Gartner and IDC have reported a massive surge in Microsoft audits.

A Microsoft Enterprise Agreement is not a force-field, you can and will still be audited!

Microsoft’s incredible growth goals mean that it’s sales force will turn over every rock and look behind every door to find more revenue to meet 20%+ Year-over-year revenue boosts to secure another large commission payment. So, EA or not – its audits for everyone this year!

An audit isn’t straight forward either, there are 3 major types of audit:

Software Asset Management (SAM) Engagements

A SAM Engagement is promoted as a friendly assessment of your licensing to ensure that you are compliant. SAM Engagements are marked as a collaborative process, paid for by Microsoft, using one of it’s certified SAM partners.

The reality? This is an audit disguised as a value-added service. Microsoft pays for the audit, and because of this, gets to see the results of your purchases versus your installed software inventory before you do. Clever eh?

Because you are reading this blog, I’m guessing that you don’t have a mature SAM process or closely monitor your software inventory and therefore you’re likely somewhat out of compliance. (More like definitely non-compliant!)

Don’t think being ‘generally’ or ‘nearly’ compliant means you can’t get hit with a bill.  Applications like Visio & Project can easily get out of hand, especially with there being no ‘Project Viewer’ and Microsoft’s SQL licensing changes means it’s easy to be hundreds of thousands of pounds out of compliance in SQL or SQL CALs, unless you have done a SQL Server Map that identifies database direct and indirect users, server type, procs, cores, external users, etc. Many factors contribute and most companies are unknowingly non-compliant.

Aside from the billing for excess software, you also suffer the disruption to your business, not only as the SAM Engagement partner is paid by Microsoft to deploy an automated discovery tool – which, let’s be honest – you’re not going to let them do without your guidance!

In a SAM Engagement, Microsoft’s “certified SAM Partners” are hardly independent. They work for Microsoft, and receive payment for the audit AND a percentage of the licensing shortfall they find in your audit. Quite a clear conflict of interest, but whats the choice?

Who gets targeted? Microsoft appears to be focusing it efforts on mid-market enterprises with 500 to 2000 computers.

LCC Audit

Should you decline the ‘voluntary’ SAM Engagement a few too many times, or if Microsoft can clearly identify inconsistencies in your purchase record you could be the subject of an LCC Audit (Legal Contracts and Compliance).

An example of inconsistencies may be the fact that your purchase history shows 2000 Windows CALs but only 1000 Exchange CALs – This is enough to force an LCC Audit.

LCC Audits are not voluntary.
Do not take LCC Audits lightly.

If the Microsoft Account Team can make the case to LCC, or determines that your company is purposefully pirating and is reported to Microsoft or the BSA, or if a foreign government has gotten wind of one of your international offices that might not be complying with local laws (and therefore avoiding their taxes), you might just have PwC, Deloitte, Accenture or another major auditor show up at your door unannounced.

You may be charged full retail version prices for software deficiencies in an LCC audit, and, you may be subject to fines, penalties or even criminal prosecution in the most eggregious cases.

It is the most costly audits and Microsoft LCC has made a pretty strong determination that they will get their money back from you several times over if they’ve approved you for LCC audit.

Microsoft Self Audit Request

This is the most lenient of all the audits. It basically asks you to comply with a contractual obligation to verify you license compliance by performing a self-audit. In Microsoft’s letter it recommends using a set of tools and requests compliance by a prescribed date. The letter usually CC’s a Microsoft Lawyer for and states,

“The purpose of the internal self-audit is to allow the parties to update the number of licenses granted under the Agreement. Please be advised that any removal of Microsoft software currently in use across your enterprise as of the date of your receipt of this notice in order to comply with existing contracted number of licenses will be considered a violation of the terms of the Agreement. An example of self-certification email has been provided below for your convenience.”

This basically gives you a chance to ‘get your ducks in order’ before they proceed with a different approach.

More information to follow on this subject…