Gartner and IDC continue to report on a surge in Microsoft audits occuring as Microsoft Enterprise Agreement Renewals suffer, after a major set of releases including Windows 8 and 2013 Servers secures perpetual use rights for many customers.
Do you think you’re immune from an audit as an Enterprise Agreement customer? Think again. Microsoft’s incredible growth goals necessitate that it’s sales force turn over every rock to find more revenue in order to meet 20%+ Year-over-year revenue boosts to secure another beefy commission check. And that means audits for everyone in 2013!
There are three major types of audits:
Software Asset Management (SAM) Engagements
A SAM Engagement is a sales led process promoted as a friendly assessment of your licensing to ensure that you are not over- or under- licensed. SAM Engagements are billed as a collaborative process, paid for by Microsoft, using one of it’s certified SAM partners. The reality? This is an audit disguised as a value-added service. Microsoft pays for the audit, and because of this, gets to see the results of your purchases versus your installed software inventory before you do. That means if you don’t have a mature SAM process or closely monitor your software inventory, you’re likely somewhat out of compliance. And, don’t think having your desktops generally compliant means you can’t get sacked with a bill: Microsoft’s SQL licensing changes means it’s easy to be several HUNDRED thousand dollars out of compliance in SQL or SQL CALs, unless you have done a SQL Server Map that identifies database direct and indirect users, server type, procs, cores, external users, etc. Many factors contribute and most companies are unknowingly non-compliant.
Be aware that a SAM Engagement is a voluntary process, and while your Microsoft account team might “insist” and reference their contractual right to “confirm your license accuracy” if you decline, you can obtain independent advice and even pre-audit your environment using Software Licensing Advisor’s Compliancy Check & Risk Mitigation engagement. We can identify areas of exposure and offer mitigation advice before your SAM engagement starts. While we certainly don’t condone piracy, we’ve had clients with Active Directory, SQL and Exchange directories that just haven’t been maintained, and Microsoft’s audit tools over-report thousands of users that you’ll have to prove aren’t in use. Paul Sheehan offers some insight and questions to ask an auditor to uncover their motives.
In a SAM Engagement, Microsoft’s “certified SAM Partners” are hardly independent. They work for Microsoft, and receive payment for the audit AND a percentage of the licensing shortfall they find in your audit. Ask yourself: Would you let the fox audit the number of eggs in the henhouse?
Would you let Ralph Wolf into your Sheep Herd without Sam Sheep-Dog protecting you?
Legal Contracts and Compliance (LCC) Audit
An LCC Audit can be an escalation of a SAM Engagement that’s been declined for a little too long, or where the MS team can identify major inconsistencies in your purchase record. They will look at the Microsoft License Statement (MLS) for areas that just don’t add-up and build a case for legal to take more assertive action. An example of this might be that your license statement shows 2,600 Windows Server CALs but only 1,200 Exchange CALs. Or a number of SQL Server Standard or Enterprise non-proc (or non-core, now) instances and a couple of hundred SQL CALs. Remember, Microsoft states that users or devices that access SQL directly OR INDIRECTLY need CALs. Microsoft’s SQL Server Licensing Guide states,
“SQL Server CALs are required for users or devices that directly input into, query, or view data from a SQL Server database. Similarly, SQL Server CALs are required for users or devices that input data into, query, or view data from a SQL Server database through a pooling device (such as the CRM Server in the figure above). This includes users who view data through web-based applications or enter information into a database through an intermediary product.”
Microsoft SQL Server 2012 Licensing Guide, Page 17.
If the Microsoft Account Team can make the case to LCC, or determines that your company is purposefully pirating and is reported to Microsoft or the BSA, or if a foreign government has gotten wind of one of your international offices that might not be complying with local laws (and therefore avoiding their taxes), you might just have PwC, Deloitte, Accenture or another major auditor show up at your door unannounced. You may be charged full retail version prices for software deficiencies in an LCC audit, and, you may be subject to fines, penalties or even criminal prosecution in the most eggregious cases. Don’t fool around with an LCC audit. This is not voluntary. There is strong evidence to suggest that you are in a serious non-compliance situation or LCC would not move forward with this process. It is the most costly audit of the three types and Microsoft LCC has made a pretty strong determination that they will get their money back from you several times over if they’ve approved you for LCC audit. Call us immediately if you are given an ultimatum of LCC involvement. Software Licensing Advisors can usually identify and mitigate exposures within a single domain forest in about 3-5 days and make recommendations to identify, optimize and minimize audit exposure and negotiate any remaining license deficits before it becomes punitive and downright ugly.
MicroSoft LIcensing General Partners (MSLI GP) in Reno, NV Self-Audit Request
Recently, many of our clients have been recieving a letter from MSLI GP, asking them to comply with a contractual obligation to verify their license compliance by performing a self-audit. They recommend using a set of tools and request compliance by a prescribed date. The letter usually CC’s a “sponsor” Microsoft Attorney for “shock value” and states,
“The purpose of the internal self-audit is to allow the parties to update the number of licenses granted under the Agreement. Please be advised that any removal of Microsoft software currently in use across your enterprise as of the date of your receipt of this notice in order to comply with existing contracted number of licenses will be considered a violation of the terms of the Agreement. An example of self-certification email has been provided below for your convenience.”
Here is a copy of the MSLI GP Audit Letter Template. If you have recieved this letter, you have the most leniency of all the audit types to get your house in order before a bigger hammer falls. Still, if you are deficient in Microsoft Licensing, the letter asks your designated executive to sign-off on your compliance; they’ll want to see some evidence of this SOX-compliance before they put their job on the line. Contact Software Licensing Advisors to get an independent internal audit completed that uses Microsoft certified tools and reconciliation spreadsheets to state and defense your audit findings. We work with you to recommend optimization, cost-minimization, and risk-mitigation approaches that will limit your exposure during this audit period and well into the future.
See also: Microsoft to audit 30,000 companies in 2012-2014 : http://msftadvisors.com/blog/microsoft-audit/microsoft-to-audit-30000-companies-in-2012-2014/
CALL SOFTWARE LICENSING ADVISORS TODAY
Software Licensing Advisors is an independent Microsoft Licensing Consulting firm that uses a combination of proprietary reconciliaton tools that identify audit risk areas. We can mitigate risk and alleviate exposure that can otherwise cost you a bundle. Our former Microsoft managers know the insider teams and processes and support and defend against any type of Microsoft Audit. Don’t get suckered into inviting Ralph Wolf into the pasture to guard your sheep. Hire the “Sheepdog Sam’s” at SLA for to help with your Microsoft Audit. Call us at 1-866-825-3787.