The New Microsoft Cloud Agreement

In this article, we will provide a short brief on the changes to to the Microsoft Cloud Agreement (MCA) and what it means for all Cloud Solution Provider subscriptions and licenses paid in full.

What is the MCA?

MCA is the end customer agreement for CSP.  It details all applicable use rights and governs the end customer’s use of Microsoft cloud solutions.

How often does it change?

Agreement terms are published yearly.

Does Microsoft provide it directly to my end users or is it something I need to provide?

MCA is always provided by the CSP provider, not Microsoft.

What’s new?

Downgrade rights are now available for CSP customers permitting customers the right to install previous versions.  Similar to SPLA, the use rights that are in effect when the customer orders software will apply to the customer’s use of the version of the software that is current at that time.  All future versions, the use rights that were in effect when the products are first released apply.   In addition, customers can now transfer licenses that are fully paid (perpetual licenses) to an affiliate or third-party due to merger or a divestiture.

Any gotchas?

Microsoft has the right to verify compliance.  If unlicensed use is 5% or more, the customer must reimburse Microsoft for the cost of the audit and acquire the additional licenses owed for the bargain price of 125% more than the actual price.  Similar to SPLA, they can use independent auditors and contractors to determine compliance.

Does the MCA ever expire?

No.  The existing agreement remains in effect until the termination or renewal of the customer’s subscription.

My customer accepted the prior MCA terms.  Do I need to have them sign this new one?

If the customer is not creating new subscriptions, no.  The terms of the existing MCA continue to apply.

Are there templates I can use?

Yes. Go to the Microsoft partner center for details.

Does my customer need to sign off on this?

They have to agree to it but not sign it.  Similar to the End Customer Terms and Conditions in SPLA, you must make it available to your customers.   As part of CSP, I would make it part of your overall managed services agreement.

Where can I get a copy?

You can get a copy here

Thanks for reading,

CSP Man

 

 

 

 

 

 

 

How to License Azure in CSP

In this article, we will explain how Azure works in the CSP program.

Azure can be sold through various channels and programs.  If your company would like to purchase Azure, you can continue to purchase through a volume licensing agreement. If you’re a hosting provider and you would like to leverage Azure as your datacenter provider, you can also purchase it through volume licensing leveraging the Microsoft Hosting Exception found in the Online Services Terms (OST).  Last, if you are a solution provider, you can resell Azure to your end customers through the Cloud Solution Provider (CSP) program.   Let’s highlight how this would work operationally with links to the appropriate documents you should be aware of.

Azure in CSP Direct (Tier 1)

  • The end customer is the licensee.  They are the one to sign off on the Microsoft Cloud Agreement and follow the Online Services Terms.  They would also sign your own support agreement with the customer with SLA’s and other terms.
  • The CSP provider is the reseller.  As a CSP, you will sign the Cloud Reseller Agreement.  Your responsibility is to resell the licenses to your end customer, provide the support for the consumption, and provide proper billing services.
  • CSP is the reseller in this model, each end customer would be required to have their own Azure tenant.

Azure in CSP Indirect (Tier 2)

Same rules apply as above, however the Tier 2 provider would provide the platform and support for CSP.  The managed service provider (or reseller) would be responsible for the billing and overall management of the end customer.

Azure in SPLA

If a service provider would like to run a multi-tenant hosted solution to their end customers, they could leverage SPLA for all user based applications and Azure through the volume licensing Hosted Exception found in the Online Services Terms.

Thanks for reading,

CSP Man

Multi-Channel Partnerships…Good idea?

CSP by its nature is designed to provide different licensing and support options for the channel.  In this post, I want to highlight a couple of those options and how you can partner with other CSP providers to satisfy your end customer.

According to the Microsoft Cloud Solution Program Guide, the CSP direct partner must invoice the licenses directly to the end-user.  That’s fine in many instances, but what happens if you have customers globally, but only authorized in the USA?   In other words, if you are authorized in US, but have a customer in Australia, how can you resell CSP to that end user?   In walks our friend ‘Multi-Channel”.

Option 1: The end customer in Australia could set up shop in the US and use an US address to receive licenses leveraging your CSP USA authorization .  The problem with this (especially in Australia) is latency issues and billing.  The address on the invoice is where the datacenter location will be but the users will still be in Australia.

