back to article Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365

Microsoft will allow "self-service purchase and license management capabilities" for Office 365 users, initially for its Power Platform low-code services, PowerApps, PowerBI and Flow. PowerApps is a low-code app building service, PowerBI is for analytics and visualization, and Flow is for automated workflows. What these …

  1. DailyLlama
    Thumb Down


    They won't be able to install the software without admin rights... right?

    1. big_D Silver badge

      Re: But

      Its cloudy...

      1. Franco Silver badge

        Re: But

        It is, but IME a lot of the browser based version of the apps don't have the same functionality as the full desktop app. Don't know about the others but there's definitely a PowerBI app.

        1. big_D Silver badge

          Re: But

          But the add-ons for PowerBI, are they add-ons in the app or are they separate installs? If they are just addons or scripts, they won't need to be installed separately - from reading the article, it sounds like this is buying additional services within PowerBI, so one would assume this is already installed.

    2. Aleph0

      Re: But

      Not in C:\Program Files , but in their own user profile I believe it's always been possible... Unless there's some new group policy of which I'm unaware preventing that, of course.

      1. Anonymous Coward
        Anonymous Coward

        Re: But

        Applocker, enable it, only allow things to be executed from c:\windows and c:\program files and c:\program files (x86) and you are good.

        A few things in win 10 will start complaining, as it downloads crap into the users folder and tries to run them.

        1. Paul Crawford Silver badge

          Re: But

          <= this should be your default.

          Should also stop a lot of basic malware that runs from user locations. If you check out the NCSC "End user device (EUD) security guidance" for most platforms they recommend making user-writeable areas non-executable for exactly this sort of reason.

          1. Anonymous Coward
            Anonymous Coward

            Re: But

            If you have adopted Teams in your organisation then you can't run it from Program Files. It has to run in use space - also breaking Microsoft's own security guidance.

            1. Paul Crawford Silver badge

              Re: But

              Not running Teams seems to be a definite advantage from my perspective...

            2. SteveK

              Re: But

              OneDrive also. Even though it (like Teams) is installed to 'the PC', On first login for every user, it copies itself into APPDATA in the users' profiles and runs from there. I guess it means that MS can get it to update itself without having to wait for pesky administrators to do so. It also means that (for OneDrive, not looked at Teams) the user profile is about 100Mb larger than it needed to be.

              And that's why W10 spends so long on first logon 'getting things ready', it's installing stuff like that and the various store apps.

              And that made the experience poor on shared student computer labs, hence I removed all but the useful apps, and removed the OneDrive installer from the All Users 'run at login', and both disk usage and login times much improved.

        2. Doctor Syntax Silver badge

          Re: But

          "A few things in win 10 will start complaining, as it downloads crap into the users folder and tries to run them."

          Very likely the next update will ensure it doesn't complain about crap downloaded from MS.

    3. John 104

      Re: But

      If you've set up your group policy correctly, this is true. You can deny install new software, you can deny the Store too, with the right GP objects installed.

    4. Anonymous Coward
      Anonymous Coward

      @DailyLlama - Re: But

      Admin rights in Microsoft world are no longer what they were. I have a dozen of apps in Windows 10 that I would like to uninstall but my admin account isn't really an admin when it doesn't suit Microsoft.

  2. <script>alert('the register');</script>

    Remember when Microsoft got beaten with a stick for getting rid of free Partner licenses in 1 go? Well this is it in the slow form...

  3. Locky

    With the GUI they giveth

    But with a powershell script, automated to run every, say 5 minutes, it can be taken back.

    If you're not in the right group, you'd better be quick

  4. batfink Silver badge


    That is all....

    1. Anonymous Coward
      Anonymous Coward

      Re: Faaaaark!

      This is hideous... I expect tonnes of people "buying" services and submitting expenses claims because IT has been too draconian with its policies. The bigger the company, the less (ironically) oversight on expense claims.

      A cynical, money making move by Micr$oft

      1. Anonymous Coward
        Anonymous Coward

        Re: Faaaaark!

        ... at which point, IT says "sod off".

