The thesis
Copilot and Claude make a single tenant smarter. Neither runs security, compliance, and licensing across the 50 to 500 tenants a managed service provider operates. That job is still manual, still blind, still per-client. TenantIQ is the control plane for it, and it already works.
Built on Cloudflare's edge. GDAP-native. Microsoft Graph throughout.
The market
Every business on Microsoft 365 is a tenant someone has to secure and govern. Most SMB and mid-market tenants are run by an MSP, and MSPs buy through a single distribution layer. We don't need a field sales army; we need a listing where they already shop.
TAM and SAM are directional market estimates, not booked pipeline. SOM is a bottom-up target at our stated pricing, not a forecast.
The problem
A managed service provider signs into dozens of separate Microsoft 365 tenants. The Microsoft admin center shows one at a time. CIPP, the popular open-source tool, reports but does not reason or act. Security drifts quietly, unused licenses bleed margin, and every audit is rebuilt by hand, per client.
The AI wave is pointed inward, at productivity inside a tenant. No one is building the cross-tenant operator's seat. That is the gap.
The hard engineering is done. Capital buys distribution, not R&D.
Where we win
Enterprise tools price by quote and court large IT departments. The free tool reports without acting. TenantIQ takes the operator's seat the others leave empty.
| Capability | TenantIQ | CoreView | Syskit Point | BetterCloud | CIPP (OSS) |
|---|---|---|---|---|---|
| MSP-native model (per-tenant, white-label, MSP RBAC) | Yes | Partial | Partial | No | Yes |
| Transparent public pricing | $45–99/tenant | Quote only | Quote only | Quote only | Free / OSS |
| Per-tenant CIS overrides, structural and attributed | Yes | Documentary | Partial | No | No |
| Drift attribution to actor (who changed what, when) | Yes | No | Partial | No | No |
| AI analysis with gated, reversible remediation | Yes | Rules | No | Workflows | No |
| Framework mapping plus evidence (SOC 2, HIPAA, GDPR, ISO) | Yes | Partial | Yes | No | Partial |
Reflects public product information; competitors do not disclose all internals. The TenantIQ column is verifiable in the repository.
Where we are
We have no paying customers yet, and we will not pretend otherwise. The decision was to finish the platform and harden it before selling, so the first dollar lands on a product that survives a CISO's questions rather than a demo that doesn't.
Three surfaces are live today: the marketing site, the signed-in application, and a no-signup public posture scan that runs against any domain. The remaining distance to revenue is certification and distribution, not engineering.
The model
Pricing is public: $49 Starter, $99 Professional per tenant per month, volume from $45, plus Enterprise. One mid-sized MSP running 100 tenants on Professional is roughly $8k to $10k of monthly recurring revenue from a single relationship, and that relationship grows as they onboard tenants.
Serverless infrastructure keeps cost of goods at a few percent of revenue. Channel distribution through Pax8 and CSP avoids enterprise field-sales economics. The result is high margin at low burn.
Illustrative path to break-even · model, not actuals
| Lean monthly fixed cost (small team, infra, amortized compliance) | ~$45k |
| Average revenue per MSP (≈60 tenants, blended tier) | ~$2.5k / mo |
| Paying MSPs to break even | ≈ 18–25 |
| Tenants under management at that point | ~1,100–1,500 |
Assumptions for discussion only. Final unit economics depend on pricing mix, CAC, and team size.
Go to market
MSPs buy through Pax8 and Microsoft's CSP program. A listing there puts TenantIQ in front of tens of thousands of them at channel economics, no enterprise field sales required. The free, no-signup posture scan, already live, turns any prospect's domain into a report, so top-of-funnel is built into the product itself.
Transparent per-tenant pricing shortens the cycle: no "request a quote." Land a few tenants, expand as the MSP onboards their book. Net revenue retention above 100% is the default motion, not an upsell campaign.
The numbers · illustrative model on stated pricing, not a forecast
At a blended ~$30k ARR per MSP (≈60 tenants) and ~88% gross margin on serverless infrastructure, modest logo growth reaches cash-flow positive inside year two. The $500k pre-seed funds the path to that line.
| Metric | Year 1 (launch) | Year 2 | Year 3 |
|---|---|---|---|
| Paying MSPs (end of year) | ~10 | ~35 | ~90 |
| Tenants under management | ~600 | ~2,100 | ~5,400 |
| Exit ARR run-rate | ~$0.3M | ~$1.05M | ~$2.7M |
| Gross margin | ~88% | ~88% | ~89% |
| Operating burn (annual) | ~$0.55M | ~$0.65M | ~$0.8M |
| Cash status | pre-seed funded | cash-flow positive (~20–25 MSPs) | self-funding growth |
Illustrative projection at stated pricing and a lean team; not a guarantee. Revenue is recognized monthly and ramps within each year, so realized revenue trails the exit run-rate shown.
Compliance roadmap
We are pre-certification today and say so plainly. The product is engineered to SOC 2 and CIS controls; it holds no attestation yet. Certification is the gate to enterprise and security-conscious MSP deals, and a direct, bounded use of this round. Figures are 2026 market ranges for a small SaaS company; actuals vary by auditor and scope.
| Certification / control | Why it matters | Realistic first-year cost | Timing |
|---|---|---|---|
| SOC 2 Type II | Table-stakes for MSP and enterprise procurement | $20k–40k (auditor $12–25k + Vanta/Drata $7–15k/yr) | Launch |
| Independent penetration test | Security proof buyers ask for by name | $8k–20k per engagement, annual | Launch |
| GDPR DPA + privacy legal | EU customers; sub-processor disclosure | $3k–10k | Launch |
| ISO 27001 | International and larger-enterprise deals | $18k–38k (accredited body $10–20k + readiness; ~$5k/yr surveillance) | Scale |
| HIPAA assessment + BAA | Healthcare-serving MSPs (no formal certificate exists) | $10k–25k | Scale |
| Microsoft 365 Certification | Marketplace trust badge and co-sell | $10k–20k (approved assessor) | Scale |
Launch-critical compliance: roughly $30k–65k (SOC 2 Type II, penetration test, DPA) unlocks the first wave of paying MSPs. Full programme across all six lines lands near $70k–135k over years one and two.
The ask
The build is behind us. What remains is trust, distribution, and a small team to carry scale. This round converts a finished product into a compliant, revenue-generating business.
Target · pre-seed
$500k
Twelve to eighteen months of runway: SOC 2, public launch, and the first ~10 to 15 paying MSPs, with a clear line to break-even at ~18 to 25.
Use of funds