Solutions Partner for Security

Appropriate roles: Microsoft AI Cloud Partner Program partner admin

To earn the designation Solutions Partner for Security, your partner capability score for security must meet the qualification requirements. The partner capability score derives from partner performance, skilling, and customer success, and results from data already recorded in Partner Center.

To attain a Solutions Partner for Security designation, you must earn a minimum of 70 points and must have one or more points for each of the four metrics:

• Performance - Net customer adds
• Skilling - Intermediate certifications
• Customer success - Usage growth
• Customer success - Deployments

Security partners can target providing services and solutions on Microsoft 365 workloads or on Azure services. So, valuation requirements focus on both Microsoft 365 usage and performance, and on Azure revenue.

Two attainment paths: Enterprise and small and medium business

Microsoft offers two distinct paths for achieving the Solutions Partner for Security designation: the Enterprise path and the Small and Medium Business (SMB) path, each with its own set of criteria. This dual-path approach lets partners select the path that aligns with their customer focus, whether it be SMB or Enterprise customers.

Microsoft evaluates partners on both paths and selects the highest score from either path. Microsoft selects the highest score at the solution area level, rather than at the individual metric level, to determine qualification. This process helps to ensure that partners can use the path that best suits their business strategy.

Partner capability score for Security

The partner capability score for security has four metrics in three categories:

• Performance category
  • Net customer adds metric
• Skilling category
  • Intermediate certifications metric
• Customer success category
  • Deployments metric
  • Usage growth metric

Read the following sections to understand the detailed requirements for each of these metrics. Calculations for Azure and Microsoft 365 are completed individually and then totaled together for the final four metric scores. One eligible customer can contribute points to both Azure and Microsoft 365 calculations.

Performance category

The performance category measures your organization's ability to increase the customer base who uses Microsoft Security products and services. This category is made up of Net customer adds as the primary metric for Microsoft 365 and Azure Security workloads.

Net customer adds

Net customer adds is defined as the number of eligible customers added to your customer base during the trailing 12-month period.

Calculation

Enterprise track: Each net new customer contributes to two points for up to a maximum of 20 points, obtained from ten (10) customers.

SMB Track: Each net new customer contributes to four points for up to a maximum of 20 points, obtained from five (5) customers.

Net customer adds = (Total qualifying customers with qualifying ACR in current trailing 12 months (TTM)) - (Total qualifying customers with qualifying ACR in previous TTM)

Eligible customers

Enterprise

Azure: This value is the number of unique customer tenants contributing at least $600 ACR (Azure Consumed Revenue) in the last TTM from eligible Azure services associated with eligible Offers for specific Partner association types.

Microsoft 365: This value is number of unique customer Tenants having at least one workload with paid licenses greater than 300 from eligible Microsoft 365 workloads for specific Partner association types.

SMB

Azure: This value is the number of unique customer tenants contributing at least $600 ACR (Azure Consumed Revenue) in the last TTM from eligible Azure services associated with eligible Offers for specific Partner association types.

Microsoft 365: This value is number of unique customer Tenants having at least one workload with paid licenses between 5-300 paid licenses in a given month from eligible Microsoft 365 workloads for specific Partner association types.

Eligible Azure services

• Advanced Data Security

• Advanced Threat Protection

• Application Gateway

• Microsoft Entra ID B2C*

• Microsoft Entra Domain Services

• Microsoft Entra ID for External Identities

• Azure Bastion

• Azure DDOS Protection

• Azure Defender

• Azure Firewall

• Azure Firewall Manager

• Azure Front Door Service

• Azure IoT Security

• Key Vault

• Network Watcher

• Security Center

• Microsoft Sentinel

  * Effective May 1, 2025, Azure AD B2C will no longer be available to purchase for new customers. To learn more, please see Is Azure AD B2C still available to purchase? in our FAQ.

Eligible Azure offers

All offers except "Support," "Internal," "Benefit Program," and "Trial" are applicable.

Eligible Microsoft 365 workloads

Microsoft Entra ID P1, Microsoft Defender for Office 365, Microsoft Defender for Endpoints, Microsoft Defender for Identity, Microsoft Purview Information Protection, and Intune.

Thresholds for earning maximum points

Net customer adds from both Azure security and Microsoft 365 are counted and given points. A total of 10 customer additions from Azure security services and Microsoft 365, fulfilling the previous criteria, are required to earn the maximum 20 points for this metric. You can achieve points from either Azure or Microsoft 365 or both.

Eligible association types

The association types that earn you points in this metric are:

Azure : Partner Admin Link (PAL), CSP Tier1, CSP Tier2

Microsoft 365: Claiming Partner of Record (CPOR), CSP Tier1, CSP Tier2

Return to top

Skilling category

The skilling category measures the capability and skills acquired by a partner through the number of certified individuals in their organization.

For Security, there's one metric in the Skilling category:

• Intermediate certifications

Intermediate certifications metric

Enterprise track

STEP 1 (Required)

At least 2 people must complete the Azure Security Engineer Associate (required) certification.

