Every hosting provider, managed service provider, and SaaS company that delivers services built on Microsoft technology faces a foundational licensing decision: the Services Provider License Agreement (SPLA) or the Cloud Solution Provider (CSP) programme. This guide maps the complete comparison: programme mechanics, pricing economics, audit exposure, compliance architecture, and the decision framework that determines which programme produces the optimal cost-to-risk ratio for your specific hosting model.
This guide is part of the Microsoft Licensing Knowledge Hub. For SPLA foundations, see SPLA Licensing Guide. For migration guidance, see SPLA to CSP Migration Guide. For EA vs CSP comparison, see EA vs CSP Guide.
The Services Provider License Agreement is Microsoft's programme for organisations that host Microsoft products for third-party customers on infrastructure they own or control. SPLA is not a purchasing channel. It is a licensing model specifically designed for the service provider use case where the hosting company deploys Microsoft software (Windows Server, SQL Server, RDS, Exchange, SharePoint) on its own hardware and delivers services to external customers. See our Licensing Across Programmes Guide.
Monthly reporting. SPLA requires the hosting provider to report monthly usage to Microsoft (through an SPLA reseller). Each month, you report the number of licences consumed: Windows Server cores, SQL Server cores, RDS SALs (Subscriber Access Licences), Exchange mailboxes, and so on. You pay based on reported consumption. There is no annual commitment, no minimum spend, and no upfront cost. The licence rental begins and ends with the monthly report.
Per-core pricing for server products. Windows Server and SQL Server under SPLA follow the same per-core licensing model as other Microsoft programmes: physical cores of the host server, minimum 16 cores per server, minimum 8 cores per processor. But the unit prices differ. SPLA pricing for Windows Server and SQL Server is typically 15 to 30% higher per core than equivalent EA pricing, reflecting the monthly flexibility premium and the third-party hosting use case. See our Licensing Metrics Guide.
Subscriber Access Licences (SALs). For products like Exchange, SharePoint, and RDS, SPLA uses SALs instead of CALs. SALs are functionally equivalent to CALs but are licensed per user per month, priced to reflect the hosting model where customers subscribe monthly. RDS SALs are particularly important: every user who connects to a hosted Windows Server desktop or application through Remote Desktop Services requires an RDS SAL in addition to the Windows Server licence on the host.
No Software Assurance. SPLA licences do not include Software Assurance. When a new version of Windows Server or SQL Server is released, you must update your SPLA ordering SKU to the new version. The lack of SA means no Licence Mobility, no Azure Hybrid Benefit, and no passive failover rights, all of which must be addressed through SPLA-specific provisions or alternative licensing mechanisms.
The monthly invoice is only the beginning. SPLA carries hidden costs that most hosting providers do not fully account for in their margin calculations. Administrative overhead: monthly reporting requires accurate, granular tracking of every Microsoft product deployed across every customer environment. Under-reporting triggers audit liability. Over-reporting wastes money. Most hosting providers we assess have reporting accuracy between 75 and 90%, meaning they simultaneously under-report some products (compliance risk) and over-report others (margin erosion). Audit exposure: SPLA agreements are Microsoft's most actively audited programme (see Section 4). Version management: without SA, hosting providers must manage version currency across customer environments manually.
The Cloud Solution Provider programme is Microsoft's channel for partners to sell Microsoft cloud subscriptions to end customers. CSP was originally designed for cloud-only scenarios (SaaS subscriptions), but Microsoft has progressively expanded CSP to include server product subscriptions that can be deployed on the hosting provider's infrastructure, creating direct overlap with SPLA use cases. See our MCA Explained Guide.
Subscription model. CSP licences are monthly or annual subscriptions purchased by the hosting provider on behalf of customers. The provider buys from Microsoft (direct CSP) or from a distributor (indirect CSP), then resells to the end customer, typically at a margin. The licence is tied to the customer, not to the provider's infrastructure.
Per-user pricing for M365/Dynamics. Microsoft 365, Dynamics 365, and Power Platform licences under CSP are per-user per-month subscriptions. They are identical to what the customer would pay directly from Microsoft, but purchased through the CSP partner (the hosting provider) who adds value through management, support, and integration.
