M365 admins waste time hunting through dozens of scattered admin panels to find and disable upsell prompts, self-service trials, and bloatware defaults that Microsoft quietly enables. Settings are buried, poorly documented, and change frequently.
A SaaS dashboard that connects to your M365 tenant via API, continuously scans for unwanted defaults (self-service trials, upsell nags, preview features, data-sharing toggles), and lets admins review and remediate them in bulk. Includes a community-maintained ruleset of recommended hardening policies.
Freemium — free scan with limited remediation, paid tier ($5-15/tenant/month) for continuous monitoring, auto-remediation, drift alerts, and MSP multi-tenant view
The Reddit pain signals are real and widespread. Every M365 admin has spent hours hunting through 6+ admin portals to find and disable settings Microsoft quietly enabled. The pain is recurring — Microsoft changes defaults regularly. The Teams Premium nag thread is just one of hundreds. MSPs managing 20+ tenants feel this pain multiplied. This is a genuine 'everyone complains about it at conferences' problem.
TAM is significant. There are ~1M+ M365 tenants in the SMB space, plus ~50,000+ MSPs globally managing multiple tenants each. At $10/tenant/month, even capturing 0.1% of SMB tenants = $1.2M ARR. The MSP angle is the real multiplier — one MSP customer = 10-100 tenants. Realistic SAM for a bootstrapped product is $5-20M ARR. Not a billion-dollar market, but a very healthy niche SaaS.
MSPs already pay for per-tenant tooling (Datto, ConnectWise, Augmentt, etc.) at $2-5/tenant/month for similar management tools. IT admins at SMBs have smaller budgets but $5-15/tenant/month is in the 'just put it on the card' range. The key: you're saving hours of manual work per tenant per month, and preventing security misconfigurations that could cause incidents. The ROI story is straightforward. Risk: some admins will script their own PowerShell solution rather than pay.
Microsoft Graph API and PowerShell modules cover most M365 settings, but coverage is uneven — some settings require different APIs (Exchange Online, SharePoint, Teams admin), some have no API at all and require screen-scraping or undocumented endpoints. Building the scan is very doable in 4-8 weeks. The hard part is (1) maintaining the ruleset as Microsoft changes things constantly, and (2) the remediation/write-back — some settings require specific admin consent scopes that tenants may be reluctant to grant. OAuth consent and multi-tenant app registration add complexity.
This is the strongest signal. Existing tools are either (a) free but require PowerShell expertise and have no GUI, (b) enterprise-priced and not focused on the 'unwanted defaults' problem, or (c) security-only and ignore the UX/bloatware angle. Nobody has built the opinionated, community-driven 'fix my tenant' tool specifically targeting the settings Microsoft enables that admins don't want. The community-maintained ruleset angle is genuinely novel and defensible.
Textbook subscription product. Microsoft changes defaults and adds new upsell surfaces continuously — the scan is never 'done.' Drift detection (something changed back) is inherently ongoing. Compliance requirements demand continuous monitoring. MSPs need this running permanently across all their tenants. Very strong retention dynamics once integrated.
- +Clear, validated pain point with vocal community — admins are already complaining publicly and swapping PowerShell snippets to solve this
- +Strong competition gap — no one owns the 'opinionated tenant cleanup' niche between free-but-hard-to-use OSS tools and expensive enterprise platforms
- +Natural MSP multiplier — one sale = many tenants, great for efficient growth
- +Highly recurring — Microsoft's constant default changes create perpetual demand
- +Community-maintained ruleset creates a defensible moat and organic distribution channel
- !Microsoft could build this into the admin center or Secure Score, especially the upsell/nag angle — though they're incentivized NOT to make it easy to disable their own upsells
- !API coverage gaps — some settings have no Graph API and require workarounds or undocumented endpoints that could break
- !Ruleset maintenance burden is significant — Microsoft changes admin surfaces frequently, and keeping rules current requires constant attention
- !Security sensitivity — the app requires high-privilege access (Global Admin or equivalent scopes) to tenants, which creates trust and liability concerns
- !PowerShell-savvy admins may DIY rather than pay, limiting willingness to pay among the most technical segment
Built-in M365 security posture dashboard that scores your tenant config and recommends hardening actions across identity, devices, apps, and data.
Open-source PowerShell module that exports, compares, and enforces M365 tenant configurations as code. Can snapshot a tenant and drift-detect against a baseline.
SaaS platform for M365 tenant configuration management. Exports tenant config to Git, enables drift detection, baseline comparison, and config-as-code workflows across tenants.
CIS publishes hardening benchmarks for M365. CISA's ScubaGear and Prowler are open-source tools that audit M365 tenants against these benchmarks.
M365 management and governance platform offering reporting, delegation, automation, and configuration management across tenants.
Web app that connects to one M365 tenant via OAuth, runs a scan against a curated list of 30-50 'most annoying defaults' (self-service trials, upsell nags, Viva/Copilot promos, data-sharing toggles, preview features), and generates a report card with one-click 'fix' buttons for each finding. Ship the free scan first to build trust and collect email leads. Add paid tier for continuous monitoring and drift alerts. Skip multi-tenant/MSP view for v1 — nail the single-tenant experience first.
Free scan (lead gen, up to 10 findings) -> Paid single-tenant ($5/mo, full scan + remediation + drift alerts) -> MSP tier ($10-15/tenant/mo, multi-tenant dashboard, bulk remediation, white-label reports) -> Enterprise (custom rulesets, compliance mapping, SSO, audit logs). Community ruleset contributions drive organic growth and SEO.
6-10 weeks to first paying customer. Weeks 1-4: build OAuth flow + scan engine for top 30 rules + basic web dashboard. Weeks 5-6: add remediation for the easiest 15 rules. Weeks 7-8: launch free scan on Reddit r/sysadmin and r/msp, collect feedback. Weeks 8-10: add payment, convert early users to paid tier. The Reddit communities are the perfect launch channel — post the free scan tool and watch it spread.
- “Has anyone found a way to get rid of the Teams Premium nags/buttons”
- “We just had to do this. global admin will get you there. it's in 365admin. google it for exact location”
- “Microsoft told us that there is no way to disable it”
- “i have a user with this button and she is unable to attach any files to teams chats it says she needs to upgrade but has a business premium license”