Why You’re Failing Your Microsoft Audit

Does it ever feel like you’re fighting an uphill battle when it comes to your Microsoft software audits? You try your best to keep up with the auditor’s demands, collecting data and checking licensing details, but it all amounts to you owing far more than you feel could be possible? This is a very common situation, as we have helped clients who despite their best efforts to work with the auditors, have found themselves being forced to pay out millions more than they need to. At MetrixData 360, we have Microsoft’s software audits down to a science and we have seen patterns in the common mistakes people make before we are called onto the job. So here are the most common mistakes companies make in a Microsoft software audit and what you can do to avoid them.

Common Microsoft Audit Mistake #1: You’re Trusting Microsoft’s Audit Team Too Much

Microsoft will often bring on a third-party auditing firm like Deloitte and KPMG, and it’s tempting to fall into the mindset that they are the professionals in this situation — that they know best. We have often seen companies that go along with the auditor’s every demand and who take the software auditor’s findings as though they were set in stone.

Solution: Remember Who the Software Auditors are working for

Microsoft hired these auditors and Microsoft may even pay them based on how large a compliance gap they can find. It’s not to say that the auditors won’t do their job properly, but they have no incentive to investigate grey areas or ambiguous findings when they could instead just assume that the most expensive case is the scenario and call it a day. These expensive assumptions can greatly over-inflate your compliance gap while lining the pockets of Microsoft and their team.

When the software auditor’s hand over your Estimated License Position at the end of their investigation, the important thing to remember is that it is, in fact, an estimate. It’s not a receipt like the kind you would get in the restaurant, think of it instead as the beginning point of your negotiations and it is important to challenge any findings you don’t agree with.

Common Microsoft Audit Mistake #2: You’re Handing Over Everything Without Question

Microsoft’s auditors can be an intimidating bunch and having Microsoft ticked off at you is not a good feeling. So, there can be a knee-jerk reaction to play nice, do damage control by complying with demands, and exposing your entire software environment to the auditors as a sign of good faith, to show you have nothing to hide. However, we have often seen how this can backfire on many well-meaning companies since not everything that the software auditors will ask for will be relevant to the software audit. One client that we helped through a software audit was asked for information that wasn’t relevant to the audit and would be used in a later case against them.

Solution: Ask Questions

You can and should ask for justification on any data requests, especially if you think they are outside of the scope of the audit. We did that for a client, and it resulted in the audit being brought to a standstill which lasted months, with the auditors going silent. Our client received valuable time to prepare their own defense and carry on with their business. There are some requests that you can push back against and some which you will have to comply with. Knowing which request is which will greatly benefit you during a software audit against Microsoft.

Common Microsoft Audit Mistake #3: You Have no Single Point of Contact

Who are the software auditors talking to? Where do they go when they want something? And who is tailoring a response for them? This is often a simple question that for many companies goes unanswered during their Microsoft audit to produce devastating results. If just anyone is talking to the software vendor, including people who may not have the best information to answer the question completely, then the end result is that you do not know what Microsoft knows, where the software vendor is getting these assumptions from and, therefore, having no way to correct or challenge any misplaced information.

It also makes it quite difficult to structure a proper defense for yourself if you do not know what the vendor could possibly use in their own argument, making you essentially blind during the software negotiation process at the end of the software audit.

Solution: Establish a Single Point of Contact as Soon as You Received Your Audit Notification

Establishing a single person or team who will be in charge of interacting with the software auditors should be one of the first things you do when you receive your software audit notification. This Single Point of Contact (SPC) will review all data before it is passed onto the software auditor in order to maintain a clear understanding of your company’s stance with the vendor. The SPC will also review any data requests that the software auditor provides in order to ensure it is relevant to the scope of the audit.

In the event that an employee is interviewed by the software auditor, the SPC will prep the employee to ensure that the employee is ready to address the questions with a full understanding of the answer.

Common Microsoft Audit Mistake #4: You Trust your Microsoft Sale’s Rep Too Much

Microsoft sales reps are often friendly in nature and may come across as though they have your company’s best interest at heart. Due to this seemingly friendly nature, many companies will trust their sales reps to understand their business needs and their compliance requirements. This trust has resulted in companies wasting time and energy purchasing licenses they don’t need while remaining exposed to compliance risks during their next software audit.

Solution: Know What You Want

Don’t let the sales rep tell you what to do because it is important to remember that at the end of the day, Microsoft’s sales reps have the main goal of selling you more licenses regardless of whether it is of any advantage to you. This is why it is so important that you have a good understanding of what you want and how many licenses you need in order to remain compliant and get your company to where you want to go from a software perspective. This type of visibility into your software environment is typically only achieved through software asset management if your software environment is large enough.

Common Microsoft Audit Mistake #5: You have no SAM Tool or Software Asset Management Strategy in Place

Software asset management is perhaps one of the best defenses you can deploy when it comes to protecting yourself against the heavy fines of a software audit. However, very few companies have a software asset management strategy in place and only consider employing SAM in their software environment after they have received their audit notice. To ensure the strongest defense, however, SAM should be a year-round endeavor, to ensure you don’t fall back into the SAM bad habits that opened you up to compliance risks in the first place.

Solution: Have a Strong SAM Strategy Long Before

Implementing a strong software asset management strategy not just during the event of a software audit but for all year round comes with many benefits including but not limited to:

  • Realized Savings: Software asset management implemented in the long term can result in an estimated 20%-30% of your current software spending to be reclaimed and reinvested into your IT budget.
  • Long Term Software Audit Defense: Clients who have implemented our long-term SAM strategies have found that they can sleep easy at night knowing that they are well prepared for a software audit if ever one should occur (and it will happen because software audits are a matter of when, not if).
  • Improved Security: It isn’t often that SAM is thought of when considering IT Security but having a good understanding of your assets and making sure those assets are organized and not filled with noise can make the job of IT security that much easier. It’s also important to note that cybercriminals will often use old forgotten assets to enter your software environment and software asset management’s job is to hunt down such assets.

