Microsoft has some cloud based services, stand alone subscriptions or as part of Office 365 or Microsoft 365 plans, that come with some risk. When a customer subscribes to such a service, the services becomes available for all users in the tenant.
Subscription licenses
In general a user of Microsoft cloud services needs a User Subscription License (USL). Normally a customer would subscribe to the services, assign the subscription to the user and subsequently the user can use the service.
With tenant-level services this is a bit different. Let’s take Azure Information Protection as an example. When an organization decides that 25 out of 200 employees would need such a service, they subscribe to 25 Azure Information Protection subscriptions. But .. by default, Azure Information Protection features are enabled at the tenant level for all users within the tenant.
The risk
Organizations only need subscriptions for employees who benefit from the services. But when employees discover new capabilities and are enabled to ‘activate’ such services, an organization could well have much more usage than subscriptions.
When Microsoft verifies compliance this over usage could lead to a big legal and financial consequences.
Detection
How would one know how many users benefit from the service? And how that is compared to the number of subscriptions? Software Asset Management (SAM) is the way to go. Within a SAM Service there is discovery and inventory of technology, software licenses and cloud subscriptions. SAM will provide deep data insights on cloud usage, including these tenant-level services. With that, as an organization you will be able to take timely appropriate measures.
Prevention
Better safe than sorry is what they say. So preventing over usage is always a good idea. Microsoft has put together a Microsoft 365 Tenant-Level Services Licensing Guidance with practical tips to prevent services availability to unlicensed users. Please be aware, this is not – technically – available for all tenant-level services. For those where it is not possible, you will have to take organizational measures and apply company policies, both part of a Software Asset Management Service.
More information
Do you want to know more about tenant-level services and how to prevent any compliance risk? Do you want to know how a Software Asset Management Service can you help with that? We are happy to help, please contact us.