Event banner
Event details
I want to know the answers to the following
1. Microsoft unlocks certain tenant features when you have a single licence which includes said feature - However warn you that all users who make use of this feature must be licenced
This is hard to keep track of for every individual feature because nothing is labelled, and you have no idea of knowing what feature pertains to what licence unless you are full-time Microsoft Licencing Expert - What is Microsofts official point of view on this? - Will a Audit smack us hard if we make mistakes on this specific point or is it okay to 'abuse' however discouraged
Alan_Meeus
Microsoft
MicrosoftWithin the Microsoft 365 admin center you can assign licenses to users or groups of users. That is also how you can un-assign licenses when a user changes position or leaves the company or organization that owns the license. Deleting a user would also free the license. The Microsoft 365 admin center is a good way to track licenses. I don’t know of a feature being licensed separate from the product or service. Does any feature come to mind that made you ask the question about licensing features?
- I'm specifically talking about features which are enabled once a licence is given Let me give an example: Azure AD Password Writeback is a feature currently ONLY available with Azure AD P1, you may have a tenant with 50 Business Premium licenced users and 50 Business Basic users - However those 50 Business Basic users are not licenced to be able to reset their passwords in the cloud and have it written back to on-premise - However once you enable the feature it's enabled for the ENTIRE tenant, hence you cannot control said feature I'm specifically asking what is your stance on this. As a Microsoft Partner (CSP and SPLA members) what is your stance on this?, are we mandated by licencing to limit such use, or is it okay, just discouraged based on other factors than legality?
Mark_BrattonThere is some guidance available on this topic at https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance.Hey Mark
For the purposes of this article, a tenant-level service is an online service that—when purchased for any user in the tenant (standalone or as part of Office 365 or Microsoft 365 plans)—is activated in part or in full for all users in the tenant. Although some unlicensed users may technically be able to access the service, a license is required for any user that you intend to benefit from the service.
Take a look at the above quote from the link you gave. It's rather vague, perhaps it's written by a lawyer. When I enable Self Service Password Reset and Password Writeback to local AD, this is actually limited by the Azure AD P1 licence. My intention may be to enable this feature for the Business Premium users, but it's still there for all other users with a E1 and Business Basic licence - This is just one, out of many examples
This feature is enabled Tenant Wide, are we supposed to hide the fact for the other XXX users that they are able to use said feature?, we never intented for them to have it, but since it's there and readily available, do Microsoft expect us partners to just shush about it?
I'm mainly asking because I want to know what your exact stance on this is?- Mark_BrattonOur expectation is that partners communicate to customers that the ability to technically use a product/feature without a license does not mean a license is not required. If a customer is knowingly taking advantage of the lack of technical licensing enforcement and under-licensing their user base, that would be a license compliance issue. The intent of that article is to acknowledge for the vast majority of our customers who care about remaining compliant that it is not always possible to restrict who can access the capabilities at a granular level and so some leakage to unlicensed may occur. The expectation is to license every user they intend to benefit and limit leakage to the extent it is possible using the admin tools. I hope this help at least some.