Recently, I was struck by a survey that I found on an industry website. A link to the full article is below, but here’s the gist: Microsoft is auditing its customers at a brisk pace, and no company is immune. All software vendors retain the rights to audit their clients, and we feel that it is fair to expect these periodic compliance checks. But Microsoft is auditing customers at a 2 to 1 rate over other vendors like Adobe, IBM, and Oracle—58% of executives surveyed said they have been audited by Microsoft in the last 12 months*. Five years ago, these types of audits were relatively rare and only encountered under specific situations. Today Microsoft absolutely does not discriminate—there need be no compelling event or “areas of concern” to trigger a compliance check on your Microsoft software. Most often we are seeing Microsoft approach customers via email to conduct a self-audit, but we also see the more invasive, third-party types of audit that will send a shiver down any CIO’s spine. The different kinds of audits that are being imposed really do run the gamut.
As you navigate these waters, keep in mind that any kind of successful compliance check will include these three things:
- Insight into your current License Entitlements (i.e. what do we actually own?)
- An accurate reporting of usage (i.e. what is actually deployed?)
- The licensing expertise to assign license entitlements to real deployments.
Note that these three things are equally important. If you are lacking in any of these areas, you will not be able to confidently say that you are compliant. Simply possessing entitlement and usage data is not enough—you have to understand how to apply one to the other. Microsoft’s licensing rules are so complex and nuanced now that you can no longer simply say, “We have X number of deployments, so we need X number of licenses.” That may work for Project and Visio, but when you get into SQL, Windows Server, server virtualization, desktop virtualization, remote desktop services, etc., the picture can become very murky. Remember that licensing rules are often counter-intuitive. I cannot tell you how often a customer will remark on the randomness or absence of clear rationale associated with some important licensing rules. (For example, VDI licensing is per physical device. I know, right?)
Also, keep in mind that while SAM is indeed a compliance check, it also must be an ongoing mission. And it is not strictly an IT affair. Real ongoing asset management must also involve:
- Purchasing standards
- Active and continual allocation, de-allocation, and re-allocation of software assets
- Executive buy-in and enforcement of asset management policies (or it simply won’t work)
Now that some form of official Microsoft compliance check is merely an eventuality rather than an unfortunate chance event, a little investment on the front end to address your software asset management approach is advisable. Regardless of how you are purchasing Microsoft licensing, through Select Plus, EA, even subscription and or Office 365, you always have to ask yourself the following question, “What would happen if Microsoft knocked on my door today?” Here is an overview of our approach to SAM:
*Study: Microsoft Is Most 'Aggressive' Software Auditor