How SPLA Monthly Reporting Works

SPLA is pay as you consume, and the report is the product. Every month a hoster measures usage, applies the Services Provider Use Rights, and submits a count to its reseller. Because the program verifies every monthly cycle across a 36 month lookback, the discipline of that monthly report is the whole compliance story. This top of funnel article explains how SPLA monthly reporting actually works so you can see where exposure is created.

The monthly cycle in plain terms

SPLA does not buy licenses up front. You deploy Microsoft software to external customers, you measure how much you used during the month, and you report it. The two common units are the Subscriber Access License, which counts users with access, and processor or core counts for products licensed by capacity. You report the peak usage for the month, not an average, and you report it whether the customer paid you or not.

How a single month is built

Measure. Capture the peak SAL count and the capacity counts for each licensed product across every customer environment.
Map to SPUR. Apply the current Services Provider Use Rights to decide what is licensable, which edition applies, and which components are included.
Map to customers. Tie each count to a named customer so the number is bounded and provable.
Submit. Send the report to your reseller inside the reporting window. Late or missing months are the single most common source of audit exposure.
Seal the evidence. Keep sealed daily authentication counts and the source data, because the auditor will ask you to prove the number you reported.

A simple monthly reconciliation

Product	Unit	Peak in month	Reported
Windows Server Datacenter	Cores	64 cores active	64 cores
Remote Desktop Services	SAL	320 named users	320 SAL
SQL Server Standard	Cores	16 cores active	16 cores
Microsoft 365 hosted apps	SAL	180 users	180 SAL

The reconciliation looks simple on one line, but the risk hides in the detail: a customer that grew mid month, a server that moved editions, or a component that was switched on for a trial and never counted.

Where under reporting and over reporting come from

Misapplied SPUR drives both. Under reporting is a compliance problem that surfaces as back fees and a penalty uplift at audit. Over reporting is a margin problem, because you pay for usage you never owed. A good monthly process protects both sides. It reports every licensable user and core, and it stops you paying for editions or components you did not actually use.

Why the monthly report is the defense

When a Big Four firm audits you under the MBSA audit clause, they rebuild your position from your data. If your monthly reports are complete, on time, mapped to customers, and backed by sealed counts, the auditor has little room to assume the worst. Reporting discipline is not paperwork, it is the structural defense against the 36 month lookback.

Take the full playbook with you

Get the SPLA Audit Defense Guide for hosters, the buyer side reference our analysts use inside live engagements.

Download the SPLA Audit Defense Guide

If the timeline is already running, our SPLA reporting discipline team hardens your monthly reports so the lookback holds.

Keep reading

SPLA reporting discipline as audit defense How monthly reporting drives SPLA exposure SPLA Audit Defense Guide for hosters The hoster readiness workbook