Tag: Microsoft

Microsoft SAM vs Audit

Aah, the Microsoft SAM. I’m sure by now that you have been offered a Microsoft SAM Engagement by your “friendly neighbourhood” Account Team. If not, it’s likely coming. It seems that just about everyone has had the offer of a Microsoft SAM Engagement dropped in their lap, and clients are not sure if this is a friendly engagement or a full-blown Audit.

Let’s be honest, NOBODY likes the prospect of an Audit, but an Audit certainly does generate a TON of revenue for all software vendors. Of course, Microsoft will tell you that a Microsoft SAM Engagement is not a full-blown Audit, because Audit’s don’t sit well with customers. However, it may seem that a Microsoft SAM Engagement is indeed a warm and fuzzy way of telling you that you are about to be Audited.  I’m going to explain some of the similarities and differences, so you can be the judge.

The best way to prepare for a SAM Engagement or Microsoft Audit is to not face them alone. MetrixData360 specializes in helping our clients through the process while freeing up your resources.

Looking for more Information on Microsoft SAM Audits or Engagements?

What to Google When You’re Being Audited by Microsoft

What Triggers a Microsoft Audit

Negotiating a Microsoft Audit or SAM Engagement

Software Audit? Non-Disclosure Agreements Are A Must

Non-Disclosure agreements in a software audit are one of the most important things you need to get in place if you are being audited.  With more and more software vendors utilizing third party auditors to compile the actual audits and create the Effective License Position (ELP) having a Non-Disclosure agreement in place is essential.

It’s not new news that software audits are becoming more common and aggressive.  In fact, here at MetrixData360, we’ve been beating this drum for years. One of the patterns we have seen emerge is that various vendors are utilizing third-party auditors to compile the licensing position.  These third-party auditors can be accounting firms or just partners of the software vendor.  In either case, it’s critical that you get specific non-disclosure agreements in place to protect yourself as in many cases they are incentivized to drive a licensing gap.

Software Auditors Don’t Work For You

It’s important to remember that these third-party auditors work for the vendor and are paid by them as well.  In most cases, we understand that they are rewarded for driving licensing gaps.  They will run their scripts, request various deployment data from you and present you with an ELP which shows your entitlements juxtaposed with your deployments and identifies any gaps in licensing.  It is important to note that the first few ELPs that they present to you will be error-filled and will include incorrect assumptions.  You will then present evidence and work to ensure that it is correct.  In our experience these first few ELP’s skew heavily in the vendor’s favor.  You don’t want them to assume that these early ELP’s are representative of your true licensing position.  This is where the non-disclosure agreement comes in.

Make Sure Your Data Stays Yours

The most important thing that you want to achieve in this non-disclosure agreement is to ensure that they (the third-party auditor) cannot share data with the organization that has commissioned the audit without your approval.   This seems straight forward but in our experience without a non-disclosure agreement in place, these third-party auditors will often share data before it has been signed off on by your team.  The result is that the vendor will see early, incorrect versions of the ELP.  This may include development and test environments, out-of-scope products, etc. This often will cause them to forecast purchases for you based on incorrect data and it makes it harder to get them to accept the correct data when it is ready.

The goal will be to ensure that when the ELP finally is released to the vendor it contains clean, correct data that you are comfortable with. This will help to make any negotiations smoother and eliminate misunderstandings.  If you have any questions about this process, contact us to book a free consultation

Crucial Insights: Understanding Microsoft Audit Triggers and Strategies for Minimizing Your Risk

Has it happened to you yet? You know, that terribly uncomfortable experience known as the Microsoft Audit or Software Asset Management (SAM). If you have been through an Audit before, you know they’re no fun. The entire process monopolizes a great deal of time and valuable resources. On top of that, they can be down-right expensive. Have you ever asked yourself “what triggers an audit”? The truth is that organizations are almost never told the reason(s) they are selected for and Audit/SAM. Make no mistake, there are things you can do to help you reduce your chances of appearing on Microsoft’s Audit radar. Let me break down a few key triggers for you;

1) Your Account Team Audits often start and end with your account teams, despite what they may tell you. It’s important to understand what motivates them and why they would approve an engagement.   The account team can trigger an audit for a variety of reasons ranging from ignorance of your environment to self-interest.  You need to bear in mind that all software account teams have an aggressive growth number to which they are accountable to drive in terms of sales to their accounts.  At a most basic level your account team may just be lazy and in my experience the less your account team knows about your organization the more likely you are to be audited/SAMed.

