Suspicious "License review" email

%3CLINGO-SUB%20id%3D%22lingo-sub-1121235%22%20slang%3D%22en-US%22%3ESuspicious%20%22License%20review%22%20email%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1121235%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all.%26nbsp%3B%20First%20time%20at%20this%20forum%2C%20hope%20I'm%20in%20the%20right%20spot.%26nbsp%3B%20I'm%20a%20Microsoft%20partner%2C%20and%20received%20an%20email%20addressed%20to%20me%2C%20but%20citing%20one%20of%20my%20clients%2C%20indicating%20MS%20needs%20to%20do%20a%20software%20audit.%26nbsp%3B%20It%20givecs%20this%204-step%20flowchart%20that%20seems%20to%20imply%20about%205%20weeks%20worth%20of%20work.%26nbsp%3B%20I've%20looked%20into%20things%20enough%20to%20know%20yes%20there%20are%20provisions%20in%20the%20terms%20%26amp%3B%20conditions%20for%20an%20audit%2C%20and%20there%20is%20an%20actual%20audit%20process%20from%20Microsoft%2C%20but%20of%20course%2C%20I%20don't%20trust%20a%20situation%20where%20some%20random%20person%20claims%20to%20be%20from%20Microsoft%2C%20telling%20me%20they're%20sending%20a%20follow-up%20email%20that%20will%20contain%20the%20%22Microsoft%20Online%20Assessment%20Tool%22%20which%20I%20am%20to%20install%20presumably%20on%20my%20clients'%20network%20to%20perform%20an%20audit.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20if%20this%20is%20actually%20Microsoft%2C%20I%20have%20to%20ask%2C%20what%20is%20wrong%20with%20you%20dummies%3F%26nbsp%3B%20It's%202020%2C%20phishing%20is%20rampant%20and%20getting%20more%20sophisticated%2C%20and%20your%20way%20of%20approaching%20these%20things%20is%20to%20tell%20me%20I%20need%20to%20download%20a%20tool%20onto%20my%20network%20from%20some%20email%20you'll%20be%20sending%20me%20soon%3F%26nbsp%3B%20That's%20beyond%20foolish%2C%20both%20if%20I%20were%20dumb%20enough%20to%20do%20it%2C%20and%20for%20Microsoft%20to%20even%20approach%20authorizing%20a%20methodology%20like%20this.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20funny%20too%20because%20the%20email%20looks%20quite%20legit%2C%20the%20underlying%20URL's%20are%20not%20fake%2C%20not%20using%20punycode%20(that%20I%20can%20see)%2C%20and%20what%20not.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyway%2C%20I%20will%20be%20ignoring%20this%20email%20but%20if%20it's%20legit%2C%20then%20MS%20needs%20to%20find%20a%20smarter%20approach%20to%20contacting%20customers%20to%20request%20these%20audits.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi all.  First time at this forum, hope I'm in the right spot.  I'm a Microsoft partner, and received an email addressed to me, but citing one of my clients, indicating MS needs to do a software audit.  It givecs this 4-step flowchart that seems to imply about 5 weeks worth of work.  I've looked into things enough to know yes there are provisions in the terms & conditions for an audit, and there is an actual audit process from Microsoft, but of course, I don't trust a situation where some random person claims to be from Microsoft, telling me they're sending a follow-up email that will contain the "Microsoft Online Assessment Tool" which I am to install presumably on my clients' network to perform an audit.  

 

Now, if this is actually Microsoft, I have to ask, what is wrong with you dummies?  It's 2020, phishing is rampant and getting more sophisticated, and your way of approaching these things is to tell me I need to download a tool onto my network from some email you'll be sending me soon?  That's beyond foolish, both if I were dumb enough to do it, and for Microsoft to even approach authorizing a methodology like this.  

 

It's funny too because the email looks quite legit, the underlying URL's are not fake, not using punycode (that I can see), and what not.  

 

Anyway, I will be ignoring this email but if it's legit, then MS needs to find a smarter approach to contacting customers to request these audits.