Server subscriptions. CSP now offers Windows Server, SQL Server, and RDS subscriptions that can be deployed on the hosting provider's infrastructure, a direct alternative to SPLA for certain scenarios. These subscriptions include Software Assurance-equivalent benefits (Licence Mobility, Azure Hybrid Benefit) that SPLA does not.
New Commerce Experience (NCE). Microsoft's NCE framework introduced important structural changes: annual commitments with auto-renewal, limited mid-term reduction rights (seat decreases only during a specific cancellation window), and aligned pricing across direct and indirect CSP. NCE makes CSP less flexible than the month-to-month model it replaced, a critical consideration for hosting providers whose customer base fluctuates. See our CSP and NCE Licensing Playbook.
Margin structure. CSP margins for the hosting provider are typically 15 to 20% on cloud subscriptions, earned through the difference between Microsoft's partner price and the customer-facing price. For commoditised products (M365 Business Basic, Azure Reserved Instances), margin pressure is intense because customers can easily compare CSP pricing against Microsoft's direct pricing.
Customer management overhead. The CSP partner is the customer's first point of contact for billing, provisioning, and support. Microsoft provides Tier 2/3 support, but the CSP partner handles frontline inquiries, a real cost that erodes the 15 to 20% margin.
Annual CSP subscriptions committed under NCE cannot be reduced mid-term (except during the cancellation window). If a customer downsizes or churns, the hosting provider is responsible for the remaining commitment. For hosting providers with high customer turnover, this commitment risk is a significant cost factor that must be modelled into the CSP economics. The monthly flexibility that SPLA provides has real value for providers with volatile customer bases.
The economics of SPLA vs CSP depend on three variables: the product being licensed, the hosting model (dedicated vs shared infrastructure), and the customer engagement model (managed service vs subscription resale).
| Factor | SPLA | CSP Server Subscription |
|---|---|---|
| Pricing model | Per core, monthly | Per core, monthly or annual |
| Approximate cost (16-core Standard) | $180 to $220/month | $140 to $180/month |
| Datacenter edition | Available | Available |
| SA-equivalent benefits | No | Yes (Licence Mobility, AHB) |
| Multi-tenant shared hosting | Designed for this use case | Supported with restrictions |
| Flexibility | Monthly, no commitment | Annual under NCE (limited mid-term changes) |
SPLA wins when customer environments change monthly (spinning up/down servers frequently), multi-tenant shared hosting where core counts fluctuate, and when monthly flexibility outweighs the per-unit premium. CSP wins when customer environments are stable (dedicated servers with predictable core counts), SA-equivalent benefits reduce total cost (Licence Mobility in virtualised environments, AHB for Azure workloads), and annual commitment is acceptable.
| Factor | SPLA | CSP Server Subscription |
|---|---|---|
| Pricing model | Per core, monthly | Per core, monthly or annual |
| Approximate cost (4-core Standard) | $600 to $750/month | $500 to $650/month |
| Enterprise edition | Available | Available |
| SA-equivalent benefits | No | Yes (Licence Mobility, AHB, failover) |
| Virtualisation licensing | License physical cores of host | License physical cores, with Licence Mobility |
SQL Server is where the programme choice has the largest financial impact, because SQL Server per-core pricing is 5 to 10 times Windows Server, and the SA-equivalent benefits in CSP (particularly Licence Mobility and passive failover rights) can reduce the effective licensing requirement by 30 to 50% in virtualised environments. A hosting provider running SQL Server Enterprise on VMware clusters may find CSP server subscriptions dramatically cheaper than SPLA, not because the unit price is lower, but because the SA-equivalent benefits reduce the number of cores that must be licensed. See our SQL Server Licensing Guide.
| Factor | SPLA | CSP |
|---|---|---|
| Pricing model | Per user SAL, monthly | Per user subscription, monthly or annual |
| Approximate cost per user | $5 to $8/month | $7 to $10/month (via AVD add-ons) |
| Traditional RDS hosting | Native use case, designed for this | Limited: AVD is the CSP equivalent (Azure-only) |
| On-premises RDS hosting | Fully supported | Not directly supported |
RDS is the product category where SPLA retains the strongest advantage. Traditional RDS hosting (session-based desktops or RemoteApp on the provider's on-premises infrastructure) is a core SPLA use case with no direct CSP equivalent for on-premises delivery. CSP's answer is Azure Virtual Desktop (AVD), which is Azure-only and carries Azure consumption costs on top of the licence. For hosting providers whose primary service is on-premises hosted desktop/application delivery, SPLA remains the required programme.
