Microsoft SAM – Is It An Audit?
If you’re an IT director or ITAM lead and you just received an email from Microsoft that looks something like the one below, you’re probably wondering if you are being notified about an audit. In fact, “Is Microsoft SAM an audit?” is one of the most frequent questions I’m asked.
At first, you may mistake the email as a phishing test whipped up by your IT security team. But, upon careful examination, you’re convinced it’s a legitimate email from Microsoft.
It seems like Microsoft wants to be your friend, and they’ll help you with your volume license agreements and software procurement if you take advantage of the Microsoft asset management program, right?
Wrong! (Read on…)
What Is Microsoft SAM?
According to Microsoft:
“The Microsoft SAM program is a trusted IT advisory service based on industry SAM standards that help customers gain data insights, optimize licensing, minimize risks, and be more productive with their IT investments. SAM engagements provide a 360-degree view of the customer’s IT infrastructure and a set of recommendations on ways to improve their overall asset management, license management, and SAM policies and procedures. With this comprehensive view, customers get valuable recommendations on areas that are most challenging for their business. SAM engagements are performed by Microsoft SAM Certified Partners and are voluntary. We believe that SAM can be a strategic advantage for all our customers.” (https://www.microsoft.com/en-us/licensing/learn-more/compliance-verification-faq)
Is Microsoft being generous and helpful? Or are you being notified of an audit? In reality, the Microsoft asset management program is a bit of a fishing expedition – they’re out looking for trouble and opportunities to drum up sales. So, you should treat the letter as if it’s an audit, just in case you get slapped with the real thing.
Should You Respond?
If you don’t respond, it will likely trigger an audit. But, if you do respond, it still may trigger an audit. It’s all about responding the right way.
Carefully examine your Microsoft Enterprise Agreement (EA)
Look for language outlining when your “official audit” will occur every year and how many days in advance you’re to be notified. (Most EAs contain this language.)
For example, what if your EA states that your official audit will occur every year in August, but you receive a Microsoft asset management email like the one above in February? Immediately reach out to your VAR* and inform them that you received a letter from Microsoft SAM. Your VAR will act as a communication channel between you and Microsoft and enable you to exercise your rights as per your agreement. In this scenario, you can politely respond, “Thank you, but no thank you.”
What if your EA doesn’t state when your official audits will occur each year?
If your EA does not stipulate when your official audits will occur, you need to go ahead and acknowledge receipt back to Microsoft. But do not fill out the attached Deployment Summary just yet because you must be very careful about the information you enter.
For example, an easy mistake to make is misrepresenting the number of software purchases you’ve made, and Microsoft will compare your numbers to their transaction records. So, you must obtain your known purchase history from your VAR and compare it to what your Volume License Service Center portal says you own – and look for discrepancies.
If you’re short, you have two options:
1. Uninstall the software you don’t have a license for
2. Ask your VAR to purchase the licenses you need.
You and your VAR can work out a strategy to get right with your license consumption without drawing the ire of Microsoft. But you need to do it fast because you probably don’t have more than seven days to return the Deployment Summary.
What To Do Next
Whether you specifically declare your audit window in your EA or not, you should take steps to control your ITAM SAM better so you won’t have to fear those pesky Microsoft SAM emails.
But how? The technology law firm Scott and Scott, LLP has this suggestion:
“Our recommendation to most of our clients is to politely decline Microsoft’s SAM advances and instead to begin work with a third-party license consultant to conduct a comprehensive, internal review of the company’s current compliance status. That approach typically affords all of the benefits of a Microsoft-funded SAM review while providing the company with maximum flexibility to resolve the findings. Furthermore, once the internal review is complete, the company will be in an excellent position to respond to any non-optional, contractual audit demands that may follow the rejection of the “optional” SAM engagement.”
Frequently Asked Questions About Microsoft SAM
Are Microsoft SAM communications sent only by email?
It’s been my experience with ITAM SAM that these communications come by email. But Microsoft does follow-up official audit emails with paper letters. Explicitly state in all EAs that all official communication to your company from Microsoft asset management be in both email and written form.
What if the Microsoft SAM email goes into spam due to staff changes at my company?
Rumor has it that Microsoft is alerted to the event when an email bounces. Your account manager will be notified, and the process to investigate and officially audit will begin. I often discover Microsoft emails sitting in unused in-boxes. You must be on top of your ITAM SAM practices.
How long do I have to respond? Are seven days standard?
For a Microsoft SAM communication like the one above, it’s seven days. For official audits (those stipulated in your EA), it is whatever you have agreed to.
How does Microsoft SAM benefit Microsoft?
Software piracy and intellectual property loss are rampant, and there are many places in the world where property rights are not respected. This hurts Microsoft and, in turn, hurts its customers. Let’s face it, Microsoft comes up with some pretty cool stuff, and they have a whole cadre of engineers and creative types cooking up the next big thing to make life easier. The Microsoft asset management program roots out bad players and counterfeit software.
However, there are times when Microsoft SAM acts as a sales generator. When there’s a new product to push, they can sort of goad clients in that direction. For example, many Microsoft Office audits were satisfied by inviting clients to move everything into Azure and other cloud services – in lieu of paying penalties.
In my work as an ITAM SAM consultant, coach, and educator, a large part of what I do is act as a third-party license consultant for large companies and organizations. There aren’t many people out there with the skills and experience to find the discrepancies that lead to costly audits – and correct them before they rear their ugly heads. I happen to be one of those people. If you’re concerned about Microsoft SAM or any other issue around your ITAM SAM and ITAM asset management, feel free to give me a call.
Review of Boerger Consulting by the CIO of a large hospital conglomerate:
“Death, Taxes, and Microsoft true-ups always go up. At least so I thought about Microsoft Enterprise Agreements (EA) until I worked with Jeremy Boerger. Adherence to his philosophy provided the organization with an inarguable defense that resulted not only in no increase at the second annual milestone of a three-year Enterprise Agreement with Microsoft but actually resulted in a credit from Microsoft because Jeremy uncovered an error in how their service was attempting to record license use. At that moment I left the prison of Socrates’ cave and stepped into the light of the value of Pragmatic ITAM.”
*VAR: The value-add reseller through whom you agreed to make your purchases.