RSS

Tag Archives: SPLA Audit

SPLA Partners: It’s time to be proactive

01 Apr

One of the issues with SPLA is that the program is very reactionary. You report in the arrears, you bill clients based on what they used previously, and no one cares about compliance until you receive an audit notification. It’s time to be proactive in this reactionary world.

With over 20 years of experience working with cloud providers in various capacities, one thing they all have in common is the challenges of licensing. For many organizations, they license the same thing month after month, without any data or understanding of why, solely for convenience. When you are audited, there is a typical 3-year lookback period. If you do not understand the licensing requirements, you will be charged a penalty for licenses not reported during that period. That tells me two things: 1) You are out of compliance and will owe a significant unbudgeted expense. 2) You are not charging your customers correctly, either.

For a moment, set aside the compliance risk and consider how long it takes your sales organization to close a deal. Most sales cycles are typically 3-6 months. You spent all that time, resources, and education to land that customer. Fast-forward 3 years, and all along, you have been charging them incorrectly. You are then faced with either telling the customer they owe for those licenses (which is unlikely, as the customer will likely just leave) or you are forced to absorb the costs. That’s why it’s crucial to be proactive before audit time. In addition, this is your opportunity to eliminate risk before it becomes a risk.

How do you become proactive? It’s important to understand what you have installed now. You can do this by running scripts. If you were audited in the past, most auditors provide this script; if not, I have one used for audit purposes that I can send to you. The tool/script is only one side of the story, though. You have to understand how to connect what is installed to the licensing rules. We perform this analysis by creating an Effective License Position (ELP) report. It will show what you should be reporting now and potentially what you would owe if audited based on your SPLA usage report. We can correct the mistakes now and provide education to your customers about their options if for whatever reason what they are doing does not meet the licensing rules (as an example, no software assurance).

What you need is not a tool, what you need is a SAM program to help you create processes and policies now rather than later. Think about this, if you are reporting 100k a month or 5k a month, don’t you want to ensure it is right?

Have a question about this or other topics or would like to review more, please email info@splalicensing.com Together, we can navigate the treacherous waters called Microsoft licensing.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on April 1, 2025 in Compliance

 

Tags: , , , , ,

What is the Purpose of Using AD Scripts?

14 Aug

Great question campers.  Glad you asked.  This is one of the most painstaking processes during an audit.  Not only do you have to run scripts, discover licensing gaps, and ensure all user groups are accounted for, you have to spend time collecting this information in which your team could be focusing on other projects.  So why do they go through this?

The bottom line is to ensure completeness and accuracy in reporting. For instance, let’s say you report ‘x’ number of servers for a particular customer, but there are additional servers in the domain that you should have reported and were responsible for.  Auditors use this output as a way to ensure they have all the servers.  The other reason is to discover user-based licensing products.  As an example, an auditor might discover a user group within AD has access to workloads you thought they did not have access.  Or maybe they discover AD is indeed restricted and you were reporting them anyway.  No, you won’t get a discount for over reporting, but at least you can correct future reporting.

Do AD scripts need to be run on each customer’s environment?  At a minimum, it needs to be run across all customer domains for which the hoster (who is going through the audit) is responsible.  If it’s the end-customers AD, and some servers are not your responsibility, then it’s not as critical – especially if RVTools would capture the in-scope machines.

It’s VERY important to have language in your agreement with your customers that explains when there are end-customer servers, the different licensing rules, and who is responsible for what.  I have witnessed hosters lose customers over this disagreement.   It is a lot easier to be upfront with your customer, so come audit time, you are prepared, and so is your customer. 

One last note: all the new licensing changes (flexible virtualization, mobility, CSP Hoster) have nothing to do with SPLA; it is all about end customers.  If you can help your end customers, be prepared; it will separate you from your competition.

Do you have a question, or are you going through an audit?  We can help you.  Email info@splalicensing.com to learn more.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on August 14, 2024 in Uncategorized

 

Tags: , , , , ,

SPLA Audits: Survival Guide

19 Sep
SPLA Audits: Survival Guide

Here’s an example of an unsuccessful audit and what this Company could have done differently. True story. Don’t waste a failure. 

