Microsoft Hosting - Revolutionary Changes in October 2022

You may have heard that on the 1st of October 2022, Microsoft made many changes to licensing models and how almost all of its products are licensed.

If you don't use any hosting, you are unaffected by the changes. 

Otherwise, every end client and service provider, including SaaS companies and large data centre providers, is somehow affected.

This article is based on a transcript of the presentation by Alexander Golev for the British Computing Society, the video of which you can watch below. The article is updated every time Microsoft corrects BYOL terms and conditions.

What's changed for end clients? 

Simplified BYOL through Flexible Virtualisation Benefit

First and foremost, from the 1st of October 2022, any Microsoft subscription license can be taken to any provider except for the biggest four cloud firms: Amazon, Google, Alibaba, and Microsoft. Microsoft would not be Microsoft if it didn't leave a backdoor for itself, but that's a subject for a different article.

If you have never thought about taking a license and bringing it to a hosting provider, then you probably don't know how complex that was before. 

Windows Server BYOL

As a result of allowing BYOL for all subscription licenses, Microsoft introduced Bring Your Own License rights on shared hosting for Windows Server. It has always been almost religiously prohibited. Now, it's permitted. 

Windows Server per-VM licensing and BYOL

Windows Server can now be licensed per VM. Why am I mentioning this in the context of a services provider hosting? Because from October, Windows Server subscription licenses may be brought to a third-party data centre and licensed per VM.

Windows 11 VDI BYOL

Windows 11 virtualisation has been improved. Windows 11 licenses can now be taken to any provider and run in a shared infrastructure, which previously was very difficult.  

Windows 11 on-premises VDI through CSP

Finally, you may have Windows 11 licenses you bought through the Microsoft CSP programme. If you have such licenses, previously, you couldn't virtualise Windows 11 on-premises. Now you can.

The "class society" of service providers

Before October 2022, the Microsoft service provider tier system, or as I like calling it, service provider class society, was quite complicated. 

Tier 1. You could be a provider without any hosting agreement as long as the hosting infrastructure wasn't shared. That class of providers had minimal rights to host end-user licenses and even provide some hosting services.

In the second tier, most service providers hosting Microsoft software were the providers with the so-called SPLA - Service Provider Licensing Agreement. To allow end clients to bring licenses to shared environments in their data centres, they had to become at least a License Mobility Partner. But that's not the end of this story. 

Tier 3. Windows 11 and Microsoft 365 could only be hosted on either Azure or QMTH providers - a truly "exclusive" club of providers. You had to work really hard to become a QMTH. It's not for every provider and not even for every large provider. 

And then on top of that, there was also a division between Listed Providers and Authorized Outsourcers. 

In October 2022, this mind-boggling caste system was simplified to this:

• providers without any hosting agreement,

• and providers with SPLA. 

That's it. Moreover, IT companies can now host end-client licenses in shared infrastructure without signing an SPLA agreement. 

Why is it excellent news for end clients? 

You don't have to check whether a provider is "eligible" to host your licenses. 

There have been millions of cases when somebody rented a virtual machine from a provider, then deployed Microsoft Office there, thinking, "Because we have a Microsoft Office license, we can deploy it anywhere." Unfortunately, it wasn't the case. You had to check whether the provider is eligible and ensure the licence may be deployed in a shared environment. And by the way, legacy Microsoft Office did not have BYOL before October 2022.

Now, as long as you have a subscription license, you can take it to any third-party data centre or environment, regardless if it's single-tenant or shared (multi-tenant). 

Sad news for Listed Providers and their clients

Firstly, let's clarify the difference between Listed Providers and Authorized Outsourcers. 

Who are the Listed Providers? 

They are Amazon, Alibaba, Google, and Microsoft - used by 90% of end clients to host their cloud workloads. 

Who are the Authorised Outsourcers? 

Everyone except Amazon, Alibaba, Google, and Microsoft. Yes, everyone. Every IT company, SPLA or not. Tomorrow, you could put a server under your desk; voila, you are an Authorizer Outsourcer. You can host client workloads using their subscription licences. Microsoft effectively created new opportunities for small IT outsources. 

Let me make this absolutely clear. You don't have to have an SPLA agreement to be an Authorized Outsourcer. It's a misleading name because there's no authorisation required whatsoever.

Here's the problem 

Listed Providers are not benefiting from any of the October 2022 updates. And the clients of the Listed Providers are also not benefiting from any of these updates. Nothing changed positively for Listed Providers and their clients.

If you want to bring your license to a Listed provider, there's still a possibility to do it through the old rules, pre-October 2022. Plus, there are Azure Hybrid Benefits and Azure Windows 11 offerings, which are still there. They haven't been taken away. 

