The Good, the Bad, and the Ugly of Microsoft SPLA

Updated: Feb 23, 2021

The Good

Immediate savings opportunities are available through optimization. Because Microsoft’s Service Provider Licensing Agreement (SPLA) licenses are non-perpetual and operate under the pay-as-you-go model based on monthly usage, you can make some simple changes to your environment that take advantage of unlimited virtualization rights and dramatically reduce your SPLA reporting. For example:

  • Unlimited virtualization rights with SQL Enterprise. Are you licensing all your SQL Servers at the virtual machine level? Try assessing whether you can establish designated SQL server clusters or restricting SQL Servers to specific hosts to reduce movement of SQL Servers across your environment. License those host machines with the SQL Server Enterprise edition for unlimited SQL Server virtualization.

  • Unlimited virtualization rights with Windows Server Datacenter. Are you licensing physical stand-alone servers with Windows Server Standard? Try assessing whether you can migrate those physical machines into virtual machines. License the underlying host with Windows Server Datacenter for unlimited virtualization.

  • Clean-up of user accounts. Try monitoring accounts that have not been recently used and move them to a disabled account status if they’re no longer needed. It doesn’t matter whether a customer is paying for a user account or not: if the account is enabled, it requires a license.

The Bad

Calculating accurate usage reports monthly is challenging. An SPLA requires a hoster to calculate their usage every month which can be very cumbersome, and there are not a lot of great tools to assist with this process. Misreporting is common, so watch out for these top five compliance risks:

  • Reporting user logins rather than enabled accounts. An SPLA requires a user to be licensed if they have access to the hosted products, whether they log into the environment or not.

  • Counting actual cores consumed without adjusting for the minimum core requirement. Windows server must be licensed for a minimum of eight cores per processor, and SQL Server must be licensed for a minimum of four cores per processor, whether or not the actual number of cores consumed is less.

  • Correctly designating internal-only versus SPLA machines. It is common for hosters to mix internal-only and customer-facing servers in the same environment. Hosters may want to license those internal-only servers with MPN (Microsoft Partner Network) licenses or other licenses from another agreement. This is permissible if those machines do not support the hosted environment in any way. A general rule of thumb: if a server were to be removed from the environment and break the hosted service offering, that server needs to be licensed under SPLA.

  • Reporting the wrong edition of Microsoft Office. Microsoft Office doesn’t allow for down-edition rights. So, if you’ve installed and host Office Standard, but you report Office Pro (a more expensive edition), your licenses are not valid for the users with access to Office Standard.

  • Permitting customer-provided licenses without being an Authorized Mobility Partner. Customers often have unused qualifying licenses (i.e., they must carry Software Assurance with the license) that they want to bring to a hosted environment. This is only permissible if the hoster signs an addendum to their Microsoft SPLA and makes the customer complete a verification form which must be signed by Microsoft. Otherwise, the hoster is still on the hook for those licenses.

The Ugly

The financial consequence of an SPLA audits can be devastating. Because it is so difficult to accurately report SPLA usage monthly, and mistakes are so common, Microsoft has a very robust SPLA audit program. It is typical for an SPLA partner to undergo an audit about every three years. These audits can be financially ruinous to customers for these reasons:

  • License shortfalls are calculated historically. This means, for example, if it is discovered that you misreport a SQL Server for less cores than what’s required, the audit report will calculate that shortfall monthly back to the point of origination. If the origination date cannot be determined, then the auditor may extrapolate the error rate back to the beginning of the audit report (typically 60 months).

  • No credit is provided for a license surplus in a product group to offset a license shortfall in a different product group. For example, if you have a license shortfall in Windows Server, but you identified that you have been over-reporting in SQL Server, Microsoft will not give you credit in your audit report for the value of the over-reporting.

  • Audit findings are subject to a 25% penalty. The total value of the license shortfalls identified in the audit report will be subject to an additional 25% fee.

Julie Ellington is Senior Manager of SAM & Compliance Services at ClearEdge.

To learn more about our self-audit and optimization services that help save money and reduce risk, check out our compliance content Here, or contact your ClearEdge representative today.