Customer A

Background

The Company reports roughly 75,000 USD a month in SPLA revenue. At one point, it was almost double that amount, but over the years, they moved workloads away from SPLA and into Azure. Although their SPLA has decreased, their CSP spend has increased significantly.

Five years ago, Company A went through an audit. They owed a small amount of money but were not nearly as large as now. Most of their growth has come by the way of acquisitions. Last year, Company A received another audit notification.   They were not as worried about the audit because they expected the same outcome as the previous one. 

The Process

The CEO received an audit notification specifying the audit process. A kick-off meeting would outline the requirements and what information they (auditors) would need to complete the project. This was conducted by a third-party audit firm, not Microsoft directly. Once the kick-off meeting was completed, they would move on to the data collection phase. They ran a scan of their entire infrastructure using the MAP tool and produced a raw data report. Once received, the auditors will compare Company A’s past usage reports and what was discovered during the audit. Whatever the delta is, ultimately, is what they would owe. 

The Outcome

This process was completely different than the original audit several years ago. Company A worked directly with Microsoft, not an audit firm. It was easier and completed on time. This new audit took a long time to complete. More assets (Servers/VMs) to uncover resulted in a longer time to perform the analysis. The longer it dragged out, the more uncomfortable senior management became. The Board wanted to move past this audit quickly to budget for the upcoming fiscal year. The auditors obliged; they didn’t want to spend too much time on the audit either. So, the auditors delivered a settlement letter with the total amount owed. The CEO was shocked. They initially thought they might owe about a month’s worth of licensing, but they owe well into seven figures. Completely unbudgeted, heads were going to roll. They pleaded with Microsoft, but the only option was to inquire about financing. Company A settled at the direction of their Board. Audit complete.

What did Company A do right?

They were responsive to the auditor’s request. I think this is a good thing. You shouldn’t ignore them, and your response is always appreciated.

What did Company A do wrong?

Everything outside of being responsive. Here’s what they should have done differently.

They have worked on their timeline, not the auditors. Company A should have taken a deep breath to respond but not rushed into something they were unprepared for. They knew their licensing wasn’t 100% accurate. They should have performed their risk assessment to understand their exposure.

Hired a consultant such as SPLA Man. You need to interpret and translate the data into a SPLA licensing report. This is also a great way to identify software you may have installed but never turned off or removed access. It’s good to get this information before the kick-off call.

They barely negotiated. The best Company A came up with is financing. When you negotiate with a major publisher, they must keep the conversation sales-oriented. When you don’t, it becomes very black and white. The product terms are the product terms, and you can’t change them. But leverage what you do have. In this example, Company A has a lot of CSP spend, leverage that. They also moved workloads to Azure. Guess what’s a top priority at Microsoft? Yes, Azure. 

They need a go-forward strategy. Maybe find a tool such as Octopus. Cloud to help manage installations more efficiently. Find your risk before it becomes a risk.

The key thing to remember is not only did Company A have to spend seven figures on an audit, but it also tells me they are not charging their customers accurately either. That’s the more significant issue, in my opinion.

So there you have it. What am I missing? Have a question? Going through an audit? Email info@splaicensing.com, and we can help.

Thanks for reading,

SPLA Man

 
1 Comment

Posted by on September 19, 2023 in Uncategorized

 

Tags: , , , , , , , , , , , , ,

Why a SAM Practice is Important

15 Jun

I recently took some time off to spend with Mrs. SPLA Man and the kids when my 13 y/o son asked me, “Dad, why do service providers only have one person reporting SPLA usage to their reseller? Why would they report anything if they didn’t know it was right? After all, you wouldn’t even drive away from a fast-food drive-thru or pay for a new pair of shoes unless the order was right or the shoes fit! So why would an SPLA provider spend thousands (if not millions) of dollars each month when they don’t know if what they are ordering is right! And then Dad, they get audited and have to pay even more!”

