Microsoft SPLA Compliance Audit - How Not to be the Chosen One!


If you are a licensing manager or work for a managed service provider, being responsible for Microsoft licensing, you probably know about the Service Provider License Agreement (SPLA) compliance audit.

If you recently went through a compliance audit or are just nervous about being notified, I outlined several steps that managed service providers can take to arm themselves more efficiently and be compliant.

  1. Start planning your SPLA compliance documentation NOW.
    Compliance preparation is not always bad. It gives you an opportunity to clean house and get your ducks in line. Not only does it help you track Microsoft licenses, but it will also help you ensure you are not overpaying or underpaying for licenses.
  2. If you are running Microsoft software, you must license Windows. All Microsoft software runs on a Windows OS.
  3. If you are licensing SharePoint- SharePoint requires SQL and Windows.
  4. Reporting SharePoint Enterprise, you must license SharePoint Standard
  5. Installing MS Office on a server requires Remote Desktop (RDS) licenses. Office and RDS licenses should match (cannot have more Office licenses than RDS licenses)
  6. If you are a MSP and have customers bringing Microsoft licenses into your hosted environment you need to host it in a physical and dedicated server environment. (nothing shared among other customers)
  7. If you are reporting user licenses (SAL- Subscriber Access License) you need a license for each user that has access. For example, if you have 10 total users in the month of May and only 4 actually use or access that software, you must license all 10. SPLA user licenses are similar to your cable bill; your cable provider is going to charge you regardless if you turn your TV on or not.
  8. If MSP’s customer have owned licenses in the hosted environment, you must keep all relevant documentation. This includes enrollment information, start date, end date, and who they bought the licenses from.
  9. No virtualizing/streaming Windows desktop OS from a datacenter.
  10. Deploy Octopus Cloud scanners and monitoring tools in your datacenter. You can perform a Proof of Concept (POC).

We say this A LOT but it is worth repeating, do not look at SPLA reporting as a requirement by Microsoft. It needs to provide you insight into what is really happening inside your datacenter.

The bottom line is if you are reporting one-hundred dollars a month or one-million, don’t you want to make sure it is right?


Thanks for reading,


Back to Blog