Per-user licensing killing MSP margins? MSP guide

TL;DR

Per-user licensing killing MSP margins is not a theory problem. It shows up when an MSP sells a fixed-fee managed service, bundles security awareness training into the offer, and then pays the SAT vendor for every end user who gets added.

For SAT, the cleanest margin question is simple: does client growth increase your revenue faster than it increases your training bill? If not, you are carrying a seat tax.

What is per-user licensing in an MSP stack?

Per-user licensing means the vendor charges by the number of people covered. In security awareness training, that usually means the number of learners or employees enrolled in training and phishing simulations.

That is normal in the SAT market. KnowBe4's public pricing page says its SaaS subscription is a "monthly per seat price, billed annually," with listed monthly per-seat pricing by tier and employee count as of January 2025. usecure's pricing page also describes MSP pricing as "Per-User, Per-Month Pricing" with monthly usage billing. TitanHQ's SAT pricing guide says modern security awareness training vendors can range from $0.45 to $1.25 per user per month, while legacy vendors can range from $0.90 to $4.00 per employee per month.

Those models can be fair for direct buyers. A 100-person company buys 100 seats. A 200-person company buys 200 seats. The bill maps to headcount.

MSPs live in a different commercial reality.

An MSP often sells a packaged managed service: endpoint management, Microsoft 365 support, backup, email security, help desk, and now security awareness training. The client wants a predictable monthly number. The MSP wants margin that does not collapse when the client hires 12 people or forgets to tell anyone that 8 seasonal users left.

That is where the mismatch starts.

The MSP may sell predictability to the client while buying variability from the vendor. If the contract does not pass that variability through, the MSP owns it.

Why per-user licensing killing MSP margins matters now

Security awareness training is no longer a nice-to-have line item that MSPs can ignore. Frameworks, insurers, auditors, and clients increasingly expect some proof that staff are being trained.

NIST CSF 2.0 PR.AT defines awareness and training as personnel receiving cybersecurity awareness and training so they can perform cybersecurity-related tasks. CISA's small-business guidance says all staff should be formally trained on the organisation's commitment to security, including avoiding suspicious links and escalating suspicious activity. CISA also warns that phishing is a form of social engineering, and attackers use email or malicious websites to solicit personal information by posing as a trusted organisation.

Verizon's 2025 DBIR gives the commercial reason clients care. The report analyzed 22,052 security incidents and 12,195 confirmed breaches. It says human element involvement in breaches hovered around 60%, and its Social Engineering pattern included 4,009 incidents, with phishing and pretexting still the main techniques used to con employees.

That does not mean awareness training fixes every human risk problem. It does mean MSPs are being asked to provide training evidence more often, especially when clients are dealing with insurance questionnaires, board reporting, or framework mapping.

So the MSP faces two pressures at once:

• Clients want SAT included because it feels like part of a modern security stack.
• Per-seat SAT vendors charge in a way that can make every client hire a new cost event.

That is the margin trap.

The MSP margin problem is not per-user pricing. It is mixed pricing.

Per-user pricing can be a strong MSP model.

SuperOps argues that MSP per-user pricing is simple for clients to understand, reduces billing disputes, and helps the provider calculate cost around hard costs, labour, and margin. NinjaOne's managed services pricing guide says MSPs should understand COGS, MRR, all-in seat price, and gross margin, and that effective pricing comes down to knowing direct costs and charging enough to protect the margin the MSP needs.

That is all sensible when the MSP is selling per user and buying per user with the same rules.

The issue is mixed pricing: selling one way and buying another.

Commercial layer	What the client sees	What the MSP pays	Margin risk
Managed service sold per user	$150 per user/month	Tools also move per user	Manageable if every user is billed correctly
Managed service sold as fixed monthly package	$3,000/month	SAT charged per learner	Margin falls as client users grow unless contract true-ups catch it
SAT sold as explicit pass-through	SAT cost line varies	SAT charged per learner	Lower margin risk, but less bundled value
SAT bought flat-rate by MSP	Client package can stay simple	Vendor cost stays predictable	Easier to model, especially across many clients

Silent per-user cost inside a fixed-fee client package is how a useful training product becomes a seat tax.