I was never so proud of my son. Me and Mrs. SPLA Man certainly raised him right. That story about my son was a bit silly, but the moral of the story is accurate. Why do service providers spend so much money reporting usage if they do not know it’s right?

I think they know it’s not right, but they also think it’s not that far off either. How many of you who have gone through an audit said this prior; “We might be off a SAL or two, but in the end, we won’t owe much. After the audit, they find themselves owing millions of dollars. So much for being off a SAL or two! Here’s where I think service providers do themselves a disservice in not having a SAM practice/plan in place.

  1. They only have one person reporting usage. In most cases, a procurement person or office manager will email an engineer, and the engineer will send an excel report with what he/she believes should be reported. The office manager reports it to the reseller. The problem with this scenario is what happens if the office manager leaves? What happens to the relationship with the reseller? Does the engineer know they should license what is installed? A great example is Office Pro Plus/Std. Most engineers will install Office Pro Plus, forget about it, and report Office Standard. Don’t be that guy!
  2. You are reporting simply because it’s a requirement by Microsoft. Yes, reporting is a requirement, but reporting SPLA should be used as a tool to gain information inside your data center. What is installed? What do users HAVE access to? Are we reporting SQL Standard when we installed SQL Enterprise? We report SQL Web, but is it a public website we are hosting? Reporting SPLA usage should provide you with insight into how profitable you are per individual customer. If you get audited and find out you should be reporting SQL Enterprise (that’s what is installed), but you report SQL Standard; how easy is it to go back to your customer and ask for more money? You just lost the customer and lost out on all that additional revenue. Reporting is about business intelligence.
  3. Not have a tool in place or SAM practice. The two go hand in hand (SPLA tool and SAM practice). You can have a tool, but what good is it if you only use it to scan a small portion of your data center? Are you saying the other parts of your data center are licensed 100% accurately? You NEED a SAM practice – document licensing rights, document contracts with your customer, have a paper trail with your reseller, know pricing changes, and use the tool to collect the actual data. Don’t know a SPLA tool provider? Use Octopus Cloud They are the only tool provider designed specifically for multi-tenant environements with licensing intelligence built in specific to the SPUR. Yes, I do marketing for Octopus 🙂

In summary, I know spending money to invest in an SPLA tool or SAM practice doesn’t seem appealing (it’s kind of like buying new windows for your house. Wow! I spent a thousand dollars on a new window, but no one would ever know it besides you). The same can be true about a SAM practice. A SAM practice will not win you new customers, but here’s one thing I will promise, it won’t lose you customers either.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on June 15, 2021 in Uncategorized

 

Tags: , , , , , , ,

Answers to Your Cloud Licensing Questions

07 Nov

Will Azure be part of the SPLA program?

I wouldn’t think so and wouldn’t know how they could incorporate the two.  Azure is Microsoft hosted and SPLA is partnered.   Microsoft will want to keep SPLA and Azure separate.

Is Azure Stack part of SPLA?

Azure Stack by itself is not part of SPLA.  What’s part of SPLA is the Windows licenses.  As a service provider, you could deploy Azure Stack, pay the base consumption rate, and use Windows licensing with SPLA.  In fact, I think it’s less expensive to do it this way.

If my customer wants to use their own Windows license on Azure Stack, do they also require CAL’s?

Yes.  You need to pay attention to the Product Terms to ensure compliance.  As an example, volume licensing prohibits hosting.  You cannot install your own Windows licenses through volume licensing and host using Azure Stack.

Does Office 365 qualify for the SAL for SA product in SPLA?

The only Office 365 product that is eligible for SAL for SA is Skype.

Is SPLA pricing going up?

Yes and will not be decreasing anytime soon.

Since AWS offers dedicated hardware, could I transfer my customer’s license to their datacenter without Software Assurance?

Yes.  If its dedicated hardware Software Assurance is not required.

What about Azure?

No, you would need Software Assurance.

Will Microsoft finally allow MSDN to be licensed in my datacenter?

Probably not.  Although if you use Azure, MSDN is eligible to be transferred.

