[CONTENT]
$
USD
Total Economic Impact
Cost Savings And Business Benefits Enabled By Microsoft Entra Suite
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY Microsoft, JULY 2025
Total Economic Impact
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY Microsoft, JULY 2025
In today’s AI-driven, cloud-first world, organizations face mounting pressure to secure access across a growing number of identities, devices, and applications — both on-premises and in the cloud. As identity and network become the first line of defense, many security teams still operate in silos, using disconnected tools and policies that create security gaps and operational inefficiencies. To address these challenges, organizations are increasingly adopting unified Zero Trust strategies that converge identity and network access into a single, consistent policy framework.
The Microsoft Entra Suite is a complete Zero Trust access solution that empowers employees to securely connect to any cloud or on-premises app, resource, or AI — whether within the corporate network or from the open internet. By converging identity protection, identity governance, identity verification, and security service edge (SSE), the suite enables consistent, granular access controls across workforce identities, endpoints, apps, and networks. The following table lists the Entra Suite products and descriptions of their functions:
| Microsoft Entra Suite Products | Function |
|---|---|
| Microsoft Entra ID Governance | Enforce least-privilege access for any user |
| Microsoft Entra ID Protection | Prevent identity compromise for users and sign-ins in real time with risk-based access policies |
| Microsoft Entra Private Access | Replace VPNs and add MFA and Conditional Access to your private resources |
| Microsoft Entra Internet Access | Have secure access to GenAI, SaaS, and internet resources |
| Microsoft Entra Verified ID | Verify identities in real time in a privacy-respecting way |
Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Microsoft Entra Suite.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of the solution on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed 10 decision-makers and surveyed 119 respondents with experience using the Microsoft Entra Suite. For the purposes of this study, Forrester aggregated the experiences of the interviewees and survey respondents and combined the results into a single composite organization that is a global enterprise with 85,000 employees and $28 billion in annual revenue operating in highly regulated industries.
Interviewees said that prior to using the Microsoft Entra Suite, their organizations relied on several identity tools, manual provisioning processes, traditional VPNs, and other network security solutions, such as firewalls and secure web gateways, to manage access. Despite prior attempts to consolidate solutions, these efforts yielded limited success, leaving them with inconsistent security enforcement, high operational overhead, and poor user experiences. Access policies were often fragmented across systems, leading to inconsistent enforcement and gaps in coverage across cloud and on-premises resources. These limitations led to increased risk exposure, compliance challenges, and inefficiencies in user onboarding and access management.
After investing in the Microsoft Entra Suite, interviewees described gaining a unified identity platform that streamlined access workflows, enhanced their overall security posture, and delivered a smoother user experience across hybrid environments. They reported improvements in user onboarding and access provisioning along with a noticeable reduction in identity-related risks and operational inefficiencies.
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Cost savings from vendor consolidation worth $1.2 million over three years. Prior to adopting the Microsoft Entra Suite, the composite organization relied on an average of three to five identity and access management (IAM), virtual private network (VPN), and security tools from different vendors, resulting in overlapping functionality and high licensing and support costs. By consolidating these capabilities, the composite organization eliminates redundant tools and realizes $500,000 in annual savings through reduced vendor contracts, simplified integration, and reallocated engineering resources. These savings are sustained over three years as Microsoft Entra Suite serves as the unified identity platform.
Improved security posture that reduces risk exposure worth $535,000 over three years. Before adopting the Microsoft Entra Suite, the composite organization faced an estimated annual risk exposure of $844,000 from identity-based threats, such as phishing, insider attacks, and unauthorized access. By implementing Microsoft Entra ID Protection – leveraging risk-based conditional access, multifactor authentication (MFA), and unified signals across identity and network access – the organization reduces this exposure by 30%, strengthening its overall security posture and saving $535,000 over three years. These improvements are driven by the consolidation of tools, reduction in integration gaps, and better visibility across its security landscape.
Reduced IAM resource requirements for tool management worth $1.5 million over three years. Prior to adopting the Microsoft Entra Suite, the composite organization relied on five full-time IAM engineers to manage a complex mix of three to five identity and access tools. While vendor consolidation reduced external costs, the internal impact was equally significant: By unifying identity operations under a single platform, the composite organization reduces engineering time required for tool maintenance and integration by 80%. This frees up internal resources to focus on higher-value initiatives, such as automation, governance, and security policy development. These operational efficiencies are sustained throughout the three-year period.
IT time savings with faster user onboarding worth $2.7 million over three years. Prior to adopting Microsoft Entra Suite, onboarding a new hire, including identity verification, account setup, and initial access provisioning, required IAM specialists to spend approximately 120 minutes per employee. This estimate, based on interviewee input, reflects a high-volume hiring scenario and may vary by organization. During onboarding, Verified ID streamlines identity verification for the composite’s new hires, enabling faster, more secure access setup. By leveraging Microsoft Entra Suite’s accelerated access setup and automated lifecycle workflows, the composite organization cuts user onboarding time by 75%. This results in IT time savings by reducing manual account creation, access configuration, and approval coordination and freeing up identity admins to focus on higher-value tasks.
IT time savings with faster ongoing user access management worth $4.6 million over three years. Previously, IAM specialists at the composite spent about 90 minutes per ongoing user access management task, handling close to 25,000 such tasks each year due to role or responsibility changes. With the Microsoft Entra Suite, the composite organization achieves an 80% reduction in ongoing user access management time through policy-driven access management and workflow automation. This includes faster execution of role changes, entitlement updates, and deprovisioning, which previously required manual coordination across systems. By automating these workflows, the composite’s IT teams reduce administrative overhead and improve responsiveness to access needs across the organization.
Avoided cost from reduced password-related help desk tickets worth $2.6 million over three years. Before implementing the Microsoft Entra Suite, the composite organization handled approximately 80,000 password-related help desk tickets annually, creating a significant operational burden. With the introduction of passwordless authentication and risk-based conditional access in ID Protection, ticket volume drops by 90% as users encounter fewer authentication issues and require less IT support. This reduction frees up IT resources and improves overall user productivity.
