0

I'm a small company having a few servers hosted in a managed hosting center, mainly Windows 2016 and a few Windows 2008 servers.

I have now received a rather disturbing email where they request full admin access to all our servers due to a Microsoft SPLA auditing routine. In case we don't use their SPLA licensing we're required to document to them how our servers are licensed.

Further more they demand a permanent full admin access and that we install LicenseWatch.

How am i supposed to react to this? My initial reaction is like, wtf. Am i in my right mind to consider them extremely unprofessional or is this common practice in hosting centers around the world?

In all my years in this profession, having hosted servers for decades through various providers have i never experienced anything like this.

Edit:

I got a copy of the auditing notice and especially the following paragraph seems to hint that Microsoft is forcing access to all servers hosted at the provider. On the other hand, English is not my native language so i'm not entirely sure what this means

The scope of inspection includes [hosting provider]'s hosted environments, which includes the above agreement(s) and all Microsoft software services used or provided to third parties at and/or on behalf on [hosting provider]. Microsoft reserves the right to verify any licensing for all servers that may be providing Microsoft Software Services.

Pauli Østerø
  • 103
  • 4

2 Answers2

1

They got audited and forget to mention to Microsoft that those asset are not their.

Microsoft audit by legal’s name, thus, the hosting company, is wrong to list you and your asset.

Legally speaking Microsoft will send an email to the VLSC or business owner to start an audit.

To correct the situation to keep it correct please ask your hoster the auditor contact, and send the email to the microsoft contact yourself (as it always come from a microsoft email, beware of fake) and put cc your hoster, to state its your own asset, not theirs.

Microsoft is serious about the legal name, I had a customer using two legal name, but same address, and I had to proove it was the same company

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • I got a copy of the audit notice and updated my question with a paragraph which the hosting provider refers to. To me it still sounds though that it only includes servers running Windows using the hosting providers SPLA license. – Pauli Østerø Apr 30 '18 at 23:18
  • They state as if the hoster give you Windows instance, they need to give them access to them for auditing, we play with word there, as the hoster give you the vmware access to create your **own** instance, it's why you better contact Microsoft to talk the subtility. – yagmoth555 Apr 30 '18 at 23:27
  • I did a follow up on the history of our servers with this hosting company, and it turns out two old Windows 2008 servers was installed by them using their SPLA license. Are they still in their rights to demand full admin access to the servers and required a custom program of their choice to be installed? Should i consider just changing the product keys on those two servers to use our own license instead of their SPLA? – Pauli Østerø May 01 '18 at 14:56
  • 1
    @PauliØsterø I would change it, as anyway it will be up to you to justify the Windows 2016 licence you have. The licence key you enter don't matter much at the start, as usually the MS rep will check in your VLSC contract and list what you have buy versus what you run. – yagmoth555 May 01 '18 at 16:42
0

Check the terms of service.

In fairness you have no legal obligation as far as I’m aware to justify your licensing to them.. however we are not lawyers and for accurate advice you should really contact some legal professionals.

I don’t believe they have any right to dictate you install software however this may well be in the terms of service.

With regards to the admin access.. don’t they have that already if it’s managed hosting?

You should contact the company’s help desk to ensure they actually sent that email BEFORE making any action. A simple who is against your ip will probably reveal who owns the IP and subsequently your hosting provider is and then start a social engineering attempt against you

Timothy Frew
  • 582
  • 3
  • 7
  • Its managed in the sense where we have access to a VMWare cloud panel where we create and delete our servers as we see fit, so i'm not sure what you mean by them already having admin access, just because its managed hosting? – Pauli Østerø Apr 30 '18 at 22:57
  • Managed hosting often implies that whilst you look after the specific app you run or site etc. They might look after the security updates, OS issues etc – Timothy Frew Apr 30 '18 at 23:00
  • But that’s not seeming to be the level of management in this sense. They look after the VMWare part – Timothy Frew Apr 30 '18 at 23:01
  • Yeah, that would be apps as a service, this is just a machine as a service :) I've been in contact with them so the request is genuine enough and they keep insisting in a way that i feel compelled to simply pack my Windows servers and leave. – Pauli Østerø Apr 30 '18 at 23:08
  • Sounds like they don’t understand the licensing terms enough to execute it properly. I would just say that no you cannot permanently have admin privileges and no I won’t install foreign (to you) software to send you unaudited and unknown data from my server – Timothy Frew Apr 30 '18 at 23:15