If I sell CSP through 2-Tier distributor, can I sign the QMTH addendum?

No.  You must be CSP 1 – Tier to qualify for QMTH.

Can I outsource support for certain software through CSP?

Yes.  You an resell the solutions you can support and leverage another partner for support for other products.

Thanks for reading,

SPLA Man

 

 

 

 

 

 
2 Comments

Posted by on November 7, 2017 in Top 5 Licensing Questions

 

Tags: , , , , , , , , , , , , , , , , , , , ,

More SPLA Questions…More Answers.

13 Oct

Here is a list of some of the questions we received this month.  Enjoy!

Why does Microsoft not allow a SPLA SQL VM to be installed in a public cloud?  I understand if you were licensing the physical layer, but if you want to install on a VM, you can easily allocate the number of cores and report accordingly.  Any ideas?

No.  Honestly there is no reason outside of it’s just prohibited.  You cannot license SPLA cores/processors in public clouds even if the VM is dedicated.

What can be installed in Azure through SPLA licensing?

Anything that is licensed by SAL can be moved to Azure.  For your end customers, anything that has Software Assurance and is license mobility eligible can be transferred including: Windows 10 E3  (QMTH), Office 365 Pro Plus (QMTH) and MSDN.  Your end customers can also leverage Azure HUB to get discounted pricing for the Windows Servers they purchased with SA.   Check out the Azure FAQ site https://azure.microsoft.com/en-us/pricing/licensing-faq/

Is Microsoft going to discontinue SPLA?

Nah.  I bet it will be merged into a new program though.  Just a hunch.

I received a compliance notification the other day.  Am I in trouble?

Depends on the type of notification and if you are out of compliant :).  If you have questions, we can review it with you.  Just email info@splalicensing.com

Can I report Windows 2016 but run Windows 2012?

Yes.  No problem there.  What you cannot do is license Windows 2012 and run 2016.  Don’t do that.

Thanks for reading,

SPLA Man

 

 

 

 

 
Leave a comment

Posted by on October 13, 2017 in Top 5 Licensing Questions

 

Tags: , , , , , , , , , , , ,

Slaying the dragon and saving the princess – audit style

10 Aug

We all love stories—all of us. We love to hear about good overcoming evil – the prince saving the princess, the bad guy that the good guy captures.  In short, what we love are fairy tales.  The reality is we do not live in a world of fairy tales, and sometimes, yeah, the bad guys do win. The prince, admired by many, is not such a good prince after all.  We trust without knowing they can be trusted.  So, what does this have to do with audits?

Businesses are built based on one concept – to solve a customer’s problem.  You are their hero to save whatever pain they have or problem they can’t seem to overcome.  You are (as the story goes) their knight in shining armor.  Your customer needs someone to deliver a solution; you are just the good guy to do it.

Fast forward a couple of years, your business is booming, your customers are happy, and in walks every IT nightmare…the auditor.  Eyeglasses the size of saucers, a necktie tied just a shade too short, and a laugh that is about as annoying as a nail on a chalkboard; you succumb to a software audit.

How do you defend such evil?  The biggest mistake a hosting partner (or enterprises in general) often makes is fear.  They give the auditors everything they ask.  That’s not always bad, but if you don’t understand why they ask for certain things or feel they are painting you in a corner, take a step back.  Please don’t give in without understanding what they are asking and why.  Why do they want to know who your customers are?  Why do they ask about customer-owned licenses?  Software Assurance? Historical information?  If you can’t answer “why,” maybe you need help.  In walks SPLA Man.  Nah, in walks Mrs. SPLA Man, every auditor’s worst nightmare.  She put together the following list on how to better prepare yourself for the unexpected.

Mrs. SPLA Man’s List

Don’t be fearful – no matter what, it’s your business and YOUR customers.

Have a plan.  Know what’s in your customer agreements.  If you need to refresh your agreement language, do it.  Software licensing rules change daily; if you have not updated your contracts on license mobility or datacenter outsourcing, update it now.