Savings from VPN license reduction worth $680,000 over three years. Before implementing Microsoft Entra Suite, the composite organization supported 20,000 users with VPN access, incurring an average annual cost of $24 per user. With Microsoft Entra Suite’s Private Access capabilities, the composite organization reduces VPN license requirements by 60%, replacing traditional VPN infrastructure with identity-centric Zero Trust network access. This shift eliminates most VPN-related costs and sustains savings over the three-year analysis period. In addition to cost savings, the move to Microsoft Entra Private Access enhances security by reducing reliance on perimeter-based controls and limiting lateral movement within the network.
Compliance and audit savings worth $709,000 over three years. Prior to implementing the Microsoft Entra Suite, the composite organization spent approximately $2 million annually on compliance- and audit-related activities, including manual access reviews and external consulting. With Microsoft Entra Suite’s automated governance, access reviews, and reporting capabilities, the composite organization reduces these costs by 15%, streamlining audit preparation and improving regulatory alignment. These efficiencies are sustained over three years, driven by faster audit cycles, reduced manual effort, and improved audit readiness.
Unquantified benefits. Benefits that provide value for the interviewees’ organizations but are not quantified for this study include:
Enhanced user experience and productivity. The adoption of single sign-on and adaptive multifactor authentication improved the user experience across devices and locations. Interviewees noted that these features supported hybrid work models at their organizations by minimizing login issues and enabling faster, more secure access to applications.
Improved security and productivity with Private Access and Internet Access. Interviewees said that by unifying identity and network access through Microsoft Entra’s Global Secure Access (GSA), their organizations are seeing improved productivity, security, and operational agility. Microsoft Entra Internet Access enables secure, direct connectivity to SaaS and internet resources without relying on traditional secure web gateways, streamlining user experiences and reducing complexity. Even among organizations still in early deployment stages, many prioritize it for its ability to extend Conditional Access policies to internet destinations and consolidate standalone SASE solutions. Meanwhile, Microsoft Entra Private Access replaces legacy VPN infrastructure, which enhances secure remote access and simplifies IT operations. Interviewees reported reduced friction for end users, lower licensing and support costs, and greater agility – all outcomes of a more integrated, identity-aware network access strategy.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
Initial deployment costs that total $30,000. The composite organization incurs an implementation cost of $30,000, which includes configuration, initial training, and deployment services.
The Microsoft Entra Suite license fees that total $7.7 million. The composite organization licenses Microsoft Entra Suite for 24,000 users annually. A standard subscription rate per user per year is assumed, resulting in an annual cost of $2,491,200. Pricing assumptions are based on publicly available list prices and validated through interviewee input. Further details on licensing context are provided in the assumptions section of this study.
Ongoing management effort that totals $25,000. The composite organization incurs minimal ongoing effort to manage Microsoft Entra Suite. Once deployed, the solution requires only light-touch oversight, with most identity and access processes running through automated workflows.
The financial analysis based on interviews and survey results found that a composite organization experiences benefits of $14.4 million over three years versus costs of $6.2 million, adding up to a net present value (NPV) of $8.2 million and an ROI of 131%.
Return on investment (ROI)
Benefits PV
Net present value (NPV)
Payback
| Role | Industry | Region | Annual Revenue | Employees |
|---|---|---|---|---|
| Group chief information security officer | Retail | United Kingdom | $28B | 135,000 |
| Chief financial officer and VP strategy | Technology | Global | $62B | 290,000 |
| Chief information officer | Government | United States | N/A | 18,000 |
| Head of software and IT | Technology | United States | $7M | 90 |
| Vice president, software, cloud, and services | IT services | Global | $30B | 140,000 |
| Chief information security officer | Security services | Global | $1B | 10,000 |
| IT senior manager | Insurance | United States | $75B | 66,000 |
| Director of identity and access management | IT services | United States | $45M | 150 |
| Chief information officer | Metals and mining | Global | $25B | 28,500 |
| Staff engineer, cybersecurity IAM | Financial services | United States | Not reported | 2,500 |
Prior to investing in Microsoft Entra Suite, interviewees noted their organizations relied on a patchwork of legacy IAM, network security, and governance tools as well as a variety of ad hoc, manual processes. These approaches were often inefficient, fragmented, and difficult to scale, particularly in environments with remote workers, external contractors, and heightened compliance requirements. The lack of centralized identity governance and automation led to operational bottlenecks, security vulnerabilities, and poor user experiences.
Interviewees and survey respondents noted how their organizations struggled with common challenges, including:
Inefficient access control for remote users. The interviewees said their organizations relied on manual VPN provisioning processes that could take up to a week to complete. This delay created operational inefficiencies, especially for remote workers and contractors, and introduced compliance risks due to inconsistent access management.
Frequent security incidents due to unauthorized access. Interviewees reported incidents involving rogue employees retaining access to critical systems, which led to business disruptions and financial losses. The absence of a unified identity platform increased the likelihood of security breaches and made it difficult to enforce least-privilege access policies.
Fragmented IAM tools and systems. Many interviewees’ organizations used multiple disconnected network security and identity governance and administration (IGA) tools for identity and access management. This fragmentation led to integration challenges, higher IT costs, and gaps in security coverage, making it difficult to maintain a consistent and secure environment.
Manual and error-prone compliance processes. Ensuring compliance with industry regulations was burdensome for the interviewees’ organizations due to the lack of automated identity governance. Access reviews and audit preparations were time-consuming and prone to human error, increasing the risk of noncompliance.
Operational inefficiencies in user lifecycle management. Interviewees noted that manual provisioning and deprovisioning processes consumed significant IT resources. Their organizations faced high operational costs and delays in onboarding and offboarding users, which impacted productivity and security.
Poor user experience and productivity loss. Employees were required to manage multiple logins and rely on traditional VPNs, leading to frequent login issues and slow access to applications. This negatively affected user satisfaction, led to security issues, and reduced overall productivity.
The interviewees and survey respondents searched for a solution that could:
Enhance identity security with robust threat protection. Interviewees’ organizations sought to strengthen their security posture by implementing advanced identity protection measures, including risk-based authentication and continuous threat monitoring.
