Your business is doing great, your sellers and customers are happy, you are making money instead of spending money, when out of the blue….BAM…you receive an audit letter. Sound familiar?
So what do you do? Your first reaction is panic. Your second reaction is to call a lawyer. Your third reaction is to blame your reseller. I think that about sums it up. If you disagree, I’m not 100% sure you are being truthful with yourself. If you do agree, I also think you are making a HUGE mistake. Sounds a little odd doesn’t it?
First thing you need to understand is it’s not your fault. It’s not as if you are purposely trying to be out of compliant. Microsoft knows this as well. SPLA is a difficult program and very hard to understand. As I pointed out in the “About” section of this blog, there is little information written about the SPLA program leaving service providers vulnerable. The SPUR? Forget about it. That’s why I created this blog in the first place.
I think that is why SPLA customers call a lawyer to help guide them. This may help you sleep at night, but is it REALLY helping? I will let you determine that after the dust settles.
What does happen during an audit? I don’t care if this is the first step or fourth step but at some point you will have to collect data. Data that PROVES the reason you reported the way you did. One of the biggest mistakes a SPLA provider can make is not reporting indirect access. Again, not your fault. Who has any idea of what “indirect” really means? Think of indirect as Microsoft software that is used to run your other applications that you market to your customers. You have an application that you developed that reports back to SQL using Excel. Users have no idea they are using SQL, all they know is the application they use. But since SQL is part of your hosted solution…it must be reported. Make sense? That’s also why Windows will always need to be reported. Try running Exchange without a Windows OS. Not going to happen.
Data can also mean the licenses that your customers own that they bring over to your environment. How do you know who owns what? Are there enough CAL’s? One of the arguments service providers make is they can go after their customers if being audited. There’s an easy conversation right? Remember, you want to keep customers not lose them.
Some service providers have learned that their end customers install software on VM’s without informing them. How do you know what is actually being installed? So take a look at your datacenter; are your customers installing software you don’t know about? Collecting this information after the fact is a difficult process. This leaves auditors with no choice but to make a best guess. Best guesses can cost you significantly.
So after all this data is analyzed by the audit team, it is then delivered to Microsoft. That’s when you present your case. They will take things into consideration, but understand that if you are missing information, it makes your argument that much more difficult. Don’t blame your reseller, that doesn’t work. Don’t rely on a lawyer, that doesn’t always work either. Educate yourself. That’s the best advice I can provide. Just by taking the time to read this I think you are on the right path.
Happy to walk you through the process in greater detail. I am one of the few that actually gets it. My email is at the top righthand side of this page.