Microsoft Cloud Agreement

Business IT Services

Microsoft Cloud Agreement

January 21, 2020 articles 0

This page was created as supporting material to help customers understand changes surrounding the acceptance of the Microsoft Cloud Agreement. This is our summarization of information available to us to help explain what this agreement is, and why you need to accept this agreement in order to continue doing business with HCST for Microsoft Cloud-based services (such as Office365).

Q: What is the Microsoft Cloud Agreement?

Starting November 7, 2018, all customers of Microsoft cloud services such as Office 365 and Azure are required to certify their consent to the “Microsoft Cloud Agreement”, which establishes terms for accessing and using Microsoft 365 and other cloud offerings. HCST is required to obtain your acceptance as part of our partnership agreement (the “Microsoft Cloud Reseller Agreement” – MCRA) with Microsoft.

Effective March 22, 2019, Microsoft locked plan changes until we have the customer’s MCA acceptance on record. This requirement exists globally for all Microsoft partners and all customers – whether direct, indirect resellers, and CSPs.

Q: Why is Microsoft pushing the MCA?​

It’s impossible to know all the reasons, but we suspect there are three issues at play. #1 is the GDPR, which gives expensive privacy rights to end users and may become the law-of-the-land in some parts of the US soon. #2 is the Cloud Act, which became law recently and governs how your data can be shared with global law enforcement agencies. And #3 is concern over how Microsoft partners interact with customers; a “customer bill of rights” is a big part of the MCA.

Specifically, Microsoft says:

“Proper execution of the MCA protects Microsoft, its partners and customers by ensuring mutual alignment on many important topics including but not limited to security, privacy and data protection. The confirmation process ensures transparency and alignment and allows Microsoft to better assist customers who need to promptly respond to regulatory inquiries.”

We interpret this to mean that when they say “security, privacy and data protection” Microsoft is primarily concerned about complying with Cloud Act, GDPR, and other similar regulations that may arise. When they say “transparency and alignment” they mean that they do not want Microsoft CSP providers to each be doing something completely different and that they do not want them to obfuscate the customer’s rights and abilities – such as owing their own data, getting global admin rights to their own tenant,  or switching to a different Microsoft partner.

Q: Didn’t we already agree to Microsoft’s terms when we signed up with Office 365?

Yes, but someone in legal decided that recent changes needed to be more explicit that regular cloud click-wrap agreements. In recent months, you may have already clicked something on the Microsoft site acknowledging the MCA, but we don’t have access to this information and we’re required to verify and acknowledge your acceptance independently.

Q: What’s the easiest way to accept the MCA?

HCST will send the MCA to you via SignNow (or other on-line, legally binding signature service) for your acceptance. We retain your signature on this particular document as part of our records.

Q: Why is Microsoft requiring the partner to confirm customer consent to the MCA instead of obtaining it directly from the customer?

The customer is buying from the CSP partner, not directly from Microsoft. For using the services that Microsoft provides, Microsoft provides terms that are documented in the MCA. The MCRA (MS Cloud Reseller Agreement) requires CSP partners to have customers review and accept the MCA prior to placing an order.

Q: What am I giving up by agreement to the MCA?

Nothing much, really. In fact, we hate to say it, you’re giving up the right to let Microsoft kick you off their servers for not accepting it. In fact, Microsoft says “For any reason, if the customer no longer agrees with the MCA, then the partner must cancel the subscriptions associated with this customer.”

We’ve reviewed the MCA, and we found it to be uniformly positive for customers, and generally even handed with respect to partners. It’s not rocket science, folks, so please don’t make a big fuss over it.

Q: Can’t you guys just do this for me?

No. Microsoft is very clear that we do not have the right to accept the MCA on your behalf, so even if you tell us it’s OK in e-mail or over the phone, we’re still going to collect a signature from you.

Q: Which version of the MCA applies to me/my company?

Assuming that you are an HCST client, most likely you are under the North American commercial cloud version of the MCA. If you have employees or users outside the United States (especially Germany, the EU, or China) you’ll need to sign additional paperwork for those regions, agreeing to terms beyond those in the agreement(s) below.

Common versions of the MCA are listed here for your convenience:

Q: Who in my organization should authorize the MCA and/or payment re-authorization?

Microsoft says it’s up to the customer to determine who this should be. We tend to believe that it should be someone in your organization who has the authority to enter the organization into binding agreements.