Microsoft rarely sends a formal audit letter now. It sends a SAM engagement invitation. The mechanics differ, the commercial intent is the same, and the defense starts before the email arrives.
Microsoft rarely opens with a formal audit letter now. It opens with a Software Asset Management engagement invitation. The mechanics differ, the commercial intent is the same, and the defense starts before the email lands.
A Microsoft license review is a commercial event wearing a compliance costume. The trigger is rarely random. It follows a renewal, a merger, a cloud migration, or a long flat spend curve that the account team wants to reopen.
This guide sets out how the review starts, how a SAM engagement differs from a formal audit, where the money actually sits, and the buyer side sequence that protects your position.
It usually starts with an email that does not use the word audit. It proposes a Software Asset Management engagement, framed as a free optimization service.
Microsoft and its partners select review targets on signal, not chance. The recurring signals are predictable.
Microsoft seldom runs the fieldwork itself. It appoints a partner to conduct a SAM engagement, or a third party firm to run a contractual audit. Read the Microsoft Product Terms and your agreement to confirm which one you are in.
The difference is consent and leverage. A formal audit is a contractual right. A SAM engagement is an invitation you can shape or decline.
A SAM engagement is positioned as advisory. There is no audit clause invoked, so you control scope, tooling, and the data you share. That control is the whole game.
A formal audit is triggered under the audit or verification clause in your volume licensing agreement. You owe cooperation, but only within the bounds the clause defines. It does not grant unlimited access.
Three review formats compared
| Format | Basis | Your control of scope | Typical outcome |
|---|---|---|---|
| SAM engagement | Invitation, no clause invoked | High, you set the terms | Optimization framing, then a buy proposal |
| Formal audit | Audit clause in the agreement | Bounded by the clause | Compliance report and true up demand |
| Self assessment | You report your own position | Full, if you prepare | Sets the number Microsoft works from |
Almost always on the servers. Desktop counts are easy to reconcile. Server licensing is where the metrics are complex and the exposure is large.
SQL Server is the most common finding. Per core licensing, the four core minimum per instance, and Enterprise edition features running on Standard licenses all drive claims. Confirm edition rules against the SQL Server 2022 editions documentation.
Windows Server is licensed per physical core, with virtual machine rights tied to that count. Estates that moved virtual machines across hosts without licensing the full cluster create exposure.
Client Access Licenses, External Connector licenses, and management server SKUs are frequently undercounted. They are low value individually and material in aggregate.
The standard guidance is to cooperate fully and quickly, run the partner tool, and trust that an accurate inventory protects you. We disagree. In our engagements the unscoped tool is the single most expensive decision a buyer makes, because it surfaces data the audit clause never entitled Microsoft to see and inflates the claimed gap. The buyer side move is to reconcile your entitlements first, agree the scope and tooling in writing, and share only what the clause requires. Accuracy protects you only when you, not the vendor, control what gets measured and when.
Source: Redress Compliance advisory engagement file, 2024 to 2025.
A Microsoft compliance demand is an opening offer. The list price number on the first slide is the start of the conversation, not the end of it.
You build your position before you respond. The buyer who reconciles first negotiates from data. The buyer who reacts negotiates from fear.
Reconcile every entitlement against deployment. Match purchases to the right agreement, version, and downgrade rights. This is the document that caps your exposure.
Define what is measured, by what tool, and over what period. A SAM engagement gives you room to set these terms. Use it.
The first number reflects list price and the widest reading of deployment. Effective license position evidence, edition corrections, and a commercial conversation move it materially. Standing cover under Vendor Shield shortens the cycle.
No, but the financial exposure is the same. A SAM engagement is an invitation positioned as advisory, while a formal audit is triggered under your contract. The SAM format gives you more control over scope and tooling, which is an advantage if you prepare.
Usually yes. A SAM engagement is not contractually mandatory because no audit clause has been invoked. You can decline, negotiate the scope, or convert it into a controlled internal review. A formal audit under the agreement clause is different and must be cooperated with.
Server licensing is the most common finding. SQL Server core counts and Windows Server virtualization together drive the majority of claimed shortfall in most enterprise reviews. Desktop and Microsoft 365 counts are usually easier to reconcile.
Not until the scope is agreed in writing. An unscoped tool often collects far more data than the audit clause requires, which inflates the claimed gap. Define the tool, the data, and the period first, then decide what to share.
Very. The opening number reflects list price and the widest reading of deployment. Effective license position evidence, edition corrections, and a commercial conversation tied to the renewal typically move it well below the first demand.
A SAM engagement runs a few weeks to a few months depending on estate size and preparation. A formal audit can run longer. Standing readiness and a current effective license position shorten both formats materially.
No. Cloud migration changes the footprint and the mobility rights that apply, and it often triggers a review rather than ending one. Hybrid estates carry both on premises and cloud licensing obligations that must reconcile.
A maintained effective license position, controlled tooling, and a defined response process. Standing cover such as Vendor Shield routes every notification through one intake desk so you respond from a prepared position rather than reacting under time pressure.
Microsoft renewal moves, the EA framework, the M365 SKU framework, the Copilot framework, and the buyer side moves across the full Microsoft estate.
Used across more than five hundred enterprise engagements. Independent. Buyer side. Built for procurement leaders running the next renewal cycle.
Every Microsoft review we have defended started with a number built from list price and the widest reading of deployment. None of them ended there.
