Case file — A85AF34C
The idea
“What I'm building: Platform Architecture Authority (PAA) — always-on architecture intelligence for Microsoft environments. Azure + M365 + Zero Trust in one platform. 723 automated checks, AI synthesis that turns raw data into consultant-grade findings, IaC generation, ADRs, and board-ready evidence. Who it's for: Microsoft Gold Partners (MSPs) who need to deliver architecture intelligence continuously across their client base — without hiring a senior architect per client. Secondary: mid-market Azure tenants (50–500 employees) facing NIS2 or ISO 27001 pressure with no dedicated security team. Where I stand: Built and running. I spent 10 years at Microsoft in the Azure Engineering org doing exactly these engagements manually. PAA started as personal tooling — cut my own delivery time from 2 weeks to 2 days. Now productised. Why it might be stupid: Microsoft gives away WAF assessments for free. Defender for Cloud exists. Every CSPM vendor in the world is bolting AI onto their scanner and calling it intelligence. And I'm one person trying to sell into a partner ecosystem that moves slowly and buys on relationships. Why I think it isn't: Nobody starts from architecture. Every competitor starts from security and works backwards. The WAF free tool is a questionnaire — it doesn't touch your infrastructure. Defender finds what's wrong, not what to do. The MSP white-label model means the product sells through partners who already have the client relationships. And the 2-weeks-to-2-days proof exists — I lived it.”
The bull case
A disciplined investor would say yes if: NIS2/ISO 27001 audit pressure forces mid-market Azure tenants to produce architect-grade evidence they cannot generate internally, MSPs need to deliver this at scale without hiring senior architects at €150K+/year per client, and the 18-month window before Microsoft ships native evidence generation into Defender/CAF tooling is enough to establish 20+ MSP relationships that create sticky distribution. The founder's decade inside the Azure Engineering org means he's encoding judgment that took Microsoft's own team years to develop — and Microsoft won't prioritize productizing it for the MSP channel because they'd rather sell consulting hours. If MSPs each bring 5+ clients within year one, the economics flip from brutal to beautiful.
The panel
Sinartisis is the direct competitor—already shipping identity + Azure + Zero Trust posture assessment with AI synthesis, dashboards, and evidence export. They're doing exactly what you're describing, just from the identity angle first rather than architecture-first. The live data shows they have the full stack: automated checks, CAF/Well-Architected alignment, MCSB/MCRA mapping, AI summaries, and subscription access. No funding amount listed, so unclear if bootstrapped or backed, but they're live and active. infra.new is tangential (DevOps IaC generation, not architecture assessment). The market red flag you're ignoring: MSPs buy on relationships, yes—but they also consolidate vendors aggressively. If Sinartisis (or Microsoft itself via Defender) lands first with a partner, switching costs are tribal, not technical. Your 2-week-to-2-day proof is personal productivity, not proof that MSPs will abandon their existing toolchain or pay for a new one. Your genuine strength: Sinartisis appears identity-focused; if you truly lead with architecture (CAF foundations, tenant design, infrastructure-as-code generation) before security findings, you own a different plane. That's real differentiation—not a feature gap.
Your core underestimation: you're treating "723 automated checks" as defensible scope when it's actually a scaling liability. Each check is a maintenance debt—Azure APIs change, compliance frameworks shift, M365 configurations evolve. You'll spend 60% of engineering time on check hygiene, not product. Competitors like Sinartisis own this because they're already doing it; you're starting from zero. Build-vs-buy trap: IaC generation from assessment findings. You'll want to auto-generate Bicep or Terraform, but the gap between "here's what's wrong" and "here's production-safe code" is a chasm. You'll either ship templates no one trusts or spend two years on validation logic. Buy or partner—don't build this. Technical moat is thin. Your 2-weeks-to-2-days edge came from you—domain knowledge, judgment calls, knowing what matters. The platform needs to encode that judgment, but 723 checks don't. Sinartisis already has Microsoft Graph integrations and AI synthesis. Your moat is MSP distribution, not tech. One real win: starting with architecture-first framing is genuinely smart. Defender and CSPMs are findings-first; you're solving "what does good look like?" first. That's a different product shape, harder to copy than another scanner.
MSPs don't buy platforms—they buy relationships and margin. You're assuming white-label distribution solves go-to-market, but MSPs typically demand 40–60% margin on SaaS they resell. If you price PAA at $500–2K/month per tenant (standard for posture tools), you're handing MSPs $200–1,200/month revenue they keep. Your CAC to land the first 20 MSP relationships will be 6–12 months of direct founder sales at zero margin. The LTV math only works if each MSP brings 5+ clients within year one—unproven at your stage. The pricing assumption that's wrong: You're comparing yourself to free Microsoft tooling, which is a mistake. Sinartisis charges $X/month per tenant for M365/Entra assessment + reporting. You're building something deeper (IaC, ADRs, board evidence), but you haven't priced it. If you charge $800/tenant/month to MSPs (industry-standard for compliance automation), MSPs can't resell it below $1,500 and still hit margin targets. That's above what mid-market buyers pay for standalone CSPM—your secondary market will churn. Runway burn without customers: You're one founder, product built. Assume $5K/month burn (minimal). You have 4–6 months before you must close paying customers. MSP sales cycles run 3–4 months minimum. You're out of runway before your first contract closes. What actually works: Your 10-year Microsoft pedigree + existing proof-of-concept (2 weeks → 2 days) is your only unfair advantage. That credibility can shorten MSP sales cycles to 6–8 weeks if you lead with case studies, not features. Defensibility comes from domain depth, not feature count.
