Compartilhar via


Moving away from VLK

Every customer discussion on VA 2.0 ends with the same question, "so why is Microsoft making this change?"  I'll reiterate what I say on my "about" page, I'm not speaking for Microsoft here I'm only explaining my interpretation of the world.

It really is to make life easier for customers.   Here's a scenario.  Let's say you have a volume license agreement that includes Windows desktops.  One of your employees unfortunately posts your volume license key to the web.  Your key is then used to activate literally millions upon millions of machines all of the world in addition to the twenty-thousand legitimate machines you have in place.

When things reached that point with VLK there was almost no course of remediation.  The choices were to leave the key intact and let millions upon millions of machines use it illegally or blacklist the key so any machine using it becomes nongenuine.  That would be quite unfortunate for the customer as the twenty-thousand legitimate machines would now have to be re-keyed.  Oh btw, there wasn't a really elegant way to re-key with VLK.

Now with VA 2.0 the situation is dramatically better.  In the case of a KMS, the client machine never needed or received a key it simply activated against your KMS.  Should your KMS key be compromised it can be retired and a new one issued with no impact to the client machines.  In the case of MAK, Microsoft has the ability to set the number of available activations on the key to 0 but does not have to also blacklist the key.  In some scenarios blacklisting may be for the best such as if you only know of 50 machines using it but your activation report says 3050 machines have activated against it.  However re-keying twenty-thousand machines in an unmanaged environment may not be practical.  If the key is not blacklisted the existing machines can remain intact without needing to re-key and all new machines can use a newly issued MAK.

I'm yet to talk with a customer and find a scenario where KMS and MAK are not going to work.  I do think we need more concise messaging and there are efforts underway to make that available.