Automate identity lifecycle management and ensure compliance. Interviewees emphasized the need for automated governance capabilities to streamline access reviews, provisioning, and deprovisioning, while also supporting adherence to regulatory requirements.
Reduce IT costs through tool consolidation. Many interviewees said their organizations aimed to eliminate redundant legacy systems such as VPNs and standalone IAM tools, thereby reducing licensing, maintenance, and operational costs.
Implement Zero Trust network access. There was a strong desire amongst the interviewees to move away from traditional VPNs in favor of a Zero Trust model that would provide secure, dynamic access for remote users.
Improve productivity and user experience. Survey respondents looked for solutions that could reduce time spent on password resets and login issues while enabling seamless access to applications through single sign-on and risk-based conditional access.
Support managed security services and business growth. Some interviewees, particularly in IT services, said their organizations sought to leverage the solution to offer managed security services to clients, creating new revenue opportunities.
After a request for proposal (RFP) and business case process evaluating multiple vendors, the interviewees’ organizations chose the Microsoft Entra Suite and began deployment.
Most interviewees’ organizations adopted a phased deployment approach, initially rolling out the solution to a subset of users before expanding organizationwide.
Deployment typically began with high-priority user groups or regions and scaled to full coverage over time, aligning with internal readiness and compliance milestones.
Based on the interviews and survey, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The composite organization is a global, multibillion-dollar enterprise operating across highly regulated industries including retail, financial services, government, and technology. It supports a hybrid workforce of 50,000 employees and 85,000 total users. The composite delivers critical services across multiple regions and maintains a complex IT environment with both cloud-native and on-premises applications. Prior to adopting the Microsoft Entra Suite, it relied on a fragmented set of IAM tools, legacy VPNs, and manual governance processes, which led to operational inefficiencies, security risks, and compliance challenges.
Deployment characteristics. The composite organization begins using the Microsoft Entra Suite in Year 1 following a three- to six-month implementation period. The initial rollout focuses on high-priority user groups within IT and security and expands to the broader workforce by the end of Year 2. The deployment includes Microsoft Entra ID Protection, ID Governance, Verified ID, Private Access, and Internet Access. The composite phases out legacy VPN and IAM tools, integrates the Microsoft Entra Suite with existing Microsoft infrastructure, and automates identity lifecycle management across all business units. By Year 3, the solution is fully deployed across all geographies and user types, including remote workers. External users should not be included in the total user count for licensing or deployment assumptions as external users are not licensed through the Microsoft Entra Suite.
$28 billion in annual revenue
85,000 total users
Global operations across highly regulated industries
Hybrid IT environment with both cloud-native and on-premises applications
| Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|
| Atr | Cost savings from vendor consolidation | $475,000 | $475,000 | $475,000 | $1,425,000 | $1,181,255 |
| Btr | Improved security posture | $215,220 | $215,220 | $215,220 | $645,660 | $535,220 |
| Ctr | Reduced IAM engineers’ effort managing tools | $589,000 | $589,000 | $589,000 | $1,767,000 | $1,464,756 |
| Dtr | IT time savings with faster user onboarding | $1,101,600 | $1,101,600 | $1,101,600 | $3,304,800 | $2,739,516 |
| Etr | IT time savings with faster ongoing user access management | $1,845,000 | $1,845,000 | $1,845,000 | $5,535,000 | $4,588,242 |
| Ftr | Avoided cost from reduced password-related help desk tickets | $1,026,000 | $1,026,000 | $1,026,000 | $3,078,000 | $2,551,510 |
| Gtr | Savings from VPN license reduction | $273,600 | $273,600 | $273,600 | $820,800 | $680,403 |
| Htr | Compliance and audit savings | $285,000 | $285,000 | $285,000 | $855,000 | $708,753 |
| Total benefits (risk-adjusted) | $5,810,420 | $5,810,420 | $5,810,420 | $17,431,260 | $14,449,655 |
Evidence and data. Interviewees from organizations that previously used multiple IAM and security tools reported significant cost savings by consolidating onto the Microsoft Entra Suite.
The chief financial officer and VP of strategy at a technology organization estimated annual savings of 10% to 15% from consolidating three separate tools into the Microsoft Entra Suite. According to the interviewee, “Overall savings we are roughly achieving is somewhere between 10% to 15% ... about a million-plus dollars on an annual basis.”
The chief information officer in government emphasized that consolidating tools reduced licensing and support costs while improving operational efficiency, noting, “I don’t have to have as many tools because they’re providing all of that.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Prior to implementing the Microsoft Entra Suite, the composite organization uses multiple IAM, VPN, and security tools from different vendors. These include solutions for authentication, governance, secure access, and endpoint protection.
By consolidating these capabilities into the Microsoft Entra Suite, the composite eliminates redundant tools and associated licensing, support, and integration costs. This assumption is based on interviewees’ reports of retiring two to three major tools and reallocating engineering resources previously dedicated to managing them.
The composite realizes $500,000 in annual savings from vendor consolidation. This figure reflects the avoided costs of maintaining separate contracts, managing disparate systems, and supporting overlapping functionalities.
These savings are consistent across all three years of the analysis, as the organization continues to rely on the Microsoft Entra Suite as its unified identity platform.
Risks. The value of this benefit can vary across organizations due to the following:
Existing long-term vendor contracts. Organizations with multiyear agreements or bundled licensing with existing IAM or security vendors may face delays or penalties when transitioning to a consolidated platform.
Incomplete tool decommissioning. If legacy tools are retained for specific use cases or user groups, the full cost savings from consolidation may not be realized.
Overlapping functionality with other enterprise platforms. Organizations using other enterprise suites may experience redundancy, reducing the net financial benefit of consolidating.
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.2 million.
Reduction in IAM and security-related costs by retiring legacy tools and consolidating onto Microsoft Entra Suite
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| A1 | Cost savings from vendor consolidation | Composite | $500,000 | $500,000 | $500,000 | |
| At | Cost savings from vendor consolidation | A1 | $500,000 | $500,000 | $500,000 | |
| Risk adjustment | ↓5% | |||||
| Atr | Cost savings from vendor consolidation (risk-adjusted) | $475,000 | $475,000 | $475,000 | ||
| Three-year total: $1,425,000 | Three-year present value: $1,181,255 | |||||
Evidence and data. Interviewees reported that the Microsoft Entra Suite improved their organizations’ security posture by enabling Zero Trust access, reducing unauthorized access, and enhancing visibility into user behavior.