        The usefulness of this licensing change depends on the type of IT department (or more likely, the type of users)

        Are they there to fix technical issues as they arise, or do they own all the computers in the company and lock them down 100%?

  5. Blockchain commentard

    Due to popular demand. From Microsoft's accountants wanting more profit?

  6. Steve Davies 3 Silver badge
    Black Helicopters

    More of the MS 'do it our way or not at all' Mantra.

    There will be beancounters all over the world shaking in horror at this appearing. Cost controls may well go flying out the window.

    When companies are counting how many paperclips and stubby pencils have been issued MS thinks that this is a good idea?

    I'm sure that this will result in a continual battle between MS and SysAdmins as they block it and MS finds a way around it. After all... they can't have anything interrupt their revenue stream now can they (sic)

    1. John G Imrie

      Re: More of the MS 'do it our way or not at all' Mantra.

      It's worse than that, the Sys Admins and Bean Counters now have common cause against the rest of the company. I hope to see this reflected in the next BOFH

  7. localzuk Silver badge

    So what happens when the user leaves?

    So, a user buys a license to something and then leaves. That license does what? Goes into the general pool? Can an admin then assign it on to someone else? What if another user wants a license for that thing, if they go to buy it, will it assign that existing license to them? Or will it buy a new license, leaving the old one unused?

    Seems like a really badly thought out system.

    1. WolfFan Silver badge

      Re: So what happens when the user leaves?

      Depends. The user might take it as he goes. Microsoft might deactivate it, for a fee, and transfer it elsewhere, including to admin’s general pool, for another fee. Or it might just evaporate. Of course, any user will be free to just buy another license. What are you, some kind of commie, getting in the way of American business?

      1. Roland6 Silver badge

        Re: So what happens when the user leaves?

        Suspect the details haven't been thought through.

        However, as the user account will be a company user account, effectively whatever is in that account is company property... Given I suspect this would be the normal modus operandi in the US, I expect MS's thinking will have followed this.

    2. Doctor Syntax Silver badge

      Re: So what happens when the user leaves?

      "Seems like a really badly thought out system."

      No, I'm sure Microsoft have thought it out very carefully to maximise revenue.

    3. Zippy´s Sausage Factory

      Re: So what happens when the user leaves?

      As they said, the admins can't do anything about it. So I suspect it just autorenews forever, because there's no way to cancel it without the original user...

      1. Ragarath

        Re: So what happens when the user leaves?

        Well I assume logging in as admin, setting the user that has left password to a known string and then cancelling or if allowed moving the license.

        I would also write it in the IT policy. As in "Any purchases made without IT oversight are considered not valid for support and may/will result in the license being revoked with no reimbursement to the individual/department."

        That revocation would need some additional text along the lines of "to revoke a license control of your user account will be assumed by an administrator" but you probably already have something in allowing you to take control of a user account anyway.

    4. Anonymous Coward
      Anonymous Coward

      Re: So what happens when the user leaves?

      I guess they can just keep on using it

  8. SVV

    A typical scenario

    "A typical scenario would be a director armed with a company credit card who will be able to set up their own billing and licence management without troubling central IT admin."

    A more typical scenario would probably be "Hi, can you set up my billing and licence management for me on this new business intelligence thingy I've just read about in Super Executive Monthly and then spend weeks showing me how to use it?"

    Or "What is all this unauthorised Microsoft stuff you've just bought on your company credit card? You're fired".

    1. Roland6 Silver badge

      Re: A typical scenario

      You do realise that MS first got into the enterprise through Shadow IT?

      Department managers were buying PC's and printers instead of typewriters. IT dept's only really got to know the extent of things when user departments starting asking IT could they connect their PC's to the corporate systems rather than use the VT220 or 3270 consoles...

      Saw similar with WiFi; companies deployed corporate WiFi only to discover groups of users (including some within the IT dept) were already running their own WiFi hubs connected to the corporate network....