How per-seat SAT pricing leaks profit

Let's make it concrete.

Say an MSP includes SAT inside a $3,000/month managed security package for a 25-user client. The SAT vendor charges $2.50 per user per month. The direct SAT cost starts at $62.50/month.

That sounds small. It is easy to ignore.

Now the client grows to 60 users. The SAT line becomes $150/month. Still not scary in isolation.

But MSP margin is not killed by one tool on one client. It is killed by small variable costs multiplying across 30, 50, or 100 clients, especially when those costs are buried inside packages that sales promised would be simple.

Here is the part most pricing spreadsheets miss:

Fleet size	Average users/client	Per-user SAT cost	Monthly SAT COGS	Annual SAT COGS
20 clients	35 users	$1.50	$1,050	$12,600
40 clients	50 users	$1.50	$3,000	$36,000
60 clients	75 users	$1.50	$6,750	$81,000
80 clients	100 users	$1.50	$12,000	$144,000

Those numbers are illustrative, not a market benchmark. The point is the shape of the cost curve.

When client user count grows, per-user SAT COGS grows automatically. If the MSP's client contracts update once a year, or only when someone notices, the vendor bill moves faster than revenue.

This is why the seat tax hurts MSPs more than direct buyers.

A direct buyer expects the bill to rise with employee count. An MSP often absorbs the increase first, argues about it later, and may never recover the leakage if the cost is too small to justify an awkward client conversation.

Why security awareness training is especially exposed to the seat tax

Some per-user tools are obvious pass-through costs. Microsoft 365 seats, endpoint licenses, and backup accounts are easier to explain because the client already expects those line items to track users or devices.

Security awareness training sits in a different spot.

It is often bundled as a value-add. It supports compliance evidence, cyber insurance readiness, QBR reporting, and security maturity. The MSP wants it to make the package stronger, not turn the invoice into another seat-count debate.

That creates 5 specific risks.

1. Client growth becomes a cost before it becomes revenue

NinjaOne's guide warns that pricing should be based on actual costs, not benchmarks. That matters because new client users can change tool COGS immediately.

If the SAT vendor syncs users from Microsoft 365, new staff may be counted fast. If the MSP contract only true-ups quarterly or annually, the MSP carries the delta.

2. Offboarding lag becomes margin leakage

SAT seats are easy to add and easy to forget. If disabled users, shared mailboxes, contractors, or seasonal staff remain enrolled, the MSP can keep paying for people who no longer need training.

That is not a vendor scandal. It is an operating-model problem. Any per-user tool needs tight lifecycle management.

3. Multi-client admin eats the margin twice

The bill is not the only cost. Someone still has to onboard users, chase completions, export reports, answer client questions, and prepare evidence for QBRs or audits.

CISA frames training as a formal staff requirement, not a one-off poster campaign. If an MSP proves completion across many tenants by hand, tool cost and labour cost hit the same margin line.

4. The cheapest per-user price can still be expensive operationally

A low per-seat price looks good in procurement. It can still be expensive if the platform forces the MSP to manage each client separately, rebuild campaigns, or pull reports by hand.

TitanHQ's pricing guide separates vendor types and price ranges, but price per user is only one input. The MSP still has to measure admin time, billing time, exceptions, and client reports.

5. Bigger clients do not always mean better SAT margin

In managed services, bigger clients can be attractive because revenue rises with account size. In per-seat SAT, bigger clients also create bigger invoices.

If SAT is bundled into a fixed package, a bigger client may lower the package margin unless pricing was designed around that user count.

What MSPs should calculate before bundling per-user SAT

Before an MSP adds SAT to a managed services bundle, the pricing model needs a margin check. Not a vibes check. A margin check.

Use this worksheet.

