How to Negotiate a Microsoft SPLA Audit

How to Negotiate a Microsoft SPLA Audit

If your company has received an Microsoft SPLA Audit , there are a few things you can do to avoid a negative outcome. Read on to learn more about Microsoft’s SPLA Audit triggers, how to negotiate with the auditors, and more. There are some common mistakes that you must avoid to avoid a negative outcome in your SPLA Audit. After reading this article, you’ll be well-equipped to negotiate with a Microsoft auditor.

Microsoft SPLA Audit triggers

Understanding the triggers for a Microsoft SPLA Audit is essential for successful license compliance. As you’ll see, the SPLA requires accurate data, and many service providers tend to overstate usage, while others understate. Sometimes, service providers give Microsoft information that’s irrelevant to their services, and they’ll turn down your request. Despite your best efforts, this may be difficult. Even worse, it can take months to convince Microsoft that this information is irrelevant. The truth is, you can’t really hide information from the audit.

The triggers for Microsoft SPLA audits depend on the type of license your organization has, and whether you’re subject to a previous audit. The audit methodology includes high SPLA run rates and significant findings from a previous audit. In some cases, the audit is triggered by random selection criteria, such as irregular reporting, a high monthly variance, or the need to meet a certain number of audits per year. In either case, you’ll receive an audit notification and a settlement letter.

Generally speaking, the SPLA audit is an expensive process, so preparing for one is crucial. Microsoft appoints an auditor who is responsible for determining your SPLA audit exposure. This person will choose the tools and processes necessary to conduct an audit. Generally, an audit will occur in the third year, and you should expect a follow-up check within two or three years. The first step in preparation for an audit is to understand your license rights and contractual obligations.

Microsoft SPLA audit process

If you’re about to undergo a Microsoft SPLA audit, there are some key steps you should take to ensure compliance. First of all, ensure your contract with Microsoft allows the company to conduct audits. If you haven’t yet signed one, contact Microsoft to find out more about this process. You may be surprised to know that Microsoft can audit you even after you’ve decommissioned the equipment. During this time, it’s a good idea to take a snapshot of all equipment, which will provide an audit trail for Microsoft.

Another crucial step in the SPLA audit process is ensuring that the data you provide is accurate. Service providers often overstate their usage or understate it. Sometimes, they hand over information that is not actually part of the agreement. Microsoft may not accept such information and convincing them otherwise can take a considerable amount of time. In addition, the information you provide cannot be ‘unseen’ – it must be visible and correct.

Microsoft license agreements allow for audits if a company uses more than the permitted number of licenses. To accomplish this, Microsoft designates third-party firms to collect data about each user’s use and prepare reports comparing it to the audited data. The reports are then reviewed by Microsoft. Depending on the results of the audit, a company may be liable for supplemental license orders totaling millions of dollars.

How to negotiate SPLA audit

If you are a Microsoft customer, you are probably wondering: How do I negotiate an SPLA audit? Well, it’s actually quite simple: make sure that you keep your records clean. This is essential as the auditors will go over the data that you’ve collected to come up with accurate numbers. It’s also a good idea to store all the data that you’ve collected so you can review them at any time. After all, you don’t want to have to deal with them again for the next few months, so if you want to keep your data clean, you need to keep it up to date.

The first step in the process is to notify your SPLA service provider. This can be done in two ways: in a physical letter or via email. The LCC will need to see your historical data in order to assess whether your usage is within the legal parameters. If you are not, you can request that the auditors perform a partial audit. In such a case, the LCC will need to send you an email that lets you know that they’re conducting the audit.

While you can attempt to negotiate an SPLA audit, you should be prepared to face the fact that Microsoft is extremely aggressive in its licensing policy. Overpayments can easily lead to surprises when it comes to your licensing fees. Unless you can prove that you’re overpaying for the licenses, Microsoft will likely refuse to give you any credit. After all, SPLA is expensive compared to Volume Licensing and is not the best option for every organization.

How to Understand Microsoft SPLA: Everything You Need to Know

SPLA Hosting and CSP


Microsoft SPLA, which stands for “Services Provider License Agreement,” is a program for service providers and independent software vendors to get licenses. It gives them the right to use Microsoft software to host and send their apps. SPLA can be hard to understand, so we’ll break it down and tell you what you need to know.

First, we will talk about what Microsoft SPLA is and how it works. Then, we’ll talk about the benefits for both providers and end-users. We will talk about the options and models for licensing. The last thing we’ll do is answer some common questions about SPLA licensing.