2) The Vendor’s internal Audit/SAM team has flagged you based on Analytics Often the software vendor’s audit/SAM team will approach the account team to ask if they can audit a specific account.   The SAM team will present a case for why the account should be audited and it will be up to the account team to make the final decision.   Often this can all come down to how well your account team understands their client.   If the account team understands how their client uses their technology they may see obvious gaps in the SAM team’s logic and deny the request.   An example of this is a SAM team that wants to audit a company based on lower than expected purchases of Windows Servers.   However, if the account team knows that the client is an industrial manufacturer who has an environment which is largely UNIX based (which accounts for the low Windows footprint) they may deny the audit.  They may also see a situation in your license statements in which they see a relationship between server and Client Access License(CAL) purchases which may make it appear that you are out of compliance.

3) Merger and Acquisition Behavior Beyond your account team, merger and acquisition behavior is one of the biggest audit triggers we see.  If you have recently been involved in this sort of activity, it will often cause you to pop to the top of the audit/SAM list for many software vendors.  The rational is in the aftermath of a merger/acquisition there is a period of confusion as systems are rationalized and some institutional knowledge may be lost.   In addition, inevitably both organizations will frequently have different levels of Asset Management maturity and there is the possibility that they have very different levels of software standards.  Publicly traded companies should know that their account teams are likely reading through their annual reports carefully.   They will be looking for signs of rapid growth in terms of revenue and head counts.  They will then be looking to see if these organization growth numbers correspond to the sales numbers they are seeing from the company.

4) They Truly Do Suspect that Your Organization is out of Compliance Sometimes your organization is flagged for an Audit/SAM engagement because the software vendor truly believes that you are non-compliant.  These are often the result of conversations between the vendor and your staff from various departments.   Usually it’s an innocent conversation but something was said (usually inadvertently) which made the vendor suspicious.  It can also be the result of possible festering ill will from something that happened in the past.

5) Zero Sum True Ups If you have a Microsoft Enterprise Agreement (EA) you are required to go through a True Up exercise on an annual basis.  The purpose of this is to account for growth that occurred during the previous twelve months.   If you have no growth, then you submit a form to Microsoft called a Zero Sum True Up form which indicates that no purchases need to be made.   The issue is that it appears that the submission of a Zero Sum True Up will quickly cause your organization to be examined and there is a high likelihood that you will receive a letter or a call requesting an audit/SAM engagement.

6) Audits are a huge revenue generating tool for Microsoft It’s all comes down to dollars and cents. You may have done all your due diligence and still get hit with an Audit letter. Audits drive huge revenue for software vendors, and they know it. It has become common place to see a company get audited at least once during their Enterprise Agreement.  In fact, you can count on it. As you can see, there are some common triggers for an Audit. You may also be selected for Audit for reasons outside your control. When the time does come for you to be Audited (the time IS coming), make sure you have a team of Licensing Experts on your side to help navigate the difficult process, reduce any potential gaps and ultimately drive down your licensing spend. If you’re being Audited, let MetrixData360 be your ace in the hole.

Find out more at www.metrixdata360.com. CLICK HERE TO BOOK A FREE CONSULTATION

If you have ever been involved in any aspect of enterprise licensing for your company, you may have faced the uncomfortable reality of the Microsoft Audit.

Not only can Microsoft’s Audits seem extremely invasive, it also requires a huge amount of your company’s time and energy to complete. The fact of the matter is, Microsoft Audits are not going away since they serve as a huge revenue-generating tool for Microsoft.

These audits might be presented in a variety of diverse ways; they might be called by a softer name, like Software Asset Management (SAM) engagements or reviews, and they might act like a friendly opportunity to optimize your licensing, calculate your annual true up, or navigate a license metric change (like processors to cores).

Always remember the goal of the software vendor though – they’re less interested in compliance and more interested in driving sales and revenue.

The amount of data required for a Microsoft Audit – in order to determine the licenses that you own, what products you have deployed, and how many licenses you actually require – can be overwhelming. Companies that are facing an audit can often be paralyzed by the massive volume of data presented.

As a business, you need to be proactive in managing the audit experience.

