Microsoft - Software Audits and SAM Assessments

Microsoft has increased the number of software audits and SAM assessments - tips for being prepared and avoiding common pitfalls


Microsoft has definitely increased their software audits (and Software Asset Management or SAM Assessments) within the United States and globally. While in the past there were specific organizations that were at risk based upon size and licensing footprint, this is no longer the case as all organizations using Microsoft technology carry an increased risk of audit.

To be clear on my stance, all software publishers have the right and responsibility to enforce their Intellectual Property rights. When you choose to use a publisher's software in your organization you agree (whether in a signed document or a user "click through" agreement) to abide by their rules of use and typically agree to their right to audit.

However; organizations also have a right and responsibility to protect the organization's assets (which includes employee time). Audits are expensive - they are time consuming and due to the complexity of licensing rules and agreements they typically result in an unplanned financial cost. There are varying degrees of any audit (onsite audit, self audit, SAM Assessment, assisted self audit, Business Software Alliance audit) and each carries it's own form of labor cost and risk.

With over 20 years of experience in software audits I will tell you that in my opinion the only reason there is a significant increase in Microsoft audits is that they have been successful in driving significantly more revenue than the cost of performing the audit and risking a client's goodwill. That is not a good situation for organizations, since most organizations that I know try to be legitimate in their software licensing - this reinforces what I've seen which is that most are unintentionally breaking the licensing rules.  The following tips and suggestions will hopefully help your organization minimize your risk.

Common Pitfalls

  1. Not understanding the contractual obligations.  We see this most commonly with Microsoft Enterprise Agreements (EA's) and Microsoft Enrollment for Application Platform Agreements (EAP's). Please understand that anything you have licensed under "Enterprise Products" on these agreements (as you can see through your Customer Price Sheet (CPS) under the heading "Enterprise Products") must be licensed for your entire organization based upon the definitions of "Qualified User" and "Qualified Desktop" (as defined in your signed contract) unless you specifically have an Addendum or clause in your contract that changes this basic program rule (note, what anyone told you or implied verbally without written back-up does not count). Please note, this could also include a licensing requirement for others outside your organization if their usage of your Microsoft technology infrastructure falls within the definitons of "Qualified User" or "Qualified Device". Need more details on this, check out my earlier blog at
  2. User versus Device licensing. Microsoft Windows, Microsoft Office, Microsoft Project, Microsoft Visio (to name a few) are all licensed by device, not by user (unless you are licensing these products through an online subscription). Frequently organizations will tell me they switched to "user based licensing" on their EA not realizing what they actuall switched was their Client Access Licenses (CALs)...that these other products remained licensed per device.
  3. Downgrade Rights versus Cross Edition Rights. Downgrade rights are typically included in Microsoft volume licensing, however; cross-edition rights typically are not.  Some examples:  Office Professional Plus includes downgrade rights to earlier versions of Office Professional Plus - but it does not include rights to cross-edition products such as Office Standard, Office Professional (post version 2003), Office Home and Business, etc. The same is true of most Microsoft technology.  There are some exceptions but make sure you have Microsoft licensing documentation that specifically allows the exception you are using.
  4. Reassignment of a license. In general, most MIcrosoft software must be assigned to a device (or user if it is a user based license). You are then typically restricted from reassigning that license to another device in less than 90 days. Be particularly careful here with your server virtualization - if you are using any tools that move virtual instances between hosts then you may be creating a need for a new license (and yes, this is tracked and will be found in an audit).

This is just a short list of some of the most common pitfalls - there are so many more!  For more information please see my Software Asset Management blog on this topic at If you are concerned or have been contacted for an audit or SAM Assessment, take it seriously and get help quickly. As we all know - you can't manage what you don't know and when it comes to Microsoft licensing, it really does take an expert to know the rules!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2013 IDG Communications, Inc.