Microsoft 365, Dynamics 365, and Power Platform are cloud-only products not available under SPLA because they are cloud services delivered from Microsoft's infrastructure. Any hosting provider that also resells M365 or Dynamics 365 must have a CSP relationship regardless of their SPLA status, which is why most hosting providers operate both programmes simultaneously.
The audit risk differential between SPLA and CSP is one of the most under-appreciated factors in the programme decision, and for many hosting providers, it should be the decisive factor.
Microsoft actively audits SPLA agreements. SPLA is one of the most frequently audited Microsoft programmes because the monthly self-reporting model creates inherent inaccuracy. Audits are typically conducted by third-party firms (Deloitte, EY, PwC, or specialist firms) under Microsoft's direction and follow a rigorous methodology: full infrastructure discovery (every physical and virtual server), product deployment verification (every Microsoft product installed, including development, test, and disaster recovery environments), comparison against monthly SPLA reports, and a compliance gap calculation at SPLA list pricing with no volume discount.
Under-reported SQL Server cores. The hosting provider reports SQL Server Standard on 4 cores. The auditor discovers the VM runs on a host with 32 physical cores and, without Licence Mobility (unavailable under SPLA), the full 32 cores must be licensed.
Unreported test/dev environments. Development and staging servers running Windows Server and SQL Server that were never included in SPLA reporting because they "aren't production." Under SPLA, every instance of Microsoft software serving any purpose must be reported and licensed.
RDS SAL undercounting. The provider counts concurrent sessions. Microsoft counts unique users who access the service in any given month. The difference creates a systematic under-count.
Edition mismatches. SQL Server Enterprise is deployed on servers reported as SQL Server Standard, whether through configuration drift, upgrade during troubleshooting, or original deployment error.
SPLA audit settlements typically range from $200,000 to $2,000,000+ for mid-market hosting providers, depending on the size of the infrastructure and the extent of under-reporting. The settlement is calculated at SPLA list pricing applied retroactively to the period of under-reporting, typically 3 years. These are not theoretical risks. They are recurring events that we defend against regularly through our SPLA Audit Defence Service.
CSP carries dramatically lower audit risk for a structural reason. Under CSP, the licensing relationship is between Microsoft and the end customer (with the CSP partner as intermediary). The licences are cloud subscriptions managed through Microsoft's own admin portals. There is no self-reporting. The subscription count is tracked automatically by Microsoft's systems. You cannot under-report a CSP subscription because the system enforces the count. If a user is provisioned, the subscription exists and is billed.
The audit risk that remains in CSP is narrow: incorrect product assignment (provisioning a lower-tier subscription than the user's actual usage requires), licence sharing (multiple users accessing a single-user subscription), and Azure consumption misallocation. These risks are real but an order of magnitude smaller than the comprehensive infrastructure audit exposure under SPLA.
The compliance obligations under each programme are structurally different. Understanding these obligations is essential for maintaining audit-defensible licensing.
Monthly reporting accuracy. Every Microsoft product deployed on every server must be accurately reported every month. This requires automated discovery tools (not manual inventory) across all physical and virtual infrastructure, product-version mapping (which SQL Server edition is actually installed, not which was ordered), core count verification (physical cores, not vCPUs or logical processors), SAL tracking (unique monthly users, not concurrent sessions), and development/test/DR inclusion (all environments, not just production).
