MICROSOFT SAM RISKS OVERVIEW
There is a considerable amount of risk with using Microsoft software that many organizations may not be cognizant of. These can include risks from both a licensing and a deployment perspective, all of which serve to either drive revenue or to enhance Microsoft’s position in the market. Many of these relate to migrating software to the cloud, so they’re especially relevant as organizations shift to these environments.
In this Microsoft report, we identify the top five SAM areas that ClearEdge consistently helps its clients work through with Microsoft to mitigate risk and protect against long-term financial cost. The Microsoft SAM risks that are addressed in this report include:
1. Microsoft Enterprise-Wide Server and Cloud Enrollment (SCE) Commit
Server and Cloud Enrollments (SCE) are a specific type of Microsoft agreement which many organizations use to purchase Core Infrastructure Server Suite, SQL Server, and other products through. What many Microsoft customers are not aware of is that this agreement often requires coverage of all deployments of these products under the SCE specifically. This ultimately results in a failure to license all deployments under this agreement, leading to compliance violations. This section explains how Microsoft customers can easily mitigate this risk at the time of license purchase to prevent costly audit fees down the road.
2. Microsoft E5 Tenant-Wide Commit
One of the main risks when customers purchase M365 E5 from Microsoft is that some features trigger a tenant-wide feature enablement, and therefore a tenant-wide license requirement. Microsoft E5 customers who have a mix of license types (i.e., F3, E3, & E5) all in the same tenant are exposed to this risk, as there are features within the higher editions (E5) that do not limit access to licensed users only. This section explains how features like Active Delivery can help Microsoft customers mitigate this costly risk.
3. Microsoft Cloud Provider License Restrictions
There are several restrictions on licensing deployed in the Cloud (i.e., AWS, Azure, Google, etc.). This applies to key products such as Windows Server, SQL Server, MSDN, as well as many others. The restrictions vary between products, as some licenses can be utilized with these providers if the licenses have active software assurance, whereas some do not. This is a considerable risk for buyers as many organizations mistakenly assume that their licenses can all be utilized in cloud environments, leading to a false sense of compliance with their software licensing. This section why it's important to incorporate deployment usage and restriction protocols as part of the overall license deployment planning process.
4. Microsoft MSDN: Segregate Hardware
Microsoft licensing requires that organizations segment their production from their non-production environments at the hardware level. What this means is that any virtual servers that are utilized for non-production purposes (and licensed
as non-production) must not reside on the same physical server as a virtual server that is utilized for production purposes. This becomes an issue because it’s not always easy to identify the correct environment designation when monitoring deployments, leaving customers exposed in the event of a software audit. This section explains how Microsoft customers can segregate their environments to avoid costly true-ups, penalties, and additional fees.
5. Microsoft Old Deployment: Move to Online
When making the switch to M365, most organizations are making a move away from on-premise versions of Microsoft. While M365 includes access to the desktop applications, unless you are buying the “From Software Assurance (SA)” version of M365, you’ll need to deploy the click-to-run version of the Office applications. Organizations who neglect this detail can be hit with a large bill for on-premise deployments when auditors review their environment. This section details how Microsoft customers can review Microsoft Office deployments to identify instances of this compliance issue and mitigate the risks associated with it.
The best defense against a Microsoft audit is a strong software asset management function. Understanding the main tactics and pitfalls within Microsoft’s licensing will enable you to identify risk and optimize your environment before a Microsoft audit. If you’re under the threat of a Microsoft audit or want to stress test your SAM program now, contact us today to learn how our team of subject matter experts can help your organization.