Auditors do not just count your SAL totals, they ask you to prove who each one belongs to. Customer mapping is how you answer.
Every Subscriber Access License you report should point to a real, named customer. When a SPLA audit opens, the auditor does not just count your SAL totals, they ask you to prove who each block belongs to. Customer mapping is the practice that turns a raw number into a defensible one. This top of funnel article explains why mapping matters and how to keep a register that survives the 36 month lookback.
Customer mapping links each reported SAL or capacity count to a specific external customer and the contract that covers them. It answers three questions the auditor will ask: who used the software, under what agreement, and for how long. Without that link, your totals are just assertions, and an auditor faced with assertions tends to assume the higher number.
A Big Four firm conducting the audit under the MBSA audit clause has broad authority to request customer contracts and usage logs. They use the mapping to test two things. First, that you reported everyone who had access, which catches under reporting. Second, that the customers you mapped are real and bounded, which stops a single shared environment from being counted many times. A clean mapping protects you in both directions.
| Customer | Product | Reported unit | Tenant boundary |
|---|---|---|---|
| Customer A | Remote Desktop Services | 140 SAL | Dedicated VLAN |
| Customer B | Windows Server Datacenter | 32 cores | Isolated cluster |
| Customer C | SQL Server Standard | 8 cores | Dedicated instance |
Back fees at the price file rate are not negotiable, but the penalty uplift of 25 to 125 percent is. A provider that can show every SAL mapped to a named customer with a documented boundary looks disciplined and reported in good faith. That evidence is exactly what moves an uplift toward the low end. Mapping is not only a compliance habit, it is leverage you build month by month.
Get the SPLA Audit Defense Guide for hosters, the buyer side reference our analysts use inside live engagements.
Download the SPLA Audit Defense GuideIf you would rather not face that alone, our SPLA reporting discipline team hardens your monthly reports so the lookback holds.
Weekly intelligence on Microsoft and SPLA audit moves and the buyer side defenses that work. Prefer to talk first? Ask us to Book a Strategy Call in your message above.