Microsoft SAM Engagement: Are you being Audited
Have you recently received a “SAM Baseline” Letter of Engagement? If you are like many of UpperEdge’s clients, you have or you will soon enough; especially if you have a renewal coming up and have yet to jump aboard Microsoft’s cloud train (i.e. Office 365 ).
Some of the reasons you should proceed:
- You don’t want Microsoft to introduce a more formal audit procedure and there is limited room to negotiate any resulting fees/penalties after you have chosen to decline the SAM engagement.
- A more formal audit could even lead to a potential “software piracy” claim that could involve the BSA and the SIIA conducting the audit on Microsoft’s behalf with additional penalties resulting from the formal audit going as high as $150,000 per title infringement.
- The process involved, whether you are working through an SAM engagement or a more formal audit are essentially identical with the one caveat; under a SAM engagement there is more flexibility to adjust timeframes to produce information.
Microsoft’s ability to audit or even introduce the SAM engagement comes from a “verifying compliance” provision within the Microsoft Business and Services Agreement (MBSA) or the Microsoft Products & Services Agreement (MPSA) found within the contractual document package signed when the organization started the relationship with Microsoft.
Under this Verifying Compliance Provision:
- Microsoft has the right to verify compliance through forcing an organization to conduct a self-audit or open the doors to an outside third party at Microsoft’s expense (i.e. SAM engagement).
- Should it be revealed that there is unlicensed use, the organization must (within 30 days) procure licenses to close the established gap between the number of entitled licenses and the actual licenses installed.
It should be noted that the results of SAM engagement could also turn out in the organization’s favor (i.e. more SQL licenses owned then in use) and could be used to create leverage during the next renewal discussion.
Also, per the “verifying compliance” provision; if the unlicensed use is 5% or more, the organization must reimburse Microsoft for the costs associated with conducting such verification (i.e. the SAM engagement fees Microsoft originally covered) as well as purchase the necessary licenses to close the gap at a premium. Many organizations are contractually obligated to pay list price plus a 25% premium for “use” starting at the beginning of the contract even if actual use didn’t occur for this long. It is up to the organization to prove a shorter duration of use. This is unlike and far more expensive than the typical true-up process where you close the gap by paying the contracted price that includes applied volume discounting and possibly even any achieved additional discounting.
There is precedent, in situations where the organization proceeded with the voluntary SAM engagement, for Microsoft to not enforce the right to make the organization pay for the SAM Engagement and allow the out-of-compliance organization to purchase necessary licenses based on the current/negotiated/discounted (non-list) price with no premium. Experience shows that Microsoft will not be as flexible if they are forced to move forward with the more formal audit procedure because an organization either declined or ignored the SAM engagement letter.