Back from a few days off, and so I want to highlight some stories that happened in the past few days.
Microsoft is facing criticism from managed service providers for failing to protect them from aggressive pricing tactics by larger licensing solution providers. These service providers report that they are experiencing margin erosion and increased competition from larger licensing solution providers, which are undercutting them by as much as 20 percent. The Cloud Solution Provider program, launched in 2014, was intended to level the playing field for smaller providers. However, many MSPs feel abandoned as Microsoft has not enforced pricing parity, allowing larger entities to offer discounts of up to 20% below what MSPs can sustain. Analysts suggest that Microsoft’s current approach may lead to consolidation among its partners, as it increasingly favors larger providers while leaving smaller ones struggling to compete.
Managed service providers are increasingly grappling with alert fatigue as they juggle a growing number of security tools. According to a recent survey by Heimdal, over 75% of the 80 managed service providers surveyed experience alert fatigue monthly, with more than half facing it weekly or daily. The report highlights a troubling trend, particularly among larger firms, where nearly half of those with over 500 employees suffer from daily fatigue, largely due to excessive tools and poor integration that amplify false positives. On average, providers dealing with daily fatigue utilize 7.4 tools, compared to just 4.5 for those experiencing fewer issues. Alarmingly, one in four alerts is a false positive, and in some instances, over 30% of alerts are incorrect. This not only increases the workload for analysts but also raises the risk of missing actual threats. Despite the advantages of consolidating security tools, progress remains slow, with many providers hesitant due to concerns about migration complexity and potential feature loss. Heimdal’s report suggests that integrating platforms and enhancing automation could help alleviate these challenges, yet only 31% of managed service providers have adopted artificial intelligence or security orchestration, automation, and response tools to lighten their load.
Why do we care?
Microsoft built CSP to level the playing field—but they’re letting the big guys undercut the little guys by 20 percent. Translation? If you’re a small MSP trying to make money on license resale, Microsoft’s not protecting you. Period. They’ve picked scale over channel diversity, and you’re on your own.
And on the security front—alert fatigue is real. MSPs drowning in 7-plus tools, half of the alerts are noise, a quarter outright false. You’re burning staff time, and you’re still at risk of missing the actual threats. Vendors keep telling you “consolidate and automate,” but only a third of providers are doing it.
The old playbook is broken. Don’t count on vendor margins. Don’t keep stacking tools. Move to outcomes customers value—security confidence, compliance, AI adoption—and clean up your stack so your people can actually deliver. That’s where survival—and margin—lives.