The price of a stack: when adding vendors stops adding value

*The opening MSP scenario below is a composite, drawn from procurement-cycle interviews across a sample of South African MSPs in late 2025 and early 2026. Numbers throughout are illustrative; live quotes and currency conversion change with FX and contract terms.*

A South African MSP with 1,200 seats across nineteen tenants ran a procurement exercise in February. They had been on a stack of five vendors for the past three years — one for M365 backup, one for email security, one for DMARC, one for Entra protection, one for MSP billing — and the renewals were converging in the same quarter. The owner had been told, by every consolidated-platform vendor in the market, that they could save money by switching to a single platform. He wanted to know whether that was actually true for his book.

The procurement exercise took six weeks. The output was a forty-page model that answered, per tenant, whether consolidation reduced cost, increased cost, or was approximately neutral. The answer was different for different tenants. For roughly half, consolidation was clearly cheaper. For a smaller subset, it was clearly more expensive. For the rest, the math was within 5% — close enough that the operational arguments dominated the financial ones.

The MSP consolidated. Not because the platform was always cheaper, but because the analyst hours saved on operational reconciliation paid for the cases where it was more expensive. The math told the truth, and the truth was nuanced.

This article walks through that math. The numbers are in ZAR. The per-seat figures are illustrative — your renewal quote will be different — but the structure of the comparison is what matters. The structure tells you whether to consolidate or not, regardless of which vendor's pricing you plug in.

The five things every MSP needs to deliver M365 protection in 2026

The procurement question starts with the surface area. An MSP delivering competent M365 protection in 2026 has to provide five capabilities to its tenants:

**M365 backup** — Exchange, OneDrive, SharePoint, Teams. Item-level point-in-time restore. Long retention with regulatory templates. Per-tenant cryptographic isolation. Audit trail. Cost driver: per-seat, sometimes with storage overage.

**Email threat protection** — phishing detection, BEC, attachment scanning, URL detonation. Sender behavioural baselines. Click-time URL re-validation. Cost driver: per-seat. Add-ons for advanced detection.

**DMARC tooling** — record builder, aggregate report ingestion, sender posture, remediation guidance. Cost driver: usually per-domain, sometimes per-seat.

**Entra ID protection** — backup of directory and configuration, drift detection, Conditional Access simulation, identity threat detection. Cost driver: per-tenant, sometimes per-seat.

**MSP billing** — per-seat invoicing, recurring profiles, dunning, accounting integration, tenant-side payment. Cost driver: usually flat per-MSP plus per-tenant overage.

These are the five capabilities. There are sixth and seventh — phishing simulation, security awareness training, dark-web credential monitoring — but those are typically procurement-optional in 2026. The five above are what an MSP cannot deliver M365 services without.

The total cost is the sum of the five. The sum can be assembled in two ways.

The stack approach

The conventional approach is to assemble the stack from best-of-breed point products. Each product is selected for the specific capability it delivers; integration is achieved through APIs, webhooks, or — most commonly — manual reconciliation in operational dashboards.

The stack approach has real advantages. The MSP can choose the strongest product in each category. The MSP is not locked to a single vendor's roadmap. The MSP can swap individual products without disrupting the rest of the stack. The pricing is sometimes cheaper per capability because point-product vendors compete on a narrow surface.

A representative stack for a 500-seat tenant in 2026 might look like:

- M365 backup: ~R65–R110 per seat per month, depending on retention and feature tier - Email security: ~R50–R150 per seat per month, depending on detector breadth - DMARC: ~R30–R80 per domain per month, scaling with sender complexity - Entra protection: ~R45–R250 per tenant per month, with the upper end including drift detection and threat correlation - MSP billing: ~R3,500–R8,000 per MSP per month, plus per-tenant fees

For a 500-seat tenant under an MSP managing fifteen such tenants, the stack pricing assembles to somewhere between R140–R310 per seat per month for capabilities-only, before adding the MSP-level platform fees. The range is wide because the upper-end products in each category are 2–3× the lower-end products, and not every MSP needs the upper end on every capability.

These figures are deliberately illustrative. Actual quotes vary substantially by region, volume commitment, contract term, and salesperson incentive. The point is the structure: a stack accumulates per-seat charges across five capability categories, and the total compounds.

The hidden costs of stacking

The per-seat figures are the visible cost. The hidden costs are operational.

**Multiple audit chains.** Each product in the stack maintains its own audit log. An incident that spans email and identity — a compromised account that sent malicious mail — produces a forensic record split across two products' audit systems, with different timestamps, different actor identifiers, different export formats. The investigator has to reconcile the two by hand. For a regulator or auditor asking for an incident timeline, the reconciliation work is non-trivial.

