Reply
PeterO
Level 2 Contributor

Internal Use Rights - Tier 2

Hi guys,

I have a customer (a tier 2 SPLA partner) who is looking to purchase CSP licences for internal use. As I understand it, Microsoft did away with this use case but the customer is adamant that they want to try if there is a legal way to do this, without risking their accreditations. They have two partner ID's and considering purchasing against their second one, as a way of procuring licences for internal use - I'm assuming that this isn't allowed?

Strange licensing scenario I've not come across before. Any help would be appreciated!

Thanks

2 ACCEPTED SOLUTIONS
JanoschUlmer
Microsoft

Every Partner is allowed to purchase license from another CSP for their internal use (at least at time of writing, no applicable agreement prohibits this).

However, what is not allowed, is that a CSP Partner buys something for themselves from themselves ("no internal use" in the MPA).

So, if this customer, an Indirect Reseller, want to buy for their internal use they are not allowed to create themselves as customer in the Indirect providers portal and sell licenses to themselves. That is, unless the Provider has built functionality in their portal that allows to mark this "customer" as "(Reseller) Internal use" - the provider will then not attach the reseller Partner ID to the sale (which means no recognition for the revenue, no incentives, probably no or different discount for the reseller buying this), effectively the provider then sells to the reseller as a customer, the provider acting like a Direct CSP.

It does not matter if the reseller has different Partner IDs or even different Partner organizations.

However, there is technical blocker that might occur then - consider the following scenario:

- Indirect Reseller has a tenant contoso.onmicrosoft.com

- This tenant is the tenant which should receive the license and the tenant the Reseller uses to act as CSP (The tenant has Partner Center and an active CSP enrollment in there).

- The reseller has added the provider in their tenant/Partner Center - they accepted the "Provider-->Reseller" relationship

- In this scenario it is not possible to accept a "Reseller-->Customer" relationship in the same tenant with the same provider - either this tenant is linked to the provider as reseller or as customer, it can not be both.

The Reseller then has two options:

1. Use a different provider/Direct CSP to buy licenses

2. (Recommended): Use a different tenant to act as CSP. This is recommended for security reasons, to separate the tenant from which the reseller manages their end customers from their internal use tenant. So, the reseller would create a new Indirect CSP enrollment in tenant cotosocsp.onmicrosoft.com, establish the provider-->reseller relationship in there, remove the CSP profile or at least the Provider-- Reseller relation in their main tenant and establish a Reseller-->Customer relationship with their provider instead. Licenses sold to customer won't be impacted this way, since the licenses sold to end customer are not changed on provider side - there is also no change reg. Partner IDs since the new Indirect CSP enrollment would best use the same Partner ID.

btw - I think the discussion rather belong in this community (and sub-communities in there): https://www.microsoftpartnercommunity.com/t5/Cloud-Solution-Provider-Partner/ct-p/CSP

Kind regards, Janosch
Receive consultations via Technical Presales and Deployment Services team

View solution in original post

BlakeCheek
Level 6 Contributor

Not that you have much direct control over this , but there really should be a simpler process.Indirect Resellers are buying CSP for their clients through an Indirect Provider and so the platform and simplicity to buy for themselves. I understand that MSFT doesn't want people "double dipping" by getting a discount as well as incentives but asking people to partner with another partner to buy licenses is just presenting a challenge for an issue that doesn't even need to be an issue or jump through all of the hoops as outlined in option 2.

I'd think there could be simpler solution devised that would allow partners to purchase through IPs while still remaining compliant with MSFT. I feel like we have the technology to solve this.

@JanoschUlmer

View solution in original post

5 REPLIES 5
JanoschUlmer
Microsoft

@BlakeCheek Buying from another Partner is not the only solution I mentioned, and not the recommended option.

Note that a Provider does technically not need to have a "Provider-->Reseller" relationship established with a reseller, Microsoft does not require this to sell in indirect model - so not this problem does not occur with all providers. But this relationship is sometimes required for features the provider has implemented in their portal (e.g. setting the Indirect Reseller support contact info in customer tenants, creating reseller invites for end customer featuring both reseller & provider, so use it for Partner ID verification purposes). So, from this perspective the problem can be caused by a specific provider setup. It is true that Microsoft makes this restriction that there can't be two different relationships between one reseller and one provider tenant.

