power in the LLM's. Preparation benefit: Software companies find that organizing their document metadata and permissions before enabling Copilot improved AI accuracy. Customers get better results and more relevant document summaries. Security and compliance: Enterprise requirements Q: Our customers are in highly regulated industries. How do we handle their compliance requirements without becoming compliance experts ourselves? A: This is SharePoint Embedded's biggest advantage for software companies—compliance inheritance: Your customer's compliance = Your application's compliance Following the owning/consuming deployment model provides: Customer's DLP policies automatically apply to containers Their retention policies govern document lifecycles Their audit requirements are automatically met Their security controls protect your application's data Compliance success: Financial services software companies don't need to become SOX compliance experts—they inherit their customers' existing Microsoft Purview policies. Legal software companies get automatic GDPR compliance without building privacy infrastructure. Q: What about audit trails and eDiscovery? Do we need to build this ourselves? A: SharePoint Embedded provides enterprise-grade audit capabilities automatically: Complete audit trails: Every document access, modification, and sharing event is logged eDiscovery Integration: Native integration with Microsoft eDiscovery tools Retention policies: Automatic retention based on customer's existing policies Legal hold: Built-in legal hold capabilities for litigation scenarios Audit reality: Legal sector software companies can provide their clients with comprehensive audit trails for regulatory compliance without building any custom audit infrastructure. Everything is handled through Microsoft's existing compliance tools. Q: How do we handle customers who want to keep control of their data? A: SharePoint Embedded gives customers more control than most software company solutions: Customer tenant: Data stays in the customer's Microsoft tenant, not yours Customer policies: Their security and compliance policies govern the data Software company access: You only access data through APIs with customer-granted permissions Control example: SaaS platform software companies explain to customers that their documents live in the customer's tenant with customer-controlled governance. This made enterprise sales easier because customers maintain complete control over their data. Have more questions or want to talk to the team, contact us: SharePointEmbedded@microsoft.com _____________________________________________________________________________________________________________________________________________________________ Resources SharePoint Embedded overview: SharePoint Embedded Overview | Microsoft LearnFrom AI to ecosystem strategy: Why UP LIVE Reston was a game-changer
On Oct 28–29, Carahsoft hosted Ultimate Partner LIVE at their incredible Reston, VA facility — a high-impact, two-day experience designed to empower ecosystem partners to lead through change. With keynotes from top Microsoft leaders, immersive workshops, and a curated executive audience, this wasn’t just another conference — it was a strategic accelerator for the future of partnering. Here are the top 7 insights from Ultimate Partner LIVE Reston 1. Microsoft’s vision: Ecosystem leadership in action The event kicked off with a powerful keynote from Craig Abod, President of Carahsoft, who reminded attendees to “know the business you're in, and know where you're going.” His disciplined approach to scaling — from $2B to $10B — set the tone for strategic focus and execution. His advice to “take care of your $2K customers, they’ll become $50K customers” was one of the most quoted lines of the event. Microsoft leaders then took the stage to amplify the momentum: Erwin Visser- GM, SCP Channel, challenged attendees to embrace co-innovation, stating, “In 10 years, the world’s top 50 brands don’t even exist yet.” Matt Berg- Global Sales Leader, AI Workforce SME&C, emphasized the importance of scaling success through Copilot and secure AI adoption. Pat Primavera- Americas ISV Channel Sales Leader Applications and Infrastructure, shared the origin story of Microsoft’s co-sell practices, highlighting how transparency and shared learning fuel ecosystem growth. Together, their insights framed a clear call to action: the time to build is now, and the future belongs to those who lead with purpose, partnership, and velocity. 