Scott & Scott, LLP represents clients in Microsoft software audit matters conducted by the BSA and Microsoft SAM consultants. Microsoft audits its customers using a variety of strategies. Small to medium-sized firms are frequently the target of a Microsoft audit initiated by a trade group such as the BSA. For large enterprise and mid-market firms, Microsoft audits its customers through its software asset management partner channel in what is frequently referred to as a Microsoft Software Asset Management (“SAM”) engagement.
Software Asset Management engagements are usually conducted by third-party auditors or consultants, but there is no obligation that the auditor in a SAM engagement be independent.
Microsoft will request that the target allow a third party to audit its software installations and report the results directly to them. In these engagements, the target is required to purchase licenses to cover any deficiencies in its software licenses. Microsoft’s SAM engagement has been extensively used in lieu of traditional software audits with mixed reviews from the end user’s perspective.
If you license Microsoft products via the Services Provider License Agreement, the agreement typically includes audit rights language giving Microsoft the ability to review a SPLA partner’s records regarding software deployments and entitlements and to demand compensation – usually at a mark-up over standard reseller pricing levels – for any deployments found to be in excess of the business’ past monthly SPLA reporting.
Businesses that deploy Microsoft software under one or more SPLAs should strongly consider working with an attorney experienced in Microsoft software audits before disclosing any information to Microsoft in response to a SPLA audit engagement.
Our lawyers and technology consultants also assist companies conducting an internal Microsoft audit for license true-ups, compliance initiatives, outsourcing contracts, and in connection with acquisitions and divestitures.
Microsoft Audit FAQ
Q. What authority does Microsoft have to conduct the audit it requested in the letter I received?
A. The Microsoft Business and Services (MBSA) agreement contains a section called "Verifying Compliance" that gives Microsoft the right to engage with a third party auditor to conduct an audit of your use of all the Microsoft software licensed under that agreement. Many Microsoft licensing programs, including the Enterprise Agreement, Enterprise Subscription, and SPLA, are subject to the terms and conditions contained in the MBSA.
Q. What kinds of information am I required to share with Microsoft and the third party auditors during the audit?
A. If you received a letter regarding a "compliance audit of your Service Provider License Agreement," you will be asked to share detailed network infrastructure, client billing, and server access management information. The auditors will ask for as much information as they can get away with.
Q. What should I expect from the audit process?
A. Microsoft and its auditors will initiate the audit by requesting your organization to respond to an initial data request. Once they have received your answers, they will likely follow-up with an on-site audit that may take a week or longer. Experienced counsel can help to reduce the disruption to your business by arguing for remote auditing procedures and requiring Microsoft and their auditors to keep the scope as narrow as possible.
Microsoft Audit Experience
- Represented New York area hospital system in an audit conducted by Microsoft resulting in an out of court settlement and compliance savings of over $1,000,000.
- Defended fortune 500 IT Services company in Microsoft audit resulting in a new $34,000,000 Microsoft Enterprise Agreement enrollment including a release of all compliance claims.
- Advised companies regarding Microsoft SPLA licensing requirements in connection with Microsoft audit dispute.