Competing this step does not earn points, but it is mandatory before points are awarded for step 3.

STEP 2 (Required)

At least 2 people must complete the Microsoft Security Operations Analyst certification.

Completing this step does not earn points, but it is mandatory before points are awarded for step 3.

STEP 3

Certified individuals (same as step 1 or step 2) must complete at least one of the following certifications:

• Microsoft Cybersecurity Architect expert
• Microsoft Identity and Access Administrator
• Microsoft Information Protection Administrator

Each certified individual adds 6.67 points in Step 3.

Important Considerations

Step 1 and step 2 are mandatory. You must complete step 1 and step 2 before earning any points in step 3.

Individuals can be counted across steps. A person can count toward multiple steps, but only once per step.

Enterprise examples

Enterprise example 1

1. 2 people complete the Azure Security Engineer Associate certification, but you will not earn any points.

2. 2 people complete Microsoft Security Operations Analyst certification, but you will not earn any points.

3. 3 people complete Step 2, earning 20 points.

Total points = 20.

Enterprise example 2

1. Two people complete the Azure Security Engineer Associate certification, but you will not earn any points.

2. Two people (same) complete Microsoft Security Operations Analyst certification, but you will not earn any points.

3. Two people (same) complete Step 3, earning 13.3 points.

Total points = 13.3.

Enterprise example 3

1. Two people complete the Azure Security Engineer Associate certification, but you won't earn any points.

2. No individual complete Microsoft Security Operations Analyst certification.

3. Two people complete Step 3.

Total points = 0 (Step 2 isn't complete)

Enterprise example 4

1. One person completes the Azure Security Engineer Associate certification.

2. Two people complete Microsoft Security Operations Analyst certification, but you won't earn any points.

3. Two people complete Step 3.

Total points = 0 (Step 1 isn't complete)

SMB Track

Step 1 (Required)

At least one person must complete the Azure Security Engineer Associate certification.

Completing this step earns four points (even if more than one person completes it).

Step 2 (Required)

At least one person must complete the Microsoft Security Operations Analyst certification.

Completing this step earns four points (even if more than one person completes it).

Step 3

Certified individuals (the same or different people as in Step 1 or Step 2) must complete atleast one of the following certifications:

• Microsoft Cybersecurity Architect Expert
• Microsoft Identity and Access Administrator
• Microsoft Information Protection Administrator

Each certified individual adds eight points in Step 3.

Important Considerations

Step 1 and step 2 are mandatory. You must complete step 1 and step 2 before earning any points in step 3.

Cap on points for step 1: No matter how many people complete step 1, you earn a maximum of four points.

Cap on points for step 2: No matter how many people complete step 2, you earn a maximum of four points.

Individuals can be counted across steps: A person can count toward multiple steps, but only once per step.

SMB Examples

SMB example 1

1. Two people complete the Azure Security Engineer Associate certification, but you earn four points due to the cap.

2. Two people complete Microsoft Security Operations Analyst certification, but you earn four points due to the cap.

3. Three people complete step 2, earning 24 points.

Total points = 32.

SMB example 2

1. Two people complete the Azure Security Engineer Associate certification, but you earn four points due to the cap.

2. Two people (same) complete Microsoft Security Operations Analyst certification, but you earn four points due to the cap.

3. Two people (same) complete step 3, earning eight points.

Total points = 24.

SMB example 3

1. Two people complete the Azure Security Engineer Associate certification, but you earn four points due to the cap.

2. No individual complete Microsoft Security Operations Analyst certification.

3. Two people complete step 3.

Total points = 4 (only from step 1, no points from step 3 as step 2 isn't complete).

SMB example 4

1. No individual completes the Azure Security Engineer Associate certification.

2. No individual complete Microsoft Security Operations Analyst certification.

3. Two people complete step 3.

Total points = 0 (step 1 or step 2 isn't complete).

Return to top

Customer Success category

The customer success category measures your ability to enable growth in the use of Microsoft products or in the expansion of Microsoft's services and workloads utilized by the customers.

There are two metrics in the customer success category:

• Deployments
• Usage growth

Deployments

For this metric, your organization earns points based on growth in the number of customer deployments as specified by the following qualifying criteria and definitions.

Both Enterprise and SMB tracks calculation

Each net new customer contributes 3.3 points for up to a maximum of 20 points, obtained from six deployments.

Net new deployments = (Eligible deployments last month) - (Eligible deployments same month last year)

Eligible deployments

Enterprise

Azure: The number of unique customer tenants contributing a total Azure Consumed Revenue (ACR) greater than $12,000 in the past 12 months from eligible Azure services associated with eligible Offers for specific partner association types.

Microsoft 365: The number of unique eligible customer tenants having atleast 15% of these paid licenses should be active from eligible Microsoft 365 workloads for specific partner association types.

Each customer tenant having at least one workload with paid licenses greater than 300 is counted to be an eligible Tenant for Enterprise track.

SMB

Azure: The number of unique customer Tenants contributing a total ACR (Azure Consumed Revenue) between $750 and $12,000 in trailing 12 months from eligible Azure services associated with eligible Offers for specific Partner association types.