2. AI is reshaping the partner ecosystem AI isn’t just a tech trend — it’s a business revolution. From Copilot to Agentic AI, Microsoft and its partners are leading the charge in redefining how innovation is delivered. Systems integrators (SIs) are at the forefront of AI experimentation, signaling a shift in who drives transformation. The message was clear: “Don’t wait for the next wave. Be the wave.” 3. The lines between partner roles are blurring The partner landscape is being rewritten. Today, partners play an average of 3.2 roles — ISV, MSP, SI, and more. The traditional definitions are fading fast. The winners will be those who adapt their models to stay relevant as these worlds collide. As one speaker noted, “Modern sales is an ecosystem play.” 4. Relationships are the real currency Jay McBain- Chief Analyst, Channels, Partnerships & Ecosystems at Omedia & Canalys, nailed it: “The difference between contacts and contracts is the letter R — Relationships.” His “7 Spheres of Influence” framework — advisors, analysts, ISVs, influencers, integrators, peers — was widely referenced as a guide to navigating modern partnerships. Trust and influence are now central to deal-making, and the ecosystem is the engine that drives it. 5. The buyer has changed permanently Only 5% of buyers are ready to buy now, and 90% will choose from their “Day 1 list.” With 51% of B2B buyers being millennials, early relationship-building is no longer optional — it’s essential. Partners must engage long before a formal buying process begins. The takeaway? If you’re not already on their radar, you’re already too late. 6. The time to build with AI is now From Copilot to secure chat and Agentic AI, Microsoft’s message was clear: the opportunity to build, launch, and scale new solutions is unbridled. Business-led innovation > tech-led innovation. AI isn’t just about automation — it’s about reimagining how work gets done and delivering real business outcomes. Partners were encouraged to adopt AI-first strategies and start building now. 7. Community beats chaos Transformation fatigue is real. Burnout is real. But UP LIVE Reston was described by attendees as “the jolt I didn’t know I needed.” Amid the noise of the industry, the event provided a space for authentic conversations, collaboration, and inspiration. From hallway chats to workshops, the energy was electric. The message was clear: community still matters, and we are truly better together. Special thanks to Craig Abod and the Carahsoft team for their generous support and leadership throughout the event. Carahsoft was honored with Ultimate Partner’s 2025 Partner of the Year Award, recognizing their outstanding commitment to building lasting relationships across the partner ecosystem. If you missed UP LIVE Reston, you can catch the event recordings here: Ultimate Partner LIVE: Reston - Oct. 28 Ultimate Partners LIVE: Reston - Oct. 29Lock in marketplace terms for up to five years with multiyear contract durations
Co-authored by Trevor_Yeats We’re excited to announce that the Microsoft marketplace now supports multiyear contract durations—enabling customers and partners to lock in terms and pricing for up to five years. New options include four and five-year terms for SaaS and Professional Services, and two, four, and five-year terms for Virtual Machine Software Reservations (VMSR). These contract durations are available globally across all marketplace-supported currencies. The value for your customers and for you With multiyear contract durations, customers can buy with confidence knowing they will have stability and continuity of service, making it easier to plan and forecast expenses and lock in substantial savings that often come with longer contracts. Partners benefit by supporting customers’ budget needs, strengthening customer relationships, reducing administrative burdens, and growing reliable revenue streams. “Our customers value five-year contracts for the stability and long-term value they provide. With multiyear contracts now available in Microsoft marketplace, we can better align with their operational timelines, reduce renewal cycles, and focus on building lasting relationships—while driving predictable revenue.” Sue Wilkinson, Global Director of Partners, IFS How it works To enable multiyear contract durations, software partners must take the following steps: Create a public offer with multiyear contract durations. Partners must ensure their public offers include extended contract terms before they can create private offers with those durations. Partners have two options: Update an existing public plan to support new options for extended durations (i.e., four and five-year options for SaaS offers and two, four, and five-year options for VMSR), or Create a new public plan that includes multiyear contract durations. Create private offers with multiyear contract durations. Once a public offer with multiyear contract durations is published, partners can configure private offers that leverage those durations. Notes: As of October 31, multiyear contract durations are available for CSP offers. Existing customer agreements cannot be modified mid-term to extend contract length. Customers must cancel their current plan and purchase a new one that includes the desired extended duration. Creating multiyear contracts with flexible billing schedules Partners can create private offers that combine multiyear contract durations with flexible billing options—like quarterly, semiannual, or bimonthly—making it easier