Cloud

Beware of Microsoft sales representatives posing as auditors to sell Office 365

User reports indicate Microsoft is using the spectre of fines for noncompliance to upsell businesses on Office 365, the SaaS version of Microsoft Office. Here's what to look for and how to respond.

msft.jpg
Image: Nate Ralph/CNET

Fresh off the lengthy controversy over forcing users to upgrade to Windows 10—using nag screens that resemble adware installers, removing "cancel" buttons, and overriding systems with full-screen nagging—Microsoft appears to be targeting corporate IT departments to upgrade to Office 365 by having sales representatives contact businesses looking to perform a "voluntary audit." These audits may be presented with strongly worded language, noting a particular deadline or risk of fine for noncompliance, though these are effectively empty threats.

This thread on the /sysadmin/ subreddit details the nature of the potential scam, in which IT staff are directed to fill out a spreadsheet detailing all of the IT assets in their organization—thereby arming the sales representatives with the data they need to upsell them on additional licenses, some of which may not actually be necessary.

SEE: The case for building a collaborative organization (Tech Pro Research)

Understanding Microsoft's licensing terms

The actual meaning of Microsoft's license terms seems somewhat evasive, as the sales representatives reportedly attempt to twist the meaning in any way which can be used to intimidate IT decision makers. Foremost among these is licensing for SQL Server, which is now licensed per core, rather than per socket, following Oracle's move to that licensing structure. In the case of virtual machines, the sales representatives have insisted that a 16-core license is mandatory for a virtual machine assigned only four cores.

Realistically, the licensing terms change rapidly, making it difficult to actually remain in compliance, thereby creating an incentive for those out of compliance to agree to the terms of the sales audit.

Distinguishing a real audit from a 'sales audit'

Actual audits from Microsoft are generally not conducted via email (though exceptions may exist). Employees of Microsoft typically have an email address format of first.last@microsoft.com, though senior employees omit the dot and use only enough of the last name to be unique, such as billg@microsoft.com. External vendors with a Microsoft contract use the prefix "v-" in front of their address, so vendors can be identified with an email address like v-william.stickers@microsoft.com. The sales agency responsible for the audits is an external vendor, so a voluntary audit can safely be ignored if coming from an email address with this format.

Trave Harmon, the CEO of Triton Technologies, said that his company has been subjected to "multiple audits" which "produced nothing" and "wasted a tremendous amount of my company's resources in an attempt to upsell products... [as] a new way of attempting to sell Office 365 through any means necessary." Harmon recommends requesting Microsoft to pay for the expense of performing the audit—Triton charges $200 per hour, at a 12 hour minimum. Harmon also recommends that anyone theoretically conducting an audit be subject to a full background and CORI check, as Triton "[has] a significant amount of schools, medical facilities, military, and government clients. Due to state and federal regulations we cannot allow anyone from any third party to have unfiltered and unrestricted access."

Duncan Jones, the principal analyst for sourcing and vendor management at Forrester, noted that Microsoft licensing is "very complex, due to the breadth of its portfolio and the inconsistency between different product groups. Also, there are many changes, as Microsoft tries to keep up to date with technology changes. Often these license audits find under-licensing that is inadvertent, due to misunderstanding the rules." While noting that Microsoft is not particularly bad compared to other vendors, Jones said the issues can arise from "a rogue salesperson who thinks it's the best way to make his number."

The first-world anarchist's guide to destroying an audit

These are underhanded means being used in this situation to make a sale. These are not true auditors, and are unlikely to have taken the relevant certification exam. So, there is nothing ethically wrong with creatively wasting the sales representative's time.

SEE: 99% of business machines have not upgraded to Windows 10, according to study

For a bit of inspiration, the OSS Simple Sabotage Field Manual offers surprisingly relevant tips for frustrating sales representatives to the point that they may give up on pursuing your organization.

Ch. 11, Part A, No. 1: Insist on doing everything through "channels." Never permit short-cuts to be taken in order to expedite decisions.

Requiring the request for the audit to be sent through certified mail is a relatively small hoop to make the auditor jump through, though it has worked for some commenters.

No. 3: When possible, refer all matters to "committees", for "further study and consideration." Attempt to make the committees as large as possible - never less than five.

Get other IT staff (warned ahead of time, in private) in on the sabotage by CCing them on every email, and coordinating to individually send the auditor identical questions phrased slightly differently each time.

No. 5: Haggle over precise wordings of communications, minutes, resolutions.

Litigate every single word of the license agreement, if you so desire.

No. 6: Refer back to matters decided upon at the last meeting and attempt to re-open the question of the advisability of that decision.

Do you have an existing Office license that the sales agent wants to convert to Office 365? Casually mention that you are evaluating the new LibreOffice release, and have no desire to purchase licenses now. Rinse and repeat with MariaDB, Google Apps for Work, or any other product in contention.

No. 7: Advocate "caution." Be "reasonable" and urge your fellow-conferees to be "reasonable" and avoid haste which might result in embarrassments or difficulties later on.

Why pay for a new license for aging hardware, when the tantalizingly low prices of the cloud are a better proposition?

Considering the mysterious UpgradeSubscription.dll found in preview builds of Windows 10 in June that turned out to be a subscription service for Windows 10 Enterprise, similar sales tactics to force enterprise deployments into subscription pricing for Windows is likely not far behind.

Microsoft declined to comment on this story.

What do you think?

Has your organization been targeted by Microsoft's sales auditors? Have you complied, or impeded their attempt to make a sale? Share your experience in the comments.

See also

About James Sanders

James Sanders is a Java programmer specializing in software as a service and thin client design, and virtualizing legacy programs for modern hardware.

Editor's Picks

Free Newsletters, In your Inbox