The chief financial officer and VP of strategy at a technology company emphasized that consolidating tools into a unified platform reduced integration gaps and improved overall security: “Security posture is definitely better. … There was always that risk that something can be lost in translation when combining different types of tools.”
The vice president of software, cloud, and services at an IT services organization cited measurable improvements in phishing and insider threat mitigation, stating, “[We saw] 30% fewer successful phishing attempts [and a] 40% reduction in unauthorized privilege access.”
The chief information officer in government noted that the Microsoft Entra Suite enabled better visibility and reduced lateral movement risks: “We’re going to eliminate more of the lateral movements [and] we’re going to have better visibility. … [We’re] going to lower [the] risk of breach.”
The IT senior manager at an insurance organization reported a 20% to 25% reduction in security incidents after implementing ID Protection. This was attributed to risk-based conditional access, multifactor authentication (MFA), and machine learning capabilities that identify compromised accounts and automate remediation.
The head of software and IT at a technology organization shared that five engineers previously dedicated to managing internal IAM tools were reduced to one, with others reassigned to higher-value work. They told Forrester, “We had about five engineers dedicated to that. … Now, [we have] just one.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization has an estimated annual risk exposure of $844,000 related to identity-based security threats, including phishing, insider threats, and unauthorized access.2 This estimate is based on industry research and validated by interviewee feedback regarding the scale and nature of security incidents prior to implementing the Microsoft Entra Suite.
With implementation, the composite reduces its security-related risk exposure by 30%. This assumption reflects interviewees’ reports of improved visibility, stronger access controls, and reduced lateral movement due to Zero Trust architecture and risk-based conditional access.
The reduction in risk exposure is consistent across all three years of the analysis as the composite organization continues to leverage Microsoft Entra Suite’s identity protection, governance, and access management capabilities.
Risks. The value of this benefit can vary across organizations due to the following:
Differences in baseline security maturity. Organizations with already mature security programs and strong identity controls may realize smaller incremental improvements from Microsoft Entra Suite.
Incomplete deployment of Zero Trust capabilities. If the organization does not fully implement Zero Trust features, such as conditional access, risk-based authentication, and continuous monitoring, the reduction in risk exposure may be limited.
Delayed decommissioning of legacy systems. Continued reliance on legacy IAM or VPN solutions may introduce residual vulnerabilities, reducing the overall impact of Microsoft Entra Suite on the organization’s security posture.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV of $535,000.
Reduction in identity-related risk exposure through conditional access and identity protection
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| B1 | Estimated annual risk exposure addressable with Microsoft Entra Suite | Research data | $844,000 | $844,000 | $844,000 | |
| B2 | Percent reduction in security costs after Microsoft Entra Suite | Interviews | 30% | 30% | 30% | |
| Bt | Improved security posture | B1*B2 | $253,200 | $253,200 | $253,200 | |
| Risk adjustment | ↓15% | |||||
| Btr | Improved security posture (risk-adjusted) | $215,220 | $215,220 | $215,220 | ||
| Three-year total: $645,660 | Three-year present value: $535,220 | |||||
Evidence and data. Interviewees described how managing multiple IAM tools created unnecessary complexity and consumed valuable engineering time. Microsoft Entra Suite’s unified platform reduced the number of tools and manual processes required to manage identity and access at the interviewees’ organizations.
Chief financial officer and VP of strategy at a technology organization shared that consolidating tools into the Microsoft Entra Suite reduced the need for internal and external resources to manage integrations and IAM operations. They told Forrester: “We don’t have to have internal people as well as external consultants working on integration-related issues. We can free up our own capabilities for doing more client-level work.”
The vice president of software, cloud, and services in IT services told Forrester that that Microsoft Entra Suite eliminated their organization’s need for multiple legacy IAM tools, reducing IT overhead and simplifying operations, explaining, “We are expecting cost savings of somewhere between 40% or 50%.”
This benefit reflects time saved from managing and maintaining multiple IAM tools, not the time spent on user-specific access tasks, which are captured separately under onboarding and access management.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization employs five full-time IAM engineers to manage identity and access tools prior to implementing Microsoft Entra Suite. This reflects the staffing levels reported by interviewees supporting large, complex IAM environments with multiple legacy systems.
The composite reduces the number of IAM engineers required to manage tools by 80%. This assumption is based on interviewees’ reports of significant reductions in manual effort and tool complexity following consolidation onto a single platform.
The average fully burdened annual salary for an IAM engineer is $155,000. This figure is derived from industry benchmarks and validated by interviewee estimates.
The reduction in engineering effort is sustained over the three-year analysis period.
Risks. The value of this benefit can vary across organizations due to the following:
Variability in preexisting IAM tool complexity. Organizations with fewer or more integrated IAM tools prior to adopting Microsoft Entra Suite may realize less dramatic reductions in engineering effort.
Partial deployment or limited feature adoption. If Microsoft Entra Suite is not fully deployed across all user groups or if key features, such as automation and centralized policy management, are underutilized, the reduction in engineering workload may be lower.
Continued reliance on legacy systems. Organizations that maintain legacy IAM systems may still require dedicated engineering resources to manage those tools, limiting the overall reduction in effort.
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.5 million.
Reduction in IAM engineering effort by consolidating tools and automating identity workflows
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| C1 | IAM engineers managing tools for groups now using Microsoft Entra Suite | Composite | 5 | 5 | 5 | |
| C2 | Percent reduction in IAM engineers managing tools | Interviews | 80% | 80% | 80% | |
| C3 | IAM engineers managing tools after Microsoft Entra Suite | C1*(1-C2) | 1 | 1 | 1 | |
| C4 | Reduced number of IAM engineer FTEs managing tools | C1-C3 | 4 | 4 | 4 | |
| C5 | Fully burdened annual salary for an IAM engineer FTE managing tools | Research data | $155,000 | $155,000 | $155,000 | |
| Ct | Reduced IAM resource requirements for tool management | C4*C5 | $620,000 | $620,000 | $620,000 | |
| Risk adjustment | ↓5% | |||||
| Ctr | Reduced IAM resource requirements for tool management (risk-adjusted) | $589,000 | $589,000 | $589,000 | ||
| Three-year total: $1,767,000 | Three-year present value: $1,464,756 | |||||
Evidence and data. Interviewees shared that onboarding users was previously a manual, time-consuming process. They noted that Microsoft Entra Suite’s automation capabilities significantly reduced the time required to grant access and configure user environments for new employees.
