Of all the findings a SPLA audit can produce, unreported customer estate is the one that hurts most. SPLA is pay as you consume, and you report SAL or processor counts each month under the Services Provider Use Rights. When part of what you delivered to customers never made it into a monthly SAL report, every month it ran adds back fees at the price file rate, and because the gap looks ongoing rather than incidental, it draws a high penalty uplift. Across a 36 month lookback the arithmetic compounds quickly. This article explains how unreported estate arises, how an auditor finds it, and how to defend both the count and the uplift.
How estate goes unreported
Unreported estate is rarely deliberate. It is usually the residue of operations that moved faster than reporting. A few patterns recur across hosters.
- A customer was onboarded onto shared infrastructure but never added to the monthly SAL mapping
- A development or test environment was treated as internal when it actually served an external customer
- A product version was deployed that the reporting process did not track
- A multi tenant boundary was assumed rather than documented, so usage on the wrong side went uncounted
- Growth in an existing customer outran the reported SAL block and the increment was never trued up
Each of these is a reporting failure, not necessarily a licensing one. The software may have been perfectly licensable. The problem is that the monthly report does not reflect what ran, and in SPLA the report is the obligation.
How an auditor surfaces it
A SPLA audit is conducted by a Big Four firm under the audit clause in the Microsoft Business and Services Agreement, with authority to request deployment records, server configuration data, customer contracts, and usage logs. To find unreported estate, the auditor cross references these sources. Customer contracts reveal services you delivered. Server configuration and usage logs reveal what actually ran. Where a customer or a workload appears in the operational data but not in the monthly SAL reports, that is unreported estate, and the auditor will date it back across every month it can evidence.
Why it accrues on both axes
Unreported estate is expensive because it compounds in two directions at once. Down the time axis, each month in the 36 month lookback where the estate ran unreported adds its own back fees at the price file rate, and those back fees are not negotiable. Up the severity axis, a gap that persisted for many months reads as systematic rather than inadvertent, which pushes the penalty uplift toward the high end of its 25 to 125 percent range. So the same finding drives the fixed part of the demand wider and the negotiable part higher. The split between those two parts is explained in back fees versus penalty uplift in SPLA.
The defense: shrink the count, soften the character
A defense of unreported estate works on the two axes separately, because they respond to different evidence.
Verify and shrink the count
The auditor's reconstruction is a claim, not a fact, and it is frequently overstated. Workloads get attributed to the wrong customer, internal environments get counted as external, decommissioned servers get carried forward, and the same usage gets double counted across overlapping logs. Every one of these, once corrected with your own records, reduces the months and the units that drive back fees. The first defensive task is a rigorous reconciliation of the auditor's reconstruction against your operational truth.
Characterize the gap honestly and narrowly
The uplift turns on how the gap reads. Evidence that an omission was inadvertent, that it was confined to a specific customer or product, that it was corrected once noticed, and that your reporting was otherwise disciplined all argue for the low end of the range. The aim is to show a narrow, honest error inside an otherwise clean operation, not a pattern of under reporting.
A worked view of the two axes
The table shows how the same finding moves when each axis is defended. Figures are indicative and used only to show the shape of the defense, not to quote a real outcome.
| Axis | As presented | Defended |
|---|---|---|
| Months counted | full lookback | only evidenced months |
| Units per month | auditor reconstruction | reconciled to your logs |
| Uplift character | systematic, high end | inadvertent, low end |
| Direction of demand | maximized | defended down |
Indicative illustration of the two axis defense, not a quoted case.
Why records decide this before the audit starts
The reason reporting discipline is the structural defense is visible most clearly here. Monthly SAL reports submitted on time, sealed daily authentication counts, customer mapping for each reported SAL block, product version mapping, and documented multi tenant isolation are exactly the records that let you contest an auditor's reconstruction of unreported estate. A hoster with those records can show what ran and for whom, month by month. A hoster without them is reduced to arguing against the auditor's version of history with nothing to put in its place. For the broader reason the monthly structure makes SPLA unlike an end customer audit, see why SPLA audits are different from normal audits.
Move before the finding hardens
There is only a short window to correct a reporting mistake on your own terms, and once an audit has framed unreported estate, the reconstruction becomes the default that you must actively disprove. The earlier independent help reconciles your records against the auditor's claim, the more of the count comes off and the stronger the case for a low uplift. Waiting lets the auditor's version settle into the demand.
The next step
If an audit has raised unreported estate, or if you suspect there is estate you never reported, the work that protects you is reconciliation done early with someone who knows how auditors reconstruct the lookback. Book a Strategy Call and we will pressure test the auditor's count against your records and build the characterization that holds the uplift down. We work on a Fixed Fee from $18,000 or a Gainshare model that is a share of verified savings or avoided penalty, with zero retainer and no risk to you, and we reduce your exposure or we reimburse our service fee. The full mechanics sit in the SPLA Audit Defense Guide.
Disprove the reconstruction before it sets.
Book a Strategy Call and we will pressure test the auditor's count against your records and build the case that holds the uplift down.
Book a Strategy CallIf you want a second set of eyes first, our Microsoft audit defense service sits between you and the auditor from first letter to final settlement.