to align with customer needs and streamline sales. “Microsoft’s recent launch of multiyear contracts and flexible billing has been a game changer, simplifying the buying process and enhancing the customer experience. We can now build private offers in the Microsoft marketplace in a more natural way that mirrors our contracts in the platform.” Sue Wilkinson, Global Director of Partners, IFS Learn more about flexible billing schedules and capturing the marketplace opportunity. Eligibility for multiyear contracts and how to get started Any company who is part of the Microsoft AI Cloud Partner Program can sell on the marketplace with multiyear contract durations. Details are provided in our documentation, but at a high-level: Be a member of the Microsoft AI Cloud Partner Program (it’s free to join) Sign the marketplace publisher agreement Publish your public offer with multiyear contract durations. Sell private offers with multiyear contract durations. In addition, we have many support resources for partners depending on where they are on their marketplace journey. For example, software development companies can join ISV Success, within the Partner Program, for tools and resources that help them publish their solution and maximize reach through the marketplace. Learn more by visiting: Microsoft commercial marketplace transact capabilities FAQs: https://aka.ms/multiyear-FAQsSharePoint Embedded guide for software companies: success factors, positioning & key insights
Welcome to the definitive Q&A guide for software development companies exploring SharePoint Embedded for their SaaS applications. This blog series addresses the most frequently asked questions from our thriving software company community, drawing from real-world implementations across partner organizations spanning financial services, healthcare, manufacturing, and technology sectors. Whether you're building a multi-tenant document management platform, modernizing legacy systems, or creating industry-specific collaboration solutions, this guide provides practical insights into SharePoint Embedded's unique advantages for software company scenarios. From multi-tenant architecture patterns and customer data isolation to Office integration strategies and competitive positioning, we've compiled the essential knowledge you need to accelerate your development and go-to-market success. SharePoint Embedded represents a paradigm shift for software companies who have traditionally faced the choice between building complex storage infrastructure or compromising on enterprise-grade features. With its consumption-based pricing model, API-first design, and native Office integration, SharePoint Embedded enables software companies to deliver enterprise-ready document experiences while focusing on their core business logic and customer value. Q: What are the key success factors I should focus on as a software company using SharePoint Embedded? A: Based on our analysis of successful software company implementations, there are three critical success factors: Building a scalable document management platform is complicated and detracts from the business logic you want to focus on with your solution. Users are demanding modern collaboration tools that Microsoft Office provides at scale. SharePoint Embedded gives you the foundational tools and features that integrate with your solutions, providing you a competitive advantage. Software development companies can unlock significant value by building on SharePoint Embedded. Its distributed architecture empowers software companies to deliver scalable, multi-tenant solutions, ensuring each customer’s data is securely isolated within dedicated containers. By leveraging SharePoint Embedded, software companies can guarantee that compliance and data residency requirements are met directly in the customer’s own Microsoft 365 tenant, streamlining regulatory approvals and building customer trust. The platform’s flexible, consumption-based billing model aligns costs with actual usage, supporting growth and simplifying budgeting for both software companies and their customers. At the same time, software companies retain full control over their application code base, allowing them to innovate and differentiate their offerings, while Microsoft manages the underlying infrastructure, security, and compliance features. Q: How do I position SharePoint Embedded against competitors in sales situations? A: SharePoint Embedded offers unique competitive advantages across different competitor categories: Against Pure Storage Solutions: Native Office Integration: Unmatched co-authoring and collaboration experiences Enterprise Security: Built-in compliance and governance vs. costly add-on features Microsoft Ecosystem: Leverage customers' existing Microsoft investments Software company-Focused APIs: Purpose-built for integration vs. consumer-focused APIs Against Building Custom Storage: Faster Time to Market: Significantly reduce development time Enterprise Features: Compliance, security, and