This article is a guide for both people who offer services and people who use them. It was changed to reflect the new rules that went into effect in October 2022.

With SPLA, you can use a pay-as-you-go model to sell Microsoft products. It means that your customers can pay you on a monthly basis to use software. And you don’t have to buy licenses ahead of time.

What is an SPLA license?

Service providers offer hosting and other services for money by using Microsoft SPLA licenses. From the point of view of licensing, the licensee is the provider. Microsoft and the provider are the ones who signed the licensing agreement. Customers rent services from the provider and pay service fees.

No traditional “entitlement”
When you buy software licenses for internal use, you must first buy the licenses you need. But SPLA has no quantifiable “entitlement”.

Providers can set up as many instances as they need to offer their services. For the same reason, they can also make as many user accounts as they need. Then, at the end of every month, providers must tell Microsoft what the high watermark was. They do it through the SPLA resellers they have.

License terms for end users
So, the main licensee is the provider. But it’s not true that end customers have no licensing responsibilities.

SPLA terms say that each end customer and each provider must sign a contract. When services are bought online, like on AWS or Azure, there is still a public offer that customers must accept when they sign up.

Even though there isn’t a traditional “right” of the end user, there are still licensing terms and conditions for end customers.

Should I use SPLA?
If you’re a provider or independent software vendor with a SaaS solution, and you need Microsoft software for hosting, you don’t have much of a choice. This is especially true when hosting is shared.

With the exception of Self-hosted applications, service providers are not allowed to host Microsoft products licensed under a standard Volume licensing agreement. If you want to use Microsoft products in your services, you must sign up for SPLA.

If you are an end customer, on the other hand, SPLA is a great way to add to your licensing portfolio. Still, you only need to use SPLA in a few situations.

When you rent basic Windows Server virtual machines and don’t “bring your own licenses,” SPLA licenses will only show up as line items on your monthly bill. You won’t have to manage licenses like you normally would.

When you give people who work from home access to desktop applications from outside the office, that’s when things get really complicated. If you want to do it, you or the people you hire must learn how SPLA licensing per user works. Start with the licensing for Remote Desktop Services.

How does Services Provider License Agreement work?


Under SPLA, service providers agree to pay Microsoft every month for the right to use the software. In exchange, Microsoft lets the service provider host their apps and send them to customers.

Hosting only, you can’t sell it on.
The Service Provider License Agreement says that the licenses can’t be sold again. You are only allowed to use them to offer “software services.”


Reporting on Microsoft’s SPLA license

Every month, every service provider must report how many SPLA licenses their customers are using. They must also write down how to reach the customer. But it is only needed for customers who pay monthly license fees of more than $1000. SPLA reporting is done through an SPLA reseller who is authorized to do so. And the way each reseller does it may be different.

License Terms for End-Users
End-users (customers of service providers) do not get software licenses in the usual way. But the service provider must make sure that End-User License Terms have been agreed to by all clients. As part of the SPLA contract, Microsoft gives you the EULT template.

Billing of final customers
SPLA does not have rules about how end clients are billed. How the service provider bills the customer is up to them. Most of the time, customers get a monthly bill based on the services they used.

What do providers get out of Microsoft SPLA?


Microsoft SPLA licenses offer a lot of freedom
SPLA lets you choose how to license Microsoft products in a few different ways. For instance, you can choose to license Microsoft SQL Server by the number of users or by the number of cores. This makes it easier for providers to offer services that are customized to meet the needs of each customer.

Also, since the number of SPLA licenses is counted at the end of each month, you can switch to a cheaper licensing model each month. It’s a great way to cut down on SPLA licensing costs, but you need to have mature SPLA governance processes in place for it to work.

No promise right away
With SPLA, service providers only pay for the licenses that their customers actually use. There are no costs to get started, and there are no long-term commitments.

There is, however, a rule that you have to report at least $100 per month in use.

Making licenses easier
When compared to typical Microsoft licensing agreements, SPLA licensing is easier to understand.

For instance, Microsoft Windows Server usually needs a server license and an access license for each user or device. In SPLA, you don’t need Windows Server access licenses. Rules and formulas for licensing other Microsoft products are also less complicated than, say, in the Microsoft Enterprise Agreement.

The simplified rules will also help your customers, of course.