What licences are eligible for BYOL?

Any license is eligible, on which you pay a recurring fee:

• All subscriptions in CSP, 

• All subscription Volume Licenses, 

• And all the perpetual licenses with active Software Assurance. 

You have these rights as long as you continue paying Microsoft a recurring monthly, annual, or three-annual fee. When you stop paying them those, you lose BYOL rights.

What's changed for service providers? 

There is no more requirement to become a License Mobility Partner, sign a License Mobility Addendum, or become a QMTH. You don't even need SPLA to become a hosting provider. 

SPLA is not going anywhere. SPLA is with us to stay, at least for the time being. But if you want to terminate SPLA and transition to BYOL-only, you can. 

Certainly, forget about License Mobility and forget about QMTH. Even if you're not a QMTH, you can host Microsoft 365 applications and Windows 11.  

You may now host any subscription licenses, including CSP. It was not allowed until the 1st of October, 2022. Before that, only Windows 10/11 and Office 365 apps could be hosted only on QMTH providers. And server subscriptions could only be taken to Azure via Azure Hybrid Benefit. Now, any CSP subscription can be taken to any provider. Is it great? There's no doubt about it. 

CSP-Hoster authorisation

There's a new authorisation – CSP-Hoster. Please don't be misled by the name. You don't have to be a CSP-Hoster to host CSP licenses. 

CSP-Hosters are authorised to pre-build and preconfigure virtual machines from downloadable media using their own activation keys. That's it. Again, you don't have to be a CSP-Hoster to host licences for your end clients.

Update: In April 2023, Microsoft added two licensing advantages for CSP-Hosters, only when they provide "license-included" services: 

• Windows Server does not require CALs,

• Windows Server Datacenter VMs may be licensed with Windows Server Standard licences, much like in Azure Hybrid Benefit.

But there's a bitter pill for providers

Starting from the 1st of October 2025, services providers won't be able to deploy client workloads on Listed Providers and report licenses through their own SPLA agreement. You must start strategising for the next three years (counting from October 2022). And in this business, three years is the day after tomorrow.

Since then, we have spoken to many providers and told them not to panic. Things may change in the coming years, and Microsoft may decide to forgo the change or introduce measures to soften the blow. But certainly do not overlook it, and have a strategy for October 2025.

Software as a Service application providers are the most affected. For example, suppose you host your SaaS on AWS and report Subscriber Access Licenses through your own SPLA. That won't work from October 2025. AWS will have to provide SALs directly to your end clients.

There's no explanation of how that's going to work. There's no understanding of whether you can still get a single bill from AWS as a provider and then recover that money from your clients or they will have to have an agreement with AWS and obtain licenses from AWS directly. That is yet to be seen. 

So what (for the end clients)?

The good 

First, you get a better choice of outsources. Suppose you invested in licenses and you're not using them on-premises anymore. Now you can take them to any provider. 

Secondly, you got Windows Server Bring Your Own License rights, which you didn't have before. 

Thirdly, you were granted Windows Server per virtual machine licensing rights. Note for providers: you didn't get it through SPLA. The end clients might take their per-VM licenses and bring them to your data centre. But you can't offer it through SPLA.

Improved CSP subscriptions. Subscription CSP licenses may now be deployed in Azure and on any Authorised Outsourer. 

Windows 11 and Microsoft 365 applications can also be taken to any provider. If before, a provider next door couldn't compliantly offer you Windows 11 VDIs in a shared infrastructure, now they can. 

And finally, simplified Windows 11 terms for on-premises.

The ugly

90% of you are probably using Listed Providers. And therefore, none of these benefits apply to you when you host your workloads on Listed Providers. 

You may continue doing what you've been doing or start thinking, "Maybe I'll move some of it to a different provider." If you are concerned about investing in a solid, sustained cloud platform, there is a choice of hyperscalers that are not Listed Providers. 

And the rest of you may be indirectly affected by the changes to provider terms in 2025. Suppose you consume a SaaS application billed per user and hosted on one of the Listed Providers. In that case, you depend on how Microsoft will implement the changes in 2025. It is unclear whether you'll still receive a single bill for your SaaS application or will have to pay two bills: one for the application and the other for the licenses it consumes. We hope the former. 

So what (for the providers)?

The good

No need for QMTH. Just forget it. If you are already a QMTH partner, you can keep QMTH, but it stopped making sense. If you want to, you may apply to become a CSP-Hoster.

Then, you have new business opportunities by allowing end clients more Bring Your Own License options. You get more competitive advantages through that. 

We support Microsoft Partners that sell CSP licenses and host virtual machines for their clients. Until the 1st of October, they could not host the very CSP licenses they were selling. Now they can. 