**Multiple allow-lists.** A false positive on email security has to be corrected in the email product's allow-list. A false positive on URL detonation may be in a separate URL reputation list. A false positive on DMARC sender posture is in the DMARC product. The same legitimate sender that triggers all three has to be added to all three lists separately, often with different identifier formats. Analyst corrections do not propagate.

**Multiple alert queues.** The SOC analyst working the tenant has multiple dashboards open. An alert in one dashboard may be related to an alert in another, but the relationship has to be established by the analyst, not by the system. Alert fatigue scales with the number of dashboards.

**Multiple licensing surfaces.** Each product has its own per-seat or per-tenant licensing logic, its own renewal cycle, its own commercial-terms negotiation, its own price escalation. The MSP's procurement and finance teams spend more time on stack management than on customer acquisition.

**Integration drift.** APIs change. Webhooks deprecate. The integrations between products are maintained — by the MSP, not by the vendors — and the maintenance work compounds when any one product ships a breaking change.

For an MSP at 7,500 seats across fifteen tenants with mature operations, the hidden costs can be quantified. Industry observation suggests roughly 4–8 analyst hours per week per tenant of operational overhead specifically attributable to stack reconciliation. At loaded SA SOC analyst rates of approximately R450–R650 per hour, the operational overhead for fifteen tenants runs roughly R108,000–R312,000 per month. This is real money, and it does not show up on any product's invoice.

What single-vendor adds beyond price

A consolidated platform replaces stack reconciliation with a unified data model. The architectural changes that result are not cosmetic.

**One audit chain.** Every event — backup, restore, retention, threat verdict, identity change, billing action — lands in the same SHA-256-chained audit ledger. An investigator working an incident sees a single timeline. An auditor asking for a forensic export gets a single bundle with cross-referenced records.

**One allow-list, one deny-list.** An analyst correction to a verdict propagates across email, URL detonation, attachment scanning, DMARC sender posture, and threat-intel ingestion in a single write. A legitimate sender that was misclassified is corrected once. The propagation is automatic.

**One threat posture per tenant.** The tenant's overall security posture is computed from email signals, identity risk, dark-web exposure, backup integrity, and configuration drift, in a single tenant-wide scoring model.

**One licensing surface.** The MSP negotiates one renewal, manages one price escalation, processes one set of per-tenant changes. Per-seat math is per-tenant rather than per-product-per-tenant.

**One integration boundary.** The platform's external integrations — to the MSP's PSA, to the tenant's SIEM, to accounting systems, to identity providers — are maintained by the platform vendor as a single integration layer. Breaking changes are absorbed by the vendor; the MSP does not bear the maintenance cost.

The result is that the MSP runs operationally simpler infrastructure with fewer points of integration drift, lower analyst overhead, and a unified forensic surface. The cost saving from consolidation is not just the per-seat math; it is the operational hours that get redirected from reconciliation to customer-facing work.

VaultFuzion's pricing model — the structure

The platform's per-seat pricing is published. The structure is five base tiers plus optional add-ons, with USD as the canonical pricing unit and ZAR conversion at the prevailing rate at the time of invoice generation.

The five base tiers, per seat per month, month-to-month, with seat-range eligibility:

- **Starter — $2.50/seat** (1–9 seats). M365 backup (Exchange + OneDrive). Standard retention, item-level restore, hash-chained audit, POPIA compliance. - **Backup Pro — $4.50/seat** (10–99 seats). Adds SharePoint + Teams backup. Unlocks the security add-on marketplace — Live Email Security ($2.50/seat) cascade-grants the multi-engine email threat consensus and click-time URL detonation. Suitable for tenants whose primary risk is email and whose backup needs are standard. - **Pro-Heavy — $6.50/seat** (350–1,499 seats; 350-seat MCS billing floor). Adds Advanced Threat Detection (DistilBERT, Playwright sandbox, BEC graph, ATO bridge, ARC validation, password-protected archive extraction), DMARC suite + DMARC AI Copilot, EvidenceVault eDiscovery + Legal Holds, POPIA compliance scoring. - **Fortress — $9.99/seat** (350+ seats; 350-seat MCS, no upper ceiling). Pro-Heavy feature set plus the AI security suite (SentrE, RiskE, ResidU) bundled at the tier itself. Terminal tier — no per-seat add-on lift required to access the AI suite. - **Enterprise — $9.00/seat indicative starting price; custom-quoted from 1,500 seats.** Adds VentrAID 4-tier Entra protection (all four tiers included), white-label MSP branding, custom SLA, dedicated account management.

