A Partner’s Guide to Claiming Microsoft Security Incentives: From Eligibility to Payout

Microsoft is co-investing with partners like you to secure customers and accelerate the adoption of advanced security solutions. The Microsoft Commerce Incentives (MCI) program is the central platform designed to reward your efforts across the entire customer lifecycle, from initial pre-sales consultations to driving long-term usage.

These security incentives are more than just a bonus; they represent a significant opportunity to grow your practice. By participating, you can offset the costs of delivering high-value pre-sales workshops, earn substantial rewards for complex projects like migrating a customer to Microsoft Sentinel, and create a recurring revenue stream by driving active customer usage of key security workloads.

This article provides a clear, actionable guide to navigating the MCI claiming process for the Security Solution Area, ensuring you can successfully secure your rewards and maximize your earning potential.

Table of Contents

1. Before You Claim: Foundational Eligibility Requirements

2. Types of Security Incentives You Can Claim

3. The Core Claiming Process: A 5-Stage Journey

4. Proof of Execution (POE): The Key to Getting Paid

5. Critical Rules and Guardrails to Avoid Claim Rejection

Key Takeaways

• Eligibility is First: Ensure you have the required Security Partner Designation and are enrolled in MCI before starting.

• Follow the 5 Stages: The claim-consent-execute-validate-pay process has strict timelines you must follow.

• Master the POE: Embrace the simplified survey-based POE, but be ready to provide detailed documentation for specialized incentives like Sentinel migrations.

• Know the Rules: Adhere strictly to the policies on subcontracting, geographic claiming, and claim limits to avoid rejection.
  

Eligibility Requirements

Successful claiming begins long before you deliver a workshop. Before you start, ensure your organization meets these foundational requirements to avoid issues down the line.

• Enrollment is Mandatory: You must be enrolled in Microsoft Commerce Incentives (MCI) through Partner Center. This is the single destination for managing your incentive opportunities.

• The Right Credentials: For most security incentives, holding an active Microsoft Security Partner Designation is a non-negotiable prerequisite. Certain engagements may also require specific specializations, so always check the engagement details.

• Agree to the Terms: Your organization must have an active Microsoft AI Cloud Partner Program Agreement, as its terms and policies govern all incentive programs.
  

FY26 Security Incentives

Microsoft’s Commerce Incentives (MCI) program continues to reward partners who help customers adopt and expand Microsoft’s security solutions. For FY26, the Security Incentives are grouped into four main categories:

Immersion Briefings (1-to-Many)

• Format: 90-minute sessions for multiple customers.

• Focus Areas: Threat Protection or Data Security.

• Audience: Minimum of 5 unique customers (up to 25).

  

• Payouts:

  • Market A: $2,000

  • Market B: $1,500

  • Market C: $1,500

• Limit: Maximum of 3 per partner per year.
  

Envisioning Workshops (1-to-1, deep dive)

Hands-on 3-day workshops delivered in a customer’s production environment to uncover risks and demonstrate value.

Types of Workshops

• Threat Protection Envisioning (Defender XDR, Sentinel, Entra)

• Modern SecOps Envisioning (Sentinel + Defender XDR + Entra)

• Data Security Envisioning (Purview, Insider Risk, Compliance)

• Cloud Security Envisioning (new in FY26) – Defender for Cloud, Servers, Databases, Containers, AI Services

• Payouts:

  • Market A: $8,000

  • Market B: $6,500

  • Market C: $5,500
    

Deployment & Migration Incentives

CSP Deployment Accelerator (Mini Suites)

• Payouts vary by size:

  • Small: $1,750 (Market A) / $1,500 (B) / $1,250 (C)

  • Medium: $3,000 / $2,750 / $2,500

  • Large: $6,500 / $6,000 / $5,500

  • XL: $10,000 / $8,000 / $7,000

Microsoft Sentinel Migrate & Modernize

• Medium: $35,000 (Market A) / $28,000 (B) / $21,000 (C)

• Large: $50,000 (Market A) / $40,000 (B) / $30,000 (C)
  

Security Usage Incentive (High-Water-Mark Model)

• How it works: Partners are rewarded when customers increase active usage of eligible security workloads above their previous High-Water-Mark (HWM).

• Workloads Covered: Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, Entra ID P2, Purview (MIP & Insider Risk), Intune, Defender for Identity.

  

• Eligibility: Minimum of 300 active users per workload/tenant before earnings are paid.

• Calculation: Payout is based on growth in Monthly Active Users (MAU) or Monthly Protected Users (MPU), capped at the number of paid licenses (PAU).
  

Key Points for Partners

• Proof of Execution (POE): Most security engagements now only require a customer survey, a partner survey, and an invoice. Sentinel Migrate & Modernize still needs a full POE.

• Eligibility: Must be enrolled in the Microsoft AI Cloud Partner Program; some activities require the Security Solutions Partner designation.

• Geo Rules: Partner and customer must be in the same Microsoft market (A, B, or C).

