CompanyGraph
Microsoft Corp.
MSFT · United States
Locks enterprises into Microsoft's cloud by making their decades-old permission systems the key to everything.
Most large enterprises have spent decades accumulating thousands of user accounts, access rules, and group policies inside Active Directory, Microsoft's directory system that controls who can open which files, run which applications, and connect to which servers. When one of those enterprises moves workloads to Azure, Microsoft's cloud, it does not replace Active Directory — it extends it, using a tool called Azure AD Connect that links the on-premises directory to the cloud so that every permission the company already has set up continues to work. Each workload migrated to Azure deepens that link rather than resolving it, so the cost of switching to a cheaper cloud competitor is not a price calculation but a months-long project to rebuild every permission, service account, and group policy from scratch in an entirely different system. The same Windows kernel code that makes this seamless federation possible also runs across both on-premises servers and Azure's own data centers, which means a serious kernel vulnerability would force Microsoft to push emergency patches through customer-managed hardware and its own infrastructure simultaneously — exactly the shared surface that enterprises are trusting when they hand Microsoft control of their identity plane.
How does this company make money?
Office 365 charges a fixed fee per user each month. Azure bills customers based on how many computing hours they use and how much data they move. Hardware makers pay Microsoft a Windows licence fee for every device they ship with Windows installed. Xbox takes a share of revenue each time a third-party game is sold on the platform. LinkedIn charges individual users monthly fees for premium access to its professional network.
What makes this company hard to replace?
Replacing Active Directory domain controllers inside an enterprise network takes a migration project measured in months, during which every permission and service account has to be rebuilt in the new system. Office file formats and SharePoint workflows are embedded so deeply in how organizations work day-to-day that switching creates document compatibility problems across years of stored files. Xbox Live gamertags and achievement records belong to the Microsoft ecosystem and cannot be transferred, so gaming customers would lose their entire digital history if they left.
What limits this company?
Every company's Active Directory has grown differently over the years, with its own custom service accounts, group policies, and trust relationships. Connecting a company's directory to Azure has to be done individually, by hand, for each customer — there is no template that works across all of them. That per-customer work is the ceiling on how fast Microsoft can bring new enterprises onto Azure, no matter how much server capacity it has available.
What does this company depend on?
Azure's data centers run on Intel x86 and AMD server processors. Everything else in the stack depends on the Windows kernel codebase. GitHub's Git version control system, acquired in 2018, underpins software development tooling. LinkedIn's professional network provides sales intelligence for reaching enterprise buyers. Office file format specifications, kept backward-compatible across decades, hold document workflows together across the entire customer base.
Who depends on this company?
Fortune 500 companies using Exchange Online would lose their email immediately if the service failed. Gaming studios publishing on Xbox Live would lose multiplayer infrastructure and their ability to sell games digitally. Federal government agencies using Azure Government cloud in isolated regions would lose access to the hosting that keeps classified workloads running. Organizations that rely on SharePoint for document collaboration and internal websites would go dark.
How does this company scale?
Azure infrastructure software and Windows licences can be copied onto new hardware around the world at very low extra cost, so the cloud itself grows cheaply. The part that does not get cheaper is the enterprise migration work — connecting each company's unique Active Directory to Azure requires specialized consulting and integration that cannot be automated, because every organization's setup is different.
What external forces can significantly affect this company?
European Union GDPR rules on where data must be stored force Microsoft to build Azure data centers in specific countries rather than choosing the most efficient locations. Chinese government restrictions block Azure and Office 365 inside China, requiring a separate version of the infrastructure operated by a local partner. U.S. federal FedRAMP security certification cycles control which government agencies are allowed to adopt Microsoft's cloud services and on what timeline.
Where is this company structurally vulnerable?
If a serious security flaw in the Windows kernel were discovered and made public before Microsoft had a fix ready, it would hit the same codebase in two places at once — inside every enterprise's own Active Directory servers and inside Azure's infrastructure. Microsoft would have to race to push emergency fixes onto both customer-managed hardware and its own data centers simultaneously. That kind of event would shake the trust that convinces companies to link their entire permission system into Azure in the first place.