Use rights adherence. SPLA has specific use rights that differ from other licensing programmes. The hosting provider must ensure that each product is used within its SPLA use rights, particularly the rules around multi-tenancy, customer data isolation, and the distinction between "hosted services" (permitted) and "internal use" (not permitted under SPLA). Internal use requires a separate EA or CSP licence. See our Licensing Metrics Guide.
Subscription management. Ensure every user consuming a Microsoft cloud service has an active CSP subscription of the correct tier. Monitor licence assignment to prevent over-provisioning (wasted cost) and under-provisioning (compliance gap).
NCE commitment tracking. Track annual commitment terms, cancellation windows, and auto-renewal dates to prevent unwanted renewals and manage customer churn within the commitment framework.
Azure governance. If the hosting provider manages Azure subscriptions on behalf of CSP customers, Azure consumption governance (spending limits, resource tagging, reservation management) is a compliance and financial management requirement. See our Negotiating Azure Commitments Guide.
The majority of hosting providers operate both SPLA and CSP simultaneously, and for good reason. SPLA covers the on-premises infrastructure (Windows Server, SQL Server, RDS on the provider's hardware), while CSP covers cloud subscriptions (M365, Dynamics 365, Azure) and increasingly covers server products deployed on the same infrastructure.
The hybrid model works well when there is a clean separation: SPLA for on-premises hosted infrastructure (dedicated servers, shared hosting platforms, RDS farms), CSP for cloud subscriptions (M365, Azure) and customer-specific server subscriptions on dedicated infrastructure. In this model, the SPLA and CSP licences cover different products or different infrastructure with no overlap and no confusion. The compliance architecture is straightforward: SPLA reports cover the on-premises infrastructure, CSP subscriptions cover the cloud services, and the two do not intersect.
The hybrid breaks when SPLA and CSP licences cover the same product on the same infrastructure, which happens when a hosting provider deploys Windows Server or SQL Server on shared infrastructure using SPLA for some customers and CSP server subscriptions for others. The compliance questions become complex. Which cores are covered by SPLA and which by CSP? If a VM migrates between hosts (DRS/vMotion), does the SPLA or CSP licence follow it? Can a host be partially SPLA-licensed and partially CSP-licensed? These questions do not have clean answers in Microsoft's documentation, and auditors will ask them.
The other failure point: customer BYOL (Bring Your Own Licence). Customers with their own Enterprise Agreement and active Software Assurance can exercise Licence Mobility to deploy their own licences on the hosting provider's infrastructure, but only if the hosting provider is an authorised Licence Mobility partner. Tracking which servers run SPLA licences, which run CSP subscriptions, and which run customer BYOL licences on the same shared infrastructure requires rigorous documentation that most hosting providers do not maintain and that auditors specifically request.
Hosting providers running hybrid SPLA/CSP with customer BYOL must maintain three-layer compliance tracking: SPLA monthly reports covering provider-licensed on-premises workloads, CSP subscription records covering cloud and CSP server-subscription workloads, and BYOL documentation covering customer-owned licences deployed on provider infrastructure. Each layer requires different tracking mechanisms, different reporting cadences, and different audit defence documentation. Most compliance failures occur at the boundaries between layers, where a workload that should be reported under one programme is incorrectly attributed to another or missed entirely.
Microsoft's strategic direction is unambiguous: the company is investing in CSP and Azure as the primary licensing channels for all scenarios, including hosting. SPLA is not being discontinued (it remains essential for on-premises hosting use cases), but Microsoft is systematically making CSP more attractive through pricing, features, and programme benefits that SPLA does not receive.
SA-equivalent benefits in CSP. CSP server subscriptions include Licence Mobility and Azure Hybrid Benefit, benefits unavailable under SPLA. This single difference can make CSP 20 to 40% cheaper than SPLA for SQL Server in virtualised environments.
NCE pricing parity. NCE aligns CSP pricing across channels, reducing the pricing advantage that SPLA historically held for server products.
Azure migration incentives. Microsoft offers Azure credits, migration tools, and free Extended Security Updates on Azure, all of which benefit CSP-linked Azure deployments and none of which apply to SPLA on-premises deployments.