      1. Anonymous Coward
        Anonymous Coward

        Re: A typical scenario

        I remember a call at 3am after the dhcp server stopped working. After getting in and seeing lots of 192.168 addresses on the newly restarted desktops we tracked down the Linksys router some twat had plugged in to get an extra rj45 port in his office.

        Annoying thing was we had loads of spare capacity on the switch and un patched outlets in the room we would have lit up for free and within a day had he’s just asked,

        Ended up confiscating the rougher for home use.

        1. Orv Silver badge

          Re: A typical scenario

          There was a lot of this at one of my previous jobs, where IT billed departments based on the number of jacks they had turned on.

        2. Anonymous Coward
          Anonymous Coward

          Re: A typical scenario

          "I remember a call at 3am after the dhcp server stopped working."

          In the 90s our company decided to make every business unit a separate P&L. The idea was that they could easily split them off from the main company for sale or impose different job T&Cs.

          A side-effect was that some of these units started to economise on IT costs. They would buy their own local network kit - run by someone with only a vague idea of networking principles. The apocryphal story is that one person bought kit from a market stall.

          The company had an enterprise WAN - administered centrally - to which all sites were connected. Several times it was completely blocked by the traffic storm due to a local site creating leakage or a bridge loop with an undeclared device.

        3. Korev Silver badge

          Re: A typical scenario

          >I remember a call at 3am after the dhcp server stopped working. After getting in and seeing lots of 192.168 addresses on the newly restarted desktops we tracked down the Linksys router some twat had plugged in to get an extra rj45 port in his office.

          We had someone take out an entire subnet doing the same only with a D-link.

          Sadly we never tracked down the culprit or else it could have appeared in a BOFH episode one day -->

    2. Korev Silver badge

      Re: A typical scenario

      Or, person buys the licences on their credit card; leaves and then it's suddenly IT's problem to fix it when the billing period expires.

  9. phuzz Silver badge

    I can see that there could be some uses for this, but really it should be up to the sysadmin as to how much authority the users get.

  10. 0laf

    Just no

    Microsoft. Collectively you're an asshole.

    But who pays for this, do you need a coporate credit card?

    Can anyone with a budget buy this (and probably soon anything out of the store they like)?

    If MS make 365 a fucking toyshop for anyone with a budget it'll be crazy time until we go round nailing P45's to people heads.

    Soon followed by the massive GDPR fine we'll get for someone buying a random sharing app they should never have touched.

    365 will soon be so untrusted the worked involved in moving thick staff to 'Nix will start to look appealing.

    1. Bob9911

      Re: Just no

      Just incoherent...

  11. This post has been deleted by its author

  12. DuncanLarge

    Say what?

    This has got to be a joke.

    Please say this is a joke.

  13. N2

    Bloodsucking leeches

    That is all.

    1. OssianScotland

      Re: Bloodsucking leeches

      Yes, but what about Microsoft?

      1. John G Imrie

        Re: Bloodsucking leeches

        Oh, they are far worse.

  14. Jadith

    Here we go again...

    Windows 10 started the battle with allowing users to login to their Microsoft accounts on otherwise domain joined computers and bring all their One Drive and anything on their desktop along with them. As if we did not have enough trouble with people downloading nonsense on their work emails. Nope, dealt with that in a hurry.

    Then, we had to deal with the store, which was letting users install whatever they want without being vetted. Want to play State of Decay 2 on the machine bought on the cheap with just enough resources to run Office? That was dealt a deathblow pretty quickly too.

    Now Microsoft wants to add unmanaged licencing and tickets o' plenty for software nobody agreed to support? Oh how Microsoft thinks so little of us lowly IT staff. Any sysadmin, desktop engineer, or front line support worth their keyboard will nip this in the bud as well.

    If they think we cannot keep them away, maybe they should look at those immutable laws of security they published and think about who checks every single one of those boxes.

  15. Anonymous Coward
    Anonymous Coward

    First they put Teams into the user space so it could not be properly secured and managed, then they made their automation apps all user based making it difficult to automate company tasks, then they made it impossible to use device licences, then they allow users to decide their own software policy and then they push completely unstructured filing systems.

    .. Not necessarily in that order.