The head of software and IT at a technology company described how onboarding time dropped from several hours to under 30 minutes per user after implementing Microsoft Entra Suite. They told Forrester: “We used to spend like 3 [or] 4 hours just onboarding them. … It’s 20 or 30 minutes now. That’s like 90% faster for us.”
Verified ID also contributed to a more intuitive and streamlined onboarding experience for internal users. The chief financial officer and VP of strategy at a technology organization noted: “Now it’s only one single onboarding where we can explain like the tool, how to use it, and what it does and stuff like that. It’s intuitive as well because most of the [new] employees who are coming to our business are quite familiar with Microsoft environment.” This reduction in onboarding complexity, combined with Verified ID’s identity verification capabilities, helped accelerate time to productivity for new hires and reduce the need for redundant training.
The vice president of software, cloud, and services at an IT services organization talked about a 50% reduction in user onboarding time.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Prior to implementing the Microsoft Entra Suite, identity admins spend an average of 2 hours onboarding each new employee. This estimate reflects the manual nature of legacy processes, including account creation, access configuration, and approvals.
With the Microsoft Entra Suite in place, the composite reduces onboarding time by 75%.
The fully burdened hourly rate for an identity admin is $68. This figure is derived from industry benchmarks and validated by interviewee input.
This benefit focuses on user-level access workflows, such as onboarding and role changes, rather than platform-level tool management.
Risks. The value of this benefit can vary across organizations due to the following:
Variability in onboarding process complexity. Organizations with simpler or already partially automated onboarding processes may realize smaller time savings compared to those with highly manual workflows.
Inconsistent adoption of automation features. If the composite does not fully implement the Microsoft Entra Suite’s automation or integrate it with HR and IT service management (ITSM) systems, the time savings may be limited.
High variability in onboarding volume. Organizations with fluctuating hiring patterns or seasonal onboarding spikes may experience inconsistent benefit realization year over year.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.7 million.
Reduction in onboarding time
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| D1 | Average identity admin time spent onboarding an employee (minutes) | Composite | 120 | 120 | 120 | |
| D2 | Percent reduction in onboarding time | Interviews | 75% | 75% | 75% | |
| D3 | Average identity admin time spent onboarding an employee after Entra (minutes) | D1*(1-D2) | 30 | 30 | 30 | |
| D4 | Reduction in user onboarding time (minutes) | D1-D3 | 90 | 90 | 90 | |
| D5 | Fully burdened hourly rate for an identity admin | Research data | $68 | $68 | $68 | |
| D6 | Savings per onboarding task | D4*D5/60 | $102 | $102 | $102 | |
| D7 | Average number of employees onboarded each year | Composite | 12,000 | 12,000 | 12,000 | |
| Dt | IT time savings with faster onboarding | D6*D7 | $1,224,000 | $1,224,000 | $1,224,000 | |
| Risk adjustment | ↓10% | |||||
| Dtr | IT time savings with faster onboarding (risk-adjusted) | $1,101,600 | $1,101,600 | $1,101,600 | ||
| Three-year total: $3,304,800 | Three-year present value: $2,739,516 | |||||
Evidence and data. Interviewees reported that managing user access — such as role changes, entitlement updates, and deprovisioning — was previously time-consuming and error-prone, often requiring manual coordination across systems. With Microsoft Entra Suite’s automated lifecycle workflows and access reviews, the interviewees’ organizations reduced the time spent on these tasks by up to 80%. The vice president of software, cloud, and services at an IT services organization noted significant improvements, stating: ”User access provisioning has a 50% time savings. Approvals for privileged access change requests are now 40% to 50% faster.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization conducts approximately 25,000 employee ongoing user access management tasks per year. This includes role changes and access updates across a large, distributed workforce. There is overlap as some onboarded employees may change roles in the same year, and some existing employees may change roles or responsibilities multiple times in the same year.
Prior to implementing the Microsoft Entra Suite, IAM specialists spend an average of 90 minutes per ongoing user access management task. This estimate reflects the manual nature of legacy processes, including account creation, access configuration, and approvals.
With Microsoft Entra Suite in place, the composite reduces ongoing user access management time by 80%. This assumption is based on interviewees’ reports of significant time savings due to automation, policy-based access, and streamlined workflows.
This benefit focuses on user-level access workflows, such as ongoing user access management and role changes, rather than platform-level tool management.
Risks. The value of this benefit can vary across organizations due to the following:
Variability in process complexity. Organizations with simpler or already partially automated ongoing user access management processes may realize smaller time savings compared to those with highly manual workflows.
Inconsistent adoption of automation features. If the organization does not fully implement ongoing user access management automation or integrate it with HR and ITSM systems, the time savings may be limited.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $4.6 million.
Reduction in ongoing user access management task time
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| E1 | Average IAM specialist time spent on an employee ongoing user access management task (minutes) | Composite | 90 | 90 | 90 | |
| E2 | Percent reduction in ongoing user access management time | Interviews | 80% | 80% | 80% | |
| E3 | Average IAM specialist time spent on an ongoing user access management task after Entra (minutes) | E1*(1-E2) | 18 | 18 | 18 | |
| E4 | Reduction in ongoing user access management time (minutes) | E1-E3 | 72 | 72 | 72 | |
| E5 | Fully burdened hourly rate for an IAM specialist | Research data | $68 | $68 | $68 | |
| E6 | Savings per ongoing user access management task | E4*E5/60 | $82 | $82 | $82 | |
| E7 | Average number of employee ongoing user access management tasks each year | Composite | 25,000 | 25,000 | 25,000 | |
| Et | IT time savings with faster ongoing user access management | E6*E7 | $2,050,000 | $2,050,000 | $2,050,000 | |
| Risk adjustment | ↓10% | |||||
| Etr | IT time savings with faster ongoing user access management (risk-adjusted) | $1,845,000 | $1,845,000 | $1,845,000 | ||
| Three-year total: $5,535,000 | Three-year present value: $4,588,242 | |||||
Evidence and data. Interviewees described how password-related help desk tickets were a persistent and costly issue prior to implementing Microsoft Entra Suite. The introduction of self-service password reset (SSPR), passwordless authentication, and risk-based conditional access through Microsoft Entra Suite reduced the volume of these tickets.
