Organizations don't realize former partners like GoDaddy retain GDAP access to their Microsoft 365 tenant, which can lead to catastrophic automated deletions or unauthorized changes months later.
A lightweight SaaS that connects to M365 tenants via API, continuously monitors for active GDAP relationships, enterprise apps, and partner connections, and sends alerts when stale or unauthorized access is detected. Includes one-click revocation workflows.
Freemium — free for single tenant monitoring, $5-15/tenant/month for MSPs managing multiple tenants with automated remediation.
The pain is real but episodic — catastrophic when it hits (tenant deletions, unauthorized changes) but most orgs don't know they have the problem until it explodes. The Reddit post shows genuine horror stories. However, it's not a daily pain point; it's a ticking time bomb most admins ignore until disaster strikes. Hard to sell prevention to people who don't feel the pain yet.
TAM is narrow. Target is SMBs with M365 tenants who have had partner relationships — maybe 2-5M tenants globally. At $10/tenant/month, theoretical TAM is $240M-$600M/year. But realistic SAM is much smaller: most SMBs don't manage their own M365 (that's what MSPs do), and MSPs use broader tools. Realistic addressable market for a standalone GDAP monitor is likely $5-20M.
This is the weakest link. SMBs that manage their own M365 are cost-sensitive and often don't understand GDAP. MSPs already pay for RMM/PSA stacks and resist adding point solutions. $5-15/tenant/month competes with free tools (CIPP, Lighthouse) that partially cover this. The problem is infrequent enough that most prospects would rather do a one-time audit than pay monthly. Willingness spikes only after an incident.
Very buildable. Microsoft Graph API exposes GDAP relationships, enterprise apps, and partner information. A solo dev with M365/Azure experience could build an MVP (API connection, relationship scanning, email alerts) in 4-6 weeks. The consent/auth flow for multi-tenant apps is the trickiest part but well-documented. One-click revocation adds complexity but is doable.
No one owns this specific niche. CIPP is closest but is a broad management tool, not a monitoring/alerting service. Microsoft Lighthouse shows data but doesn't alert. The gap is clear: continuous, automated, alert-driven GDAP hygiene for the END CUSTOMER (not the MSP). However, the gap exists partly because the market may be too small to sustain a standalone product.
Continuous monitoring naturally fits subscription, but the value prop weakens after initial cleanup. Once stale partners are removed, what triggers ongoing payment? New partner relationships are infrequent for most tenants. Need to expand scope (enterprise app monitoring, consent grant tracking, broader M365 security posture) to justify ongoing subscription. Risk of high churn after initial remediation.
- +Clear, genuine pain point validated by real incidents — tenant deletions are catastrophic and the problem is under-served
- +No direct competitor owns this specific niche — the gap between broad MSP tools and this focused need is real
- +Technically straightforward to build with well-documented Microsoft APIs
- +Natural wedge product that could expand into broader M365 security posture monitoring
- !Feature-not-a-product risk: Microsoft could add GDAP alerting to Lighthouse or Security Center, killing the market overnight
- !Narrow pain window: most value delivered at initial setup, then churn risk is high without scope expansion
- !SMBs don't self-serve M365 security — selling to people who don't know they have the problem requires expensive education-based marketing
- !CIPP (free, open-source) could add this monitoring feature with a few PRs, instantly commoditizing it
Open-source M365 management tool for MSPs that includes GDAP relationship management, tenant administration, and security baselines. Community-driven project with broad MSP adoption.
MSP automation platform that can orchestrate M365 workflows including GDAP management via pre-built crates
Microsoft's own multi-tenant management portal for MSPs/CSPs managing SMB customers. Includes some GDAP visibility and security baselines.
M365 management and governance platform providing visibility, compliance, and automation across tenants.
Open-source tool for monitoring Microsoft 365 security configurations against best practices, including Entra ID and partner settings.
Single-page web app: OAuth consent flow to connect M365 tenant → immediate scan showing all active GDAP relationships, enterprise apps with partner consent, and stale access with risk scores → email/Slack alerts on changes → one-click revocation links. Skip MSP multi-tenant in MVP. Target the 'just got burned by GoDaddy' audience on Reddit/forums with a free scan tool that upsells monitoring.
Free instant scan (lead gen, no account needed) → Free tier for 1 tenant with weekly scans → $9/tenant/month for continuous monitoring + instant alerts + revocation → $15/tenant/month for MSP tier with multi-tenant dashboard, API access, and compliance reporting → Expand to full M365 third-party access governance platform
8-12 weeks to MVP and first paying customer if founder has M365/MSP network. 4-6 months to meaningful MRR ($1-5k). The free scan tool could generate leads within weeks via Reddit/community marketing, but converting to paid monitoring subscriptions will be slow without expanding the value prop beyond just GDAP.
- “You failed to remove their GDAP partner relationship”
- “they install an Enterprise app. If you didn't remove that app, maybe some sort of automated something came through”
- “GoDaddy still had access and something automated probably killed the tenant”