Microsoft 365: The number of unique Eligible Customer Tenants having atleast 15% of these paid licenses should be active from eligible Microsoft 365 workloads for specific Partner association types.

Each customer tenant having atleast 1 workload with paid licenses between 5 to 300 is counted to be an eligible Tenant for SMB track.

Eligible Azure services

Advanced Data Security, Advanced Threat Protection, Application Gateway, Microsoft Entra ID B2C, Microsoft Entra Domain Services, Microsoft Entra ID for External Identities, Azure Bastion, Azure DDOS Protection, Azure Defender, Azure Firewall, Azure Firewall Manager, Azure Front Door Service, Azure IoT Security, Key Vault, Network Watcher, Security Center, and Microsoft Sentinel.

Eligible Azure offers

All offers except "Support," "Internal," "Benefit Program," and "Trial" are applicable.

Eligible Microsoft 365 workloads

Microsoft Entra ID P1, Microsoft Defender for Office 365, Microsoft Defender for Endpoints, Microsoft Defender for Identity, information protection, and Intune.

Eligible association types

The association types that earn you points in this metric are:

Azure : Partner Admin Link (PAL), CSP Tier1, CSP Tier2

Microsoft 365: Claiming Partner of Record (CPOR), CSP Tier1, CSP Tier2

Thresholds for earning maximum points

Net new deployments from both Azure security and Microsoft 365 are counted and given points. A total of six new deployments from Azure security services and Microsoft 365, that fulfill the previous criteria, are required to earn the maximum of 20 points for this metric. You can achieve points from either Azure or Microsoft 365 or both.

Return to top

Usage growth

For this metric, your organization earns points based on growth in the usage of security workloads across your associated customer deployments, as specified by the following qualifying criteria and definitions.

Calculation

Azure:

• Enterprise track: Every Security Azure consumed revenue (ACR) growth of USD 1,250 gets you one point (maximum of 20 points).

• SMB track: Every Security Azure consumed revenue (ACR) growth of USD 750 gets you one point (maximum of 20 points).

Security ACR growth = Eligible Security ACR last month - Eligible Security ACR same month last year.

Microsoft 365:

• Enterprise track: Every Microsoft 365 protected users growth of 125 gets you one point (maximum of 20 points).

• SMB Track: Every Microsoft 365 protected users growth of 50 gets you one point (maximum of 20 points).

Microsoft 365 Protected users growth = Eligible Microsoft 365 protected users last month - Eligible Microsoft 365 protected users same month last year

Security ACR

The Azure Consumed Revenue (ACR) total over the trailing 12 months from eligible customer tenants from eligible Azure services associated with eligible Offers for specific Partner association types.

Enterprise: Each customer tenant having ACR greater than $12,000 in the trailing 12 months is counted as an eligible customer tenant.

SMB: Each customer tenant having ACR more than zero and less than or equal to $12,000 in the trailing 12 months as an Eligible customer Tenant.

The ACR total over trailing 12 months from Eligible Customer Tenants across entire customer base from eligible Azure services associated with eligible Offers for specific Partner association types.

Microsoft 365 protected users

The number of active paid licenses across all eligible customer tenants from eligible Microsoft 365 workloads for specific partner association types.

Enterprise: Each customer tenant having atleast 1 workload with paid licenses greater than 300 is counted to be an eligible Tenant for Enterprise track.

SMB: Each customer tenant having atleast 1 workload with paid licenses between 5 to 300 is counted to be an eligible Tenant for SMB track.

Eligible Azure services

• Advanced Data Security
• Advanced Threat Protection
• Application Gateway
• Azure Active Directory B2C
• Microsoft Entra Domain Services
• Microsoft Entra ID for External Identities
• Azure Bastion
• Azure DDOS Protection
• Azure Defender
• Azure Firewall
• Azure Firewall Manager
• Azure Front Door Service
• Azure IoT Security
• Key Vault
• Network Watcher
• Security Center
• Microsoft Sentinel

Eligible Azure offers

All offers except "Support," "Internal," "Benefit Program," and "Trial" are applicable.

Eligible Microsoft 365 workloads

Microsoft Entra ID P1, Microsoft Defender for Office 365, Microsoft Defender for Endpoints, Microsoft Defender for Identity, information protection, and Intune.

Eligible association types

The association types that earn you points in this metric are:

Azure : Partner Admin Link (PAL), CSP Tier1, CSP Tier2

Microsoft 365: Claiming Partner of Record (CPOR), CSP Tier1, CSP Tier2

Thresholds for earning maximum points

Usage growth from both Azure security and Microsoft 365 are counted and given points. You can achieve points from either Azure or Microsoft 365 or both, up to a maximum of 20 points.

Data freshness

Performance and Customer Success subcategories typically refresh by the 20th of every month. But there can be other minor data refreshes throughout the month. Skilling subcategories typically refresh within 10 days after certification completes.

Return to top

Related content

• Link a PartnerID for PAL
• Link a PartnerID for CPOR
• Learn how to improve your score