How partner earned credit is calculated and paid
Appropriate roles: User management admin | Admin agent | Billing admin | Sales agent
Partner earned credit (PEC) for managed services recognizes and rewards partners who own IT operational control and management of some or all of a customers' Azure environment.
IT operational control and management is often set up successfully with the default reselling experience. However, to ensure you receive PEC, it's crucial to address specific scenarios where access might not be correctly actioned:
when a customer changes partners and their Azure Plan is transferred to the new partner
when alternative access is required for enhanced cross-tenant management
when access is granted to individual users only.
For more information about how to give a transacting partner access, check out these articles:
Transfer subscriptions under an Azure plan from one partner to another: Learn how to move Azure plan subscriptions between partners.
Manage subscriptions and resources under the Azure plan: Understand how to manage subscriptions and resources under an Azure plan.
Reinstate admin privileges for Azure Cloud Solution Provider program (CSP) subscriptions: Find out how to restore admin privileges for Azure CSP subscriptions.
These resources help you navigate the process smoothly and ensure you have all the information you need to receive PEC uninterruptedly.
Once access is set up correctly, the monthly invoice amount shows net partner earned credit. You can see PEC details in your monthly invoice reconciliation file, which can be accessed through the Partner Center portal under the Billing workspace.
Eligibility
To receive PEC,
Maintain an active Microsoft AI Cloud Partner Program agreement.
Hold an eligible Role-based Access Control (RBAC) role, as not all RBAC roles provide PEC.
Set up one of three access permission types with the corresponding Partner Association type if you're the first provisioning partner. Ensuring this setup is crucial because, without it, the PEC isn't calculated correctly.
| Access permission type | Requires following partner association type |
|---|---|
| Admin on behalf of (AOBO) is the default permission when a partner provisions an Azure Plan subscription for a customer. This setting makes Admin on behalf of (AOBO) a foreign principal, inheriting owner permissions on the Azure subscription. This permission means that a group in the CSP Partner Center tenant—Admin agents—inherits those permissions. For more information about AOBO and how it works, see Delegated admin privileges in Microsoft Entra ID. |
Reseller association – Default with CSP relationship. For the first transacting partner, this association type is set up automatically. For subsequent transacting partners after an Azure plan transfer, this permission needs to be manually set up after the Azure Plan is transferred. For indirect resellers, the association is set up through working with the respective indirect provider as the transacting partner. |
| Azure Lighthouse is useful for partners managing multiple customer environments, as it allows for streamlined operations and enhanced security through detailed permission settings. For example, a partner can grant read-only access to monitoring teams while providing full administrative access to support teams. Unlike AOBO, which provides a broad set of permissions to a group, Azure Lighthouse allows partners to define specific roles such as 'Reader' or 'Contributor' for different user groups, enabling more precise control over access and management tasks. For more information about Azure Lighthouse and how it facilitates cross-tenant management, see Cross-tenant management experiences. |
Partner Admin Link – manually added. To manually add the Partner Admin Link, partners need to follow specific steps outlined in the provided resource. For more information on how to link your PartnerID and track your impact on delegated resources, see Link your PartnerID to track your impact on delegated resources. |
| Individual user accounts: These accounts can be guest user accounts from any tenant or user accounts created in the customer tenant. Service principals: These service principals are used for automated processes and applications that need access to Azure resources. Using individual user accounts and service principals can provide more granular control over permissions and enhance security by limiting access to only what is necessary for each user or service. For more detailed guidance on managing individual user accounts and service principals, including how to reinstate admin privileges for Azure CSP subscriptions, see Reinstate admin privileges for Azure CSP subscriptions. |
Partner Admin Link – manually added. To manually add the Partner Admin Link, partners need to follow specific steps outlined in the provided resource. For more information on how to link your PartnerID and track your impact on delegated resources, see Link your PartnerID to track your impact on delegated resources. |
If you're a subsequent transacting partner after a partner-to-partner transfer, you need to set up one of three access permission types with the corresponding Partner Association type. Ensuring this setup is crucial because, without it, the PEC isn't calculated correctly.
| Access permission type | Requires following partner association type |
|---|---|
| Admin on behalf of (AOBO) is the default permission when a partner provisions an Azure Plan subscription for a customer. This setting makes AOBO a foreign principal, inheriting owner permissions on the Azure subscription. This permission means that a group in the CSP Partner Center tenant—Admin agents—inherits those permissions. However, after a subscription is transferred, AOBO isn't automatically set up. To set it up, follow these steps: Delegated admin privileges in Microsoft Entra ID. |
Reseller association – manually adjusted. Confirm with the customer which granular delegated admin privileges (GDAP) security group is best to be used based on GDAP role guidance. Confirm with the customer which RBAC is best and set up AOBO with RBAC - Assign Azure roles using the Azure portal - Azure RBAC for a role that is eligible for PEC - Roles, permissions for partner earned credit. Work with the customer to remove old partner’s access to the Azure resources. For Indirect Resellers, the association is set up through working with their respective Indirect Provider as the transacting partner. |
| Azure Lighthouse is useful for partners managing multiple customer environments, as it allows for streamlined operations and enhanced security through detailed permission settings. For example, a partner can grant read-only access to monitoring teams while providing full administrative access to support teams. Unlike AOBO, which provides a broad set of permissions to a group, Azure Lighthouse allows partners to define specific roles such as 'Reader' or 'Contributor' for different user groups, enabling more precise control over access and management tasks. However, after a subscription is transferred, Azure lighthouse isn't automatically set up. To set it up, follow these steps: Cross-tenant management experiences. |
Partner Admin Link – manually added. To manually add the Partner Admin Link, partners need to follow specific steps outlined in the provided resource. For more information on how to link your PartnerID and track your impact on delegated resources, see Link your PartnerID to track your impact on delegated resources. |
| Individual user accounts: These user accounts can be guest user accounts from any tenant or user accounts created in the customer tenant. Service principals: These service principals are used for automated processes and applications that need access to Azure resources. Using individual user accounts and service principals can provide more granular control over permissions and enhance security by limiting access to only what is necessary for each user or service. However, after a subscription is transferred, individual user account and service principals aren't automatically set up. To set it up, follow these steps: Reinstate admin privileges for Azure CSP subscriptions. |
Partner Admin Link – manually added. To manually add the Partner Admin Link, partners need to follow specific steps outlined in the provided resource. For more information on how to link your PartnerID and track your impact on delegated resources, see Link your PartnerID to track your impact on delegated resources. |
To qualify for PEC as an indirect provider or reseller, you need AOBO privileges or an eligible RBAC role on the customers' Azure resource. For more information about individual user accounts and service principals, check out Reinstate admin privileges for Azure CSP subscriptions.