Option 2:   The CSP authorized reseller in the USA could partner with a CSP reseller in Australia to procure the licenses.  In this model, the USA CSP partner would provide all the support for their Australian customer, but another partner would provide the licenses.

I like option two the best.  Most MSP’s and other solution providers do not make money from the licensing, they make money from supporting the solution.   Leveraging another partner will take care of the customer and both parties will be happy.  What do you think?  Is Multi-Channel a good idea?

Thanks for reading,

CSP Man

 

 

Enterprise Mobility and Security (EMS)

With the big push to the cloud, the Enterprise Mobility and Security offering emphasizes Microsoft’s mobile first, cloud first strategy.  EMS focuses on three areas:

  • Hybrid and Cloud Identity – Enabled through Azure Active Directory Premium
  • Mobile Device Management -Microsoft Intune.
  • Data Protection and Security – Azure Information Protection/ MS Advance Threat Analytics.

In this article, we will review each of these offerings and how it can help your business.

Azure AD Premium

Is a single sign-on or connection that links a user to multiple applications and multiple cloud solutions including social media accounts and other SaaS applications.  Almost all organizations have different applications users access; personal and business from the same device.  Azure AD also includes a full suite of identity management capabilities including multi-factor authentication (identifies the user) , self-service password management (retrieve password) , self-service group management and security monitoring and alerting (identify threats).

Intune

One of the number one questions asked around the BYOD concept is “what happens if my employee leaves”  One of the features of Intune is Selective Wipe, which allows IT staff to wipe corporate data remotely from that device via self-service company portal or admin console, but not touch the individuals personal applications (Facebook as an example).

In addition to mobile device management, it also helps IT administrators with the ability to push company apps automatically and allow users to easily install corporate apps from the self-service company portal.

One other feature of Intune is email.  If a company wants to protect an attachment through Intune security, IT administrators can set protection parameters on that attachment that will prevent the user from copying and pasting into another application.  Let’s say you have a company spreadsheet with private financial information.  In order to prevent  the user of just copying that application into another spreadsheet or word docs, the IT admin can use Intune to prevent unauthorized distribution.

Azure Information Protection (Azure Rights Management)

Using the email example above, Azure Info Protection allows an IT admin to set permissions of who can receive not receive the email.  As an example, let’s say you send an email to a vendor with personal information, using Azure Info Protection, the sender can set a no-forward policy or even an email expiration in which the email will auto delete so no unauthorized users can access that email.

Microsoft Advance Threat Analytics 

MS Advance Threat Analytics is a preventative security measure to protect the user from unauthorized use of personal information.  A credit card is a good example.  Using behavioral analytics, Advance Threat Analytics (ATN) will notice unusual activity on a customer’s account.

How to buy

You can purchase the EMS offering through various channels and programs.  Similar to most program, buying EMS as a package is more cost competitive than buying as individual components.

Volume Licensing:  When customers who purchased Windows Server CAL, Microsoft System Center Configuration Manager, System Center Endpoint Protection and Microsoft Active Directory Rights Management Services CALs via the Microsoft Enterprise Volume Licensing agreements they will have the ability purchase the Enterprise Mobility + Security Add-on.  This is much cheaper than buying the full user license since you already made the investment in certain technologies.

CSP: When working with a CSP partner, you can either resell or consume EMS for your own internal use.  When using CSP, you either provide the support (as a CSP Direct/Tier 1 provider) or work with a distributor (CSP Indirect/Tier 2) to sell to your end customers as a managed service provider.  The cost varies depending on number of users and the support offering.

I hope this provides some insight into EMS.  More articles on this coming soon!

Thanks for reading,

CSP Man

 

 

 

 

 

Microsoft Teams

When Microsoft Teams were first announced in November 2016, the first thing that came to mind was here’s another application, another “tool” to make life easier;  why not just use Skype, SharePoint, and Yammer?   In a way, that’s true.  Why not use the tools already in place?  I think what Microsoft Teams accomplishes is what those other three applications does separately.  I like to think of Microsoft Teams as a real-time forum to chat, review content, and even participate in voice and video conferences with the integration of Skype.

For a full review and demo of the product check out the Office 365 blog   It will be interesting to see how this will play with Project Online and other management tools.

At this time, only business subscribers in plans such as “Business Essentials, Business Premium, and Enterprise E1, E3, and E5” have access to Microsoft Teams.  E4 subscribers who bought that plan before its retirement also will get access.

Thanks for reading,

CSP Man