So if you are a CSP, you can offer a packaged service: Microsoft software hosted on your platform, dedicated or shared, with the CSP licenses you sell to the same clients. 

Is it going to completely replace SPLA? We don't think so. But it is an alternative.

If you are using Listed Providers to host client workloads and you buy all the licenses through the Listed Providers, that's fine. Nothing is changing for you. But if you report SALs through your SPLA agreement, you must start rethinking how it will work in 2025. 

The yet-to-be-seen

First, Windows Server Bring Your Own License creates a mess in the economics of service providers. 

With SPLA only, your profitability of Windows Server virtual machines depends on their density per the number of cores in the host. You pay for the entire host's Windows Server Datacenter or Core Infrastructure Suite Datacenter licenses. Then, you recover the costs by renting out virtual machines. The more virtual machines you deploy on a host, and it's a simple division, the better your margins are. 

If clients start bringing their own licenses, what's going to happen? Unless you deploy a dedicated infrastructure just for BYOL and isolate Windows Server through SPLA in a different cluster, your profitability will inevitably decrease. It won't plummet, perhaps, but it'll get worse.

As a result, many providers are sitting on the fence. They say, "We've invested so much time and effort in building our hyper-converged cloud platform that connects all the clusters and data centres. Our provisioning system provisions a VM we don't even know where. It just does. And now, we must create a separate infrastructure for Bring Your Own License VMs. We won't do it. And even if we do, what if the client decides to switch from SPLA to BYOL or back?" 

There are also BYOL compliance issues. One service provider said, "Now, when we host CSP licenses, the licensees are the end clients, not us, so they are responsible for compliance." But is that so? 

If you've been through an SPLA audit, you know that you can be punished for the licenses brought to your data centre without following the License Verification process, without ticking every necessary box in every necessary form. That's because you are legally responsible for all Microsoft licenses in your data centre. That's how it's written in SPLA. Check for yourselves. 

With the licenses you host through QMTH, you could get your knuckles rapped at worst. But now, more licences are eligible for BYOL, and some correspond to SPLA products, e.g. Windows Server and SQL Server. 

With the proliferation of BYOL to every provider, every provider must start thinking about playing precisely by the rules set by Microsoft. Don't overlook the license verification process. Follow it, and tick every box. 

At the time this article is written, there is already a stringent license verification and reporting process CSP-Hosters must follow. Other Authorised Outsourcers are not obligated to verify and report BYOL compliance. However, how will you prove BYOL compliance to an auditor? 

We don't think that compliance will be fully offloaded to end users. It is yet to be seen.

So, what's the impact on YOU?

The effect of the October 2022 changes depends on where - in which category - you are. 

The hosting changes don't touch you if you are an end client with only on-premises servers. However, there are positive changes like Windows Server per-VM licensing, which, for example, already saved one small client of ours $25,000. It was a significant saving for them because they could utilise the per-VM licensing for their tiny cluster of three hosts. 

If you are an end client using hosting, the changes are positive unless you use AWS, Google, Alibaba, or Azure. As long as you are using the four Listed Providers, nothing is changing for you yet. 

Large providers. The impact is mixed. Why? Because Bring Your Own License is more accessible. There is less headache. You don't need to sign additional amendments and addendums. But you are entering a more competitive playing field where smaller providers now have the same rights as you.

Small or SaaS providers that use Listed Providers. We think the impact is harmful. For example, if you offer a hosted Oracle or SAP solution that requires Remote Desktop Services or Citrix access, you must re-strategise. Start today. If you are one of those, please message us and let's talk. 

Listed Providers are losing. 

The list of SPLA licenses you can get, for example, from AWS or Google, is minimal. Why? They don't want the headache of dealing with user licenses. AWS has recently begun offering Visual Studio with Remote Desktop licenses, and we have heard a rumour that they are working on providing hosted Office through SPLA licenses. 

But otherwise, Listed Providers, even Microsoft itself, don't want to deal with SALs because 80% of the licensing headaches on hosting are related to user license compliance.

Until 2025, that problem is solved by offloading the headache to smaller outsources. "We give you infrastructure; you handle the user licenses." Three years from now, they will have to either start offering the entire SPLA price list or maybe find a different solution. We'll see. 

If you are a startup, the changes are incredibly positive. I had an IT outsourcing company that I sold in 2013. And we were dreaming of an opportunity to purchase our own servers and host all the clients we were serving in our server room in our business centre. And we couldn't. And Microsoft hesitated to sign SPLA with us because we were too small.

Now there's no such blocker. Your clients can bring their subscription licenses. Or you can sell them subscription licenses, especially if you're a CSP. And you may host them on your servers. You don't need SPLA. 

So if you have an IT outsourcing company, why don't you do that?