Microsoft revises software licensing, cloud policies amid EU regulator scrutiny

OVHcloud and Nextcloud lawsuits hit the spot as Windows giant admits to potential competition issues

Microsoft is offering a series of concessions over its software licensing policies to European cloud providers in a bid to address their accusations of anti-competitive tactics and cool any interest from local regulators.

OVHcloud, along with several other cloud services purveyors including Nextcloud, filed class-action lawsuits with the European Commission calling for a level playing field.

One bone of contention for some is licensing – for example, the higher fees to pay while running Windows in non-Microsoft Azure clouds.

Brad Smith, president at Microsoft and an old hand at going into legal battles for the software giant, wrote today it had listened to the criticism, and "while not all of these claims are valid, some of them are."

He added that Microsoft is outlining initiatives to resolve the issues.

"I think it's important at the outset to acknowledge that these steps are very broad but not necessarily exhaustive. As I said in one video meeting a few weeks ago with the CEO of a European cloud provider, our immediate goal is to 'turn a long list of issues into a shorter list of issues.' In other words, let's move rapidly so we can learn quickly," said Smith.

The first is five European Cloud Principles being adopted by Microsoft across Europe, including:

  • We will ensure our public cloud meets Europe's needs and servesEurope's values.
  • We will ensure our cloud provides a platform for the success of European software developers.
  • We will partner with and support European cloud solution providers.
  • We will ensure our cloud offerings meet European governments' sovereign needs, in partnership with local trusted technology providers.
  • We will recognize that European governments are regulating technology, and we will adapt to and support these efforts.

Sounds a bit woolly? The second initiative seems more tangible and will see Microsoft let more European cloud providers join the Solution Providers program - which isn't a bad thing for Microsoft itself.

"In short, we will enable and even help European Cloud Providers to host and run Microsoft products on their infrastructure for customers, including products that have traditionally been licensed to run only on a customer's own desktop or server computers," said Smith.

This will let those cloud businesses offer Windows 11 and Microsoft 365 Apps for Business and Enterprise as part of a hosted desktop service that run on their infrastructure. "This will mean that European Cloud Providers will have the ability to provide this complete, end-to-end solution to their customers for the first time," said Smith.

Smith added that something else that came loud and clear in recent customer meetings in the region was "requests to simplify our licensing." The redrafts are coming but Smith said it will include "terms that are more clearly written" which allow customers to "readily determine their licensing costs. And permit customers to determine their obligations more easily."

The Software Assurance program is also to be tweaked to allow customers "have more flexibility in their deployment options."

"[W]e will revise and expand our Software Assurance program, in which customers purchase new version rights, disaster recovery, failover support, license mobility, and many other benefits. Today, Software Assurance benefits do not include license mobility rights for products such as Windows, Office, or Windows Server, so customers must use that software in more restrictive programs or on hardware dedicated specifically to those customers.

"We will expand Software Assurance to enable customers to use their licenses on any European Cloud Provider delivering services in their own datacenters, similarly to how they can do so on Azure today, whether the hardware is dedicated or multi-tenant. We will then partner more closely with European cloud hosters so we can make this support experience more seamless for customers."

Smith also pledged to make it easier to license Windows Server for virtual environments and the cloud by "relaxing licensing rules that reflected legacy software licensing practices" in which "licenses are tied to physical hardware." This means customers only buying licenses for the compute capacity they need "without needing to count the number of physical cores on which the virtual environment in hosted."

A new team is being set up in Europe to work with cloud providers, providing licensing and roadmap support, and to "create a tighter feedback loop" so Microsoft doesn't find itself subject to antitrust complaints.

In a statement sent to The Register, an OVCHcloud spokesperson said:

"Microsoft acknowledges the merits of our complaint and we can only regret that it has to go as far as mobilizing the relevant authorities to secure a level playing field in Europe, where competition is both open and fair. We are now waiting to see the concrete implementation conditions of these resolutions and remain committed to defending a level playing field for the European cloud ecosystem."

We have asked other regional cloud providers to comment and will update this article if they officially respond.

Microsoft is the second largest infrastructure cloud provider globally, generating $11.7bn in calendar Q1 of 2022 alone. ®

Other stories you might like

  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Microsoft gives its partners power to change AD privileges on customer systems – without permission
    Somewhat counterintuitively, this is being done to improve security

    Microsoft has created a window of time in which its partners can – without permission – create new roles for themselves in customers' Active Directory implementations.

    Which sounds bonkers, so let's explain why Microsoft has even entertained the prospect.

    To begin, remember that criminals have figured out that attacking IT service providers offers a great way to find many other targets. Evidence of that approach can be found in attacks on ConnectWise, SolarWinds, Kaseya and other vendors that provide software to IT service providers.

    Continue reading
  • FabricScape: Microsoft warns of vuln in Service Fabric
    Not trying to spin this as a Linux security hole, surely?

    Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.

    The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.

    Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.

    Continue reading

Biting the hand that feeds IT © 1998–2022