Microsoft License Audit request legit?

[HCHTech]

I found this message in the spam filter of one of my clients. They have a MS Tenant Hosted Exchange setup, and I maintain an address on their system that gets forwarded to me. The message was in the spam filter, and the attachment had been stripped by the gateway antivirus, but on examination of the headers, it looks like it might be legitimate. The "Int'l Vendor" note on the sender address is the only thing that looks janky to me. The deployment summary link does go to a page on the Microsoft site.

For those that might have gotten an audit request for real in the past, does this look legit to you?

 

[CLC]

If it was me, I would call Microsoft directly to confirm.

 

[coffee]

Got one of these from a business client about a year ago. I looked it over and told them that I declined their offer. I never heard back from them. Just some third party wanting to sell you service or software.

Tell them if they want to look at your server(s) or computers to get a search warrant. Otherwise take a hike.

 

[nlinecomputers]

Microsoft only has rights to audit you if you have VOLUME LICENSES. Retail or OEM purchased software is not something they can audit any more than Victoria Secret can audit your wife's underwear drawer. Read your EULA, there is NO language about auditing of software. Sadly Microsoft does contract with vendors to conduct audits but they have no legal authority to do so and you can ignore it. Microsoft CAN sue you for a license violation but the court costs in most cases would outrun the profits made by corrected license sales.(Assuming any were needed and it would take a court-ordered audit to confirm it)

 

[nlinecomputers]

https://www.microsoft.com/en-us/licensing/learn-more/compliance-verification-faq.aspx

 

[HCHTech]

Thanks, @nlinecomputers - that's perfect. It wasn't sitting right with me, but looked legit - figures it was ultimately a sales pitch.

 

[nlinecomputers]

Thanks, @nlinecomputers - that's perfect. It wasn't sitting right with me, but looked legit - figures it was ultimately a sales pitch.

It depends though. The language they are using implies VL licenses. Does the Exchange server have CALS? If so then you DO need to have a proper count on that. If you are buying a third party service then it is that service who needs to check.

 

[HCHTech]

There is no on premise exchange, but there is a domain controller and an application server each running Server 2012 Standard, and there are user CALs. The hosted exchange is a standard O365 "mail only" setup. Plan 1 or whatever it's called - the $4,95 per mailbox one. They have about 30 employees.

I sent a response with your link and stating that we don't have volume licensing, so I'll wait for them to respond before I do anything.

 

[fencepost]

A better response might be "Our volume license is for Office365 mailboxes, which is controlled by Microsoft directly and we can't add more if we're not paying for them."

However, unless the server(s) were bought with OEM Windows preinstalled they may be volume licenses, and the CALs certainly are handled via the volume licensing system.

 

[Markverhyden]

Did you parse the header at mxtoolbox? What about other email accounts? But I agree. It certainly looks like a scam or phishing expedition.

 

[fencepost]

It's been discussed before. From my recollection the v-whatever@microsoft.com ones are ignorable, if you get something from MS that's not from a v- prefixed address about an audit I believe it's time to take it more seriously.

 

[backwoodsman]

The language and grammar are very good for a non-native English speaker, but I do think it was written by someone whose native language is not English. It seems pretty unlikely that would ever happen with a real communication from a large corporation like Microsoft.

 

[HCHTech]

From my recollection the v-whatever@microsoft.com ones are ignorable, if you get something from MS that's not from a v- prefixed address about an audit I believe it's time to take it more seriously.

I found a description of the "v-" email prefix here.

• V-dash: A vendor who works with Microsoft who may also have a temporary Microsoft email address preceded by the “V-” prefix. Also called an “Green Badge” for the color of their physical badges issued by Microsoft when on the company campus.

So the person is probably a legitimate vendor....at this point, the ball is in their court. I'll post back if they respond to my email.