Microsoft SPLA. Rent right, report clean.

Microsoft SPLA lets hosting providers and service operators rent Microsoft software monthly, but the SAL math and the SPUR rules decide whether the model makes money or leaks it.

What is Microsoft SPLA and who needs it?

SPLA is the Services Provider License Agreement. It lets a provider rent Microsoft software monthly to deliver hosted services to customers who are not part of the provider organization.

Microsoft sets the program terms on its SPLA program page, and the usage rules sit in the Services Provider Use Rights inside the Microsoft Product Terms.

• Hosters: providers running shared or dedicated infrastructure for clients.
• Application service operators: SaaS builders using Microsoft components.
• Managed service providers: firms operating customer workloads.

When SPLA is the wrong fit

If you serve only your own employees, you do not need SPLA. Internal use stays under volume licensing, and using SPLA for it breaches the agreement.

How does the SPLA SAL and per core math work?

SPLA meters two ways. The Subscriber Access License counts each unique user with access, and the per core option counts physical or virtual cores on the hosting hardware.

Choosing the meter

• Few named users: SAL is usually cheaper.
• Large or anonymous access: per core caps exposure.
• Mixed workloads: model both before committing.

Where do SPLA Reseller boundaries trip providers up?

The SPLA Reseller route lets a smaller provider buy through an aggregator rather than hold a direct agreement. The boundary problems start when the reseller and the end provider blur reporting duties.

Microsoft documents the structure on the SPLA Reseller page. The reporting obligation still lands on whoever holds the agreement, and gaps surface in audit.

The reporting chain

Every month the agreement holder reports actual use. Missed months and zero reports are a red flag that invites scrutiny.

What triggers a Microsoft SPLA audit?

SPLA audits are common because reporting is self declared. The frequent triggers are flat or falling reports against a growing business, and shared tenancy that crosses license boundaries.

1. Underreporting: reported use that does not match observed growth.
2. Edition mismatch: Standard where Datacenter was required.
3. Mobility misuse: moving licenses the SPUR does not allow.
4. Zero reports: months with no submission at all.

Defending an audit

Bring your own access records, your monthly reports, and your tenancy map. Industry bodies such as BSA shape how software audits run, so a clean evidence trail is your strongest position.

How should a provider approach a SPLA renewal?

Treat the renewal as a chance to re baseline the meter, the editions, and the report accuracy before Microsoft does it for you.

• Re baseline access: reconcile reports to real users.
• Validate editions: confirm Standard versus Datacenter.
• Fix mobility: align moves to current SPUR.

Where the common advice on SPLA is wrong

The standard guidance is that SAL is always the cheapest meter for a hosting business. We disagree. Across the SPLA estates we reviewed, providers with large anonymous or fluctuating user bases paid more under SAL once dormant and test access was counted honestly, because every touch of the service became a reportable user. The buyer side move is to model per core against your real access pattern, not the headline rate. For anonymous web facing workloads, per core often caps exposure and removes the monthly undercount risk that drives audit findings. The cheapest meter is the one that matches your access shape, not the one the aggregator quotes first.

SPLA punishes the honest reporter only if the meter is wrong. Pick the meter that matches the access, and the model holds.

What to do next

1. Reconcile your last twelve monthly reports against real access logs.
2. Classify every workload by edition and confirm Standard versus Datacenter.
3. Model SAL against per core for each service line.
4. Map license mobility against the current Services Provider Use Rights.
5. Close any zero report months with a documented explanation.
6. Build a tenancy diagram that shows where customer boundaries sit.
7. Re baseline before the renewal so you negotiate from clean data.

Frequently asked questions

What is Microsoft SPLA?

Microsoft SPLA is the Services Provider License Agreement, a monthly rental program that lets hosting providers and service operators deliver Microsoft software to third party customers. It is reported and paid each month based on actual use.

What is a SAL in SPLA?

A SAL is a Subscriber Access License that counts each unique user with access to the hosted service. It is one of the two main SPLA meters, the other being the per core option.

When should I use per core instead of SAL?

Use per core when the user base is large, anonymous, or fluctuating, such as a web facing service. Per core caps exposure and avoids the dormant user undercount that drives SAL audit findings.

Can I use SPLA for my own employees?

No, SPLA is only for delivering services to third parties. Internal employee use stays under volume licensing, and using SPLA for internal users breaches the agreement.

What triggers a SPLA audit?

SPLA audits are triggered by underreporting, flat reports against a growing business, edition mismatches, license mobility errors, and months with zero reports. Self declared reporting makes the program audit prone.

What is SPLA Reseller?

SPLA Reseller lets a smaller provider buy through an aggregator rather than hold a direct agreement. The reporting obligation still rests with the agreement holder, and confusion over that duty causes compliance gaps.

How often do I report under SPLA?

You report every month based on actual use. Missed months and zero reports are a compliance red flag that invites Microsoft scrutiny.

How do I prepare for a SPLA renewal?

Re baseline your access counts, validate editions, and align license mobility to the current use rights before the renewal. Negotiating from clean, reconciled data is far stronger than reacting to a Microsoft finding.