• No Subcontracting: Partners must deliver engagements directly.

• Limits: Certain engagements have caps (e.g., one active claim per customer tenant at a time).
  

MCI Claims Process: Security Incentives

For most activity-based security engagements, the claiming process follows a consistent five-stage journey within the MCI portal. Adhering to the timelines is crucial for a successful payout.

Stage 1: Claim Customer

You initiate a claim for an eligible customer in Partner Center. This starts the clock for the next step.

Stage 2: Obtain Customer Consent (Maximum 30 days from claim)

The customer must approve the engagement via an automated email from Microsoft. This consent is critical. Without it, the claim automatically expires.

• Special Note for Immersion Briefings: For Security Immersion Briefings, partners are uniquely authorized to complete the consent process themselves.
  

Stage 3: Execute the Work & Submit POE (Maximum 90 days from consent)

Deliver the engagement according to Microsoft's requirements and gather your Proof of Execution (POE) documentation.

Stage 4: POE Validation (Maximum 30 days from submission)

Microsoft reviews your submitted POE. You may be asked for additional information if anything is unclear.

Stage 5: Payment (Maximum 45 days from approval month-end)

Once your POE is approved, the payment is processed and issued.

Proof of Execution (POE): The Key to Getting Paid

No incentive is paid without valid Proof of Execution. For FY26, Microsoft has significantly simplified POE requirements for many security engagements, moving to a survey-based model.

For most pre-sales security engagements, the POE now consists of just three components:

1. Customer Survey: Sent by you, but completed by the customer.

2. Partner Survey: Completed by you, attesting that the work was delivered as required.

3. Invoice: Your invoice to Microsoft for the completed activity.

Important Exception: Some high-value engagements, like the Microsoft Sentinel Migrate and Modernize incentive, still require a more detailed POE document to be uploaded in addition to the surveys. Always double-check the POE requirements for the specific engagement you are claiming.

Critical Rules and Guardrails to Avoid Claim Rejection

To ensure your claims are approved without delay, be aware of these key program policies:

Rule #1: No Subcontracting

All engagement activities must be performed directly by your organization—the same one submitting the claim. Subcontracting is not permitted.

Rule #2: Geographic Claiming Policy

You can only claim incentives for customers whose headquarters are in the same Market Rate area (A, B, or C) as your partner location. For example, a partner in a Market A country cannot claim an engagement for a customer headquartered in a Market B country.

Rule #3: Claim Limits

Many engagements have limits. For instance, workshops are often limited to one approved claim per customer tenant, and immersion briefings are capped at three executions per partner per year.

Frequently Asked Questions

1. What are the exact eligibility criteria for FY26 Security Incentives?

Partners want a clear breakdown of what's required before investing time and resources. Eligibility typically includes:

• Enrollment in Microsoft Commerce Incentives (MCI) via Partner Center.

• Active Microsoft Security Solutions Partner designation; some opportunities may require additional specializations.

• A valid Microsoft AI Cloud Partner Program Agreement that governs all incentive terms.
  

2. How do I manage user access, roles, and enrollment issues in Partner Center for incentives?

Partners often face confusion over admin roles and enrollment permissions. Key points:

• Only users with the Incentives Admin or Incentives User role can view or manage incentives in Partner Center. Being a global Account Admin isn’t enough.

• If enrollments or incentives don’t appear in your dashboard, verify that your user role is correctly assigned to the relevant Partner IDs and payee profiles.
  

3. Where do I go to see which engagements I’m eligible for, and how do I understand eligibility on a per-location basis?

Partners want to easily check eligibility across multiple regions or locations:

• Go to Partner Center → Incentives → Engagements Overview to view all available Security engagements, eligibility status per location, and associated payouts.

• Green check marks indicate eligible locations; clicking on them reveals which locations qualify and any missing criteria.
  

4. How does the claiming process work for Security Incentives, and what are the key POE (Proof of Execution) requirements?

Partners often need clarity on timelines and documentation:

• The claim process spans five stages: Claim → Customer Consent (within 30 days) → Execute & Submit POE (within 90 days) → POE Validation (up to 30 days) → Payment (within 45 days post-approval month-end).

• For most activities (e.g., workshops or immersion briefings): a customer survey, a partner survey, and an invoice are sufficient as POE.

• For complex engagements like Sentinel Migrate & Modernize, a more detailed POE document is required in addition to the surveys.
  

5. How do Security Usage Incentives (High-Water-Mark Model) work—what counts, and how do payments get calculated?

Partners want to know how ongoing adoption efforts translate into payouts:

• This incentive rewards growth in Monthly Active Users (MAU) or Monthly Protected Users (MPU) for workloads like Defender for Endpoint, Entra ID P2, Purview, Intune, etc.

• There must be at least 300 active users per workload/tenant for earning eligibility.

• Payouts are calculated based on uptake above the previous High-Water-Mark (HWM), capped by the number of paid licenses (PAU).