At MetrixData360, we’ve helped many clients through such a trial, so we know exactly what you need to do to prepare for any Microsoft audits that might be approaching.

Here are our top 11 tips and observations to help you successfully navigate the muddy waters of a Microsoft Audit.

Top 11 Tips on How to Handle A Microsoft Audit

• Don’t Go Dark on the Software Auditor

If you are confronted with a SAM review, it is technically an optional engagement that you can decline, however refusing a SAM review will often result in you receiving a full legal audit.

Ignoring a software audit, on the other hand, can leave you in breach of your contract and Microsoft can take you to court. The financial and reputation damage that can ensue from such an event can be costly. So whatever you decide to do about your SAM engagement or audit, you should never just ignore it.

• Define the Scope and Get a Non-Disclosure Agreement in Place

You can actually negotiate what data will be shared in advance of the audit by defining the scope of the audit.

Keep in mind what the auditors are here for — your money. By leaving the scope undefined, the auditors will keep searching through your data until they find something that meets their estimated return on investment.

You will also need to get an NDA in place with the third-party auditor that the software vendor may hire stating that no data will be shared with the software vendor without your explicit and written permission.

• Data Is the Key – Get the Facts and Know Them Inside and Out

Have a strong understanding of your software in terms of deployment and licensing long before the auditors arrive. Not only will this lower the chance of an over-inflated compliance gap, it will also reduce the likelihood of being audited again by the same vendor.

Microsoft is more likely to come after you if they see you as a potential target for revenue. So, conducting an audit in an organized fashion that effectively captures what you actually owe will make you less worth the effort to audit a second time.

You should also perform internal audits regularly to maintain a strong knowledge of your internal environments, even if you are not currently being audited.

• Be Prepared to Put In the Time

Whether it’s your own SAM team or a hired expert, the audit process is going to be time- and resource-consuming. Do not treat this audit like a side-project that is tossed at Procurement or a junior IT staff member.

If the auditors tell you that the audit will take no more than four weeks, take their word with a grain of salt since the average software audit or SAM engagement, from our experience, can take anywhere from six months to over a year.

• Understand Your License Position

The Estimated License Position (ELP) takes all of the deployment data (inventory counts) and provides a view of the number of each product and version deployed then it will compare that against the number of licenses you own (simple to understand in theory, more complicated in practice).

If you are in a software audit, the third-party auditors hired by the software vendor to review your data will make their own licensing position for you. Any mistake they make will only inflate your compliance gap, which means more money for them. Do it yourself, creating your own ELP will give you something to challenge the auditor’s findings with and it will make sure it accurately reflects your usage.

• Prepare to Explain Your Deployment Data

You need to know the numbers better than they do, so that you can make a proper defense for yourself during the settlement.

Do not allow external sources to make assumptions based on their limited knowledge of your software deployments and usage. They will always pick the worst-case scenario that results in the largest penalty possible for you.

• Negotiate Before the Auditor’s Findings are Handed Off to Microsoft.

Ensure the ELP truly represents your environment prior to signing off to be released to Microsoft. If you have an NDA in place, you’ll be able to do this effectively.

• Prepare to Respond to Unreasonable Requests.

You need to be confident in how your numbers are represented in your ELP, or your company’s IT budget will suffer from an over inflated compliance gap. If you don’t know what the software vendor is asking for, you could very easily help the vendor build a case against you.

• Know Your Escalation Paths

Do not be afraid to escalate when and where it makes sense. Many businesses make the mistake of not offering a counteroffer to the auditor’s initial settlement price. They see it as set in stone but data can be interpreted differently and through negotiations, your penalty has the potential of being greatly reduced.

• Don’t Let Them Play the “Us Versus Them” Game.

Don’t fall into the mindset of Microsoft License Specialist or SAM Teams vs your Account Team and don’t let finger pointing back and forth get in the way of you getting a concession

• Engage an Outside Expert Like MetrixData 360

MetrixData360 has the experience, know-how and proven ability to speak the language of the software vendor to represent your interest in the most effective way possible. We can ensure you do not overpay millions of dollars just to settle a Microsoft License Audit. Our goal is to make sure you only pay the vendors what you owe them.

We will also free up your time and resources. Let the MetrixData360 team of experts guide you to manage the audit process to achieve the best results, for you! For more information, check out our Software Audit Defense and Self Assessment.