What changed
FACT (per r/msp thread 1kmsk0k and r/sysadmin thread 1kpy2t3): Microsoft is ending the free M365 Business Premium nonprofit grant β which bundled Entra ID P1, Intune, and Defender β with the fallback being up to 300 free Business Basic licenses that lack Premium's device/identity/security controls.
Why now
HYPOTHESIS (inferred from leading indicator): the change bites at each nonprofit's next renewal, and MSP/sysadmin threads reporting the downgrade are rising now. Admins are actively asking 'how do I manage these PCs without Intune/Entra' today, so there is a live, deadline-driven scramble.
Converging signals
Two signals meet: a platform policy shift (grant removal) and a complaint stream (admins with no budgeted replacement for Intune/Defender/Entra). This is a complaint+platform convergence, NOT a public-money/forced-filer mandate β the founder's primary thesis does not apply here.
Customer pain
FACT (r/sysadmin quote): a 10-user/10-PC nonprofit currently Entra-joined and Intune-managed for free now faces losing those licenses with no cheap equivalent. Pain is real but the affected orgs are tiny and cash-poor.
Who pays
Small nonprofits losing the grant, and the MSPs/IT contractors serving them. The MSP is the more reachable, more willing-to-pay buyer (they bill for the remediation project); the nonprofit itself is budget-constrained and fragmented.
Solved today
Today MSPs hand-roll a migration: manual license audit, re-do device management under Basic (or buy a third-party MDM like NinjaOne/Mosyle/Scalefusion), and harden Basic-tier identity manually. Solo admins improvise from Reddit threads.
Why current solutions are bad
It's ad-hoc, repeated org-by-org, and there's no nonprofit-specific packaged playbook priced for a 10-seat charity. But 'bad' here is 'undifferentiated labor,' not 'no solution exists' β cheap commercial MDMs already fill the technical gap.
Proposed product
A productized offering, best sold to MSPs: (1) a license-optimization audit tool/script that reads the tenant and outputs the cheapest compliant seat mix; (2) a Business-Basic hardening checklist + hardening PowerShell/Graph scripts (conditional access substitutes, MFA, baseline policies achievable without P1/Intune); (3) a vetted low-cost MDM config recipe for the sub-Premium tier. Sell the playbook + scripts, not a from-scratch Intune replacement.
MVP version
A paid PDF/Notion playbook + a Graph-API audit script that enumerates current licenses/Intune-managed devices and produces a 'what you lose / cheapest compliant path' report. Buildable solo in 2-4 weeks.
30-day build
Interview 10-15 MSPs and nonprofit admins in the live Reddit threads; ship the audit script + hardening checklist; validate that MSPs will pay a per-tenant fee for the report.
60-day build
Package scripts into a repeatable remediation kit; add a curated 'cheap MDM under Basic' config guide; recruit 3-5 MSPs as paying design partners.
90-day revenue plan
Sell the kit as a per-tenant remediation ($99-$299) or an MSP license/subscription ($49-$99/mo for unlimited nonprofit tenants). Revenue depends on MSP adoption, not on thousands of direct nonprofit sales.
Distribution path
Direct engagement in r/msp, r/sysadmin, r/nonprofit, MSP Discords/Slacks, and TechSoup communities β meet admins at the exact thread where they're asking. No paid ads. Weakness: no existing MSP channel or list.
Pricing hypothesis
$99-$299 per-tenant remediation kit, or $49-$99/mo MSP subscription for unlimited nonprofit tenants. Consumer-nonprofit direct sales priced $49-$99 one-time but hard to reach at volume.
Technical difficulty
Low-to-moderate: Graph API scripting and PowerShell hardening are well-documented. Building an actual Intune substitute is high-difficulty β avoid it; recommend/configure an existing cheap MDM instead.
Legal / regulatory risk
Low. No licensure required. Modest risk in advising security configurations (liability if a hardening recipe leaves a gap) β mitigate with disclaimers.
Platform dependency
HIGH and real: the entire product sits on top of Microsoft's M365 licensing and Graph API. Microsoft could revise nonprofit terms again (that's literally what created this opening) or change the Graph surface, cutting demand or breaking scripts.
Founder fit
MODERATE-LOW. This is MSP/IT-services and MDM work, not the founder's proven government-portal/forced-filer edge. His systems-thinking and fast-prototyping help, but he has no MSP channel and this is a crowded IT-services space, not a compelled-filer market.
Breakout potential
Limited. The template could extend to other Microsoft/Google nonprofit-grant changes, but the buyer pool is small, budget-poor, and already served by MSPs and commercial MDM vendors.
Final recommendation
WEAK / REVISIT-LATER. Real, timely pain but poor founder-fit (no government-portal shape, no forced-filer deadline, no reachable-buyer channel) and easily copied by incumbent MSPs and MDM vendors. If pursued at all, do it as a lightweight paid audit-script + playbook sold to MSPs β cheap to test β NOT as a built MDM product. Do not prioritize over public-money/forced-filer opportunities.
Next action
Spend one week posting the audit script as a free tool in the live r/msp and r/sysadmin threads and directly ask 10 MSPs if they'd pay per-tenant for a packaged nonprofit remediation kit; proceed only if β₯3 say yes with a price.