We need to add a caveat: that simplicity stops when you let your end users bring their own licenses. Then you’ll have to deal with both SPLA and non-SPLA licensing models. Make sure you know both and can tell them apart.

Getting your channel set up
The terms of the SPLA agreement let you build a mature partner channel and even encourage you to do so. It makes it easier to reach new markets and opens up new ways to make money.

SPLA sets out the rules for two different kinds of partnerships:

Software Services Resellers resell the services to end customers.

Data Center Providers. Your infrastructure could be used by other SPLA providers to help them serve their clients. You can also host your clients’ virtual machines in the data centers of other providers or even on Microsoft Azure.

The most important thing about the SPLA is that it lets you work with partners. Please keep in mind that Microsoft will hold you accountable for some of your partners’ compliance.

SPLA members who sell software services
By using the newest software
With SPLA, you can use the newest Microsoft products. It means that you can give your customers the newest features and technologies.

What benefits does SPLA have for the end customer?


Cloud migration
SPLA is one of the options you have if the cloud is part of your IT plan.

Managing licenses has been made easier.
There are no licenses in the way most people think of them. SPLA is a service that you use.

OPEX versus CAPEX
From a financial standpoint, you would think of it as OPEX, or service fees.

Business flexibility
Along with the monthly option in Microsoft CSP, SPLA may be the only truly flexible way to buy Microsoft licenses. You only pay for what you use in a calendar month.

You can also switch between the different licensing models every month if your needs change.

For example, you might decide to license SQL Server Standard per user until your user base grows, and then switch to the per-core model with unlimited users when you need to. For that, you won’t have to buy new licenses. But don’t forget to tell your provider before the beginning of the next month.

Safety and staying up-to-date
Since you can always use the latest versions of software, IT security is less of a problem. Your bill won’t change if you switch to a new version.

When you upgrade a server virtual machine, you don’t have to upgrade Subscriber Access Licenses. This is a less obvious benefit. SALs always have the most up-to-date version.

Help from the provider
Under the terms of the SPLA program, Service Providers must offer technical support. That means you only need to talk to one person about all your Microsoft needs.

How SPLA’s prices are set
The SPLA resellers give the price lists to the providers. They might be able to get a discount. It doesn’t happen very often, but it has happened before.

No one can see the SPLA price list. Only the provider and their reseller know about it.

Microsoft has no control over the prices or bills that end customers have to pay. The provider decides how much the end customer pays for a Windows Server virtual machine or a SQL Server instance. No rules or limits apply.

Models for licensing in the SPLA
In SPLA, there are eight ways to get a license. It may seem like too many, but most of them can be put into two groups: “per processor core” and “per user.”

Licenses based on the number of processors or cores
In these licensing models, there are products like:

  • SQL Server (all editions)
  • BizTalk
  • System Center (server management)
  • Server Windows
  • SharePoint (for public websites only) (for public websites only)

The main advantage of these models is that anyone can use them. Also, unlike Volume Licensing, most of these products don’t need access licenses, so you only pay for the processors or processor cores you use.

Per-user licensing models
SPLA products that are licensed per user or, less often, per device are:

  • Services for remote computers (RDS)
  • Office by Microsoft
  • Visio
  • Project
  • Visual Studio
  • System Center (client management)
  • SQL Server Standard (only this edition)

The main benefit of per-user licensing is that you can use the software as many times as you want. For most licensed products, one Subscriber Access License (SAL) is needed for each user.

The risk of per-user licensing models is that you can’t keep track of how many people can use the software. SPLA needs a SAL for each person who is allowed to use it. It means you have to pay for every person who could use the software, even if they don’t.

We encourage all clients, whether they are service providers or end customers, to stick to strict, regular procedures. Every month, make sure that only the people who need to use the software can do so. Avoid giving groups like “Domain Users,” “Authenticated Users,” and “leavers” full access to a service or software that is licensed per user.

Service providers must follow the SPLA.
In the Services Provider License Agreement, there are several obligations that must be met. Here is a list of a few.

Services for software
SPLA licenses can only be given out with software services. You can’t sell them again or give them away without providing services.

Reports from SPLA
Microsoft needs to know every month how many licenses you’ve used. You must also give information about every client who spends more than $1,000 per month.

You must also give Microsoft all the information about your Software Services Resellers and Datacenter partners when they ask.

License terms for end users
All of your client contracts must have terms about the license for the end user. If your agreement is accepted online, you must make sure that when your clients order your services, they agree to the end-user license terms.

