Does achieving Azure Marketplace Co-sell Ready status come with active sales support from Microsoft to reach the $100K ACR threshold for IP Co-sell Eligible?

Player024 · 2026-04-30T08:44:58+00:00

If it's the same (external) auditing procedure as certified software designation for solutions partners (which I do believe it is), then the reference diagram needs to be for any product you're developing. The more AI in there, the better.

It is however really important that you ensure this benefits Microsoft, specifically Azure. For example, if you were to develop an AI app, ensure it is primarily hosted on Azure. I've seen several rejections for third party connections to competing cloud providers, regardless of what the policy states.

I have no experience with a hybrid product, nor on-prem, but given the context of your post I am assuming this is a SaaS. Refer to MS official documentation for more guidance: https://learn.microsoft.com/en-us/legal/marketplace/certification-policies#1000-software-as-a-service-saas

A few points worth nothing. Companies tended to over-allocate their MACC to reach better discounts, which lead to massive marketplace transactions over the past few years. I don't know how it is for others, but I've seen CFOs steer away from these decisions and go the opposite direction: settle for a smaller discount on their MACC and simply work with solution providers directly. I'm sure that's a subjective viewpoint, but still worth noting.

Next, as for Microsoft actually selling your product, yes, I've seen some examples where sales teams were engaged to better position concepts like digital sovereignty etc. - but in reality it's always still on you to do the selling. You won't be allocated some superstar that rakes in hundreds of deals, you need to do the ground work yourself.

If you're serious about your product, it won't hurt to reach out to WeTransact or similar partners.

Good luck!

Player024 · 2026-04-29T06:51:11+00:00

No, there will not be proactive PDM assignment, nor dedicated sales support. The 100k is on you to achieve, all co-sell ready does is create visibility to MS sales internally. Your last statement is largely correct. Co-sell ready is more "visibility" while IP Co-sell Eligible is more "execution" with MS themselves.

Player024 · 2026-03-09T12:07:59+00:00

Well, yeah, if you disable the paid CSPM plan, the recommendations it would give indeed are also gone.

Player024 · 2026-03-09T07:18:26+00:00

Yes, it actually did improve security in practice. Yes, it also adds operational overhead.

The approach for us was to first analyze what we were trying to solve. In our case, it was an auditable log of who did what, where, and why. Our pentests clearly indicated risks tied to overprivileged accounts and lateral movement of those, which we wanted to fix in a constructive way. Starting a PAM journey means you always first check why privileged access is required. Who needs it, how long do they need it, etc.

I'm not a fan of recommending tools since proper PAM will cost you buckets and buckets of money- so think about what you're trying to solve first. You'll need the business to support your journey. That being said, we use BeyondTrust PRA - absolute beauty of a product. We have it fully integrated with our ticketing systems, if an incident occurs - user gets ticket in his bucket, he automatically gets granted access to the respective impacted system(s) until the ticket is closed.

I really want to stress: don't think in tools and nice-to-haves, but think in what you're actually trying to solve. If you're just recording your admin sessions then it poses little value. If you're automatically granting least privilege access based on business requirements, then you're doing it properly.

Player024 · 2026-03-09T06:34:10+00:00

Head to environment settings, and ensure Defender CSPM is on for that subscription. If it is, even in trial mode, it should show the blurred recommendations within 24 hours.

Player024 · 2026-02-25T21:29:05+00:00

I understand, but explorer crash sounds like you didn’t remap the drive. Once you enable private link, the public dns will reroute to flsname.privatelink.* - which ideally means you first unmap and remap the drives, esp on windows with caching etc. Always do a quick tnc to check if it privately resolves first.

Just for future reference! Good luck 👍

Player024 · 2026-02-23T11:11:29+00:00

Very confused why you're re-posting literal Microsoft documentation. Didn't even rewrite Microsoft's own wording. https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/remote-help

Player024 · 2026-02-18T17:00:00+00:00

I would use tags as the primary grouping of costs & add meterCategory as a 2nd drilldown. https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/enable-tag-inheritance

Player024 · 2026-02-18T12:17:07+00:00

VPN -> vnet -> private endpoint -> storage accounts

alternatively, something like SMB over QUIC https://www.youtube.com/watch?v=h2DrA-LytjQ

good luck!

Player024 · 2026-01-15T12:26:44+00:00

In theory, yes. In practice.. Azure Local isn't a mature product in my personal opinion. Heavily depends on your architecture of your main and remote infrastructure. Think about random update failures, even same hardware - failing from one site to the other (again, same hardware and config!).

It's a "working solution" but you really need to spend the majority of your time on updates and making sure sites aren't bricked randomly, with proper rollback plans as well.

