Microsoft: No, it's not an audit
- 23 June, 2017 20:11
Microsoft is asserting that enterprise customers have the wrong idea about the asset management investigations its partners tout as a way to save money on software licensing.
"There is a misperception around Software Asset Management and Compliance Audits," Patama Chantaruck, the general manager for Microsoft's software asset management & compliance group, claimed in a post to a company blog last month that included the phrase "myth-busting" in its title.
Chantaruck was vague about what the "misperception" was, but implied that customers conflated the two different programs when she offered definitions of each, Software Asset Management, which goes by SAM, and licensing audits.
"Microsoft SAM programs are voluntary services designed around industry standards that help customers gain data insights, optimize licensing, minimize risks, and be more productive with their IT investments," Chantaruck said. "A compliance audit is a mandatory review of a company's use of Microsoft's products and services designed to help customers achieve and maintain license compliance and to protect Microsoft intellectual property rights [emphasis added]."
The idea that Chantaruck was worried about mixed-up customers was bolstered by a Microsoft-published FAQ on audits. To the question, "Some sources claim that Microsoft SAM and license compliance verification (commonly known as an 'audit') are the same. Is this correct?" the FAQ's reply was unequivocal. "No."
It's unclear what prompted Chantaruck's jeremiad, although she noted that she became aware of the confusion over the programs after meeting with partners to discuss SAM. Presumably, she was relating what partners had told her, that customers were wary of SAM because they thought it was another name for the invasive audits that Microsoft conducts and businesses fear.
Because Microsoft and its partners offer fee-based SAM services, concerns on the part of customers about their practices could easily dampen enterprise enthusiasm for the evaluations, and thus reduce revenue from SAM programs. And Microsoft clearly sees SAM as a money maker for its partners.
"The SAM opportunity in enterprise has never been bigger. Learn about Microsoft's plan for enterprise and industry accounts, and how you can build new revenue streams with SAM," states a description of one of several SAM-related sessions listed on the schedule for the upcoming Inspire conference in Washington, D.C. July 9-13. Microsoft Inspire is the renamed Worldwide Partner Conference, long the yearly massive meet-up of the firm's global partner network, on which Microsoft relies for much of its software and services sales.
One licensing expert, Wes Miller of Directions on Microsoft, had no insights into what triggered Chantaruck's blog post, but pointed out that SAM is not new. "It's existed for a long time," Miller said. "And there are very specific rules of engagement of SAM versus an audit," he added, echoing Microsoft's description of two completely different processes, one voluntary, the other mandatory.
Hold on a minute, countered Paul DeGroot, the principal of Pica Communications, a consulting firm that specializes in deciphering Microsoft's licensing practices and advising enterprises on handling software audits.
"The point of [Chantaruck's blog and the FAQ] is that Microsoft thinks nice language will somehow make customers happy to invite them in," DeGroot said in a lengthy email reply to Computerworld's questions. "No matter how nice [that invitation] is, even if you are fully compliant, these exercises generate a lot of overhead, and unless you hire someone full time to understand the licensing and read the contracts, which is also overhead, you're probably missing something."
Most of all, DeGroot disputed Microsoft's clean-cut separation between SAM and an audit, calling the company's efforts "more word play than substance."
"Microsoft has a continuum of audit levels," DeGroot said. "There's a self-audit, mentioned in some volume licensing contracts, where Microsoft sends them a form to fill out. There's a Microsoft-paid SAM engagement. There's a mandatory audit. If you elect to not do the first, you will get an 'invitation' to do the second. If you decline the second, you will get the third."
In DeGroot's experience, Microsoft sees an investigating continuum, with SAM -- those that Microsoft pays for -- but a step in the sequence that ultimately leads to an actual audit.
Not surprisingly, software licensing audits have a strong revenue-generating rationale, just as do, for instance, tax audits. "If Microsoft doesn't think [an audit] will pay off, they don't do it. Remember, they're paying the auditor and [those people don't] come cheap," DeGroot added.
In fact, even as Chantaruck decried what she characterized as a "misconception" about SAM and audits, elsewhere Microsoft linked the two.
"Customers who take licensing compliance seriously and have a robust internal Software Asset Management (SAM) process are likely to be better prepared for license compliance verifications," the FAQ read, substituting "license compliance verification" for the shorter "audit."
DeGroot's firm doesn't deal in SAM directly -- although it partners with vendors who do -- but it does perform functions that Chantaruck ticked off as SAM features, including license optimization and, thus, potential savings.
To prepare a client for an announced audit, said DeGroot, his team conducts a "mock audit" using the same tools Microsoft and the contracted accountant auditors deploy. "[We] get the customer cleaned up before a Microsoft auditor comes in," he said. "The customer may still owe Microsoft, but we do our level best to apply the rules in the optimal way for the customer. We may also suggest pre-emptive changes that, without spending more money, eliminate or reduce non-compliance."