Earn PEC on Azure at various levels, such as the resource level, resource group, or subscription. If you have valid access at the subscription or resource group level, you earn PEC for each resource under the higher entity. This streamlined process ensures you're rewarded for your access and contributions within the Azure ecosystem.
PEC isn't applicable to:
- Azure plan reservations
- Non-Microsoft or Third Party in the
Tagscolumn of the Azure plan consumption price list - Products in the marketplace price list
- Azure Spot virtual machines. More information:
- Azure savings plans
- Any overage charges for telco products
If you have issues with PEC, see Troubleshooting partner earned credit.
In addition to the requirements, PEC is only applicable to services listed in the Azure plan consumption pricing. Only the services explicitly included in this list qualify for PEC. To better understand the costs, you can view and export the detailed pricing from the Azure plan pricing page. This page provides comprehensive information about the costs associated with each service within the Azure plan.
For more information, see Troubleshooting partner earned credit.
For more information on PEC, see the Microsoft Cost Management page.
For more information on eligibility, see Roles and permissions required to earn partner earned credit.
Calculation
- PEC is calculated and applied to eligible resources and subscriptions daily based on specific criteria.
- Although PEC details don't appear as credits on your monthly invoice, they're included in the adjusted net charges line, which reflects the total charges after applying PEC.
- You can find more PEC details in the daily usage file and in the monthly invoice reconciliation file. All values are in USD, as shown in column PricingCurrency:
The following table describes the PEC elements found in the invoice reconciliation file. As mentioned earlier, PEC is calculated daily and reflected in your adjusted net charges. This table helps you identify how PEC adjustments are applied to your invoice.
| Column | Description |
|---|---|
| C | CustomerName |
| P | UnitPrice |
| AD | PEC is applied to the EffectiveUnitPrice when the conditions for PEC eligibility are met. When PEC is applied, you see that the EffectiveUnitPrice in column AD is a percentage less than the UnitPrice in column P. For instance, if the UnitPrice in column P is USD 10 and a 15% PEC is applied, the EffectiveUnitPrice in column AD would be USD 8.5. |
| V | PriceAdjustmentDescription column shows the PEC percent that applies to UnitPrice when PEC requirements are met. However, you might be eligible for other credits such as tier discount. If so, they're listed in this column. Example: 100% Tier 1 Discount. |
To monitor PEC access, use these steps:
Daily rated usage file shows where PEC is applied (or not applied) on a daily basis.
Azure monitor alerts monitor changes to persistent privileged access, ensuring any modifications are quickly detected and addressed.
The daily rated usage file:
Partner earned credit API
Access and manage your earned credits with ease using the PEC API, available through the Azure API toolset. This API is designed to simplify the process, allowing you to efficiently apply your PEC to eligible resources. By using this tool, streamline operations and ensure a smooth integration of your credits into your workflow.
To learn more about PowerShell and CLI APIs, check out how to link an Azure account to a PartnerID.
By linking your Azure account to a PartnerID, ensure you receive all eligible partner earned credits.
Microsoft Cost Management and PEC
With Cost Analysis in Microsoft Cost Management (ACM), you can see how much PEC you received. For a detailed presentation on ACM, see the May 2021 CSP Spotlight call.
Use ACM to view your partner earned credit
In the Azure portal, sign in to your partner tenant and select Cost Management + Billing.
Select Cost management.
Select Cost analysis.
The Cost analysis view displays the costs for your billing account for all the services purchased and consumed at the prices that you pay Microsoft.
In the pivot chart drop-down list, select PartnerEarnedCreditApplied.
- This value is True when the resources/subscriptions meet the eligibility criteria for PEC. Otherwise, this value is False.
Note
Typically, usage for services appears in Microsoft Cost Management within 8–24 hours, and the PEC appears within 48 hours of access in Microsoft Cost Management.
You can also group by and filter by the PartnerEarnedCreditApplied property. Use the "Group by" and "Add filter" features to explore costs with PEC and without PEC.
How is PEC paid?
The total on the invoice reflects PEC adjustment. For detailed information, see the monthly invoice reconciliation file and the daily rated usage file.
