Forrester Study Shows 123% ROI from Microsoft Azure AD 1

Forrester Study Shows 123% ROI from Microsoft Azure AD

Part of a successful business is being able to find and implement the options that will bring the best returns on investment (ROI), both in security and financial gains. One of the pertinent investments that businesses face today is in digital security, especially with the spreading out of employees working at home due to COVID-19. With these remote work conditions, identity access management is becoming increasingly important. Microsoft Azure Active Directory (AD) is one of the solutions to this changing dynamic. Does it pay off after companies make their investments in it? A new Forrestor study says yes, it does.

Forrester’s Assessment of Total Economic Impact

For this study, Forrester Consulting interviewed four longtime Azure AD customers in different industries. Then they combined the results to form a composite or average look at the economic impacts between these companies. They titled the study “The Total Economic Impact™ Of Securing Apps With Microsoft Azure Active Directory.” Assessing cost savings and business benefits over time, the report includes many calculations on ROI and improved productivity.

Return on Investment Timeline

Forrester Study Shows 123% ROI from Microsoft Azure AD 2
Graph from Forrester’s Total Economic Impact™ Of Securing Apps With Microsoft Azure Active Directory


In the study, Forrester found that the investment for Azure AD was paid back on average at six months after purchase. After this, the financial benefits it brought the companies continued to rise significantly. The average return on investment was 123% at three years in. These savings took a number of forms, including reduced costs and improved productivity.

Reduced Costs in Data Breaches

Graphic shows Forrester's estimate that companies can reduce likelihood of data breach by 45% with Azure AD.

Among the companies Forrester interviewed, an estimated $2.2 million was saved over three years, in typical costs that breaches would incur without the protection of Azure AD. These breaches are avoided through features that make it more difficult for cyber attackers to gain and take advantage of users’ credentials. Some of these measures include banning legacy authentication and requiring multi-factor authentication instead, disallowing common or easily guessed passwords, and using adaptive risk-based policies. And, similar to File Integrity Monitoring, Azure AD also provides the ability to detect behavioral anomalies as a way to locate attackers if they do manage to find a way in, with its User and Entities Behavioral Analytics (UEBA).

Increased Employee Productivity

Graph picture suggests increased productivity.


When employees have all their apps connected to the hub of Azure AD, they can sign onto all of them at once using single sign-on (SSO). This saves them from having to log into multiple applications where they’d ideally have different passwords for each. Many companies make use of dozens of applications, ranging from global SaaS platforms to on-premises apps and custom ones specific to a particular line of work. Regardless of the type of app, if it supports SAML 2.0 it can be consolidated into this single sign-on through Azure AD. Forrester estimated that this saves each employee ten minutes a week on average, which over months and years adds up to a lot of redirection toward better uses of employees’ time.

Gains in Company Efficiency

Similarly, Azure AD consolidates the infrastructure you use for identity and access management. Some enterprises manage different types of applications separately. They may use Software as a Service (SaaS) for cloud applications while maintaining on-premises solutions for their legacy applications. This makes management complicated because multiple licenses and servers are necessary, and administrators need to keep track of the ways the different systems work. When all of the apps—regardless of type—are managed from one place, management is streamlined. Because this combines the management of two or more previous systems, Forrester’s estimate is that companies reduce their efforts in identity and access management by 50%. Plus, hardware and licensing costs are pared down too.


Graphic shows Forrester's estimate that overall management effort for IAM teams is reduced by 50% with Azure AD.

Another of Azure AD’s features that improves efficiency is Self-Service Password Reset. Traditionally IT help desk workers would need to reset passwords when users got locked out of their accounts. With this feature, the request to the help desk is eliminated and those IT workers can spend their time on more productive tasks. Forrester’s interviewees reported huge inefficiencies because of these password resets, and it’s estimated that Azure AD can reduce help desk involvement in them by 75%.

Azure AD: A Wise Investment for Security and Productivity

Not only is Azure AD a worthwhile investment financially, it’s a great way to implement a Zero Trust security policy that will best protect your organization, whether it’s fully cloud-based or hybrid through the use of Azure AD Connect. In today’s environment, security must be included in corporate budgeting. And, perhaps more than ever before, it’s crucial to invest wisely in solutions that will justify their costs and bring the most rewards back to your business. It’s clear that Azure Active Directory is a strong choice that pays off financially, strengthens security, and increases productivity.

But which Microsoft plan do you want to choose to make the best use of Azure AD for your company? Here’s a guide on licensing types.

Also, check out Forrester’s TEI study and Wave assessment of Azure Sentinel.

Leave a Comment