Microsoft Licensing Updates - September 2024

My name is Alexander Golev, and I represent the company SAMexpert. This is our channel where we discuss everything about Microsoft licensing, cloud economics, and sometimes audits. This is what we do daily. Therefore, what we tell you here is a product of over 25 years of experience from each participant of this channel, including me.

Let's jump into Microsoft licensing updates for September 2024. There aren't many, but some of them are interesting. So, it's not as dull as in the previous months.

Microsoft added a few products to the so-called availability tables that tell you through which channel you can buy a certain product.

There's a 10-year audit log retention product, which you may infer is for 10-year log retention, letting you keep logs for 10 years. There's an additional subscription now if you have any regulatory or security reasons for keeping logs for so long. Other things include Defender Vulnerability Management, Internet Access, and Private Access. These are not new products; their availability has changed.

Python in Excel. I'll stop on it additionally. Secure Access Essentials Frontline Worker. That's the last product for which availability changed on the 1st of September 2024.

Python in Excel, however, is an interesting development.

Python in Excel

Python in Excel is something that, so far, has only been available as a preview—something you could run, test, play with, and have fun with in preview channels in Microsoft Office 365. Now, it's available as a separate subscription.

Python in Excel, despite its name, doesn't actually run in Excel. It runs in the cloud. And this is where Microsoft Office is moving. All the apps we will have soon—and it's already started with Teams and Outlook—are effectively shells for online applications. All the business logic runs in the cloud.

The other reason why Microsoft decided to run Python in the cloud, not your local Python copy, is, they say, to sandbox access. Because Python can access many things if it runs locally, they want to limit that access, especially for enterprise data. And they want to control it.

They want you to control it and limit it to just your data, your tenant—whichever is available to Python that runs in the cloud. From this, you can also infer that it's not just an additional subscription; it's an extra cost. It also requires an M365 license.

So, traditional Office won't get it. That's our understanding right now. But it seems like that's the case. So, it requires online applications because it runs in the cloud. It requires a cloud subscription. On the one hand, we don't like this tendency because Microsoft already has over 40 different add-ons for Microsoft 365.

This is the first one specific to Excel. Correct me if I'm wrong, but I think it's the first one specific to Excel.

This whole tendency to move everything to the cloud is a bit concerning because, for example, in our work, we use Power Query on a daily basis, multiple times during the day. We work with local files.

Although Power Query can work with online data, for example, stored in SharePoint, the same query online takes 10 to 20 times the time it takes to run locally. And if Excel, in time, becomes a purely cloud application, there is a possibility that access to local files would be slightly limited. I will put it this way.

And Power Query then may become a paid add-on. That's where Microsoft is going.

Support for Extended Security Updates

The other thing that they added in September is they clarified that if you have extended security updates licenses, Microsoft provides virtually no support for these licenses, limited to just three types of issues:

• Deployment, installation, and activations of ESU keys,

• License and updates, bugs, and regressions introduced with the installation of a security update (pay attention to the security update),

• Troubleshooting services and assistance to resolve known and documented issues related to the underlying operating systems.

Support is only available if you have Pay Per Incident, Unified Support, or if you're a partner and you have Premier Support for Partners. And they especially clarify that the products themselves—the products under the extended security upgrades—are not supported. It's not a change. It's a clarification. It's how it works.

But what do you do if you want support for a product under extended security updates? Go to a third-party support provider.

Fortunately, Microsoft provides official ways for a third party, for a Microsoft partner, to create their own third-party support business with completely different pricing strategies because it's up to the partner. All they need to do is pay for a support package to Microsoft, such as Premier Support or Advanced Support for Partners. You can get indirect support through such partners, which is often better than from Microsoft itself.

I won't deliberately start calling out specific names of specific third-party support providers, but if you want me to give you some, please message me through LinkedIn, and we can discuss that. We're not affiliated with any such companies; we're not getting any kickbacks from any, but we can discuss the overall approach and how you can find such partners.

Reductions in Enterprise Agreement

The other clarification they introduced is that you can reduce subscription licenses if you have an Enterprise Agreement or Enrollment for Education.

You always had this opportunity; you always had this possibility to reduce the number of subscription licenses during the term of an Enterprise Agreement. It's not a change, but it's a necessary clarification.

Discount on Copilot in CSP

An exciting bit for CSP clients is the new promo on Copilot for Microsoft 365.

It's a 15 per cent discount not given to you as an end client. It's given to your CSP partner through whom you can buy licenses. So, CSP partners get a 15 per cent discount on all new subscriptions. So, if you already have a subscription to Copilot, you're not subject to this promo.

If you are not yet subscribed to Copilot for M365 and want to procure it now via a CSP partner, you are informed that that partner gets a 15% discount. They won't necessarily tell you that there is a 15 per cent discount available until the 31st of December this year, 2024. And then the promo will probably stop.

Interestingly, Microsoft also didn't give this discount to Enterprise Agreement clients. However, nothing stops an Enterprise Agreement client from subscribing to Copilot via CSP from a licensing standpoint, but it will probably be quite difficult.