Note also that while many provider allow this "sell to selve" option in their portal by an easy checkbox, not all provider are eligible to sell as Direct, this requires approval by Microsoft. So, it is also not easy to simply enable this for everybody.

Finally - Having separate tenants for internal production and CSP is strongly recommended from security perspective. Had too many consultations with partners that desperately tried to separate those because they were not able to fulfill security requirements of a CSP in their production tenant or realized that they can not properly secure CSP operations without impacting internal IT processes in a negative way. Personally, I see it as usually security practices anyway, hosters would also not use their internal AD forest with hosted customers AD (at least I hope so). Microsoft also has separate AD Forests/Tenants for cloud operations. And this approach of separated tenants also solves the problem we have here.

Kind regards, Janosch
Receive consultations via Technical Presales and Deployment Services team
JanoschUlmer
Microsoft

Every Partner is allowed to purchase license from another CSP for their internal use (at least at time of writing, no applicable agreement prohibits this).

However, what is not allowed, is that a CSP Partner buys something for themselves from themselves ("no internal use" in the MPA).

So, if this customer, an Indirect Reseller, want to buy for their internal use they are not allowed to create themselves as customer in the Indirect providers portal and sell licenses to themselves. That is, unless the Provider has built functionality in their portal that allows to mark this "customer" as "(Reseller) Internal use" - the provider will then not attach the reseller Partner ID to the sale (which means no recognition for the revenue, no incentives, probably no or different discount for the reseller buying this), effectively the provider then sells to the reseller as a customer, the provider acting like a Direct CSP.

It does not matter if the reseller has different Partner IDs or even different Partner organizations.

However, there is technical blocker that might occur then - consider the following scenario:

- Indirect Reseller has a tenant contoso.onmicrosoft.com

- This tenant is the tenant which should receive the license and the tenant the Reseller uses to act as CSP (The tenant has Partner Center and an active CSP enrollment in there).

- The reseller has added the provider in their tenant/Partner Center - they accepted the "Provider-->Reseller" relationship

- In this scenario it is not possible to accept a "Reseller-->Customer" relationship in the same tenant with the same provider - either this tenant is linked to the provider as reseller or as customer, it can not be both.

The Reseller then has two options:

1. Use a different provider/Direct CSP to buy licenses

2. (Recommended): Use a different tenant to act as CSP. This is recommended for security reasons, to separate the tenant from which the reseller manages their end customers from their internal use tenant. So, the reseller would create a new Indirect CSP enrollment in tenant cotosocsp.onmicrosoft.com, establish the provider-->reseller relationship in there, remove the CSP profile or at least the Provider-- Reseller relation in their main tenant and establish a Reseller-->Customer relationship with their provider instead. Licenses sold to customer won't be impacted this way, since the licenses sold to end customer are not changed on provider side - there is also no change reg. Partner IDs since the new Indirect CSP enrollment would best use the same Partner ID.

btw - I think the discussion rather belong in this community (and sub-communities in there): https://www.microsoftpartnercommunity.com/t5/Cloud-Solution-Provider-Partner/ct-p/CSP

Kind regards, Janosch
Receive consultations via Technical Presales and Deployment Services team
BlakeCheek
Level 6 Contributor

Not that you have much direct control over this , but there really should be a simpler process.Indirect Resellers are buying CSP for their clients through an Indirect Provider and so the platform and simplicity to buy for themselves. I understand that MSFT doesn't want people "double dipping" by getting a discount as well as incentives but asking people to partner with another partner to buy licenses is just presenting a challenge for an issue that doesn't even need to be an issue or jump through all of the hoops as outlined in option 2.

I'd think there could be simpler solution devised that would allow partners to purchase through IPs while still remaining compliant with MSFT. I feel like we have the technology to solve this.

@JanoschUlmer

PeterO
Level 2 Contributor

Thanks very much! 🙂

v-jillarmour
Community Manager

@JanoschUlmer ? 😃