Microsoft Audit Defence

Microsoft Licence Audit Survival Checklist

Complete checklist for responding to a Microsoft licence audit or SAM engagement. 35+ action items across 6 phases.

35+
Action Items
6
Phases
SAM
Engagement Type
Your Progress
0/34 (0%)
🚨
Phase 1: Immediate Response
6 items
0/6
Determine the type of Microsoft engagement
Microsoft uses different approaches: SAM Engagement (voluntary), Licence Verification, or formal Audit. Each has different rules and leverage.
Critical
Do not sign any Microsoft engagement letter without review
Engagement letters often grant Microsoft broader access than required. Have legal review before signing.
Important
Assemble your response team
Include: IT asset management, procurement, legal, and an executive sponsor.
Engage independent Microsoft licensing advisory
Microsoft-appointed SAM partners work for Microsoft, not you. Independent advisors protect your interests.
Critical
Impose communication protocols
Designate a single point of contact. Prevent Microsoft from contacting end-users or IT staff directly.
Preserve all licence documentation
Gather EA agreements, Select agreements, CSP subscriptions, OEM certificates, and volume licence confirmations.
🔍
Phase 2: Internal Assessment
7 items
0/7
Run your own software inventory before Microsoft does
Use your SAM tool or an independent scanner. Understand your position before Microsoft sees anything.
Critical
Inventory all Windows Server installations and editions
Include physical, virtual, and cloud deployments. Check Datacenter vs Standard edition assignments.
Important
Document SQL Server deployments, editions, and core counts
SQL Server is the #1 Microsoft audit finding area. Map every instance, edition, and licensing model.
Critical
Audit Microsoft 365 and Office deployments
Check for: users on wrong plans, shared device licensing, Office installed without subscription, and ProPlus vs E3/E5 alignment.
Verify Windows desktop licensing (OEM, VL, subscription)
Every Windows desktop needs a valid licence. Check OEM stickers, volume licence keys, and subscription coverage.
Check System Center, Visual Studio, and developer tool licences
Often overlooked products that generate audit findings.
Map all virtualisation: which hosts run which Microsoft workloads
Microsoft virtualisation licensing rules are complex. Windows Server Datacenter, Standard, and SQL all have different rules.
Important
📊
Phase 3: Licence Position Analysis
6 items
0/6
Build your Effective Licence Position for all Microsoft products
Reconcile deployments against entitlements for every product family.
Important
Apply Windows Server Datacenter licensing correctly to virtual environments
Datacenter covers unlimited VMs on a licensed host. Standard covers only 2 VMs per licence set. Misapplication is the most common finding.
Critical
Verify SQL Server core licensing calculations
SQL Server Enterprise requires all physical cores licensed (with core packs). Check SA requirements for failover rights.
Confirm Microsoft 365 user licensing is correct
Every user accessing M365 services needs the correct plan. Shared mailboxes, room mailboxes, and service accounts have specific rules.
Check for Licence Mobility with Software Assurance
Some licences can move to shared servers or cloud. Verify SA is active for any products relying on mobility rights.
Identify any legitimate gaps and quantify exposure
Know your gaps before Microsoft identifies them. Quantify at your discount level, not list price.
🤝
Phase 4: Microsoft Engagement
5 items
0/5
Control what data you share with Microsoft
Provide only what your agreement requires. Do not share raw scan data — provide summarised licence positions.
Important
Do not allow Microsoft SAM partner unrestricted system access
SAM partners may request admin access. This is not required and gives them far more data than needed.
Critical
Challenge any findings that differ from your analysis
Microsoft SAM findings are often inflated. Require specific evidence for every claimed gap.
Verify Microsoft is using correct product versions in their analysis
Microsoft sometimes counts newer versions when you are entitled to downgrade rights.
Check for duplicate counting across physical and virtual
Microsoft may count the same workload multiple times across different environments.
Important
💰
Phase 5: Resolution & Negotiation
5 items
0/5
Do not accept the first compliance proposal
Microsoft initial findings are starting positions. Everything is negotiable.
Critical
Negotiate at your existing EA discount level, not list price
Any true-up or compliance purchase should be at your contractual discount rates.
Important
Consider EA renewal or amendment as part of resolution
Compliance gaps can often be resolved more cost-effectively within an EA renewal.
Evaluate cloud migration as a compliance resolution path
Moving workloads to Azure or M365 may resolve on-premise compliance gaps while delivering business value.
Get all resolution terms documented in writing
Verbal agreements with Microsoft have no enforcement value. Document everything.
🛡️
Phase 6: Post-Audit Protection
5 items
0/5
Implement continuous Microsoft licence monitoring
Deploy SAM tooling that covers Windows, SQL, M365, and all Microsoft server products.
Important
Automate Windows Server and SQL deployment tracking
New deployments should be automatically detected and reconciled against entitlements.
Establish approval workflows for Microsoft product deployments
Prevent uncontrolled installations that create future compliance gaps.
Schedule quarterly licence reconciliation reviews
Regular reviews prevent gaps from accumulating between audits.
Negotiate audit limitation clauses at next EA renewal
Limit Microsoft audit rights to once every 2-3 years and require 90-day advance notice.
Tip

Get Your Personalised Report

Enter your details to unlock your downloadable checklist and receive expert follow-up guidance from our advisory team.

Please use your company email address.
Your details are shared only with Redress Compliance.

Need Microsoft Audit Defence Support?

Redress Compliance provides independent Microsoft audit defence. We help enterprises manage SAM engagements, challenge findings, and negotiate resolutions that protect your interests.

Book a Free Consultation