Don’t bring unwanted attention to your organization.  Always report usage on time and pay on time.  80% of all delinquent reporting has nothing to do with the reseller or Microsoft.  It has everything to do with an SPLA partner’s account payable dept.

Don’t have one person manage your usage reporting.  In many cases, a person leaves a company who was the only one who worked with the reseller directly.  When that person leaves, who is responsible for reporting?

 
Leave a comment

Posted by on August 10, 2017 in Compliance

 

Tags: , , , , , , , , , ,

Top 5 Licensing Questions….Answered

05 Aug

You have questions…We have answers.  Another month, and another list of licensing questions asked by the hosting community.

  1. I have a small hosting company that runs primarily Linux machines with a few Windows VM’s mixed in.  The only thing we do customer facing with Windows systems is a small number of users access our application via a published app over RDP Web.  Do I need SPLA?

Yes.  You have Windows running in your cloud environment.  It does not matter how small or large the environment is.  One thing you might want to check out is the Cloud Platform Suite.  You must run Hyper-V and System Center but it could lower your costs. 

  1. I get CSP from one reseller and SPLA from another.  Do I qualify for the new QMTH addendum or do I need to get it all from one source?  Totally confused.

In QMTH, you are the CSP partner, not someone else.  I am guessing you are using the CSP reseller to go indirect.  If that is the case, you must become CSP Direct authorized.  Purchasing CSP from a third-party does not qualify you for QMH.  That being said, your customer can purchase CSP from any organization and you can host it for them (if you are QMH authorized).

  1. The audit bug got me. I think it’s because my reseller refuses to submit my usage report even though I sent it to them several times.  Any advice?

Microsoft can audit any partner they choose.  There’s not one factor that triggers an audit.  More eyes will be watching if you are continually delinquent on your monthly report.  The biggest reason why a reseller does not submit a usage report is because the provider is delinquent on their payments. Are you up to date? All payments paid to the reseller?

  1. Can I rent a PC using the QMTH addendum? I know in the past I could rent a Windows desktop license in SPLA.  Can I do it now?

I think it makes sense to do so but unfortunately it is not part of the addendum.  I would love feedback here.  Section C of the QMTH addendum states” “This Amendment does not authorize Customer to resell, distribute, or otherwise provide End User or CSP Licensees direct access to Windows 10 Software” In order to lease a PC to a third-party you need to follow the Microsoft Leasing Agreement. 

  1. I report Office, Exchange, SharePoint and Skype. I heard rumors of a price increase coming in the pipeline from various resellers that I reached out to.  Any truth?

Let me put it to you this way – The products you just mentioned happen to be part of Office 365.  I don’t foresee Microsoft lowering pricing in SPLA for the same products offered by Microsoft.

Thanks for reading,

SPLA Man

PS – What was the SPLA partner’s response to my answer for question 5?  “That’s BS Mate!”  My response?  “Don’t shoot the messenger.”  Have a question?  Email info@splalicensing.com

 
Leave a comment

Posted by on August 5, 2017 in Top 5 Licensing Questions

 

Tags: , , , , , , , , , , , , , , , , , , ,

Breaking down Microsoft’s Q4 and what it means for your business.

21 Jul

Microsoft reported earnings last night that surpassed expectations and gave us insight into their cloud business. I am not a stock analysts, but I thought I would spend some time reviewing some of the highlights and my opinion for what’s next for the software (I mean cloud, actually, no -I meant Intelligent Cloud) giant.

Azure – Microsoft did not provide specific revenue numbers for Azure, but did say revenue grew 97% y/y.  Although exact numbers for Azure revenue is not specified, Azure is part of the all-important commercial space, which includes Dynamics 365, Azure, and a little program called Office 365.  That revenue number combined was over 18B which more than doubled last year’s number.

