Miro Consulting specializes in software license audit defense, license management, subscription management, and cloud services, for Oracle, Microsoft & IBM.

6 Microsoft Audit Triggers

Did you know your Microsoft Reseller can tell Microsoft to audit you?

For the last several years, Microsoft and other software vendors have been pressuring their customers with audits. The reasons were many and include stagnant revenue, recovery from the economic turmoil of the preceding decade, changes in corporate direction, and more.

Microsoft turned to software audits to compel organizations to transition to products and services that fit their “Mobile First, Cloud First” strategy.  So what triggers these audits? What puts an organization “on the list?”

  1. Your Reseller Told Microsoft to Audit You

    Many Microsoft Resellers now have SAM Divisions, meaning Software Asset Management. While they may be distinct legal entities from your Reseller, they operate as a single company. These new SAM divisions can refer you to Microsoft as a potential audit target, based on the information they gathered while acting as your reseller. Microsoft uses these recommendations to prioritize audit targets based on how serious the potential violation is.

  2. Purchasing History

    Did you fail to renew your Enterprise Agreement during the economic downturn, as a cost reduction measure? Have few Microsoft purchases have been made since? If this occurred, with annual true-ups no longer necessary, Microsoft will wonder how business is still being supported with hardware and software that is very old.

  3. Technology & Licensing Changes

    BYOD, desktop virtualization, hosted services, license mobility, cloud environments, transitional licensing, bridge licenses, metric changes and evolving Software Assurance benefits all make adherence to licensing rules challenging, at best. Microsoft knows this and will use it to position your environment as non-compliant.

  4. Mergers & Acquisitions

    The Microsoft Account team will view any M&A activity as a potential opportunity. For example, when an organization with an active Enterprise Agreement acquires another company, Microsoft will assume an increase in the number of qualified devices or users. Beyond any contractual obligations that may exist, the Microsoft Account team will see a revenue windfall.

  5. Transition to the Cloud

    Cloud subscriptions are presented as the easiest path to achieving and maintaining license compliance. Office 365 has reached critical mass in the commercial space, which reflects Microsoft’s success in engineering the transition. And it will continue with this process and even repeat it as it tries to upsell existing subscribers.

  6. Disgruntled Employees or Former Employees

    Organizations such as the Business Software Alliance, of which Microsoft is a member, actively ask individuals to come forward to report non-compliance issues. This isn’t unusual as employees – former or existing – may want to create difficulties and instigate an audit.

The best advice for an organizations is to complete its own, proactive License Position Assessment as soon as possible via an independent expert. This assessment will provide the snapshot needed to determine any exposure and allow the organization to prepare and protect their budget from unexpected costs from Microsoft.

MAD Software Audits: Mergers, Acquisitions and Divestiture

Software audits by companies like Oracle, Microsoft and IBM are frequently triggered when an organization engages in MAD activity; Mergers, Acquisitions and Divestiture.

Software asset managers (SAM) and procurement staff should be aware of the specific challenges related to MAD activity within their organization.  It’s vitally important to retain policy documents and licensing contracts to ensure compliance.  When these vendors become aware of MAD activity at an organization, they typically investigate these specific areas:

  • Has the organization purchased new licenses to account for an increased headcount?
  • Is either organization’s systems being absorbed into the other or will they function as two distinct entities?
  • Does either organization have license rights to share licensing?

The vendor’s sales or license compliance teams need to know and understand the answers to these questions, as the sheer act of any MAD activity greatly increases the likelihood that they will be audited by a software vendor, or receive an offer by them to do a “health-check” with the organization to ascertain if it’s in compliance.  Refusing a health-check is permissible, but will very likely lead to a formal audit.

Other organizational changes resulting from a merger, acquisition or divestiture can create additional factors that will trigger an audit.

These factors include:

  • Virtualization – if the new business entity engages in virtualization as a means of reducing costs
  • Decreased License Spend – if a new business entity reduces its licensing spend to account for a reduced workforce
  • Competitor Cloud Purchase – if the business is running or intends to run one vendor’s software on another vendor’s cloud


For many vendors, the standard policy for organizations which are out of compliance is a mandatory license purchase at lower than normal discounting, plus maintenance and support, for any licensing shortfalls.  These costs can range from tens of thousands to tens of millions of dollars in un-budgeted costs.  If the organization did not negotiate for the right to transfer their licenses to a new business entity, they could be forced to purchase an entire new set of licenses to cover areas the organization thought would be covered by current licensing.