    Along with the fact they believe pro licences should include games and candy crush.

    Microsoft are a joke who has decided that anarchy in the enterprise is a valid approach, they've lost touch with the real world.

    1. rayx


      IT some times, probably not seldom, has draconian views on users.

      Check out what the users need to automate, check out what is out in the market. Not everything is about IT-budget.

      Security, and stability yes.

      Imo we have tons of needs to automate paper-pushing and get a cold shoulder from IT.

      This push from MS is marvellous, though I see the challenges ahead for local IT :)

  16. Updraft102 Silver badge

    More of the same

    It's really just more of the same from Microsoft.

    Microsoft has already demonstrated that they think they own consumers' PCs, and that it is their place to override the wishes of the owners of the hardware if it benefits Microsoft. Now they're demonstrating that they think they own enterprise customers' PCs too, and that it is their place to override the wishes of the owners of the hardware (the corporation, as represented by the IT department they hire to carry out their wishes) if it benefits Microsoft. Those PCs aren't out there to serve the people who bought them, after all-- regardless of the actual ownership of these PCs, they only exist to serve Microsoft. Didn't you know that?

  17. mark l 2 Silver badge

    So are Microsoft going to deal with all the extra support enquiries the Sysadmin's will get because they have allowed users to install some none-standard software without informing anyone first?

    1. werdsmith Silver badge

      No, the sysadmin can check the installed product licenses are on the asset register, and if not then they decline support.

      1. Anonymous Coward
        Anonymous Coward

        boss factor

        That works until it's a VIP's computer that's not working. Then all of a sudden you're not allowed to decline support.

        1. werdsmith Silver badge

          Re: boss factor

          That's a normal situation as the VIP is quite used to bringing in his 9 year old son's laptop/gaming PC to have all the problems caused by downloading dodgy shit with malware sorted.

  18. Ken Moorhouse Silver badge

    Surely this goes against the best practices of...

    Software Asset Management?

  19. razorfishsl

    Quit whining......

    you all empowered Microsoft to shove their tentacles inside you private network... what did you expect to happen?

  20. Orv Silver badge

    I could see this being useful in academic settings. A recurring problem at universities is that individual departments have a lot of autonomy, generally possessing their own IT budgets and IT staff, but vendors see a single Dun & Bradstreet number and want to consolidate everything into one account. As our Apple rep put it once, a university campus isn't really a single client, it's fifty clients who happen to share the same parking problem.

  21. swm Silver badge

    History Repeats

    I am a scientist so the following is from the perspective of a researcher:

    I remember when "the computer center" kept tight control of their mainframes and access. Then the PC came along with more computing power than many mainframes and users had access to computing power without administrative hassle.

    Then networks came along and "Computer Centers" realized that controlling the network would allow them to still have a function.

    It was much later when secretaries etc. realized the power of a PC/typewriter/printer. That totally changed the landscape.

    The fight continues. There is much to be said on all sides.

  22. Alan W. Rateliff, II

    Dear IT Administrator,

    We're sick of you. We've been trying to dump you for a decade but you won't take the hint. You are not our customer. You stand in the way of people who we can convince to open their wallets. Please sod off.



  23. Anonymous Coward
    Anonymous Coward


    Microsoft - purveyors of poo for far too long.

  24. Wayland

    Personal Computing Personal again

    The point of the Personal Computer was it was your computer to do the things that the Mainframe admins would not allow.

    Power balance has tipped again.

    1. prinz

      The Mainframe Strikes Back

      It seems to be more of the opposite - The Mainframe guys are striking back.

      The "Cloud" is the "Mainframe" - and the Cloud guys are striking back at the concept of an independent PC configured by on-prem folks running whatever they want.

      In their vision, everything will be done on the Cloud and controlled by the Cloud. Your "PC" will effectively become an extension of the Cloud through tighter OS integration and control. An advanced version of the "terminal".

      Yes, users can "choose" what apps to "install" - making it look like they have freedom, but that list too will be controlled by Microsoft, not your company.

      In times past, **your** company controlled the Mainframe - it, its policies and applications were governed by your company's IT department.