Audit enforcement. Microsoft continues to invest in SPLA audit programmes while CSP's automated tracking reduces audit necessity, a structural shift in enforcement attention.
Any new service development should default to CSP unless there is a specific technical or commercial reason requiring SPLA. Existing SPLA-licensed environments should be evaluated for CSP migration where the economics and operational model support it. SPLA should be retained only for use cases where CSP cannot technically serve the requirement, primarily on-premises RDS hosting and multi-tenant shared infrastructure with highly variable monthly usage. See our SPLA to CSP Migration Guide for the complete transition framework.
The programme choice should be driven by your hosting model, not by historical inertia or partner relationship convenience.
| Hosting Model | Recommended Programme | Rationale |
|---|---|---|
| Traditional shared hosting (multi-tenant Windows/SQL on provider infrastructure, high customer turnover, monthly billing) | SPLA | Monthly flexibility essential, multi-tenant licensing designed for SPLA, CSP annual commitment conflicts with customer churn |
| Dedicated managed hosting (single-tenant servers per customer, long-term contracts, stable core counts) | CSP server subscriptions | Stable environments suit annual commitment, SA-equivalent benefits reduce SQL Server virtualisation cost 20 to 40%, lower audit risk |
| Hosted desktop / RDS (session-based desktop or RemoteApp on provider infrastructure) | SPLA | Only programme supporting on-premises RDS hosting with SALs, CSP equivalent (AVD) is Azure-only |
| Cloud-first MSP (M365/Azure/Dynamics resale with light on-premises infrastructure) | CSP primary, minimal SPLA | Core business is cloud subscription management, SPLA only for residual on-premises services |
| SaaS provider (proprietary application hosted on Microsoft stack) | SPLA or CSP depending on infrastructure | On-premises SaaS platform = SPLA; Azure-hosted SaaS = CSP/Azure direct; evaluate per deployment model |
If your analysis suggests migrating from SPLA to CSP for some or all server products, the migration requires careful planning. Timing: align with your SPLA agreement anniversary. SPLA is a 3-year agreement with annual renewals, and the optimal migration point is at renewal. Customer communication: if you are changing the underlying licensing model, customer contracts may need updating, particularly if your hosting agreement references SPLA-specific terms. Compliance gap management: during the transition, ensure no server is unlicensed in the gap between SPLA cancellation and CSP activation. Parallel operation: plan for a 3 to 6 month parallel period where both SPLA and CSP are active for different parts of the infrastructure, with clear documentation of which programme covers which servers.
The SPLA-to-CSP migration is not a simple licence swap. It is an architectural change in how you license, report, and maintain compliance for your hosting operations. The financial benefit can be substantial (20 to 40% cost reduction on SQL Server alone), but the migration must be planned and executed with the same rigour as any infrastructure migration. See our SPLA to CSP Migration Guide for the phased implementation framework.
The SPLA vs CSP decision affects every server, every customer, every monthly invoice, and every audit exposure. A single programme mistake compounds across the entire infrastructure. For hosting providers with annual Microsoft licensing costs exceeding $200K, independent advisory delivers immediate returns.
Programme cost modelling. Redress Compliance builds detailed cost models comparing SPLA, CSP, and hybrid architectures for your specific infrastructure and customer mix. We model the unit economics for every product, every hosting model, and every customer engagement type, including the hidden costs (audit risk, administrative overhead, version management) that internal teams typically miss.
Audit risk assessment. We identify current SPLA compliance gaps before Microsoft's auditors find them. Our SPLA compliance reviews follow the same methodology that Microsoft's audit firms use, but with the critical difference that our findings are privileged and do not flow to Microsoft. Remediation before audit is dramatically cheaper than remediation during audit.
Migration planning. For SPLA-to-CSP transitions, we design the migration architecture: which workloads migrate, which retain on SPLA, the phased timeline, the compliance gap management plan, and the customer communication strategy. Our migration plans maintain continuous compliance throughout the transition period.
SPLA audit defence. When Microsoft initiates an SPLA audit, we manage the process from initial response through final resolution. Our audit defence methodology includes scope management, methodology challenge, line-by-line finding review, and settlement negotiation. See our SPLA Audit Defence Service.