Software asset managers and IT executives should focus on these key areas to ensure compliance and defend against a software audit

  • Retain copies of all contracts and relative vendor policies from the time the contracts were signed, as they often change
  • Perform due diligence to ensure that your installed applications and users match your entitlements
  • Negotiate key terms that will best support future changes of your organization
  • Engage software asset management experts to help with purchasing, negotiating and managing license contracts and renewals
  • Initiate a “Self Audit” with industry experts to ensure compliance before you get audited by the vendor

About Miro

Helping clients navigate licensing decisions and evaluate options for M&A situations is a standard practice for Miro. Here are just a few examples of how Miro has guided and supported clients who were involved in M&A activities.  Contact us to learn more.

Flexera’s FlexNet Manager for IBM in lieu of IBM License Metric Tool (ILMT)

IBM uses their own proprietary software asset management tool, ILMT.  “The IBM License Metric Tool [ILMT] helps you maintain an inventory of the PVU based software deployed for your Full Capacity or Virtualization (Sub-) Capacity environment, and measures the PVU licenses required by software Product. It is intended to help you manage your IBM software licensing requirements, and help you maintain an audit ready posture. Customers are responsible for supplying hardware and installation services required for installing the tool” according to IBM.

To clarify a possible misunderstanding or a case of not reading all the directions, if you wish to have an exception from IBM to not run ILMT, your exception should be granted in writing.  Do not assume IBM will grant you an exception, especially during the course of a Software License Review (SLR or audit).

IBM lists basic exceptions where you could use manual quarterly reporting in lieu of ILMT:

  • Less than 1,000 employees and contractors – this is total employees, not just those using IBM technology.
  • Less than 1,000 PVUs total physical capacity of your servers with Sub-capacity licensing within your global enterprise
  • Customer’s eligible virtualization technology is not supported by ILMT. However, you would be required to use ILMT within 90 days of a virtualization technology becoming eligible.
  • ILMT eligible technologies are listed by IBM at

After not meeting the above conditions that IBM has stated, an IBM customer would need to contact IBM to request an exception to not use ILMT with a reason and what you plan to use in place of ILMT.  IBM could decline to accept your proposed alternative.

In 2015, Flexera updated their FlexNet Manager for IBM to mimic ILMT’s minimum scan frequency of every 30 minutes beginning with 2015 R2.  IBM has given exceptions to customers using this SAM tool, but you need to ask IBM for an exception to use FlexNet Manager for IBM 2015 R2 or later in lieu of ILMT.  When that exception is granted by IBM, the IBM customer should be required to sign a Passport Advantage amendment with the related terms.

Although FlexNet Manager for IBM has its own native discovery, IBM recommends using it as an data aggregator with your ILMT, TAD4d, or BigFix agents.  There may be a downside to this because ILMT or other products and their updates would still be necessary.

Additionally, IBM has not certified Flexera’s product as accurate and leaves the responsibility with the IBM customer to verify the reports.  The Flexera tool also needs to remain the equivalent of the current ILMT release.

With or without an exception, IBM software customers are still responsible for knowing where they deploy IBM software and having an adequate number of licenses.

Oracle Advanced Compression: Compliance Risks When Using Advanced Compression Options

Executive SummaryOracle Advanced Compression

IT leaders focused on Oracle compliance risks are often unaware of the challenges in preventing Oracle Advanced Compression options from being triggered unintentionally. Failure to identify and implement Oracle Advanced Compression options according to entitlements in the Oracle estate can lead to an audit failure and significant penalty fees.

Key Challenges:

  • Determine which Oracle features and options are required for the organization
  • Prevent employees from using Oracle options and features that the organization is not licensed for
  • Continually monitor the usage of Oracle options and features to ensure licensing compliance


  • Refer to your service agreement to determine if you are appropriately licensed to use Advanced Compression
  • Avoid using Advanced Compression options and features that the organization is not licensed for
  • Contact an Oracle Licensing Management specialist such as Miro Consulting to determine Advanced Compression usage and discuss solutions to ensure a fully compliant environment

Oracle Advanced Compression

Oracle Advanced Compression is a licensable option that provides the ability to compress all types of data, backups, and network traffic to reduce storage consumption and improve performance. Unfortunately, many of our clients are surprised to learn that they have Advanced Compression usage and are therefore out of compliance.
The reason for the confusion is due to the fact that the Advanced Compression Option can easily be triggered by the use of some Oracle features, causing the organization to be out-of-compliance and fail an audit.

The Advanced Compression options that cause the most confusion include:

  1. Data Pump
    Introduced in version 10g and is a faster and more flexible alternative to the traditional Export (exp) and Import (imp) utilities.
  2. Recovery Manager (RMAN)
    An Oracle utility that provides the ability to backup and recover the Oracle database.
  3. Data Guard Redo Transport
    Introduced in version 11gR1 and provides the ability to transfer redo data from a database destination to up to thirty destinations.
  4. SecureFiles
    Introduced in version 11gR1 and is an enhanced version of the original BasicFiles LOB storage architecture.
  5. OLTP Table Compression (Advanced Row Compression)
    Introduced in version 11gR1 and provides the ability to compress data during all types of data manipulation operations.
  6. Flashback Data Archive (Formally Total Recall)
    Introduced in 11gR1 and provides the ability to reference older versions of data in the Oracle Database or return older versions of data in the Oracle Database to a previous state without point-in-time media recovery.

