Manage customer accounts and billing

Important

As a Microsoft Cloud Solution Provider (CSP) partner, you are responsible for your customers' purchases and use of our services. It is important that partners monitor and address anomalous activities from their customers. Microsoft may send partners notifications if we detect suspicious activities, but it is critical that partners use additional methods of monitoring to help detect anomalous customers’ behavior.

Microsoft takes online transaction risk management seriously, and partners should do the same to mitigate business risks. To support partners, Microsoft is sharing a set of recommendations to manage risks when managing customer accounts and billing. While Microsoft is committed to supporting partners, direct-bill and indirect CSPs are financially responsible for fraudulent purchases by their customers and/or customers' nonpayment of purchased services.

Best practices

Manage customers' accounts

• Implement a process to quickly receive, review, act on, and respond to Microsoft notifications.
• Work with customers to understand their cloud usage business needs and set appropriate monitoring thresholds. (For example, partners can set a monthly Azure spending budget in Partner Center).
• Monitor customer activity logs regularly to help detect fraud and abuse early.
• Take quick action when suspicious activities are detected.
• Avoid giving customers full administrative access to subscriptions without first implementing risk mitigation controls.
• Monitor customer accounts to ensure compliance with Microsoft product terms of use and implement necessary measures to address any violations.
• Ensure customers implement proactive steps to remove inactive users and expired guest accounts.

Manage customer billing

• Request prepayment before initial transactions and billing.
• Do not accept high-risk payment instruments (such as prepaid cards or stored-value cards).
• Monitor customer payments and aging accounts receivables. Aggressively enforce standardized dunning processes for past due payments or nonpayment.

Suggestions for customer post-purchase best practices

Know your customer

It is the best practice to implement usage monitoring for services, even if those services are not billed by consumption. But this practice is especially true for consumption billed services such as Azure where billing occurs after usage.

• Building on the "know your customer" strategy, partners should work closely with customers to understand the fundamental business needs of their cloud services usage.
• Avoid giving customers full administrator access to subscriptions without first implementing risk mitigation controls, reference the risk management guide for more information.
• To monitor customer-level usage for the various business needs of the customer, use the Microsoft Azure Management Portal and the available usage reporting capabilities.
• Subscribe to new security alerts which is one of the many ways Microsoft supports partners in securing their customers' tenants. Alerts should be investigated and remediated quickly If necessary, partners can suspend affected Azure resources or Azure subscriptions to mitigate an issue.

Billing

Microsoft does not bill the end-customer. Therefore, as a CSP partner, you are responsible for setting up and processing billing.

Partners should implement the following protocols in their billing process:

• If necessary, secure payments upfront in advance of billing by requesting customers submit prepayments to fund their account activity.
• Avoid accepting high-risk payment instruments such as prepaid or stored-value cards as the amount on the cards can't be verified and might not be enough to cover customer purchase costs.
• Closely monitor customer payments and aging accounts receivable, aggressively enforce standardized dunning processes for late or nonpayment, including suspension of subscriptions and services until payments on outstanding balances are received.

Note

Acceptable Use Policy enforcement

• As part of their agreement with Microsoft, partners and their customers are expected to comply with the Acceptable Use Policy as described in the Online Services Terms.
• When Microsoft detects, or is otherwise made aware of, partner or customer activity that we confirm or otherwise suspect violates the Acceptable Use Policy, Microsoft takes enforcement steps.
• Violations of the Acceptable Use Policy might result in suspension of Online Services - suspension can be immediate, if necessary. Otherwise, Microsoft notifies partners requesting action be taken and/or of enforcement actions already taken by Microsoft.