scale built-in Office Integration: Impossible to replicate the native Office experience independently Global Infrastructure: Microsoft's global scale without operational overhead Against SharePoint Online: True Multi-Tenancy: Better customer isolation and independent scaling Consumption Pricing: Costs align with customer success vs. per-user licensing API-First Design: Developer-friendly vs. SharePoint customization complexity No Limitations: Independent scaling without site collection or storage quotas Q: Is the content stored in SharePoint Embedded AI ready? A: When you ingest documents into SharePoint Embedded, they are automatically added to the platform’s search and semantic indexes. This seamless integration ensures that your content is immediately available for advanced AI capabilities, such as intelligent search, document automation, and content summary. As a result, users can quickly benefit from AI-driven insights and enhanced discovery, making collaboration and workflow automation more powerful and efficient across their teams. AI Ready by Design: SharePoint Embedded provides secure, structured, and highly accessible data storage, ensuring content is ready for AI integration from the start. Robust APIs & Easy Integration: The platform’s powerful APIs and seamless Microsoft ecosystem integration make it simple to connect content to AI services like Azure AI Foundry and Microsoft 365 Copilot. Advanced Capabilities: Organizations can enable advanced search, automation, and generative AI scenarios, leveraging their information in new, intelligent ways. Enterprise-Grade Compliance & Security: Content remains protected with built-in security and compliance, crucial for enterprise adoption of AI-powered workflows. Empowering Business Value: This foundation allows businesses to unlock added value from their content and drive smarter, more efficient operations. Q: What are the key talking points that resonate with enterprise customers? A: For software development companies, these value propositions drive success with enterprise audiences: Onboard your application: Easily deploy your solution through the Microsoft Marketplace to your customer tenant. Content lives in your customer's tenant: Software companies can leverage built-in compliance and security features to speed up enterprise sales cycles and meet stringent requirements. You control the billing: Software companies can grow alongside their customers, with consumption pricing that supports expansion and rewards success. Your customers security posture is honored: When your solution is deployed to customer tenants, it will inherit all the security, compliance and governance they have configured. Content is always maintained in the geo they specify. Risk Reduction for software companies: By utilizing Microsoft’s infrastructure and security, software companies can reassure enterprise customers and minimize operational risk. Q: How do I get started building a POC for my software development companies' solution? A: Follow this proven software company-focused POC approach that has delivered success across our partner ecosystem: Getting started is easy: Install the Visual Studio Code extension and start a 30 day trial of SharePoint Embedded. For longer development cycles that allow you to simulate a real production environment, configure SharePoint Embedded without any storage or throughput limitations. Software Development Company Development Lifecycle for Re-Platforming on SharePoint Embedded Phase 1: Technical Foundation – Begin by establishing a secure, multi-tenant architecture using SharePoint Embedded’s container model to ensure robust customer data isolation. Integrate with Microsoft Office experiences to provide seamless co-authoring and collaboration, a key customer demand. Validate authentication flows for enterprise-grade user security and conduct thorough performance testing to guarantee fast, reliable document access at scale. Phase 2: Business Alignment – Move beyond technical validation to align your solution with real-world customer scenarios. Test end-to-end workflows and migrate sample data from legacy systems, ensuring the platform meets customers’ expectations for business continuity. Collect hands-on feedback from customer users to refine user experience and validate your pricing model based on projected usage, addressing concerns around cost predictability and ROI. Phase 3: Production Readiness – Prepare your solution for launch by executing a comprehensive security and compliance review, leveraging Microsoft’s built-in controls to address enterprise requirements. Perform scale testing with production-sized datasets and user groups to ensure reliability under peak loads. Establish monitoring, alerting, and support processes to deliver a consistent operational experience. Finally, enable your sales and onboarding teams with go-to-market resources, ensuring a smooth transition for customers migrating to your new platform. Key Success Metrics That Address Customer Demands: Verified customer data isolation for privacy and compliance High user adoption of Office integration, satisfying customers’ desire for familiar productivity tools Consistent fast document loading, meeting performance expectations Validated cost model based on real usage, delivering value and transparency to customers By following this development lifecycle, software companies can re-platform on SharePoint Embedded with confidence, addressing top customer demands for security, scalability, seamless Office integration, and predictable costs—all while accelerating time to market and driving adoption. Q: How can I gain additional customers by having my app in the Microsoft Marketplace? A: Listing your app in the Microsoft Marketplace opens the door for software companies to reach new customers and increase sales by leveraging Microsoft’s ecosystem and global reach. The Marketplace acts as a powerful channel to showcase your solution to millions of enterprise buyers who trust Microsoft to deliver secure, reliable products. Technical Resources to Drive Adoption: ISV Success Program – Get expert guidance to optimize your app for Marketplace visibility and customer engagement, ensuring your solution stands out and is ready for enterprise adoption. Solution Architect Reviews – Receive feedback from Microsoft experts to ensure your product meets the needs of customers and is positioned for growth in the Marketplace. Preview Access – Early access to new features helps you differentiate your app, attracting customers looking for cutting-edge solutions. Software Development Company Documentation – Access to tailored implementation guides ensures your SaaS offering is Marketplace-ready and easy for customers to deploy. Go-to-Market Support to Accelerate Sales: Marketplace Listing – Promote your app to a global audience, driving qualified leads and expanding your reach beyond your existing customer base. Partner Development Managers – Benefit from dedicated business support and introductions to new customers in strategic verticals. Co-sell Opportunities – Collaborate with Microsoft’s sales teams for joint selling, increasing your exposure and boosting sales potential. Industry Programs – Join vertical-specific programs and events to connect directly with customers seeking solutions in your area of expertise. In summary, Microsoft Marketplace empowers software companies to accelerate customer acquisition and drive sales growth by providing broad exposure, technical and business support, and opportunities for collaboration with Microsoft’s network. Have more questions or want to talk to the team, contact us at SharePointEmbedded@microsoft.comUltimate Partner LIVE Fall 2025: AI ecosystem masterclass & partner success summit
Mark your calendars! Ultimate Partner LIVE Fall is coming to the Washington, D.C. area, October 27-29, and this event presents a unique, high-impact opportunity for partners looking to stay ahead of the tectonic shifts, align priorities, and accelerate performance in 2026. We are taking the ecosystem to Carahsoft's facilities for a masterclass in how to become the Ultimate Partner. With immersive workshops, direct access to decision-makers, and a curated executive audience; you’ll accelerate your strategy to new levels. Here is what you can expect: Decode the Tectonic Shifts: Learn how AI, Marketplaces, Co-Selling, and Ecosystems are reshaping partner success — and what you must do now. Hear directly from Microsoft leaders, Erwin Visser, Matt Berg and Wole Moses who will take you through the exciting $450B+ durable cloud budget flowing through marketplaces, FY26 AI priorities, and where you should align. Access Proven Frameworks & Playbooks: Attendees will also participate in hands-on workshops facilitated by top industry experts including: The Odigo Group, Carve Partners, ISSI, AvePoint, Bridge Partners, Digitalzone, WorkSpan, Revstacker and more! Workshops will focus on co-selling, AI marketing strategy and Building Service Models to grow revenue. Be in the Room with Leaders Network with 200+ executives, thought leaders, ISVs, GSIs, MSPs, distributors, and consultants in an intimate, high impact setting. 40+ amazing speakers will share their secrets to successful partnering! ⭐SPECIAL OFFER As a valued Microsoft partner, Ultimate Partner is offering a 15% discount on general passes to experience UP LIVE⭐ 👉 [Register Now for UP LIVE: Reston] USE CODE: ULTIMATEVIP15 at checkout Hope to see you there, Vince Menzione CEO, Ultimate Partner ________________________________________________________________________________________________________________________________________________________________ Ultimate Partner is the go-to destination for technology leaders and partners aiming to thrive in the Hyperscaler ecosystem. Ultimate Partner delivers high-impact content, expert insights, and exclusive events—both live and digital. Our mission is to “Empower technology leaders to achieve their greatest results through successful partnering”. Learn more