Question	Why it matters	What to write down
What is the vendor billing unit?	Learner, active user, employee, domain, tenant, or contract band can all behave differently.	Exact billing definition from the vendor agreement
How often does the vendor true up?	Monthly billing can move faster than annual client contracts.	Monthly, quarterly, annual, or manual
Is there a minimum license count?	Minimums can distort small-client profitability.	Minimum seats or minimum spend
What happens to inactive users?	Offboarding lag can become recurring waste.	Removal rules and billing cut-off
How much admin time per client?	Labour is COGS too.	Onboarding, reporting, campaign edits, support
Is reporting multi-tenant?	Single-client reporting does not scale cleanly for MSPs.	Fleet view, tenant reports, exports
Can the MSP white-label it?	White-label affects perceived value and client retention.	Portal, emails, reports, domains
Can client growth be passed through?	Contract language decides who owns the seat tax.	True-up clause, package tier, pass-through line

If the vendor bill rises when a client hires, your client agreement needs to say what happens next.

Step-by-step: how to protect MSP margin from per-user licensing

1. Separate client-facing price from vendor cost

Start with the MSP package you sell, not the vendor invoice you receive. What did the client buy: a fixed managed service, a per-user security package, or a training add-on?

Then map each vendor cost underneath it. If SAT is the only variable line inside a fixed package, it needs a rule.

2. Build a SAT COGS line into every package

NinjaOne defines COGS as direct costs tied to the service, including software licensing fees and labour. Treat SAT the same way.

For each client package, include SAT software cost, admin time, reporting time, billing time, and QBR or audit evidence work.

3. Set user bands, not unlimited promises, unless your vendor cost is flat

If you buy SAT per user, do not sell unlimited SAT casually. Use bands such as 1-25 users, 26-50 users, 51-100 users, and 101-250 users.

Bands keep the client experience simple and give your team a clean point to reprice.

4. Add true-up language before the first invoice

The hardest time to explain a true-up is after the client has already grown.

Add plain contract language: training coverage is based on active users, reviewed monthly or quarterly, with price adjustments when the client moves into the next band.

5. Audit inactive users monthly

Do not wait for the annual renewal to find stale learners across your client base.

Tie SAT user review to the same lifecycle rhythm you use for Microsoft 365, EDR, backup, and identity.

What good looks like for MSP SAT pricing

Good SAT pricing for MSPs has 4 traits.

First, the cost is predictable. The MSP knows what happens when a client grows from 25 users to 60 users. There is no surprise invoice and no awkward margin mystery.

Second, the operating model is multi-tenant. MSPs should not have to behave like 40 separate internal IT departments. Client management, reporting, and evidence exports need to work across the fleet.

Third, the client sees value without seeing vendor plumbing. White-label delivery matters because MSPs are selling a managed service, not acting as a reseller checkout page. That is why white-label SAT and multi-tenancy matter in the MSP buying conversation.

Fourth, the model supports compliance evidence. If a client asks for training completion proof for an auditor or insurer, the MSP should be able to produce it without a half-day report hunt. That is where automated reports become margin protection, not just a feature.

Per-user SAT versus flat-rate SAT for MSPs

Per-user SAT is not automatically bad. KnowBe4 has a large content library, public pricing by tier, and a mature market presence. usecure is openly MSP-focused, with per-user monthly usage billing and white-label positioning. TitanHQ publishes SAT cost ranges that help buyers benchmark the category.

The difference is not "good vendor" versus "bad vendor."

The difference is whether the pricing model fits the MSP's resale model.

Model	Strength	Weak spot	Best fit
Per-user SAT	Easy to map cost to headcount	Margin moves with every user count change	Direct buyers or MSPs with pass-through billing
Tiered per-user SAT	Lower unit cost at scale	Bands can still create renewal surprises	Larger clients with clear true-up rules
Per-user monthly usage billing	Flexible and easier to adjust	Still requires user hygiene and margin tracking	MSPs with monthly client true-ups
Flat-rate MSP SAT	Predictable vendor COGS	Requires fair-use clarity and fit for MSP use case	MSPs bundling SAT across many clients

Defendwise is built around the last model: flat-fee security awareness training for MSPs, with unlimited users, white-label delivery, multi-tenant management, and AI-native content. The point is not that every business on earth needs flat pricing. The point is that MSPs reselling SAT across many clients need a cost model that does not punish client growth.

Bain notes that AI is making traditional per-seat software pricing less relevant in some cases, while buyers still need flexibility and predictability. That is the MSP tension in one line.