Click here to download the full whitepaper. 

5 Unusual Ways to Save on Microsoft Licenses & Subscriptions

5 Unusual Ways to Save on Microsoft Licenses & Subscriptions You know the basics, but do you know these advanced strategies for saving on your Microsoft spend? Your organization could save hundreds of thousands of dollars by taking advantage of these special techniques and Microsoft programs, but only if you know what to ask for.

1. Independent Contract Review

When your contract is up for renewal, many organizations simply assume that there’s no need to review the details more than in the past. Unfortunately, a lack of diligence and oversight can result in significant and unnecessary over-spend. Making international headlines, the Dutch Police put in an accidental purchase order, and the courts ultimately determined that they were liable for the full cost of the multi-million-dollar mistake. Miro can do a last-minute double-check of your contracts, even if they’re due very soon, and make sure you’re getting everything you need and nothing extra.

2. True-Downs

We’ve all heard of “True-Ups,” the process where additional Microsoft licenses are purchased on an annual basis, but you can also “True-Down”. On your contract anniversary date, it’s possible to reduce your spending with Microsoft and pay for less subscriptions. For example, if your original contract had 250 subscriptions, and you later upgraded to 500, you can go back down to 250, but no lower than the original amount.

3. Core Grants

As Microsoft transitions from a “per-processor” to a “per-core” licensing model, there are opportunities to save on costs. For all servers with 16 cores or less, there is no price increase as Microsoft has made the cost of 16 Windows Server 2016 cores the same as the 2 processor Windows Server 2012 R2 license. If you have more than the standard 8 cores per server, Microsoft can give you a “core grant” so you won’t have to purchase additional licenses, but only under certain conditions. Contact Miro for details and requirements.

4. Azure Hybrid Use Benefit

You can save money on moving to the Microsoft Azure cloud through the Azure Hybrid Use Benefit. This allows you to move on-premise licenses to Azure, and you only pay the base compute rate, instead of the full price for new Windows Server virtual machines in Azure, which can be up to 41% savings.

5. Get BIF

Business Investment Funding (BIF) is a new Microsoft offering for select clients who don’t meet the infrastructure requirements for certain products like Office 356. BIF is essentially Microsoft providing money for things like upgrades to your company’s network, so that you can utilize their new cloud products. Miro has seen clients offered up to 20% cash back on their annual spend, which they can use for upgrades to their systems.

If you’d like to take advantage of these offers or want to learn more, it’s critically important that you do not call a Microsoft Reseller. They are obligated by contract to report any licensing shortfalls to Microsoft. Contact an independent non-reseller, like Miro, to get confidential advice on your Microsoft contracts and negotiations. You can also download our Microsoft Licensing and Audit Defense Guide.

5 Ways Your Hosting Provider Can Put You Out of Compliance

ORACLEYour Third-Party Hosting Provider may be putting you out of compliance. Unfortunately, your organization is liable if they do. Most providers have clauses in their contracts which absolve them of all responsibility. Is your hosting provider jeopardizing your compliance? Read more to find out.

1. Virtualized Environment

Do you know if your Third-Party Hosting Provider is running your software in a virtualized environment? We find that Oracle can and will require licensing outside of their client’s own non-dedicated use for those who use a Third-Party Hosting Provider utilizing forms of virtualization. Many organizations think that the Third-Party vendor would be liable for any resulting license compliance issues, but that is never the case. All Third-Party Hosting vendors that own and manage the hardware that hosts client software assume no liability for software license compliance. The client is always liable.

2. Disaster Recovery

Do you know how Disaster Recovery is handled within your Third-Party Hosting Provider? We continue to find situations where a Third-Party Hosting vendor is deploying a form of Disaster Recovery that Oracle would consider to require additional licensing, but clients are never informed of it requiring additional licensing. Some Hosting vendors have even stated that such licensing was not required, but it was only their opinion and had not been confirmed by the software vendor.

3. Proprietary Hosting

Are you running any Proprietary Hosting solutions at your Third-Party Hosting Provider? Oracle’s past policies have dictated that Proprietary Hosting is forbidden, but have recently shown some loosening of those restrictions, but only when Oracle Cloud is the solution in use.

4. Data Sovereignty

Do you know where your data is? Data Sovereignty is a topic that comes up more often as organizations try to ensure that they are not breaking any government jurisdiction on rules and policies that would impact Third-Party access for legal, security, or privacy purposes. The policies and rules can vary greatly by country. Third-Party Hosting Providers often have datacenters in many different countries. Even if your primary data is contained in a local or a geographically acceptable datacenter, your disaster recovery site may not be.

