Even though the SAM engagement will be paid for by Microsoft, it is not something that should be taken lightly.  The good news is most organizations don’t take them lightly and do proceed with caution.  Most people have an immediate negative reaction to the SAM baseline as they believe that it is most likely an audit by another name, as audits seem to be far too common in the industry.  Many of the large IT vendors (i.e. SAP, Oracle, VMware and IBM) are notorious for utilizing the audit process to drive additional revenue or motivate additional product/solution adoption (especially their cloud offerings) and organizations are very much aware of this.Many customers don’t know what to do once they receive the Microsoft SAM engagement letter.  They often know enough to hesitate to proceed and reach out to us and ask, “Can I ignore or even decline this free offer?”  The SAM engagement is voluntary, so in theory you can absolutely decline.  However, given the ramifications; once your organization has been targeted by Microsoft for a SAM engagement, it is usually in your best interest to proceed.

Some of the reasons you should proceed:  

  • You don’t want Microsoft to introduce a more formal audit procedure and there is limited room to negotiate any resulting fees/penalties after you have chosen to decline the SAM engagement.
  • A more formal audit could even lead to a potential “software piracy” claim that could involve the BSA and the SIIA conducting the audit on Microsoft’s behalf with additional penalties resulting from the formal audit going as high as $150,000 per title infringement.
  • The process involved, whether you are working through an SAM engagement or a more formal audit are essentially identical with the one caveat; under a SAM engagement there is more flexibility to adjust timeframes to produce information.

Microsoft’s ability to audit or even introduce the SAM engagement comes from a “verifying compliance” provision within the Microsoft Business and Services Agreement (MBSA) or the Microsoft Products & Services Agreement (MPSA) found within the contractual document package signed when the organization started the relationship with Microsoft.

Under this Verifying Compliance Provision:

  • Microsoft has the right to verify compliance through forcing an organization to conduct a self-audit or open the doors to an outside third party at Microsoft’s expense (i.e. SAM engagement).
  • Should it be revealed that there is unlicensed use, the organization must (within 30 days) procure licenses to close the established gap between the number of entitled licenses and the actual licenses installed.

It should be noted that the results of SAM engagement could also turn out in the organization’s favor (i.e. more SQL licenses owned then in use) and could be used to create leverage during the next renewal discussion.

Also, per the “verifying compliance” provision; if the unlicensed use is 5% or more, the organization must reimburse Microsoft for the costs associated with conducting such verification (i.e. the SAM engagement fees Microsoft originally covered) as well as purchase the necessary licenses to close the gap at a premium.  Many organizations are contractually obligated to pay list price plus a 25% premium for “use” starting at the beginning of the contract even if actual use didn’t occur for this long.  It is up to the organization to prove a shorter duration of use.  This is unlike and far more expensive than the typical true-up process where you close the gap by paying the contracted price that includes applied volume discounting and possibly even any achieved additional discounting.

There is precedent, in situations where the organization proceeded with the voluntary SAM engagement, for Microsoft to not enforce the right to make the organization pay for the SAM Engagement and allow the out-of-compliance organization to purchase necessary licenses based on the current/negotiated/discounted (non-list) price with no premium.  Experience shows that Microsoft will not be as flexible if they are forced to move forward with the more formal audit procedure because an organization either declined or ignored the SAM engagement letter.