On this page you will learn about:

- The history of MS audits

- Audits for all sizes

- Fines and penalties

- The process of selection

- What happens next

Microsoft do not like anyone using the word 'audit' due to possible negative connotations.

Microsoft UK have been ‘reviewing’ customers for years.  It began in the enterprise space at the top of the pile and has slowly spread down the pyramid so that today Microsoft have ways of contacting any size of organisation.

Please note - We can only speak for Microsoft UK as that is where we have had experience.  But if it can happen in the UK it can happen anywhere that there is reasonable justification to review customers.

If you have any specific knowledge of Microsoft's approach in other countries then please let us know - Contact the source

Small to Mid size organisations
Apparently Microsoft UK have used telephone-based teams to call small to mid size organisations (up to 500 PC’s) offering ‘help’ in software asset management.

If this happens to you, there will be a request to declare a licence position for all Microsoft software.

There have also been 'initiatives' where Microsoft funded third party consultants to come in to 'help' you gather information.  The selection of who gets approached can be random, the idea being that rather than looking at purchasing patterns, go in and check anyway as there will usually always be one problem or another.

We have heard of customer organisations of as small as 10 PC's being visited, so it could happen to anyone at any time.

At this level, the focus is on looking for the presence of counterfeit product - See Buy genuine software to avoid this problem.

Mid to large organisations
For mid to large sized organisations (500 + PC’s) Microsoft UK fund third party 'SAM Partners' to conduct a licence review as a 'trusted intermediary' - see our notes of partners and their relationship with publishers

The outcome of a review is always to establish the licence position for all Microsoft products.

Fines and Penalties
We are not aware of any fines or penalties that have ever been levied against Review subjects, other than the required purchase (at the price set by existing licence agreements) of extra licences when the Review is complete and a shortfall has been shown.

What you need to know
Whichever way you look at it there are a number of factors you should be aware of.

If Microsoft feel that there is good reason to ask your organisation a question regarding your licence position then they will, sooner or later. 

The process Microsoft use to decide who they approach is a little inaccurate but often turns up results (for them) - more below.

Once your organisation is identified as worth approaching, they will.

From this point onwards, it is very unlikely they will ever go away until two pieces of information are established:
  • How many Microsoft licences does your organisation own?
  • How much Microsoft software is deployed (installed/available) on your network?

If you cannot answer these two questions, then they will pursue them for you.

The process of selection
Step 1 - Microsoft will build a profile of your organisation taking information from a variety of sources, for example your website, companies house, industry information sources etc.

From here they will know approximately how many employees, offices, sites etc there are in your organisation. 

From knowing this, they can make some assumptions about the ratio between employees, the likely number of computers and so the software to expect.

For example, a construction or manufacturing company would probably have a significant proportion of workers that do not use a computer.  Most other organisations will have a ratio of close to 1 to 1.

Step 2 - Clearly at this point Microsoft don't yet know what software you have installed or have made available to your users, but they do know how many software licences they think your organisation has purchased over the years.

They run something called a Microsoft Licence Statement (used to be the CLARET report).  This report searches on all volume agreement purchases that have ever been made under your organisation's name or names associated with it with Microsoft.

Much of the profile work they do at the beginning is to establish the list of organisational names associated with your organisation.  Once they are satisfied this is as good as it can be, they run the report.

Step 3 - From the organisational data they have gathered, they will assume a 1 to 1 ratio with many of their products, for example Office.

Now they know how many employees there are they will assume.....

If there are 1000 employees, then on a 1 to 1 ratio they would expect to see the following number of licences in your CLARET report:
  • Office licences of all types = at least 1000
  • Windows CAL’s = 1000
  • Exchange CAL’s = 1000 – if Exchange is purchased at all

They will also look for certain ratio's with other products:
  • Visio = 150 (15%)
  • Project = 100 (10%)
  • Windows Servers = with 1000 employees - 30 to 50 minimum

At this stage it is still a relatively arbitrary set of assumptions for various reasons:
  • The list of names associated with your organisation hasn’t been checked by you - some could be missing
  • The list of licence agreements hasn't been checked, usually there are missing agreements
  • It has not been confirmed that there should be a 1 to 1 ratio between employees and machines
  • The MS Licence Statement does not include OEM and FPP (boxed software) licences, only volume agreements such as Open, Select and Enterprise
But it gives them an idea of purchasing patterns and it literally takes 3 minutes with a Licence Statement to spot areas of possible licence shortfalls.

And if they can see an obvious area of weakness they will make enquiries.  Experience says that one area of weakness is a good sign of many weaknesses.

We discuss all of this in further detail along with ways to handle such an approach so that risks are mitigated in our How to do SAM section - A Microsoft audit

What happens next?

Someone will give your organisation a call and either request a statement of your Microsoft licence position or a meeting.

Once this process is begun, we cannot emphasise enough that it will not go away, you must engage with the process and manage it as best you can.

For advice on how to handle A Microsoft audit...

How good is the Licence Statement information?
Microsoft is one of the few software publishers that can report on all your organisation’s licence purchases.

It would amaze you, or perhaps it wouldn’t, just how incapable most publishers are of knowing how many licences their customer have purchased.

Microsoft actually keep good records, but the system does rely on human intervention and that does lead to mistakes or gaps over the years.

For further explanation on how to handle A Microsoft audit...

For our take on Oracle audits read on...