The staff engineer of cybersecurity IAM told Forrester that their financial services organization had implemented self-service password reset, multiple authentication methods, and conditional access policies. These changes led to a substantial reduction in password reset and MFA-related help desk tickets over the past few years. They said, “The quantity of tickets for password resets and reregistering like authenticators and authentication method for MFA … have reduced drastically over the last couple years.”
The director of identity and access management in IT services explained that their organization had moved toward a passwordless experience and enforced SSPR enrollment with multiple verification methods. This approach eliminated the need for help desk involvement in most password reset scenarios. The interviewee noted, “We generally have very, very few password reset tickets overall because users … have now migrated to more of a passwordless experience holistically.” This interviewee’s organization required users to pre-enroll in at least two of three authentication methods (device, phone number, or external email), enabling secure and independent password resets. They told Forrester, “[The] help desk doesn’t have to get involved in password resets for users and things like that.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Prior to implementing Microsoft Entra Suite, the composite organization experienced approximately 80,000 password-related help desk tickets annually. This estimate is based on the volume of tickets reported by interviewees across large, distributed enterprises with hybrid workforces.
With the implementation of Microsoft Entra Suite, including self-service password reset (SSPR), passwordless authentication, and risk-based conditional access, the composite reduces password-related help desk tickets by 90%. This assumption reflects the consistent feedback from interviewees who reported significant declines in password reset incidents after deployment.
The average cost to resolve a password-related help desk ticket is $15. This figure includes labor, overhead, and time lost due to user downtime and is consistent with industry benchmarks and interviewee estimates.
The reduction in ticket volume and associated support costs is sustained across all three years of the analysis as the Microsoft Entra Suite capabilities remain in place and fully adopted by the user base.
Risks. The value of this benefit can vary across organizations due to the following:
Incomplete user adoption of SSPR. If users do not fully enroll in or utilize SSPR features, password reset requests may continue to be routed to the help desk, limiting the potential reduction in ticket volume.
Inconsistent enforcement of passwordless or multifactor authentication policies. Organizations that do not standardize authentication policies across all user groups may experience uneven reductions in password-related incidents.
Legacy systems or applications require traditional password workflows. Environments with older applications that do not support modern authentication methods may still generate password-related support needs, reducing the overall impact of Entra Suite.
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.6 million.
Reduction in password-related help desk tickets due to self-service password reset, SSO, and MFA
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| F1 | Annual password-related help desk tickets | Composite | 80,000 | 80,000 | 80,000 | |
| F2 | Percent reduction in password-related help desk tickets as result of Entra Suite | Interviews | 90% | 90% | 90% | |
| F3 | Help desk tickets after Entra Suite | F1*(1-F2) | 8,000 | 8,000 | 8,000 | |
| F4 | Help desk ticket reduction as result of Entra Suite | F1-F3 | 72,000 | 72,000 | 72,000 | |
| F5 | Average cost to resolve each help desk ticket | Composite | $15 | $15 | $15 | |
| Ft | Avoided cost from reduced password-related help desk tickets | F4*F5 | $1,080,000 | $1,080,000 | $1,080,000 | |
| Risk adjustment | ↓5% | |||||
| Ftr | Avoided cost from reduced password-related help desk tickets (risk-adjusted) | $1,026,000 | $1,026,000 | $1,026,000 | ||
| Three-year total: $3,078,000 | Three-year present value: $2,551,510 | |||||
Evidence and data. Interviewees reported that Microsoft Entra Suite’s private access capabilities allowed them to eliminate or significantly reduce VPN usage, leading to direct cost savings.
The chief information security officer at a security services organization confirmed that VPN license costs were eliminated entirely after deploying the Microsoft Entra Suite. They said, “We don’t have to buy VPN licenses for the firewalls … that goes away completely.”
The chief information officer in government estimated savings of $8 to $10 per user per month from replacing VPN and secure web gateway tools: “It is kind of like roughly [an average of] $45 per user per year. These were costs that we actually calculated.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization supports 20,000 users who previously required VPN access to connect to internal systems and applications. This includes remote employees and field personnel across global operations.
Prior to implementing the Microsoft Entra Suite, the composite organization incurred an average annual cost of $24 per user for VPN licensing. This estimate includes licensing fees for commercial VPN solutions and is consistent with interviewee-reported figures.
With the deployment of the Microsoft Entra Suite’s Private Access capability, the composite reduces its VPN license requirements by 60%. This assumption reflects interviewees’ experiences in replacing traditional VPN infrastructure with Zero Trust network access, eliminating the need for most VPN licenses.
The reduction in VPN licensing costs is sustained across all three years of the analysis as the organization continues to rely on Microsoft Entra Suite for secure remote access.
Risks. The value of this benefit can vary across organizations due to the following:
Partial replacement of VPN infrastructure. Some organizations may continue to use VPNs for specific legacy applications or user groups, limiting the extent of license reduction.
Delayed decommissioning of VPN tools. If organizations maintain VPN solutions in parallel with Microsoft Entra Suite during a phased transition, they may incur overlapping costs that reduce short-term savings.
Variability in VPN licensing models. Organizations with enterprise agreements or bundled licensing may not realize the same per-user savings as those with standalone VPN subscriptions.
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $680,000.