      But, that is going to change. Microsoft (and Amazon, Google, etc) is aiming squarely at the Central IT department - its inability to describe what it does for the budget it uses, its slow or oftentimes outright unresponsiveness to user needs, and its sluggish and plodding processes make it a ripe target for replacement by a "service".

      Microsoft, et al, will replace Central IT with a self-service "Mainframe" - the magical silver bullet called "The Cloud".

      And, developers - don't rejoice! Once they've achieved the goal of wiping the floor with the Central IT folks, you're next.

  25. Mike 137 Silver badge

    The final nail in the coffin of corporate information governance

    Forget strategy. Forget confidentiality. Ignore data misuse. Ignore Data Protection. Get fined. Get forced into receivership. And all because it increases someone's license sales turnover..

  26. Anonymous Coward
    Anonymous Coward

    Several people in our company subscribed to the Microsoft Technical Developer service that gave you copious install disks and SDK functions. Each individual's annual licence was paid by a purchase order raised by their own department.

    Then the company centralised all such purchases. Come the next renewal date Microsoft invoiced and was paid by the central department. They then received all the licences and media - and had no idea who needed them. Microsoft refused to do anything about it - they had sent the material and had been paid. We lost our access to that service.

  27. JHold

    i would be so mad if they would do that to me

  28. JoeCool Bronze badge

    Shadow IT

    Is a repsonse to Sh*t IT.

    The end-run around you're objecting to is because you can't figure out how to manage desktops without deploying policies that are more intrusive than the monitoring conditions for registered sex offenders.

    I love the kung-fu nature of this move. MS has spent years and buckets of money on all of these corporate management systems. Corporations have spent years and buckets of money managing their employees to the lowest common denominator, and building obstacle after barrier after obstacle. Now MS comes along and decides, that's just so counter-usefull, that they need to adjust that framework ( a tiiineeee little hole ) for the sake of getting stuff done in a normal lifetime.

  29. Anonymous Coward
    Anonymous Coward

    Mircrosoft :Look at me - I am the IT Support now.

    Client : Hello IT? X isn't working right.

    IT: X? You don't have X.

    Client: Yes we do we have a license and use it on Le CLoud.

    IT: Go Fly a Kite then, we won't be supporting you or you platform = *click*

    1. Anonymous Coward
      Anonymous Coward

      Re: Mircrosoft :Look at me - I am the IT Support now.

      The poop will really hit the fan when business data is lost due to a malfunction of one of these little silos.

      IT will then be between a rock and a hard place - and with no documentation to rely on.

  30. Carpet Deal 'em

    the self-service purchase capability arrives automatically and is not configurable, so there's no action you need to take
    I can see having this enbabled as a sane default*, but I can't help but wonder how they rationalize the lack of an off switch(though I suspect this involves a boiling pot of water, a frog and the rest of Office).

    *For definitions of "sane" involving straight jackets.

  31. Anonymous Coward
    Anonymous Coward

    This is nuts

    We have had many problems in my organization with people doing things they should not, creating processes that make it easy for them but cause major downstream issues with other departments or customers and vendors.

    Tracking and modifying orders outside of corporate systems, using things like power BI to create reports from questionable data they have 'massaged' to obfuscate issues.

    Certainly my department has its flaws but these people just assume we're getting in the way because were lazy or can't figure it out rather than the executive team making business decisions. Then they get mad when we take it away or deny them licenses for whatever crackpot solutions they came up with on a trial license.

    Certainly it will help when IT is needlessly strict of unresponsive but many of our problem users are going to take advantage of this to the detriment of the business and when we can't untangle the rats nest of a problem they cause that's our fault too.

    For every bad decision by IT in regards to the environment there are dozens that would be made by the users.

  32. pec01403

    What a ridiculous idea

    That's pretty much all I have to say. It will be another thing for IT departments to fix

  33. Cyrinic

    Well, this is going to be fun and games.

  34. GarryShape

    So will Microsoft use this too?

    Will Microsoft allow all their departments and end-users to access their own billing now too?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like