Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 91
  • Last Modified:

Microsoft Audit question

We are trying to find out if I.T.  should tell management that Microsoft or any other software company can legally come to their place of business at any time and demand to do their own audit to get a count on their software?

Is this true? Has anyone ever been audited.
0
regsamp
Asked:
regsamp
  • 5
  • 4
  • 2
  • +1
3 Solutions
 
☁ François Peroux ☁Infrastructure ConsultantCommented:
Hello,

I had couple of clients who had been audited by Microsoft. It's not someone who come physically to your place but they invite you to give them all the information about your licences.

They can do it, and legally.
0
 
regsampAuthor Commented:
I have heard that but what if you do not participate in the invite, can they then legally require you to allow them to remote into the network or physically come to the site to do an audit?
0
 
☁ François Peroux ☁Infrastructure ConsultantCommented:
They'll never come to your place or take control of your servers/computers.

They'll insist for you to fill the forms they send you, calling you, sending email (like everyday or couple times per week).
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
John HurstBusiness Consultant (Owner)Commented:
I think you need to allow them to come in to audit (yes, they can do this).

Do not let them remote in.
1. You do not know who is on the other end.
2. You cannot audit paper records (often needed) by using remote access.
0
 
regsampAuthor Commented:
But couldn't someone just fudge the forms? That is how Microsoft takes a count? Then how do people get fined if there is not a way for Microsoft to confirm physically?
0
 
John HurstBusiness Consultant (Owner)Commented:
It is pretty easy to spot fudged forms. And Microsoft is entitled to check with the vendor of the software and computers list on the invoices.
0
 
regsampAuthor Commented:
I see. I was just trying to get a general picture of how it worked. Our environment is in total compliance but there was a debate on what to tell management about the specifics and how it works exactly and I am unclear myself.
1
 
Dustin SaundersDirector of OperationsCommented:
It depends on how you do your licensing, but for example, two of my companies that are Microsoft SPLA have been audited and it was a 2-3 month process, we did have auditors on site for a few days and had to present our licensing to them with proof collected from the environment using their tools.

If you have any licensing issues, they will bill you for them.  They do have the right to do this per your license agreement with Microsoft (that long EULA you click ok on when you install it) and especially if you are SPLA.
1
 
John HurstBusiness Consultant (Owner)Commented:
If you are in complete compliance (as are my clients) it is generally easy to lay out the necessary paperwork, help them through it and bid them good day.
1
 
regsampAuthor Commented:
Thank you for that Dustin. That is how we do our licensing. Thank you everyone else.
0
 
Dustin SaundersDirector of OperationsCommented:
@regsamp - np, good luck.

Be sure to look through all your active directory users, installed licenses to make sure everything is good.  You have time to fix problems before the audit starts, but when it starts if they find an error you will get billed for that item back to the start of your current SPLA contract regardless of when the item was turned up (i.e.3 year contract & if you have an instance of SQL server you turned up yesterday and you didn't report it, they will bill you for 3 years of that SQL server.)

We have a very large infrastructure here and at my previous company, and both times we enlisted SPLA attorneys to help with the audit.  We were able to avoid any penalties from Microsoft both times, but if your company is large enough you may consider that.
0
 
regsampAuthor Commented:
The experts were quick and gave great advice and insight.
1
 
John HurstBusiness Consultant (Owner)Commented:
Thanks and we are happy to help.
1

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now