If you have not noticed with their latest Office 2017 release, Microsoft is pushing the cloud big time. They want both consumer and business customers on their Office 365 services. By paying a small monthly fee per user, companies get access to all new features as soon as they come out and avoid the large capital expense of having to pay hundreds per license for operating system and software licensing. They have been pushing it so much that we have noticed a lot of businesses have been getting audited by Microsoft with regard to their software licensing lately. Whether or not the increase in audits is related to their cloud move, it is important that you take some steps to avoid issues. While this is potentially problematic if you or your IT provider have not set up or monitored your licensing properly, with the right guidance the Microsoft SAM assessment does not have to be scary. We have compiled a list of things that you need to know in order to prepare for a Microsoft software audit.
Looking for Help with your Microsoft SAM Audit? Click here.
- It is not a scam.
While we have talked about phishing scams before and many companies are getting smarter about answering strange inquiries, if you get notices from Microsoft asking about your licensing – you need to take immediate action. Ignoring their notices will cause serious issues, potential legal action and more than $100,000 in fines. Take it seriously and be prompt and calculated in your response.
- Get help.
Reach out to your IT provider and get a good understanding of exactly what you paid for. You will want to make sure that you have a license for each workstation, and gather all the licensing information for Microsoft to review. Make sure that your provider actually gave you the licensing that you paid for – as it is a common issue for a dishonest provider to pay for a single license and charge for multiple licenses while installing the single license on all workstations. Keep all project proposals and receipts and request copies of licensing whenever a provider executes a new project.
- Be thorough.
Do not skip steps or do anything haphazardly. This will only prolong the process and make things more difficult. Account for every piece of software requested and fill out the forms provided by Microsoft to ensure that your self-audit is completely properly. Be honest. Some actually consider the SAM approach to be helpful because Microsoft often offers up new licensing agreements and deals to help bring companies into compliance. The more you work with Microsoft, the better off you will be from a financial and compliance perspective.
- Know what comes next.
If you are not cooperative with the SAM audit, Microsoft will issue an LLC. While the SAM audit is voluntary, the LLC audit is not and often means that you are being accused of software piracy. If this happens, you will want to contact an attorney, as the penalties allowed by law are up to $150,000 per title infringement, which is enough to take down a small business.
- Have a remediation plan in place.
When you find issues with your licensing, be sure that you put a plan in writing for how you are going to remediate it. Buy the licensing that you do not already have or remove the workstations where a license has been installed twice. The more honest and direct you are in fixing the issues, the more likely Microsoft will be to help you fix the issues rather than taking legal action.
As more businesses move over to the cloud and the largest providers make an attempt to push customers the same way – it is important that you consider the type of licensing that you will be purchasing from Microsoft in the future. Is a one-time capital expenditure with limited access to feature updates and paying for new versions going to work for your business or do you prefer to have access to the latest technology? You will want to weigh these options as you move forward with your audit so that you purchase the right licensing for your business and remain in compliance if or when you are approached with a Microsoft SAM Audit.
SAM Microsoft Software Assesment Management
BSA Audit - Business Software Alliance Audit
The BSA conducts all of its audits based on tip-offs from individuals, Blank says, and the organization recently sweetened the pot for tipsters by offering rewards of "up to" $1 million for reporting licensing violations.
It's not always the BSA that requests -- or seems to request -- an audit, though. Vendors sometimes send their own letters independent of the BSA -- and those letters can be a bit tricky, possibly even completely misleading. Sometimes, a letter from a vendor sounds like a threat when, in fact, it's just a hard sell to upgrade.
"I received [a letter] several years ago from an over-eager employee at Microsoft advising me that I might be in violation of license agreements," Redmond reader Jim reports. "The letter was from the legal department, as I recall, and seemed to be more of a threat than what it later turned out to be -- a marketing solicitation to upgrade Office products we owned. Talk about misleading and hea vy-handed ..."
It's usually the BSA that makes contact, though, especially with smaller businesses, licensing guru Scott Braden says: "The smaller you go, the more likely it's going to be the BSA," says Braden, senior vice president of distributed desktop services at NET(net) Inc. in Dallas, Texas. "The larger the [customer], the more likely it is to be the supplier."
For Redmond reader Marvin, the letter came from the BSA -- but the organization fudged Microsoft's involvement with the audit, Marvin claims. "At the time, I was an IT manager responsible for software licensing, desktop and server support, etc.," Marvin reports. "I opened the daily mail to find a letter from the Business Software Alliance indicating that they wanted me to call them to schedule a visit for a software audit. They stated that they were working as a partner with Microsoft, and were interested in helping our organization ensure that we were handling our licenses correctly.
"I visited the BSA Web site and checked some legal references to confirm that I was correct -- that [the BSA is] not a government investigative organization, but is nothing more than a private company, which does indeed demand rights to audit other companies under threat of blackmail.
"I took the letter to [my company's] attorney. I advised him that we were and had been purchasing our software under Microsoft's Volume Licensing Agreement, and that we had just completed an audit with the Microsoft licensing team's assistance. I provided Microsoft's report of the findings and included a copy of the recently signed purchase agreement, which bought a certain number of licenses, to correct any deficiencies listed in the report. I also provided a memo for record from Microsoft, which stated that the BSA was not, in fact, acting for them, or on their behalf. I strongly recommended that we 'deny BSA an opportunity to help,' and that we assert our right to immunity from search absent any legal justification. [Our attorney] so advised them and told them to come back when they had a warrant. We never heard another word."
Save 70% Replacing G Suite, Basecamp, Office 365