8 Microsoft Audit Triggers

Microsoft Audits - Learn what actions are likely to trigger a Microsoft Audit in 2023Microsoft Audits – Learn what 8 things are likely to trigger a Microsoft Audit in 2023

Don’t be fooled by Microsoft’s announcements on reducing their audits.  They have continued to audit their customers throughout the pandemic and beyond. While the recent COVID pandemic may have altered things a little, audits continue as usual.

Despite Microsoft’s return on investment falling off in their 2022 fiscal year, their revenue, gross margin, and operating income all increased in the 17%+ area. So why are they still auditing and what would trigger that audit? Because they want to make more for their shareholders.

Download our Microsoft Audit Guide Here

1. The Voluntary Microsoft Audit

You may get an innocent-looking Software Asset Management (SAM) e-Mail from Microsoft asking for information on your deployments and/or licenses.  The email says your organization has one (1) week or less to respond.   What do you do? The first thing you should do is talk to your colleagues to find out if any of them also got the email.  Microsoft will typically reach out independently to many employees at an organization in the hopes that one or more of them sends the information without realizing the danger it’s putting the organization in.

Look for the v- email address

You need to determine what Microsoft entity is sending the email.   If it’s from Microsoft’s legal department, it’s a real audit, and you should prepare yourself.  If it’s from Microsoft’s Software Asset Management Team, it’s a request for you to submit yourself to a voluntary audit.  One way to tell is if the email address starts with a “v-“ (letter V followed by a dash).  The “V” means vendor, or in other words, they have a Microsoft address but aren’t a real Microsoft employee, and are typically a reseller or partner who is trying to make a quick buck for themselves and Microsoft by tricking you into an audit.

Miro’s advice is to not respond, and make sure no one else at your organization does either.  Not responding typically does not result in a formal, real Microsoft audit, but it does sometimes.    That’s not to say you should do nothing.

You should immediately do a review of your licenses and deployments so you know if you are out-of-compliance in case an audit does happen, so you can take action before it happens.  Most organizations will struggle to do this on their own, so it makes sense to hire an independent software asset management company (yes, like Miro) to use their expertise to do it for you.  Don’t hire a Microsoft reseller to do this, as they are legally obligated to report all non-compliance back to Microsoft.

2. Your Reseller Told Microsoft to Audit You

Many Microsoft Resellers now have SAM Divisions, meaning Software Asset Management. While they may be distinct legal entities from your Reseller, they operate as a single company. These new SAM divisions can refer you to Microsoft as a potential audit target, based on the information they gathered while acting as your reseller. Microsoft uses these recommendations to prioritize audit targets based on how serious the potential violation is.

3. Mergers and Acquisitions

Microsoft Account Representatives closely monitor the happenings of their customers. So, while your organization announces the acquisition of (or merger with) a new company, it would do well to assess that acquisition from a licensing perspective.  This means making sure the licenses are transferrable to the new entity, and that any acquired entity had the correct licensing before the acquisition, because quite often the acquiring company finds that not to be the case.

4. Differences in Reporting Related Products

Some things just go together – such as on-premise Exchange and on-premise Windows Server. Since Microsoft wants to see its customers grow, they believe an increase in the first would coincide with an increase in the second, conveniently forgetting about virtualization on bigger, faster, denser, and more capable hardware devices. So if there is a reporting of one product increase without reporting another, related product increase, be prepared to defend your organization during an audit.

5. Reporting Only Minimal Usage

This aligns with reporting an outsized increase during third-year True Up when prices are less expensive. Microsoft wants its customers to grow as was mentioned, but they see that growth as incremental. That is, over time. Now this may not be the case with your organization. It could be that a large increase would be reported during the third-year based on the timing of initiatives and the availability of resources.

Here’s some mechanisms that you can use:

  • First, get and stay in accordance of your organization’s SAM program. By doing this, you can decline the voluntary SAM invitation that Microsoft solicits. Further, it would prepare your organization for a more official audit. If you do not yet have a SAM program, build a capable one, possibly enlisting the assistance of an independent expert.
  • With regard to that e-Mail from Microsoft, you should write in your contract that all official communication to your organization from Microsoft be in both e-Mail and written form.

6. Disgruntled Employees or Former Employees

Organizations such as the Business Software Alliance, of which Microsoft is a member, actively ask individuals to come forward to report non-compliance issues. This isn’t unusual as employees – former or existing – may want to create difficulties for an organization and instigate an audit.

7. Asking to be Audited

One of your IT team is concerned about your organization’s licensing compliance, and wants to do the right thing.  Unfortunately, they do the wrong thing, and contact Microsoft with their concerns that the company is out of compliance and requests assistance in figuring it out.  Congratulations, you just scheduled your own audit.   Your IT team should be trained to never do this.

8. You use the Service Provider Licensing Agreement (SPLA)

Microsoft is clamping down on its Service Provider Licensing Agreement (SPLA) holders.

A SPLA is a provider’s agreement with Microsoft in which your organization is the licensee (that is, the holder of the license) as opposed to the end user of the application. Typically, there is a monthly billing cycle and there are eligibility requirements. If your organization performs any of the following, then an SPLA is required:

  • Provides end users with direct or indirect access to Microsoft products.
  • Offers end users software services that interact with Microsoft products.
  • Facilitates the end user’s business through software services that interact with Microsoft products.
  • Provides end users with access to and use of any application as a software service.
  • Offers other service providers platform infrastructure services to use and run any Microsoft or third-party application.

If you do use the SPLA, then there are three (3) things that Microsoft is seeking through an audit:

  • Over or Under Reporting – In this case, the numbers are suspicious. To Microsoft, at least. And while the COVID epidemic may have interrupted the business, it is still contingent on your organization to report accurate deployments.
  • Missing Information – Although Microsoft has taken the necessary steps to reduce the amount of data that it requires from its SPLA Partners on a monthly basis, if your organization has been providing this data, but missing some key element, it would behoove your organization to reach out to Microsoft to determine what information is required.
  • Acting Outside of the Agreement – Many SPLA agreements are written with the controls necessary to facilitate Microsoft’s licensing of their products more cheaply. However, this may not be sufficient for some. Some may take to hosting other vendors’ products. If these third-party products use Microsoft’s intellectual property, then it could be in violation of your organization’s SPLA.
  • Hosting of Third-Party Software – Your organization has decided to branch out (or a Client of your organization has requested it), so it starts hosting all types of software. This ties to the SPLA agreement mentioned above. And if your organization starts doing this, it might cause Microsoft to want to inspect.



The best advice for an organization is to complete its own, proactive License Position Assessment as soon as possible via an independent expert. This assessment will provide the snapshot needed to determine any exposure and allow the organization to prepare and protect their budget with unexpected costs from Microsoft.

Contact Us

If you have an urgent question regarding your software licensing or a software audit, please contact Miro right away.

(732)738–8511 x1208
Use the chat box on the right

About Us

Miro is a leading global provider of software asset management services, specializing in license management, audit advisory, negotiation tactics, support management, and cloud services. We help our clients maximize ROI on their software license investments, stay in compliance, and minimize the impact of audits. Miro's performance guarantee promises that our long-tenured, diverse, and passionate team of expert analysts provides insightful and actionable advice to help our clients achieve the best possible outcomes.