Reduction in VPN license costs by replacing traditional VPNs with Microsoft Entra Private Access
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| G1 | Average VPN price per user per year | Composite | $24 | $24 | $24 | |
| G2 | Average number of VPN users | Composite | 20,000 | 20,000 | 20,000 | |
| G3 | VPN license costs before Microsoft Entra Suite | G1*G2 | $480,000 | $480,000 | $480,000 | |
| G4 | Percent reduction in VPN license costs | Interviews | 60% | 60% | 60% | |
| G5 | VPN licenses costs after Microsoft Entra Suite | G3*(1-G4) | $192,000 | $192,000 | $192,000 | |
| Gt | Savings from VPN license reduction | G3-G5 | $288,000 | $288,000 | $288,000 | |
| Risk adjustment | ↓5% | |||||
| Gtr | Savings from VPN license reduction (risk-adjusted) | $273,600 | $273,600 | $273,600 | ||
| Three-year total: $820,800 | Three-year present value: $680,403 | |||||
Evidence and data. Interviewees described how Microsoft Entra Suite’s governance and access review capabilities streamlined compliance processes and reduced audit preparation time.
The staff engineer of cybersecurity IAM at a financial services organization noted that Microsoft Entra Suite helped close a previous audit finding and simplified quarterly access reviews, stating, “It has closed a finding that was out there previously … it’s really easy to pull that and attest to.”
The vice president of software, cloud, and services at an IT services organization reported a 50% reduction in compliance overhead and faster audit completion, noting, “Compliance audits [were] 50% faster [so we had a] 50% reduction in compliance overheads.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Prior to implementing the Microsoft Entra Suite, the composite organization spent approximately $2 million annually on compliance- and audit-related activities. This includes costs associated with manual access reviews, audit preparation, reporting, and external consulting support.
With the deployment of the Microsoft Entra Suite, the composite reduces compliance and audit costs by 15%. This assumption is based on interviewees’ reports of improved audit readiness, faster access certification processes, and reduced manual effort due to automated identity governance and reporting capabilities.
The reduction in compliance-related costs is consistent across all three years of the analysis as the organization continues to leverage Microsoft Entra Suite’s governance and reporting features to streamline audit workflows and maintain regulatory alignment.
Risks. The value of this benefit can vary across organizations due to the following:
Varying levels of regulatory complexity. Organizations operating in less regulated industries or regions may not experience the same level of cost savings from audit automation and compliance streamlining.
Incomplete adoption of governance features. If the organization does not fully implement the Microsoft Entra Suite’s identity governance capabilities, such as automated access reviews and entitlement management, the potential for audit and compliance savings may be reduced.
Continued reliance on manual processes. Organizations that maintain legacy compliance workflows or fail to integrate Microsoft Entra Suite with audit reporting systems may not fully realize the time and cost efficiencies associated with automation.
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $709,000.
Reduction in compliance and audit-related costs through automated access reviews and reporting
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| H1 | Compliance and audit spend before Microsoft Entra Suite | Composite | $2,000,000 | $2,000,000 | $2,000,000 | |
| H2 | Percent reduction in compliance and audit costs as a result of Microsoft Entra Suite | Interviews | 15% | 15% | 15% | |
| Ht | Compliance and audit savings | H1*H2 | $300,000 | $300,000 | $300,000 | |
| Risk adjustment | ↓5% | |||||
| Htr | Compliance and audit savings (risk-adjusted) | $285,000 | $285,000 | $285,000 | ||
| Three-year total: $855,000 | Three-year present value: $708,753 | |||||
Interviewees and survey respondents mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Enhanced user experience and productivity. Single sign-on and adaptive MFA provided a consistent and secure experience across devices and locations. This was especially valuable in hybrid work environments, where users benefited from fewer login issues and faster access to applications. The chief information security officer in security services told Forrester: “The feedback from users has been overwhelmingly positive. They appreciate the seamless experience and the ability to work as if they are in the office, regardless of their location.”
Improved security and productivity with Private Access and Internet Access. Interviewees from organizations that adopted Microsoft Entra’s Global Secure Access solutions — including Internet Access and Private Access — reported significant gains in both user productivity and secure connectivity. With Microsoft Entra Internet Access, users experienced faster, more seamless access to SaaS and internet resources. One interviewee noted that their organization’s software engineers could “log in faster, commit faster, and stage platforms more efficiently.” Meanwhile, Microsoft Entra Private Access replaced legacy VPN infrastructure, enabling secure remote access while reducing friction for end users and simplifying IT operations. As one chief information security officer put it: “We eliminated most of our VPN licenses after rolling out Microsoft Entra Private Access. It’s more secure and far more cost-effective.”
The value of flexibility is unique to each customer. There are multiple scenarios in which an organization might implement the Microsoft Entra Suite and later realize additional uses and business opportunities, including:
Unified identity management simplifies operations and enhances scalability. Interviewees emphasized the value of consolidating fragmented identity and network access tools into a single suite. This unification reduced operational overhead and improved agility. The vice president of software, cloud, and services at an IT services organization said: “The automation of identity lifecycle management and the integration of various tools into one platform has led to significant operational efficiencies.”
Conditional access policies enable adaptive, real-time security. The ability to dynamically adjust access based on user behavior and risk levels allowed the interviewees’ organizations to enforce robust, context-aware security policies. The director of identity and access management at an IT services organization noted: “Dynamic Zero Trust access and multifactor authentication … improved efficiency, while fewer logins and better access tracking enhanced both user experience and compliance.”
Seamless integration supports growth and technology adoption. The Microsoft Entra Suite’s interoperability with Microsoft and third-party tools accelerated adoption and simplified identity management across environments. The chief financial officer and VP of strategy at a technology organization told Forrester: “Better integration with Microsoft tools improved security for remote work, simplified administration, and supported compliance with industry standards.”
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Total Economic Impact Approach).
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Itr | Initial deployment cost | $30,000 | $0 | $0 | $0 | $30,000 | $30,000 |
| Jtr | Microsoft Entra Suite license fees | $0 | $2,491,200 | $2,491,200 | $2,491,200 | $7,473,600 | $6,195,246 |
| Ktr | Ongoing management effort | $0 | $9,880 | $9,880 | $9,880 | $29,640 | $24,570 |
| Total costs (risk-adjusted) | $30,000 | $2,501,080 | $2,501,080 | $2,501,080 | $7,533,240 | $6,249,816 |
Evidence and data. Interviewees noted that initial deployment costs include implementation services, configuration, and initial training.
