Microsoft-Audits

Ever get an email from Microsoft saying they want to check your software licenses?

If you’re a medium-sized business, you might. Commit100 has helped enough clients handle Microsoft audits to know that this is a fact of life.

Individuals and small businesses are not typically audited for using legitimate Microsoft software, but large and medium-sized businesses are checked all the time. After all, that is where most of Microsoft’s revenue comes from.

So what do you need to know about a license audit by Microsoft?

First, Microsoft asks you to fill in a “Deployment Summary” (see an older version of this document here), indicating how many instances of Microsoft products you have installed in your environment. This document covers pretty much all Microsoft products that still remain relevant today – desktop and server operating systems, Office products (all the way down to Office XP), SharePoint, products like SQL server and developer tools like Visual studio, and even Dynamics CRM. They specifically ask for “the quantity of each version of software currently installed/in use within your company”. For server-based products, they also ask about CALs (client access licenses).

Does this include the software that is still installed on old computers (no longer in use), but has been installed on new computers under the same license? That is a gray area, so use your best judgement to decide.

How to be prepared for a Microsoft license audit?

It is obviously in your best interests to be prepared for an audit. The best, and priceless, thing it gives you – peace of mind, and may also save you some money.

The information you need to be prepared for a Microsoft audit is:

  • How many of their products you have installed, and where.
  • All proof of licenses (COA stickers, paper certificates, BIOS keys, etc.) and anything that can act as proof of purchase, preferably in one place (for example, a master license spreadsheet).

How to gather required information?

To do an audit of your environment, you will definitely need a PC audit software. There are many good programs available, including freeware. A very simple and powerful tool that Commit100 has used for its clients is Belarc Advisor – it gives you data about the software installed on the machine, as well as hardware, which is useful information that can be a great basis for a full IT system audit. It will also give you the product keys for most of the software that is installed, but it doesn’t give you the full product keys for Office 2013 and onwards – only the last 5 characters of the key.

desktop_laptop_or_tablet

To gather the required information about what software is installed and where, run an audit report on the following:

  • all desktops and laptops (mobile devices may or may not be relevant);
  • all physical servers;
  • all virtual machines/virtual servers (note that some individual users may have local virtual machines);
  • Servers should have information about the number of CALs they have installed – this information will likely not be given by audit software, but you can check that in the Server Management console under “Licensing”.
  • Also take note of the number of clients accessing SQL databases and other server-based products (this will tell you how many CALs you actually need).

Centralize this information in a master document, summarizing all software and keys (yes, every key should be in that document – for you own sake) for every physical and virtual machine.

The next step is to gather information about all the licenses you actually purchased. This includes COAs (stickers that go on the physical box), invoices, paper certificates, etc. Get a clean picture of all the licenses you have proof of purchase for – this should go into the same master document.

The licenses installed vs. licenses purchased should match, but if they do not, you may get an idea as to how much software Microsoft will ask you to pay for.

What then?

After you have completed the deployment summary, send it off to Microsoft. There is typically a deadline established by Microsoft for this, but it’s not a “do or die” deadline, it’s something that can be discussed with Microsoft.

A small piece of advice from our experts at Commit100 – don’t underestimate the time you will need to fill out the deployment summary – the more time, the better. If you use it, of course.

What’s the worst that could happen?

Microsoft will ask you to pay for the licenses that are installed/in use, but which you did not purchase or have no proof of purchase for. If you are compliant, or compliant for the most part, then you should have no problems.

But this is not the end of a Microsoft audit. In future articles, we will discuss what else is involved in the audit after the deployment summary is sent back.

Useful links:

Microsoft Software Asset Management