5. Hardware Platforms

Do you know the hardware platform in which your software is being run? We constantly come across organizations that have great difficulty getting such information from their Hosting Provider. We have even seen instances where the Hosting Provider refused to provide such information to the client. Outside of Oracle approved Cloud Computing Vendors, it is necessary to know the details of the underlying hardware so that proper licensing can be calculated.

7 Signs of an IBM Audit

Do you recognize the signs of an IBM audit? These 7 Signs of an IBM audit are red flags that you should recognize.

  1. You Get a Letter Introducing KPMG or Deloitte

    These are two of the “Big 4” accounting firms that manage the actual software license audit process on behalf of IBM.  IBM refers to them as, “third party independent auditors”.  Keep in mind that when it comes to their “independence,” these firms are paid by IBM for their services.

  2. IBM Software Review

    In this case, “review” is what IBM calls an audit.  Like Microsoft and other software vendors, IBM has begun referring to their software audits as “reviews.”  This nomenclature change is meant to lull clients into a false sense of security.

  3. You Spoke To a Reseller

    Like a good software asset manager, you did your research and spoke to a reseller about making a purchase to stay in compliance.  Ultimately, you decided that you were in compliance and did not buy any additional licenses or products.  Unfortunately, IBM resellers have a “snitch clause” in their contracts which require them to report any possible out-of-compliance situations they uncover directly to IBM.  So, if IBM thinks you may be out of compliance based on that conversation, you have a significant chance of triggering an audit.

  4. IBM wants to “educate” you

    One way IBM tries to initiate a discussion around what software you’re using, and what you may not be fully licensed to use, is by disguising that discussion as an “education” experience.  IBM will want to increase your “awareness” of their compliance policies. It’s a great way for IBM to ask you questions about your environment, but make it look like it’s about educating, not evaluating your compliance.

  5. Not Running ILMT

    Some organizations reach out to IBM because they’re having trouble installing or running ILMT or BigFix.  If you’re not running one or the other, IBM will assume that you don’t have a complete picture of your environment, and are likely out of compliance.

  6. IBM Wants to “Help” You

    Your IBM rep has taken a newfound interest in your organization’s challenges and opportunities with software.  Make no mistake—they’re not looking to help you be more successful.  IBM wants to know if you are having trouble managing your software assets, making you an ideal audit candidate.  They also want to know what new software you might be able to use to solve your issues.  It’s a double opportunity to extract more revenue from you.

  7. Virtualization Questions Start Coming

    Many IBM customers save significantly on their budgets by running IBM software in a sub-capacity model, but virtualization can make staying in compliance more difficult.  If they find out you’re not running ILMT, you are practically guaranteed to be out of compliance.  Either way, virtualization questions are a sure sign that IBM has targeted you. Take caution.

Learn more by downloading our IBM Audit Defense Guide. Miro is the leading IBM audit defense specialist and original software audit defense company. We’re 100% independent from IBM and can confidentially advise you and your organization regarding IBM software licenses, software audits, and compliance. Contact us today.

5 Things Oracle No Longer Offers in 2017

5 Things Oracle No Longer Offers in 2017If your renewal is coming up soon and you were planning on using one of these, you may need to change your plans.  Here are 5 things that Oracle no longer offers in 2017:

1. Priceholds:

Priceholds used to be the “bread and butter” of Oracle offerings, but are now quite uncommon. Besides being rare, their benefits are constricted, having a limited scope (in terms of applicable products) and limited discounts on subsequent procurements.

2. Limited Use:

Many Oracle products have the potential to be limited to selective areas, such as Development or Testing, or with license packs having split usage. Now, it is far less common for Oracle to grant these permissions, due to increasing complexity with licensing rules and utilization methods.

3. Primary Usage:

Practically a fossil in the digital age, Primary Usage has not been offered for more than a decade, despite still being in use in some environments. Primary usage allows for individuals who utilize a single application for the majority of their work, to also utilize other applications defined within a Primary Usage set, while not having to be licensed independently.

4. VMware Licensing by Cluster:

Prior to VMware’s vSphere 5.x, Oracle would accept an ESX cluster as the smallest licensing boundary by default for a cluster of servers running Oracle products. However, with the later versions of vSphere Oracle has increased such default licensing boundaries to the vCenter or greater.

5. Not Considering the Oracle Cloud:

If you’re an Oracle client, they’ve probably already contacted you about trying Oracle Cloud services.  What you might not know is that Oracle has recently made changes which make running Oracle on other companies clouds twice as expensive as running on Oracle’s Cloud.  Since cloud services are now a huge focus of Oracle’s sales efforts, you can be assured that their sales reps will want to discuss it with you.  If you are considering moving some applications to the cloud, Miro can help you understand your options to get the outcome that matches your needs.

Please contact us for more information.