Audit Readiness and Governance · End customer

Documenting entitlements that hold up

Published March 20, 2026Updated May 28, 2026Track End customerReading 11 minutesLevel Intermediate

In an audit, an entitlement you cannot prove is an entitlement you do not have. The difference between exposure and a clean finding is often documentation, not deployment. This is how to record Microsoft licensing entitlements so they survive a formal audit, a self verification, or an EA true up.

When an audit goes badly, the cause is rarely that the organisation was genuinely under licensed. More often it owned the rights all along but could not produce the proof in the form the auditor would accept. A volume license agreement that nobody can locate, a downgrade right asserted from memory, a transfer that was never documented when a business unit was acquired, all of these are real entitlements that vanish the moment they have to be evidenced. The auditor counts what you can prove, not what you believe you bought. Documentation is therefore not administrative housekeeping. It is the part of your licensing position that decides how much of it actually counts.

This article sets out what a defensible entitlement record contains, where entitlements quietly fall out of the record, and how to build documentation that holds up when it is tested. It sits in the audit readiness and governance cluster and extends the Effective License Position guide, which covers how entitlement and deployment are reconciled into a position you can stand behind.

Why proof, not purchase, sets your position

A formal audit runs through a third party accounting firm under the audit clause in your agreement. A self verification is a contractual demand under the same agreement that you cannot decline. In both cases the auditor builds an Effective License Position by reconciling what you deployed against what you are entitled to, and the entitlement side of that reconciliation is only as strong as the records behind it. Microsoft uses its own counting methodology and its own data from Azure, Microsoft 365, and management tooling to establish deployment. You hold the burden of evidencing entitlement. If you cannot show the document that grants a right, that right is not in the calculation, and the gap it would have closed becomes exposure.

The auditor does not count what you own. The auditor counts what you can put in front of them.

This matters because of where the contract sets the cliff. Under the standard clause, if unlicensed use reaches 5 percent or more of total use, the customer reimburses Microsoft's verification costs and acquires the licenses at 125 percent of the current price. Entitlements that exist but cannot be proven are the easiest way to cross that 5 percent line by accident. Documentation that holds up is the cheapest way to stay below it.

What a defensible entitlement record contains

A record that holds up does more than list a quantity. It ties each right to a source, a date, and the scope it applies to, so the auditor can follow the chain without your help. For each product, the record should carry the following.

  • The source document: the agreement, amendment, order, or purchase that grants the right, stored where it can be produced, not described from memory.
  • The quantity and metric: how many licenses, counted in the unit Microsoft uses for that product, whether that is cores, users, devices, or instances.
  • The effective dates: when the right began and, where relevant, when it ends, so coverage can be tested for any point the auditor examines.
  • The applied rights: the downgrade rights, license mobility, and credits you rely on, each tied to the entitlement that grants them rather than assumed.
  • The scope and any transfers: which entities and which environments the right covers, including any movement of licenses through acquisitions, divestitures, or internal reorganisation.

The test for any record is simple. Could an independent reviewer who has never met your team confirm the right from the documents alone, without a single conversation with you. If the answer needs a phone call, the record is not yet audit ready.

Where entitlements fall out of the record

Entitlements rarely disappear in a single event. They erode through ordinary business activity that nobody connected to licensing at the time. The most common leaks are predictable, which means they can be closed.

LeakHow it happensWhat it costs in an audit
Mergers and acquisitionsAcquired licenses are never mapped into the parent record or formally transferredReal rights cannot be claimed, inflating the deployed gap
Asserted downgrade rightsAn older version is run under a newer entitlement, but the right is never written downThe deployment looks unlicensed because the link is not evidenced
Lost agreementsA prior agreement is superseded and the old paperwork is discardedHistoric entitlement for the lookback period cannot be shown
Metric driftCounts are kept in a unit that does not match Microsoft's metric for the productThe record cannot be reconciled to the auditor's calculation without rework

Each of these is a documentation failure, not a buying failure. The organisation paid for the right. It simply lost the ability to prove it, and an unprovable right is worth nothing at the moment it is tested.

Building documentation that survives a test

Defensible records are built the same way the rest of audit readiness is built, through ownership and routine rather than a one off cleanup. Four steps make the record durable.

1
Centralise the sourcesHold every agreement, amendment, and order in one controlled place, so no entitlement depends on a document only one person knows how to find.
2
Map rights to Microsoft's metricsRecord quantities in the unit Microsoft counts for each product, so the entitlement side reconciles cleanly against the deployment side without translation under pressure.
3
Document the movesCapture transfers, acquisitions, and downgrade rights at the moment they occur, in writing, rather than reconstructing the chain years later when the auditor asks.
4
Test the record against the positionEach reconciliation cycle, confirm that every right claimed in the position can be traced to a source document. Anything that cannot is a gap to close before the notice arrives.

The discipline that makes this hold is the same one behind a quarterly reconciliation. Changes get captured when they happen, ownership is clear, and the record is tested before it has to perform. The reward is that when a formal audit or a self verification lands, the entitlement side of your position is already proven, and the negotiation starts from your floor rather than the auditor's ceiling.

From defensible records to a defended position

Good documentation wins the parts of an audit that are decided before any argument begins. But records on their own do not negotiate the report, challenge the auditor's deployment data, or separate a genuine shortfall from a counting choice that can be contested. That is where buyer side defense earns its place. We help you build entitlement records that hold up, then use them to anchor the response when the Effective License Position is on the table, so every right you actually own is counted and every figure the auditor asserts is tested.

Our guarantee stands behind the engagement: we reduce your exposure or we reimburse our service fee. Pricing is a fixed fee from $18,000, or gainshare, a share of the verified savings or avoided penalty with zero retainer and no risk to you. If you are heading into an audit, a self verification, or a true up and you are not certain your entitlement records would survive a test, the most useful next step is a conversation about where the gaps are.

If this is live on your desk right now, our Microsoft audit defense service sits between you and the auditor from first letter to final settlement.

Keep reading
The Effective License Position guide Standing audit readiness for Microsoft Reconciliation as a quarterly habit

Would your records survive a test?

Book a strategy call and we will pressure test your entitlement documentation against how an auditor would read it, then show you where the provable gaps are.

Book a Strategy Call
Get a Quote · Book a Strategy Call · The Audit Brief · About · Pricing · Blog · Contact · Privacy · Terms · New York · London Not affiliated with Microsoft Corporation. Independent buyer side advisory only.