The market has consolidated around identity-first posture (Sinartisis, Microsoft native tools). You're entering when CSPM commoditization is complete—but NIS2/ISO 27001 enforcement in EU/EMEA (live since Jan 2025) is forcing mid-market Azure tenants to prove architecture decisions, not just fix findings. That's your 18-month window. MSPs are already selling compliance readiness; they need architect-grade evidence generation fast. Your 2-week-to-2-day proof is real leverage, but you're competing on delivery speed in a market that now buys on compliance evidence trails. Macro trend: NIS2 Directive audit materialization (2025–2026). Critical infrastructure and large enterprises report compliance by end-2025. Mid-market follows 2026–2027. Auditors now demand architectural rationale for Zero Trust decisions and IaC traceability—not just "Defender found X, we fixed X." This is the only macro lever that makes architecture intelligence defensible as a separate product tier. Window: Open, but narrowing. MSPs haven't yet built internal AI-synthesis layers. By 2027, Microsoft will ship native evidence generation into Defender/CAF tooling. You have 18 months to establish partner distribution before that closes. One genuine timing advantage: Microsoft's CAF/MCRA/MCSB framework maturity (2024–2025) created a lingua franca. Compliance teams now speak architecture. Five years ago, this idea was premature. Today, your ADR + evidence generation maps directly to audit-ready artifacts auditors expect. That's not a feature—that's market readiness.
Competitors found during analysis
Live dataSinartisis
Identity + Azure + Zero Trust posture SaaS, AI-assisted, live
Cause of death
The runway-to-sales-cycle mismatch is existential
At ~$5K/month burn and MSP sales cycles of 3–4 months minimum, you're mathematically out of runway before your first contract closes unless you start closing within weeks. You can't afford to "build relationships" at the pace MSPs expect. Every week without revenue is a week closer to death, and MSPs smell desperation.
Sinartisis already occupies the posture-assessment shelf in MSP minds
They're live, shipping identity + Azure + Zero Trust assessment with AI synthesis, dashboards, and evidence export. MSPs consolidate vendors aggressively. Even if your architecture-first angle is genuinely different, you're fighting for the same budget line item and the same partner manager's attention. The switching cost isn't technical — it's tribal. You need to prove you're complementary, not competitive, which is a harder positioning exercise than it sounds.
The 723-check maintenance burden will eat your solo-founder bandwidth alive
Each check is maintenance debt — Azure APIs change, compliance frameworks shift, M365 configurations evolve. The Tech Agent estimates 60% of engineering time on check hygiene. As one person, that means 60% of your time isn't selling, isn't building new features, isn't landing MSPs. You'll drown in upkeep before you scale.
Blind spot
Your "2 weeks to 2 days" proof is a productivity metric about you, not a market validation metric about them. You've proven the tool works for a senior architect who already knows what matters. You haven't proven that an MSP's junior consultant can use PAA to deliver architect-grade output without calling you. If the platform requires your judgment to interpret results, you haven't built a product — you've built a faster way to do consulting. And consulting doesn't scale through white-label distribution.
Founder fit
Exceptional domain fit — 10 years in Azure Engineering doing exactly these engagements is the kind of background that makes the "encode judgment into software" problem solvable. The critical mismatch: you're a builder entering a channel-sales motion. MSP partnerships require partner enablement, co-selling, margin negotiation, and relationship maintenance — skills orthogonal to architecture expertise. Your first hire (or co-founder) needs to be a channel sales operator who's sold through Microsoft Partners before.
What would need to be true
At least 3 MSPs must each deploy PAA across 5+ client tenants within 6 months — proving the channel model works at unit economics that sustain a solo founder.
NIS2 auditors must actually reject compliance submissions that lack architectural rationale documentation — creating purchase urgency that "nice to have" architecture tools never generate.
A junior consultant at an MSP must be able to use PAA to produce output that a client's CISO accepts without requesting a senior architect review — proving the product encodes judgment, not just checks.
Actions to take this week
This week, identify 3 Microsoft Gold Partners you personally know from your decade at Microsoft and offer them a free 30-day pilot on one client tenant — not a demo, a live deployment. Your positive signal: they forward the output to their client unprompted, without editing it.
Sign up for Sinartisis today. Run it against the same tenant you've assessed with PAA. Document exactly where your architecture-first output produces artifacts Sinartisis doesn't — screenshot the gap. This becomes your sales deck's killer slide.
Price it at $0 for MSPs, $1,200/tenant/month billed to the end client, with the MSP keeping $400 as margin. Test whether MSPs will sell it for you when they don't have to buy it first — this eliminates the MSP procurement cycle entirely.
Strip the IaC generation module down to curated Bicep templates for the top 20 findings only — don't try to auto-generate production-safe code for everything. Ship "good enough" templates with a disclaimer, not perfect ones that take two years.
Post a detailed case study (anonymized) on LinkedIn showing the 2-weeks-to-2-days transformation with before/after artifacts. Tag 5 Microsoft MVPs in the Azure/security space. Your positive signal: inbound DMs from MSPs asking "can we use this for our clients?"
Intervention unlocking
5seconds
No account needed. One email, no follow-ups.
Your idea is next
What would the panel say about yours?
You just read what four AI examiners found in someone else's idea.
Your startup has a fatal flaw. Find it before you build.