If you sell predictable managed services, your SAT cost should not behave like a slot machine.

What to avoid when evaluating SAT pricing

Do not compare vendors by seat price alone

A $1.25 user price can be worse than a $2.00 user price if the cheaper platform creates more admin work.

Compare total cost to deliver, not just license cost.

Do not promise unlimited training on a per-user vendor contract

Unlimited is a strong client promise only when your cost basis supports it. If your vendor charges per learner, your client promise needs bands, pass-through pricing, or true-ups.

Do not ignore small clients

Small clients can be hard on SAT margin. Minimums, setup time, and reporting effort do not always shrink neatly with user count.

Do not bury SAT evidence work inside free admin

Auditors and insurers do not ask for "we trained them, trust us." They ask for proof. If your team prepares completion exports and client-ready reports, that labour belongs in the package economics.

Do not let procurement choose the billing model without service input

The cheapest vendor invoice is not always the most profitable MSP service. Service leads know where the time goes. Finance knows where the margin goes. Sales knows what clients will accept.

Framework mapping: why clients ask for training evidence

MSPs should avoid scare tactics here. The client need is straightforward.

Source	What it says	MSP implication
NIST CSF 2.0 PR.AT	Personnel receive cybersecurity awareness and training for cybersecurity-related tasks.	MSPs need a repeatable way to deliver and evidence training.
CISA small-business guidance	All staff should be formally trained on security expectations, suspicious links, and escalation.	Training needs to be operational, not a once-a-year PDF.
CISA phishing guidance	Phishing uses email or malicious sites to solicit information while posing as a trusted organisation.	Training topics need to cover real social engineering patterns.
Verizon 2025 DBIR	Human element involvement hovered around 60% of breaches; social engineering remains a major pattern.	Clients have a defensible reason to ask for awareness training and proof.

The MSP opportunity is real. But so is the delivery cost.

If the service is priced wrong, every compliance ask becomes another margin leak.

A better question than "what is the price per seat?"

The better question is:

What happens to my gross margin when every client adds 10 users?

That question cuts through vendor demos fast.

If the answer is "your bill goes up, your admin goes up, and your client revenue might go up later," you have a seat-tax problem.

If the answer is "your cost stays predictable, your management view stays multi-tenant, and reports are ready when clients ask," you have a service you can actually bundle.

Per-user licensing killing MSP margins is not about hating per-user pricing. It is about knowing when the meter belongs on the client invoice, and when it belongs nowhere near your COGS.

Soft CTA: stop making client growth a SAT cost event

If you want SAT inside your managed service package, model the margin before you pick the vendor. Defendwise gives MSPs flat-rate, white-label, multi-tenant security awareness training so growth across clients does not automatically become a bigger SAT bill.

Frequently asked questions

Why is per-user licensing killing MSP margins?

It hurts when the MSP sells a fixed-fee service but buys tools per employee. Every added user raises vendor COGS. If the client contract does not true up at the same pace, the MSP absorbs the cost.

Is per-user pricing always bad for MSPs?

No. It can be good for managed services because clients understand it. The risk appears when the MSP sells a fixed package but buys a vendor product per user underneath it.

Why is SAT vulnerable to the seat tax?

SAT is often bundled into broader security packages. If the vendor bills per learner and the MSP does not charge the client per learner, every new user becomes a cost before it becomes revenue.

What is a healthy way to sell per-user SAT?

Use clear bands, true-up rules, or a pass-through line item. For example, include training for 1-50 users, then adjust the client price when they cross the next band.

What should MSPs include in SAT COGS?

Include vendor license cost, onboarding time, lifecycle management, reporting, client questions, QBR prep, and audit evidence work. Seat price alone is not the full cost.

How does flat-rate SAT help MSPs?

Flat-rate SAT makes vendor cost predictable. That helps MSPs include training inside managed services without repricing every time a client hires.

Does Defendwise replace per-seat SAT pricing?

Defendwise is designed for MSPs that want flat-rate SAT instead of per-seat SAT. It is $399/month for unlimited users, with white-label and multi-tenant delivery.