If you sell your service through Software Services Resellers, make sure that all of your channel partner contracts include the EULT obligations.

License mobility
In the case of SPLA, there are two kinds of License Mobility:

License Mobility is a feature of Server Farm for SPLA licenses, which are the responsibility of the provider. This right comes with all SPLA licenses, so it’s not something to worry about.

With Software Assurance, licenses can be moved around. This licensing right applies to the Volume Licenses with Active Software Assurance that your end clients may be able to bring to your data centers.

Before October 2022, if you let your customers use their licenses on shared hardware, you had to sign an addendum to the SPLA called “License Mobility.” You also had to make sure that your customers sent Microsoft their License Verification Forms.

Even though the License Mobility partnership won’t be needed for BYOL after October 2022, you should still keep track of all License Verification Forms. In the unfortunate case of an SPLA audit, in which Microsoft checks the compliance of providers, you may be asked to give the auditor old License Verification Forms. Also, starting in October 2022, licenses that are brought to your data centers through the Flexible Virtualisation Benefit must also go through the License Verification process.

Apps for Windows 11 and Microsoft 365 are hosted there.
Before October 2022, if you wanted to host Windows 11 and Microsoft 365 apps with Shared Computer Activation on multi-tenant servers, you had to sign a QMTH Amendment. “Qualified Multi-Tenant Hosting” is what QMTH stands for.

It is no longer required after October 2022. Any Authorised Outsourcer can host apps for Windows 11 and Microsoft 365. (any hosting provider except AWS, GCP, Azure, and Alibaba).

Please note that you can’t use your licenses on hardware that is dedicated to you or that is shared with other people. If a client doesn’t have a license for Office 365 or Windows 11, you must first sell them the licenses or send them to an authorized reseller.

Paying back debts
You must provide technical support to your clients.

If you have Microsoft Premier Support for Partners, you can send your clients’ support tickets to Microsoft. Don’t confuse this with Microsoft support packages for end users.

Compliance audits
You have to answer a letter about an audit and follow the SPLA audit rules.


Audits of Microsoft SPLA


Service providers are regularly checked by Microsoft. The Service Provider License Agreement and the Microsoft Business and Services Agreement both spell out the rules for the audit.

At the start of a Microsoft SPLA audit, the company chooses an independent auditor, usually one of the “Big-four”: KPMG, Deloitte, PwC, or EY.

A notice letter is the first step in every audit. It gives you 30 days to answer. We don’t think you should ignore the letter. Always answer it quickly and in a professional way.

The auditors will ask you for snapshots of your hosting data and any other records that are relevant. They will use the data to estimate, and often extrapolate, a position, which they will then figure out for each month in scope. Most of the time, the SPLA audit looks at your last three years, but sometimes it goes back even further.

If you don’t follow the rules by more than 5%, Microsoft will send you a bill for all the licenses you didn’t report at their current price plus a 25% penalty. You will also have to pay for the auditor’s fees.

Most of the time, you’ll be able to negotiate the payment terms and schedule, as well as the bill itself. It’s best to have a skilled negotiator on your side who knows a lot about SPLA and Microsoft business.

Here, you can find out more about a Microsoft SPLA audit, including a detailed step-by-step process, actionable tips, audit readiness, and defense.

SPLA rules must be followed.
Service providers need to have strong, consistent, and near-real-time processes, tools, and people to manage SPLA license compliance.

If you make a mistake when reporting, you only have a short time to fix it. After that, you can’t make any changes, and all mistakes add up to penalties in future audits.

Governance in the SPLA must be mature at least in the following ways:

Having the right tools and procedures to calculate SPLA license usage accurately at least once a month. The best thing to do would be to figure it out every day.

Keeping a full and accurate record of all changes, such as client onboarding, server deployment dates, maintenance periods, and disaster recovery events, among other things.

Checking, managing, and storing License Verification forms for clients’ clients brought to your multi-tenant infrastructure. Even after October 2022, we still suggest putting away old License Verification forms.

Regular self-audits.

License and hosting terms for SPLA
Service Providers with hosting setups that are complicated have to deal with the most complicated set of Microsoft licensing terms and conditions. Here are the terms that are important:

The Microsoft Business and Services Agreement (MBSA) lays out the basic rules for using Microsoft licenses. There is an MBSA for each SPLA. There is no online version of MBSA. To find your copy, you must look through your archives or call your SPLA reseller. Please keep in mind that Microsoft often changes MBSA, so you need to find the document that you signed. You might have different rules.