**MCS billing floors apply per-tenant.** Pro-Heavy bills at 350-seat MCS even if the tenant has fewer than 350 active seats; Fortress bills at 350-seat MCS likewise; Enterprise bills at 1,500-seat MCS as part of its custom-quoted structure. A tenant with 50 seats fits Backup Pro (no MCS, since Backup Pro caps at 99 seats); a tenant with 400 seats fits Pro-Heavy at its actual seat count; a tenant with 250 seats placed on Pro-Heavy bills at the 350 MCS floor.

Per-tenant add-ons (not per-seat): VentrAID ID Backup $35/tenant; ID Intelligence $75/tenant; ID Orchestration $150/tenant; ID Advanced $250/tenant.

Per-seat security add-ons: SentrE (LLM intent + social-graph banners + brand impersonation) $3/seat — available from Backup Pro tier; bundled at Fortress and Enterprise. RiskE (SaaS Security Posture Management) $2/seat — available from Backup Pro tier; bundled at Fortress and Enterprise. ResidU (dark-web credential intelligence) $2/seat — available from Backup Pro tier; bundled at Fortress and Enterprise. Elite Threat Detection (Kasm browser isolation + Tria.ge sandbox + retro-hunt + explainable verdicts + BYOTI) $5.50/seat — Fortress-tier-only by default; available on Enterprise via contractual override.

Commitment discounts: 8% / 15% / 20% on base tiers for 1-year / 3-year / 5-year commitments. 0% on standard add-ons (price stability is part of the value). 15% / 25% / 35% on Entra add-ons for the same commitment terms.

The PayI billing engine — per-seat and per-tenant invoicing, multi-currency, Xero/QBO sync, dunning, MSP and client portals — is included in the platform at no per-seat charge.

The maxed envelope: what $15.49–$21.50 gets you

There are two paths to a fully-loaded per-seat configuration.

**Fortress path: $15.49/seat M2M.** Fortress base ($9.99) bundles SentrE + RiskE + ResidU at the tier; add Elite Threat Detection ($5.50/seat) for the full security surface. This is the published path and requires no contractual override.

**Enterprise + override path: $21.50/seat M2M.** Enterprise base ($9.00) plus the four security add-ons individually (SentrE $3 + RiskE $2 + ResidU $2 + Elite Threat Detection $5.50 with contractual override). This path is custom-quoted as part of the Enterprise commercial conversation; the $21.50/seat figure is indicative.

The Entra add-ons fold into Enterprise at no marginal per-tenant charge. The entire VentrAID 4-tier suite — backup, intelligence, orchestration, advanced — is included in the Enterprise tier rather than billed separately. Fortress does not include the Entra suite by default; Entra protection is added per-tenant if needed.

In ZAR at a rate of approximately R16.38 to the USD as of 2026-05-08 (with the H1 2026 range running R15.73–R17.19), the Fortress path lands at approximately R254/seat and the Enterprise+override path at approximately R352/seat. *Currency conversion locks at invoice generation; live quotes will reflect the prevailing rate.*

What the Enterprise+override envelope delivers, capability-by-capability: M365 backup with 6-snapshots-per-day cadence, item-level restore, content-addressed storage with per-tenant encryption, 365-day retention bands, S3 Object Lock support, EvidenceVault eDiscovery; hash-chained audit ledger with verify-on-demand; the full email threat consensus engine + DMARC AI Copilot + click-time URL detonation + Sender Behavioural Profiler; Tria.ge attachment sandbox + Kasm browser isolation (Elite tier); VentrAID 4-tier Entra protection (all four tiers); SentrE, RiskE, ResidU; phishing simulation, vendor reputation, behaviour profiles; white-label MSP branding, MSP cockpit cross-tenant operations; PayI billing — per-seat, multi-currency, Xero/QBO sync; three portals — Admin, Partner, Tenant — with full impersonation flow.

Reconstructing the same surface area through point products in 2026 typically costs more, sometimes substantially more, when you include MSP billing as a separate line item. The exact delta depends on which products are chosen and what commitment terms are negotiated, but the maxed VF envelope is competitive against best-of-breed stack assembly for the same capability set across the operational profiles we have modelled.

Worked example: 7,500-seat book, 15 tenants, all on Pro-Heavy

Consider a representative SA MSP managing fifteen tenants of approximately 500 seats each — 7,500 seats in total — all comfortably above the 350-seat Pro-Heavy MCS floor. The MSP needs all five capabilities, with Pro-Heavy threat coverage on every tenant.