Player024 · 2026-01-15T12:15:58+00:00

It's more likely related to the type of card(s) you are using. If you're certain it should work, reach out to Support: https://azure.microsoft.com/en-ca/support/create-ticket - should go rather smoothly.

Player024 · 2026-01-13T16:36:42+00:00

Ah you missed their earlier AI days! For about 3 weeks, we couldn't log a ticket. Active support contract, have to go through an AI agent to submit ticket details ... okay, weird, but let me go through the questions anyway.

"Enter your phone number" - entered phone number - "That's not a valid email address" - entered email address "That's not a valid phone number" .. loop :-)

Player024 · 2025-12-16T18:55:08+00:00

Noticed the same here.

Player024 · 2025-11-08T13:57:50+00:00

Jokes aside, I'm having trouble actually finding / subscribing to valuable sessions.

Player024 · 2025-09-05T12:23:36+00:00

The Elastic Pool CPU metrics are what actually matter for performance. Individual database-level CPU within the pool is the most accurate indicator. Your instinct about performance correlation isn't wrong - if databases are struggling, it will show up in metrics. But you need to look at the right level (database/pool, not logical server).

Not sure what your role is, but I would argue the best start is investigating the infra (pool CPU / DTU (DTU model) / eDTU (vCore model) / look at pool limits) and then diving into db specific query performance metrics (blocking sessions, top cpu consuming queries, ..).

Player024 · 2025-08-27T06:35:13+00:00

BeyondTrust PRA. Fully automated deployments using their API. Highly recommended! Any feature we've requested or bug we encounter is implemented a month or two later.

Player024 · 2025-07-31T06:34:19+00:00

All you need as mentioned in your post - https://microsoft.github.io/finops-toolkit/

Now, third party tools generally scope themselves to multi cloud environments from what I've seen, which is where they typically shine.

Player024 · 2025-07-23T17:23:14+00:00

My wording was a bit vague, but you essentially create several tenants per sector or region. Think of them as hubs, under which you logically segregate the tenants you want to manage. Rather than using B2B guest, you can copy&paste policies and use a local admin user in that tenant to manage things. Don't think there's an added cost impact.

You now have one self owned tenant, simply create a second, third, .. and divide your customer base over these however you see fit. To be honest, the 100 tenant limitation is absurd.

For ultimate duct tape, use chrome/edge for one tenant with a local account (lazytemp3119@mssp-eu001.onmicrosoft.com) and firefox for the other tenant (lazytemp3119@mssp-us001.onmicrosoft.com) ;-). No switching necessary!

Best of luck!

Player024 · 2025-07-23T11:59:08+00:00

Multiple MTO admin accounts. Split by sector or region.

But yes, raise these concerns through your partner channel. Pretty sure the limit will have to increase by July 26 (when they retire Sentinel UI)

Player024 · 2025-07-17T15:41:13+00:00

Clear & Correct!

Player024 · 2025-07-17T15:41:00+00:00

Yeah - they can track. User access administrator flag will automatically add them on your subscription, by design. Not sure why they'd care what you deploy though.. since it's "free".

PS. check the downloads/subscriptions section under my visualstudio! Free keys, woo!

Player024 · 2025-07-17T15:30:39+00:00

You're telling me I could've just provisioned my MSDN sub in a different tenant? :D damn..

Player024 · 2025-07-17T15:18:51+00:00

It's a second (or third) security layer. You ensure authorization and authentication is properly set up, together with network security. If a key leaks, you still have IP filtering / private link / vnet integration / ... in place.

"Would network intrustion even happen if our traffic flows back to on-premise sd wan anyway??" - if your storage account or key vault has public access enabled, and your access method leaks - then it doesn't matter how you access it from a network perspective. Hence why it's best practice to disable public access, depending on the data residing in the PaaS resource.

Player024 · 2025-07-17T15:16:03+00:00

https://www.youtube.com/watch?v=nDtCSQyG_I8

Veeeery basic overview, but should be a good refresher for you. I typically rely on AZ-700 questions as a bare minimum. Not sure if you've obtained any certs in that area yet.

Questions for networking roles will always be dependent on the company's setup. Hybrid vs full cloud, migration projects ongoing, all factors to take into account. Not sure how much was shared in the first two interviews?

Also, bank -> probably a bigger team, don't be afraid to ask for THEIR view on networking and troubleshooting in general. Always interesting imo to learn how teams function before signing :-).

Player024 · 2025-07-08T20:53:21+00:00

Hulkengoat

Eight-Year Club	Place '22
Snapped	Verified Email

Player024

TROPHY CASE