"The SPLA vs CSP decision is not a preference. It is a structural commitment that determines how you license every Microsoft product you deliver to customers, how much you pay per unit, how you are audited, what compliance risks you carry, and whether your margin architecture survives the next Microsoft pricing change. Most hosting providers made this decision years ago and have not revisited it, even as Microsoft has systematically shifted incentives toward CSP."
No. EA licences are for internal use only. They cannot be used to provide services to third-party customers, even if you own the infrastructure. If you deploy Windows Server or SQL Server on your hardware and customers access those services, you must licence through SPLA, CSP server subscriptions, or the customer's own licences via Licence Mobility (which requires the customer to have active Software Assurance and you to be an authorised Licence Mobility partner). Using EA licences for hosting is one of the most common and most expensive compliance findings in Microsoft audits of hosting providers. The distinction between "internal use" and "external hosting" is rigid: if an external party accesses the workload, EA cannot cover it. See our Licensing Across Programmes Guide.
Microsoft has not announced SPLA discontinuation, and there is no indication that SPLA will be retired in the near term. SPLA remains essential for use cases that CSP cannot serve, particularly on-premises RDS hosting, multi-tenant shared infrastructure with monthly variability, and hosting providers who need the monthly flexibility that NCE-governed CSP does not provide. However, Microsoft is clearly investing in CSP as the strategic channel: CSP receives SA-equivalent benefits, pricing parity, and programme enhancements that SPLA does not. The practical implication is that SPLA will likely remain available but become progressively less competitive relative to CSP for use cases where both programmes can serve. Hosting providers should treat SPLA as a legacy programme for specific use cases, not as a default licensing strategy.
Customers with their own Windows Server or SQL Server licences and active Software Assurance can deploy those licences on your hosting infrastructure through Licence Mobility, regardless of whether your infrastructure is licensed under SPLA or CSP. The hosting provider must be an authorised Licence Mobility partner. The customer submits a Licence Mobility verification form to Microsoft, and once approved, their licences cover the deployment on your infrastructure. You do not need to report those workloads under SPLA or purchase CSP subscriptions for them. The compliance requirement: maintain documentation of which customer licences cover which servers, ensure the customer's SA remains active (if SA lapses, Licence Mobility terminates and you must licence the workload under SPLA or CSP), and track Licence Mobility verifications with expiration dates.
SPLA is a rental programme. You do not own the licences. When you stop reporting a product under SPLA (because it is now covered by CSP), you stop paying for it. There is no asset to transfer, no licence to convert, and no credit for prior SPLA payments. The migration is a clean switch: deactivate SPLA reporting for the affected servers, activate CSP subscriptions for the same servers, ensure there is no gap in coverage between the two. The SPLA agreement itself remains active for any products you continue to report under it. You can run both programmes simultaneously. The agreement does not require exclusivity. See our SPLA to CSP Migration Guide.
For any hosting provider with annual Microsoft licensing costs exceeding $200K, independent advisory delivers immediate returns. An advisor provides programme cost modelling comparing SPLA, CSP, and hybrid architectures for your specific infrastructure and customer mix, audit risk assessment identifying current SPLA compliance gaps before Microsoft's auditors find them, migration planning for SPLA-to-CSP transitions that maintain continuous compliance, customer BYOL governance ensuring Licence Mobility documentation is audit-defensible, and negotiation support for SPLA renewal terms and CSP partner agreements. At Redress Compliance, hosting provider licensing is one of our deepest specialisms. We defend SPLA audits, architect CSP transitions, and optimise hybrid programmes across the full Microsoft stack.
Redress Compliance audits your current SPLA/CSP programme structure, models the cost-optimal licensing architecture for your hosting model, identifies compliance gaps, and negotiates programme terms. Complete vendor independence. Fixed-fee engagement.
Microsoft Contract NegotiationIndependent SPLA/CSP advisory. Programme cost modelling. Audit risk assessment. Migration planning. SPLA audit defence. 100% vendor-independent.