MetrixData 360: Microsoft Audit Specialists, Here to Help

At MetrixData 360, we have gone up against Microsoft on multiple occasions for close to a decade now. We have been tenacious in our approach to defend our client’s interest and our success can be found in the millions of dollars we have saved our clients over the years. We take a data-first approach, where we build a defense against the onslaught of auditors that allows us to beat Microsoft at their own game. If you’d like to learn more about our tireless defense of your business’s interests, you can contact us today and we can get started helping you through your next Microsoft Audit because MetrixData 360 has your back!

Book a Meeting with Your Audit Defense Today

Data Normalization and Software Asset Management

Software normalization and categorization sound like quite an intimidating process, the kind of thing you probably need a couple of bachelor’s degrees for. Since you’re never too old to stop learning, today we’re going to demystify some of the more intimidating elements of software normalization and categorization. At MetrixData 360, we are an independent software asset management consulting company specializing in data normalization, along with software contract negotiations, software audit defense, evaluation of license readiness for migration to the cloud, just to name a few of our many skills. If you want to learn more about what we do, you can check out our about us page. But for now, let’s get into the weeds of data normalization, what it is, how to do it, and how we can help.

Why Should You Care About Data Normalization?

Data normalization is an important process in software asset management that systematically cleans and identifies data, filtering out unneeded information and standardizing the data in a format that is easily readable. Some of the main benefits of data normalization include:

  • Speeding Up the Process of Data Collection: Imagine all the different formats your data could potentially be stored in. Reading your data accurately without a data normalization tool will require you to manually go in and input the data into a single platform. This could take weeks of work and leaves you open to human error.
  • Improves Visibility: Effective software asset management where you can ensure compliance and cost-effective measures begins with knowing what you have. If you are just beginning your software asset management journey, you can check out our article on how to get started.
  • Negotiation Advantage: Knowing exactly what you have and exactly what you need will give you an advantage in your next software negotiation with your vendor. Software vendors profit off of your uncertainty when it comes to the number of licenses; purchasing too many licenses means you are wasting money and purchasing too few means you are open to compliance risks which again means more money for the software vendors. Having a data normalization tool can level the playing field.
  • Discover Security Risks: Software asset management is often underappreciated for its uses in cybersecurity. However, data normalization involves painting an accurate picture of all the licenses that you have activated in your environment and this will give the cybersecurity team the ability to know what must be patched and updated. It is also important to note that cybercriminals will often use untracked and forgotten assets as an entry point into your software environment. Software asset management eliminates the risk of these forgotten legacy licenses.

What is Involved in the SAM Normalization Process?

Although complicated in practice, the concept of the process of gathering and normalizing software data is quite simple. During the normalization process, you have two goals in mind: collect deployment data and eliminating redundant data (such as instances where a license may be counted twice if it is found on two different tables) to ensure your table is referencing a finite number of applications. These two goals are achieved through matching software installation data to a central contact library comprised of recognized software, the process also adds things such as publisher, product, and version value to the discovered model. These discovery methods are used to connect installed software to entitlements related to that software model.

The process of data normalization can be quite simple or terribly complicated, depending on how you go about it. So here are a few tips to keep in mind when you’re attempting to normalize your data:

Don’t Try to Do It Manually

I can’t stress this enough. The data is too complicated and too time-consuming to do by yourself. The exception for this is if you are a small company, with only a few desktops to keep track of. The more devices you have, the pricklier things can get and the data you pull by endlessly counting is unlikely to even be accurate as you try to keep track of everything in your software environment.

Data Normalization in SCCM

SCCM is an excellent tool at your disposal as you wrestle your data under control. It is an excellent way to monitor Microsoft tools and can be integrated neatly with a third-party tool.

If you are using SCCM, it is important that you ensure your data is of good quality by making sure your SCCM data isn’t stuck in silos but is instead accessible to those who would find it useful, including HR, procurement, and security.

SCCM can easily become overwhelming since it can collect hundreds of thoughts of pieces of data. Don’t get discouraged, however, since the next step is to clean up this data into something you can use.

Upload Your SCCM Data into Your SAM Tool

This is where things get a little difficult if you do not have a SAM tool properly installed since it is a SAM tool that can normalize your data in a manner that is easy to read and use. With the data your SAM tool produces, you can start rooting out compliance issues, find cybersecurity threats, and start developing a plan to minimize software costs. Ensuring that your SAM tool can produce trustworthy data is always a challenge, which is why it is important when you are picking your SAM tool to do your research or else you may be forced to resort to installing a secondary SAM tool or even picking up the slack through manual effort. That is why at MetrixData 360, we have a wide variety of resources available to help you come to an informed decision regarding your next SAM tool.

So, you can check out some of our resources, including: Best Software Asset Management Tools of 2020 and 5 Factors to Consider when Buying a Software Asset Management Tool.

How MetrixData 360 Can Help Get Your Software Under Control

As you can imagine, normalizing your data can be a daunting challenge if you are forced to go through it alone with just a notepad and pencil. Going about the task manually means you’ll be counting until you go blind, and there’s an uncomfortable chance you’ll get something wrong. This is why you’ll need your own SAM team who can own the project and someone who comes to the table with the skills and tools you need to get the job done quickly and accurately. Which is why MetrixData 360 has prepared a state-of-the-art Data Normalization strategy with proven results. If you’d like to know more about what we do and how we do it, you can reach out and contact us by clicking the link below and we will get to you in under 24 hours.