Should You Agree to a Microsoft Audit?

By Dan Brewster

Director of Client Services, Microsoft, NPI

May 22, 2019

Interested in learning more about NPI’s services?

Contact Us

As previously discussed in another blog post, you should always seek assistance before you agree to a Microsoft audit. Why? It’s simple enough – the findings will rarely be in your favor and preparation is a must.

There are two ways in which Microsoft conducts audits. The first is called a Software Asset Management (SAM) engagement and it’s positioned as an effort to “help you understand what you own.” The second is a more formal affair where the company sends a stern letter notifying you of Microsoft’s intent to invoke the “Verifying Compliance” provision of the Microsoft Business and Services Agreement.

The voluntary effort, the SAM engagement, is by far the more common of the audit motions, especially with smaller organizations. It’s important for you to realize the SAM engagement is a sales effort, funded by the sales organization, and SAM engagement managers are commissioned sales reps carrying a sales quota.

As a former SAM engagement manager for Microsoft, I often heard from clients that they were compliant and had nothing to hide. Great, I’d reply, then this should be a quick process that validates your own internal findings. In reality, though, I knew we would often find a significant shortfall. Not because customers were intentionally non-compliant, but because it’s exceptionally difficult to remain compliant with the wide variety of Microsoft products and the various licensing options for those products.

Before You Agree to a Microsoft Audit, Know These Common Licensing Shortfalls

The most common products to yield a licensing shortfall are Office, SQL Server and Microsoft’s development products. Here’s a more thorough explanation:

  • Office: This is largely because it’s a more pervasive product and because the version of Office that ships with Office 365 is different than the perpetual use version of Office. Microsoft’s perpetual use rights version is the MSI (Microsoft Installer) while the version that ships with Office 365 is Office Pro Plus and is based upon the C2R (Click to Run) installer. While the products might otherwise seem identical, the on-premise perpetual use rights (MSI version) are not included with most Office 365 subscriptions. This is problematic as many Microsoft customers will initially purchase the MSI version, transition to Office 365 and not realize they will eventually need to migrate to the C2R version. Unfortunately, this ultimately leads to compliance problems.
  • SQL Server: SQL Server is a complex product and can be licensed via the Standard or Enterprise edition. Over time, both versions have been licensed via Processor, via Core and on a Server/CAL basis. Standard edition is available today via Server/CAL or on a Per Core basis. Enterprise Edition is licensed (today) only on a Per Core basis. And, of course, your use of the product may require Software Assurance. SA is all but required for license mobility, which will be used in most virtual deployments. If reading this paragraph has caused your eyes to glaze over, or you find yourself rereading, then there you have it. It’s complicated stuff and that’s exactly why SQL license compliance issues are common.
  • Development Products: Microsoft development products are licensed on a per developer basis. That is, a named developer basis. It’s common for Microsoft customers to misunderstand this last point – that the license is assigned to a specific person. Most of the development products include a MSDN subscription that permits broad deployment of Microsoft products for non-production development or testing use. Microsoft will often claim that a development product found on a network share accessible by thousands of employees will require the purchase of the development tool for everyone in the organization! This can easily transform what you thought would be a benign audit into a multiple million-dollar license shortfall.

Expert guidance is crucial for any “flavor” of Microsoft audit, even (especially) for a seemingly benign SAM engagement. As described above, there is ample room for confusion and misinterpretation of license use rights and findings. Before you agree to a Microsoft audit, seek counsel from an independent Microsoft licensing expert!