I'd like to see it implemented—to add Copilot through CSP to a tenant in Microsoft 365 that is created via an Enterprise Agreement. Again, I'm not sure that's technically possible, but review that possibility if you have an opportunity. If that move were possible, you could add a CSP agreement to your EA. Therefore, you could get Copilot with a 15 per cent discount.

This raises questions: Is the uptake on Copilot any good right now? Why would Microsoft provide this promo when previously Microsoft refused to give any discounts? Negotiating discounts on Copilot was extremely difficult. It still is. And there are no volume discounts for large companies. It's always $30 per user per month. This is the first time Microsoft has given a discount. Why? Maybe there's some kind of disillusionment.

Q&A

But anyway, let's move on. I want to start with the questions we received last month on our hotline at ask@samexpert.com.

Auditing SQL CALs

So, one of the questions we received recently was how to measure and audit SQL Server device CALs and user CALs.

Microsoft SQL Server is a database application, a database service, which may be accessed through, and usually is accessed through, other applications. Almost nobody, except for geeks, uses SQL Server directly.

One of the licensing models for SQL Server is Server plus Client Access Licenses. So, you pay for instances, and you pay for either devices (per device) or users (per user), or a mix of those accessing that data, write or read it directly or indirectly through other applications, for example, accounting applications.

And this is a tricky question. This is a very challenging question. The answer is that there is no universal recipe for counting such licenses. It depends on the application. And in most cases, there is no way to count devices because, normally, those apps have user accounts assigned to them.

And the way to do it is to find out about all the applications that use SQL indirectly and count the users inside those applications. Therefore, there's no universal script. There are thousands of such applications. There's no universal approach. It's always case by case. So, it isn't easy. Moving on.

Hosting Windows 11 VDI

The next question: What licenses, as a provider, do we need to host Windows 11 for our clients?

There is no Windows 11 in our SPLA price list. So, this can also be interesting for those end clients—if you are an end client—if you want to host your Windows 11 machines on a service provider.

Windows 11 doesn't require licenses for the virtual machines hosted on the provider. Therefore, well, firstly, it's not on the SPLA price list. So, you can't sell those licenses to the end client if you're a provider. And if you're an end client, you can't buy—you can't rent—Windows 11 virtual machines from a provider with licenses.

So, you have to have licenses. An end client must have licenses per user to host so-called VDIs, Virtual Desktop Instances, on a service provider. It's always an end client's license. And the rules are simple. If it's a subscription license or a license with Software Assurance, it gives you access to up to four virtual machines per user.

In practice, it's not traceable, but the legal requirement is up to four virtual machines wherever those machines are running. If you're a provider and you want to host Windows 11 for your end clients, you must make sure that the end clients have the licenses—eligible licenses with remote visualisation or server visualisation rights.

If you're an end client, that applies to you. You must ensure that if you want to deploy VDIs on a service provider, you have the appropriate user licenses—eligible user licenses.

SPLA question

Another question: We are a small provider mainly providing Linux virtual machines. Can we use SPLA for Windows Server virtual machines?

Of course, you can. That's what SPLA is designed for. A couple of notes here. First, we strongly recommend separating Linux machines from Windows Server virtual machines. I would even turn it upside down. I would say separating Windows Server virtual machines into their dedicated clusters and dedicated infrastructure.

Why? For economic reasons. Because through SPLA—if you use SPLA—the most cost-effective way, if you have over seven virtual machines per cluster, is to license it with Windows Server Datacenter. And the more densely you pack Windows Servers on a specific cluster, the lower the cost is for you as a provider for each virtual machine.

Therefore, we suggest separating it. There's another option. You don't have to use SPLA. If you are mostly a Linux-based provider, you don't want to deal with SPLA. You don't have it yet. You don't want to sign it. You can still sign it. Then, you can allow your clients to bring their own licenses for Windows Server using the so-called Flexible Visualisation Benefit.

If they don't have the licenses, and you, for example, are a Microsoft CSP, you can resell those licenses. Sell them a license and then host it for them. So you don't have to deal with SPLA. But the question was, can we use SPLA?

Of course, you can. Of course. Of course, you can. It's a simple question.

Licensing cores disabled in BIOS

And the last question I have from our hotline this month is tricky. They're all tricky, but this one is not as simple as it seems. A client asked us, "We have a 32-core physical server. Can we disable 16 cores and only pay for 16 Windows Server core licenses? Effectively, only 16 cores will be available to the operating system at the hardware level because the cores are disabled in BIOS."

Our expert opinion is: as long as you can provide evidence that it's always been the case—you take screenshots, you take snapshots every month, for example—and you can prove to an auditor that you've always only been using 16 cores, then yes, you can do that.

Questions may arise when you give them the hardware inventory; they look up that model online and find out that, for example, that machine's minimal configuration has always been 32 cores or more, as a minimal configuration. Then, there's always a question of whether you had to pay for 32 cores anyway. Again, our expert opinion is that it's perfectly eligible if you can prove that you've never used more than 16 cores.

You may run into trouble if you don't keep the evidence.

That's a long answer. It's a tricky question. It's a tricky answer.

On this note, I think we can conclude today's session. You can find all the upcoming lives on the homepage of our YouTube channel. I hope you'll subscribe to our channel, and I hope I'll see you on those live Q&A sessions. Thank you very much for being here, and goodbye.