Recently I have been asked a lot about Microsoft Audit Penalties and what they are in a Microsoft Audit. In the past I wrote 10 Powerful Tips for dealing with Audits, today I’m going to focus on penalties and a few tools that are useful during audits or Microsoft License Verification Process.
Microsoft has two different types of Audits:
- Software Asset Management (SAM) engagement
- An Audit
What is the Difference Between an Audit and SAM
Most people think of SAM as being a soft-audit or easier to go through. Well on the surface this may look to be the case, the reality is that the process that you go through in both circumstances is essentially the same thing. Microsoft is going to appoint a third party auditor (this could be anyone from a specialized SAM partner to a large consulting firm like Deloitte or PwC).
Once the auditor is in the door what happens really is the same. They are going to ask you to run scripts on your network, look at Active Directory Records, pull deployment data from your SAM tool and much more. They will try and determine your usage of Microsoft products and then compare that to the license you own to create an Effective (or Estimated) License Position (ELP). I’m not going to go into the details of how to defend an audit today, but if you are interested you can watch an on-demand viewing of my Dissecting Microsoft Audit Data video.
What I want to focus on is what are the Audit Penalties for a SAM engagement or for an Audit. At the time that I’m writing this post, under a SAM, Microsoft will not charge you any penalties. You will simply place an order for any license shortfalls against the terms of the contract that you purchase a license under (Enterprise Agreement, MPSA, Open, etc). In addition, you are not responsible for the cost of the SAM engagement as Microsoft funds the selected partner.
Under an Audit, you need to read the terms of Microsoft right to validate compliance in your contract to understand what the Audit Penalties are. If you are an Enterprise Agreement/MPSA customer, this is typically found in your Business Agreement.
This may differ depending on your region and the version of contracts you are under, but typically most customers are subject to an Audit Penalty of paying list price +10% and paying for the auditors’ fees if they are found to be out of compliance by 5% or greater.
How the 5% is determined various but it is typically calculated based on the number of license owned / licenses required. You will need to read your agreement to understand what the exact terms an audit with Microsoft is and what Audit Penalties you are responsible for.
MetrixData 360 suggests that companies perform a self-assessment at least once a year to understand where your position is. Again, please feel free to watch my video on Dissecting Microsoft Audit Data if you would like details on how to do this.