Modeling and assumptions. The model assumes that the deployment process is completed within the first year and does not require further investment. The composite estimates an initial deployment cost of $30,000. However, there may be cases in which additional Entra Suite products are added in subsequent years.
Results. This yields a three-year total PV of $30,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| I1 | Initial deployment cost | Composite | $30,000 | |||
| It | Initial deployment cost | I1 | $30,000 | $0 | $0 | $0 |
| Risk adjustment | 0% | |||||
| Itr | Initial deployment cost (risk-adjusted) | $30,000 | $0 | $0 | $0 | |
| Three-year total: $30,000 | Three-year present value: $30,000 | |||||
Evidence and data. Microsoft provided pricing data for the Microsoft Entra Suite. Most interviewees’ organizations already held an enterprise license for Microsoft M365 E5 that included access to Microsoft Entra ID P2 features. Those organizations purchased the Microsoft Entra Suite on top of ME5 licensing costs. Discounting may vary. Contact Microsoft for additional details.
Modeling and assumptions. Based on the interviews, Forrester assumes the composite organization deploys two Microsoft Entra Suite components in Years 1 through 3.
Results. This results in a three-year total PV (discounted at 10%) of $6.2 million.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| J1 | Entra Suite users | Composite | 24,000 | 24,000 | 24,000 | |
| J2 | Annual Microsoft Entra Suite subscription cost per user | Microsoft | $103.80 | $103.80 | $103.80 | |
| Jt | Microsoft Entra Suite license fees | J1*J2 | $0 | $2,491,200 | $2,491,200 | $2,491,200 |
| Risk adjustment | 0% | |||||
| Jtr | Microsoft Entra Suite license fees (risk-adjusted) | $0 | $2,491,200 | $2,491,200 | $2,491,200 | |
| Three-year total: $7,473,600 | Three-year present value: $6,195,246 | |||||
Evidence and data. Interviewees reported that ongoing management of Microsoft Entra Suite required minimal time investment. Survey responses aligned, indicating that administrative oversight was minimal.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Managers responsible for Entra Suite oversight dedicate 2 total hours per week to managing Microsoft Entra Suite.
This equates to 104 hours annually.
Based on research data, the fully burdened hourly salary of the manager responsible for Microsoft Entra Suite oversight is $95.
Results. The three-year total PV (discounted at 10%) is $25,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| K1 | Time spent each week managing Entra Suite (hours) | Composite | 2 | 2 | 2 | |
| K2 | Annual time spent managing Entra Suite (hours) | K1*52 | 104 | 104 | 104 | |
| K3 | Fully burdened hourly salary for a manager responsible for Entra Suite oversight | Research data | $95 | $95 | $95 | |
| Kt | Ongoing management effort | K2*K3 | $0 | $9,880 | $9,880 | $9,880 |
| Risk adjustment | 0% | |||||
| Ktr | Ongoing management effort (risk-adjusted) | $0 | $9,880 | $9,880 | $9,880 | |
| Three-year total: $29,640 | Three-year present value: $24,570 | |||||
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | ($30,000) | ($2,501,080) | ($2,501,080) | ($2,501,080) | ($7,533,240) | ($6,249,816) |
| Total benefits | $0 | $5,810,420 | $5,810,420 | $5,810,420 | $17,431,260 | $14,449,655 |
| Net benefits | ($30,000) | $3,309,340 | $3,309,340 | $3,309,340 | $9,898,020 | $8,199,839 |
| ROI | 131% | |||||
| Payback | <6 months |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
From the information provided in the interviews and survey, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Microsoft Entra Suite.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Microsoft Entra Suite can have on an organization.
Interviewed Microsoft stakeholders and Forrester analysts to gather data relative to Entra Suite.
Interviewed 10 decision-makers and surveyed 119 respondents at organizations using Microsoft Entra Suite to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ and survey respondents’ organizations.
Constructed a financial model representative of the interviews and survey using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees and survey respondents.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
| ROLE | |
|---|---|
| C-level executive | 13% |
| Vice president | 21% |
| Director | 30% |
| Manager | 36% |
| INDUSTRY | |
|---|---|
| Manufacturing and materials | 9% |
| Retail | 8% |
| Consumer product goods and/or manufacturing | 7% |
| Financial services and/or insurance | 7% |
| Technology and/or technology services | 7% |
| Telecommunications services | 7% |
| Construction | 6% |
| Energy, utilities, and/or waste management | 6% |
| Healthcare | 5% |
| Transportation and logistics | 5% |
| Travel and hospitality | 5% |
| Business or professional services | 4% |
| Advertising and/or marketing | 3% |
| Chemicals and/or metals | 3% |
| Electronics | 3% |
| Media and/or leisure | 3% |
| Consumer services | 3% |
| Education | 3% |
| Government | 3% |
| Agriculture, food, and/or beverage | 2% |
| Legal services | 2% |
| ANNUAL REVENUE | |
|---|---|
| >$5B | 29% |
| $1B to $5B | 17% |
| $500M to $999M | 22% |
| $400M to $499M | 13% |
| $300M to $399M | 19% |
Note: Percentages may not total 100 due to rounding.
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
2 Source: Forrester’s Security Survey, 2024.
Readers should be aware of the following:
This study is commissioned by Microsoft and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Microsoft Entra Suite. For any interactive functionality, the intent is for the questions to solicit inputs specific to a prospect’s business. Forrester believes that this analysis is representative of what companies may achieve with Microsoft Entra Suite based on the inputs provided and any assumptions made. Forrester does not endorse Microsoft or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, Microsoft and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The interactive tool is provided ‘AS IS,’ and Forrester and Microsoft make no warranties of any kind.
Microsoft reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Microsoft provided the customer names for the interviews but did not participate in the interviews.
Forrester fielded the double-blind survey using a third-party survey partner.
Roger Nauth
July 2025
ABOUT FORRESTER CONSULTING
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
https://mainstayadvisor.com/go/mainstay/gdpr/policy.html
PDF