Jaa

Nonpayment, fraud, and misuse

Applies to: Partner Center | Partner Center for Microsoft Cloud for US Government

Appropriate roles: Global admin | User management admin | Admin agent | Billing admin

We strongly recommend that Cloud Solution Provider (CSP) partners implement rigorous fraud prevention and detection risk mitigation controls, because direct-bill and distributors (formerly indirect providers) CSPs are financially responsible for fraudulent purchases by their customers and customers' nonpayment of purchased services. By signing the Microsoft Partner Agreement (MPA), CSPs agree to be bound by the terms of our policies, and Microsoft's policy around Azure fraud and nonpayment requires partners to be financially liable for fraudulent activity that occurs in any of their Partner Portal accounts.

To avoid fraudulent activity or misuse, or to address them, it's important to understand potential risks and to develop policies and practices that can reduce partners' exposure. The articles referenced below focus on best practices to mitigate a customer’s fraudulent activities and misuse of Microsoft services:

For more strategies for mitigating online transaction risks, see the Online transaction risk management guide.

Exception Request Process

Microsoft regularly assesses its policies and platforms to ensure we're competitive in the market. As part of that effort, an exception request process was made available to the CSP new commerce experience for fraudulent activity that occurs on individual Azure customer tenants on or after April 1, 2023.

Microsoft reviews and might provide a one-time discretionary credit for first-time instances, covering up to the first 30 days of compromise-related charges for verified account compromises of new commerce platform subscriptions. Requests can only be submitted once per customer tenant ID.

To be eligible for review, the impacted partner must do the following:

As part of normal business activity, Microsoft expects partners to address and mitigate any security risks stemming from these incidents.

Important

Invoice payments show up in the Partner Center Billing workspace in five business days. Partners should check that billing information is correct before submitting a payment to make sure that payments go through smoothly.

When Partners detect suspicious usage

Partners are financially responsible for their customers' fraudulent purchases and nonpayment of purchased services. Partners should implement fraud prevention and detection risk-mitigation controls such as the suggestions outlined below.

  • If a partner proactively detects suspicious activity, they should immediately investigate and take appropriate actions to mitigate risk:

    • Investigation might include reviewing the customer's account sign-in activity, invoice payment history, frequent changes in payment instruments and/or previous subscription usage patterns, as suggested as best practices previously.
    • Mitigation actions might include remediation of compromised identities, cleanup of compromised resources and strengthening of security posture. For more information, see What should you do if an Azure subscription is compromised?.

  • Partners can also submit a Service Request in Partner Center if they have other questions or concerns about suspicious activity.

Enforcement of Microsoft acceptable use policy

When Microsoft detects partner or customer activity that we confirm or suspect violates the Microsoft Online Service acceptable use policy, we take enforcement steps. The customer could be immediately suspended. Partners are notified of enforcement actions or updated on their requests by Microsoft.

Note

Find Microsoft policies in Licensing Resources and Documents.