The Services Provider License Agreement (SPLA) spells out all of the licensing rules for hosting and SaaS, except for how Microsoft products are licensed. In addition to the main terms and conditions, there are also instructions for Evaluation, Disaster Recovery, discounts for administrators, and more. SPLA is not online, just like MBSA. To find your copy, you must look through your archives or call your SPLA reseller. Microsoft makes changes to SPLA often, so you need to find your text.

Service Provider Use Rights (SPUR) is a website that helps SPLA license Microsoft products.

The Microsoft Product Terms list the rules for licensing customer licenses that are used in your data center. It has rules for both Volume licenses and CSP licenses.

There are also OEM and ISV products that make your estate more complicated if you add them.

Yes. You have to learn everything and know when to use SPUR or Product Terms.

ISVs who host their Software-as-a-Service applications on the web are in a much better position. It’s not hard to do pure SPLA without BYOL.

Questions about SPLA that people often ask


Can you use SPLA licenses in Azure?


Service Providers can use Azure as a Data Center Provider and use SPLA licenses to deploy their customers’ virtual machines and workloads to Azure. But it’s only allowed for “DCP eligible” products and licenses.

To bring SPLA licenses to Azure, a customer must work with a service provider that has an SPLA agreement. Remember that SPLA licenses can’t be resold. They can only be given out in exchange for services.

Can providers use their licenses that last forever to host?


There is one time when hosting companies can use their volume licenses. “Self-hosting” is the right to do this. It can only be used to host a Software-as-a-Service solution on your own server. And it has a lot of rules.

Here are just a few of the rules:

Self-hosting must be possible with Microsoft products.

You have to own the intellectual property rights to the “unified solution” (the term that Microsoft uses). Basically, it has to be a Software-as-a-Service that was made by your team or contractors who work for hire.

You can’t give people direct access to the Microsoft software that your “unified solution” is built on. They should only interact with your app.

And I could go on.

As you can see, most ways of hosting do not fit the definition of “self-hosting.”

Using volume licenses from Microsoft to host (self-hosting)


Can users bring their licenses to an infrastructure that other people use?


Yes, but only if they have active Software Assurance licenses or subscription licenses (SA).

From October 2022 on, the Flexible Virtualization Benefit will let you use Microsoft BYOL (Bring Your Own License).

If you want to give your licenses to a service provider and the hardware is not just for you (“public cloud”), you must do the following:

Make sure that the licenses are either active subscriptions or licenses with active Software Assurance.

Fill out a Microsoft License Verification Form and send it to them.

Send your form to the provider once Microsoft has signed it.

If you offer services, you will no longer have to sign a License Mobility Addendum or a QMTH Amendment after October 2022. You can host the licenses of your end clients as long as they follow the rules above.

Can users bring their licenses to an infrastructure that’s set aside for them?


Sure, they could. When the hardware is dedicated to a single end-user, that user can assign almost any volume or CSP license.

Also, dedicated hardware makes it possible to mix and match SPLA, volume, and CSP licenses in almost any way.

Importantly, we tell all of our client-providers to make sure that end-users have a written contract with them that spells out their licensing responsibilities in detail. In the event of an audit, a provider may be asked to show proof of end-user licenses, even if the hardware is dedicated.

Can a client get an SPLA license to use on-premises?


It depends.

Yes, a provider may deploy SPLA licences on customer premises.

No, you can’t give them to a customer. Licenses can only be given by the provider as part of a fully managed solution. It has to stay in the hands of the provider for administrative purposes. Aside from that, the client can only use the solution as a consumer.

Does Software Assurance come with Microsoft SPLA?


There is no need for Software Assurance with SPLA licenses. Version upgrades are built into them, so clients always have access to the latest versions.

There are also license mobility rights for providers, so providers don’t have to worry about putting Microsoft software in virtual clusters.

Can the provider use SPLA licenses for its own business?

Yes, as long as all of the following are true:

Provider puts this use on its monthly report of how it’s being used and pays for it;

Each month, Provider’s use of these Products is less than 50% of the total use of these Products by all of its End Users. This is calculated by Product.

What is SPUR? Where can I find SPUR to download?


Service Provider Use Rights is what SPUR stands for. It is the official Microsoft SPLA licensing guide in its entirety. You can find it here.

If you have recieved an letter for an upcoming Microsoft SPLA audit – contact us to get expert help.