**Stack approach (illustrative, mid-range pricing):** M365 backup at ~R80/seat = 7,500 × R80 = R600,000. Email security at ~R75/seat = 7,500 × R75 = R562,500. DMARC at ~R55/domain × ~30 domains = R1,650. Entra protection at ~R150/tenant × 15 tenants = R2,250. MSP billing at ~R5,000/MSP + ~R150/tenant × 15 = R7,250. **Stack capabilities subtotal: R1,173,650.** Operational overhead — reconciliation, alert correlation, allow-list propagation — at ~6 hours/week/tenant × R550/hour × 4 weeks × 15 tenants (illustrative): R198,000. **Stack TCO: ~R1,371,650/month.**

**Consolidated platform (Pro-Heavy across all tenants, USD/ZAR ≈ R16.38):** Pro-Heavy across 15 tenants (7,500 seats) at $6.50 ≈ R106.47/seat = 7,500 × R106.47 = R798,525. MSP billing: included. Entra add-ons (purchased per-tenant where needed; not in this baseline): R0. **Platform capabilities subtotal: R798,525.** Operational overhead at ~1 hour/week/tenant × R550/hour × 4 weeks × 15 tenants (illustrative): R33,000. **Platform TCO: ~R831,525/month.**

The visible per-seat number suggests the platform is approximately 32% cheaper than the stack on capabilities alone. The TCO including operational overhead suggests the platform is approximately 39% cheaper. The bigger number is the more accurate one — it reflects the actual cost the MSP is bearing.

These figures are illustrative. Per-seat pricing varies. Operational overhead varies. Currency conversion varies. The point of the worked example is the structure of the comparison, not the specific numbers. An MSP doing this exercise on their own book should plug in their actual quotes, their actual analyst hours, and their actual tenant mix. The structure will produce an answer that is honest for their situation.

For tenants where capabilities-only pricing favours the stack (a small Backup-Pro-eligible tenant whose stack equivalent comes in below platform Pro-Heavy at the 350 MCS floor, for instance), the operational savings often close the gap and produce net savings overall. For tenants where capabilities-only pricing already favours the platform, the operational savings compound the win.

What we don't claim

We do not claim that the platform is always the cheapest option. There are MSPs whose operational profile, tenant mix, or commitment to specific point products makes the stack approach the better answer. The procurement exercise has to be done honestly to know which case applies.

We do not claim that consolidation eliminates all integration work. The platform integrates with PSA tools, accounting systems, SIEMs, and identity providers. Those integrations have to be configured and maintained. What consolidation eliminates is the inter-product integration work — the reconciliation between four security tools that all see the same tenant.

We do not claim that bigger is better in every dimension. Some best-of-breed point products are stronger in their specific category than the consolidated platform's equivalent capability. The platform's value proposition is breadth × integration × operational economy, not domain-specific dominance.

We do not claim that switching is always painless. A migration off a stack to a consolidated platform involves data migration, retraining, customer communication, and the operational disruption of any vendor change. The benefits are real, but they accrue over twelve to twenty-four months. An MSP unwilling or unable to absorb the migration cost should stay on the stack until renewal cycles align.

We do not claim that the worked example numbers are universally correct. They are honest illustrations of the structure. The MSP doing their own procurement should run their own numbers using their own currency assumptions, their own seat counts, their own MCS constraints, and their own analyst-hour observations.

Pricing notes and disclosures

- Pricing is in USD; ZAR conversion at the prevailing rate at the time of invoice generation. Examples in this article use USD/ZAR ≈ R16.38 as of 2026-05-08; live billing reflects the rate on the invoice date. - Per-tenant minimum committed seats (MCS) apply: Pro-Heavy 350, Fortress 350, Enterprise 1,500. Per-tenant invoicing rounds up to the MCS for tenants below the floor. - Enterprise pricing is custom-quoted; the $9.00/seat figure is an indicative starting price for tenants at or above 1,500 seats. - Elite Threat Detection ($5.50/seat) is Fortress-tier-only by default; availability on the Enterprise tier requires a contractual override negotiated as part of the Enterprise commercial conversation. - 15% VAT applies to SA invoices per current SARS rates; the previously planned phased increases to 15.5% (May 2025) and 16% (April 2026) were reversed in 2025, and the February 2026 Budget confirmed VAT remains at 15%.

Six months into the consolidated platform, the 1,200-seat MSP from the start of the article has materially fewer dashboards open across their analyst desks, a unified forensic surface, and a single renewal conversation per year. The TCO came out close to the model. The operational benefits arrived in the timeline projected.

The cases where consolidation is the wrong answer remain real. An MSP whose book consists of two enterprise tenants with mature SOC teams may legitimately prefer the stack. An MSP committed to a specific best-of-breed product they cannot replace may stay on the stack until that product retires or is acquired. The consolidation case is not universal.

The math is the answer. Run the numbers honestly, with the MCS floors and the FX rate written down. The structure of the comparison will tell you what to do.