smartspend™ bulletin

The Anatomy of a Microsoft License Audit

Microsoft license audits are costly, confusing and almost always result in non-compliance claims. So how do you fend off or improve the outcome of an audit with Microsoft? It starts with a clear understanding of how Microsoft’s auditing process works – and where the deck is stacked against you.

Microsoft makes no secret of the fact that it is aggressively auditing its customer base. Over the last few years, Microsoft has generated billions of dollars in revenue through the proactive, intentional discovery of licensing non-compliance amongst its enterprise customers. In fact, the vendor has a revenue quota for audits, and a dedicated team to pursue it.


There are two types of Microsoft audits:


Microsoft certifies third parties to conduct audits, including national accounting firms and boutique auditors. If the Microsoft license audit notification suggests it will be performed by a national accounting firm, this can be an indicator that Microsoft anticipates finding significant areas of non-compliance.

A variety of factors increase the likelihood that a particular company will be at higher risk for audit and will therefore go to the “top of the list” as Microsoft cycles through its installed base. For example:

  • Size - Customers that have a larger Microsoft footprint, particularly with respect to Windows Server and SQL Server counts.
  • Complexity – Customers with an IT environment that can be defined as complex in terms of virtualization, cloud infrastructure, BYOD, or the usage of industry devices. High utilization in any of these areas increases risk of an audit.
  • License Management – Customers that need stronger license management tools and processes, and who are migrating to cloud infrastructure or experiencing other technical shifts that can lead to license management mistakes.
  • Account Status – Customers that anticipate their next Microsoft renewal to be smaller, have recently renewed at a lower rate, or have not been audited by Microsoft in the last three years.


The typical process for a Microsoft license audit or SAM Assessment is:

1. Microsoft selects an auditor or SAM partner (often a Microsoft reseller in SAM scenarios) to perform the assessment. As noted earlier, if a national accounting firm is chosen to perform the audit, it’s a good sign that Microsoft anticipates finding significant non-compliance.

2. The auditor or SAM partner puts an agreement in place with the customer. For most customers, this is a new experience and they’re often unaware of best practices for reacting to and optimizing this agreement. Among other things, the agreement will spell out the cost of the audit. If the audit uncovers material noncompliance (usually >5% calculated on license counts, not dollars), then the customer will typically be obligated to pay for the audit. If no material non-compliance is discovered, Microsoft pays. SAM assessments are usually at Microsoft’s expense.

3. The auditor/SAM partner conducts discovery and analysis. This is performed using information provided by the customer, including deployment information gathered via Microsoft tools such as SCCM and Active Directory. In some cases it will include information gathered via the auditor’s own tools. In this step, customers frequently provide more information than they are contractually obligated to share – and the auditor will use that information against you.

4. The auditor/SAM partner produces a workbook with an Effective License Position (ELP). The ELP compares licenses owned against licenses deployed and quantifies purported non-compliance that would require payment of additional fees to Microsoft. In a formal audit situation, the price for licenses is typically retail price and can include penalties. In a SAM Assessment situation, licenses are purchased under the customer’s then-current agreements, with no penalty.

5. The customer is asked to respond to purported non-compliance within a limited time period. Any refutation of compliance must be vigorously proven and defended.


In addition to the risk of unexpected fees and penalties, audits are daunting, frustrating, time-consuming experiences. Audits frequently progress in fits and starts – with delays contributing to frustration and fear. Most critically, every aspect of the Microsoft license audit process is stacked against the customer.

Timing: The auditor will attempt to set the schedule, and many customers think they are obligated to meet that schedule. However, there are a variety of ways the customer can influence the audit cadence.

Data: Customers almost always over-communicate deployment data. To optimize the outcome, it is important to provide only what you are contractually obligated to – all submissions need to be properly curated and sanitized.

Complexity: NPI’s experience indicates that auditor-side and Microsoft-side discovery tools almost always produce findings that are typically NOT in the client’s favor and usually overstated. The ELP workbook – the culmination of the discovery phase of the audit – is typically overwhelming and difficult to understand and interpret. It comprises hundreds of thousands of line items, multiple tabs and (intentionally) confusing assumptions, analysis and findings. You will need to understand it and challenge it.

Accuracy: There are usually errors in the workbooks, and misinterpretations of license rights. This is the biggest problem with audit claims.

Motivation: Further stacking the deck against the customer is the fact that the auditor/ SAM partner is incented to discover non-compliance. Their goal is to interpret everything in Microsoft’s favor (in order to generate revenue).

All of these factors conspire, causing customers to struggle with interpreting the auditors’ findings, defining an alternate position, and successfully defending it. Without expert guidance, mitigating or minimizing Microsoft license audit penalties can be a nearly impossible mission.


NPI recognizes that customers need Ph.D.-level Microsoft licensing and negotiation expertise to fend off the stunning, unbudgeted penalties that typically result from a software license audit. They need licensing interpretation and analysis that work in their favor.

NPI helps you minimize your audit risk and penalty exposure – on your terms, and at any stage of the audit lifecycle. The three ways we typically engage with clients are:

  • Proactive License Position Assessment (LPA) – When you want to conduct a “self-audit” to identify over and under usage across the Microsoft estate, define a remediation plan for right-sizing, and establish a true baseline to feed into requirements for your next renewal. This is a best practice for risk management.
  • Audit Management and Defense (from day 1) – When you’ve just received an audit notification and want to be sure you manage the entire process optimally from Day 1
  • Audit Defense (mid-stream) – When you’re already going toe-to-toe with your vendor’s auditing team, and suddenly realize you need help.

NPI advises customers to never go it alone during a Microsoft license audit or SAM engagement. It’s not uncommon for Microsoft to “discover” non-compliance that amounts to tens of millions of dollars in licensing fees/penalties. And consider analyzing your audit risk independently before an audit strikes. By conducting periodic self-audits proactively, customers can define and implement remediation so they are audit-ready.