Office/Dynamics and Competition – Office 365 subscription business just surpassed the traditional Office model with revenue up 43%.  When was the last time you went to a box retailer and purchased software?  That’s a telling sign that more and more organizations prefer subscription pricing over box products.   Dynamics 365 was up 74%, probably because Dynamics in SPLA is about as complex as it can possibly get.  Need help with a Dynamics licensing question?  Ask your reseller.  The reseller will ask Microsoft – and then it goes into a big, dark, black hole until someone loses their mind.  Nothing happens.  Microsoft also revamped Dynamics in SPLA to make it very difficult to compete.  The same can be said for Office.  Where I see concern for Microsoft is with Google, who is just getting their foot in the door in the enterprise space.  If they make traction (and they will) it will be interesting to see the two giants go at it.  Google’s cloud platform is growing exponentially as well.

Surface Sales – I guess you can say is one of the low points of the conference call.  Surface revenue dropped 2%.  Xbox sales also dropped and became less profitable with price drops and competition.  That’s the bad news – the good news?  Maybe with the new CSP Windows 10 thing Microsoft will include Surface as part of the program to those not already a Surface Authorized Distributor, or make Surface authorization available to every CSP Direct partner.

LinkedIN – Only Microsoft can spend over 26B for an acquisition and investors are still wondering what it is they bought; and more importantly, not hurt their quarterly earnings.  Yeah, they can tie it in for Dynamics and Yammer/Teams with all those users.   They also have a pretty impressive data list of users to sell additional collaboration products and services to.  I guess the jury is still out on this.

Opinion – Microsoft recently announced a major change in their sales organization. Their sales teams that were focused on the enterprise need to focus more on solution type selling.  A lot of organizations in the industry are going through the same transformation.  It’s also not an easy thing to do.  Time will tell.

I wrote an entire article without mentioning Amazon, they report earnings next week.  It will be interesting to see how they compare to Microsoft and how much they grew year of year in comparison.  Lots of analysis say Microsoft will surpass AWS as the king of the cloud.  I still think Google is lurking in the background and might surprise some people as well.

What does all this mean for SPLA?  In my humble opinion, I think Microsoft better be careful with the way they are handling their third-party hosters.  Those numbers they threw out yesterday were great, but they can get even better.

Microsoft built a program for partners who have their own datacenters, relationships, and sales resources to promote Microsoft products and technology.   There are close to 30,000 SPLA partners (rough estimate) that have datacenters spread throughout the globe.  Nobody, can have the reach like your SPLA partners.  Google and Amazon do not have 30,000 datacenters, why disrupt it?  Don’t audit them, partner with them and help grow this business to build a true hybrid cloud ecosystem.  The strategy should be their cloud – our cloud, and customers will thank you.  Teaming with Walmart makes sense too.  Say what!

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on July 21, 2017 in In My Opinion, Uncategorized

 

Tags: , , , , , , , , , , , , , , , , , , ,

Epic Community Connect for Healthcare Organizations

11 Jul

In this article we will review how Epic Community Connect effects your Microsoft licensing position.  This is a follow up to my earlier post which can be found here

What’s the concern?

If you host/extend Epic (or any EMR software that you do not own) to outside clinics or other healthcare facilities SPLA must be licensed.

What’s an outside organization?

If your organization (who hosts Epic/EMR) does not have at least 51% ownership of the other entity, that would be considered an outside organization as it pertains to this solution.

I’m confused…big time.  Why would I license SPLA when I was told to license through my Enterprise Agreement?

The EA is for your own internal employees.  The Service Provider Licensing Agreement (SPLA) is for companies who host Microsoft software to third parties.

Wait.  I just went to your website and I am not an employee.  Are you saying you have a SPLA agreement?

No.  I don’t host an application or any server whatsoever.  I do pay a web company to host my website.  The web company is under a SPLA agreement if they use Windows Server.

What are my options now?  I already deployed Epic and I don’t have a SPLA.  

I would work with a SPLA Reseller who can walk you through the steps and how to be compliant.  You can email me at info@splalciensing.com if you have additional questions.

Thanks for reading,

SPLA Man

 

 
Leave a comment

Posted by on July 11, 2017 in EMR Software, Uncategorized

 

Tags: , , , , , , , , , , , , , , ,

Older posts