Hi all.  First time at this forum, hope I'm in the right spot.  I'm a Microsoft partner, and received an email addressed to me, but citing one of my clients, indicating MS needs to do a software audit.  It givecs this 4-step flowchart that seems to imply about 5 weeks worth of work.  I've looked into things enough to know yes there are provisions in the terms & conditions for an audit, and there is an actual audit process from Microsoft, but of course, I don't trust a situation where some random person claims to be from Microsoft, telling me they're sending a follow-up email that will contain the "Microsoft Online Assessment Tool" which I am to install presumably on my clients' network to perform an audit.  

Now, if this is actually Microsoft, I have to ask, what is wrong with you dummies?  It's 2020, phishing is rampant and getting more sophisticated, and your way of approaching these things is to tell me I need to download a tool onto my network from some email you'll be sending me soon?  That's beyond foolish, both if I were dumb enough to do it, and for Microsoft to even approach authorizing a methodology like this.  

It's funny too because the email looks quite legit, the underlying URL's are not fake, not using punycode (that I can see), and what not.  

Anyway, I will be ignoring this email but if it's legit, then MS needs to find a smarter approach to contacting customers to request these audits.