There is a moment in every audit when the auditor delivers a number. It arrives in a formal document, carries the weight of an accounting firm's name, and is presented with the quiet authority of a final result. For many customers that is where the audit ends, because the figure looks too official to argue with. This is exactly the response the process is designed to produce, and it is the wrong one. The first number is an opening position. It is the start of a negotiation, not the end of one, and the gap between the opening figure and the figure a customer actually settles on is routinely large. This article explains why the first value is almost never the final value, and how a buyer side defense closes that gap.
For the full method of defending an audit from letter to settlement, the Microsoft Audit Survival Guide sets out the landscape. Here we focus on the single most important principle: the first number is negotiable.
Why the ELP is an opening position
In a formal end customer audit, the auditor produces an Effective License Position, the reconciliation of what you have deployed against what you are entitled to. The ELP is not a neutral measurement handed down by a referee. It is built from data and assumptions, and where those assumptions are uncertain they tend to resolve in Microsoft's favor. Editions default to the higher cost option. Entitlements you hold but have not surfaced are not credited. Deployments that are dormant or decommissioned are counted as live. Each of these choices pushes the position upward, and the sum of them is an opening figure that overstates what you genuinely owe.
The first number carries the weight of an accounting firm's name. It does not carry the weight of a final result. It is an opening position, and it is meant to be challenged.
Crucially, the ELP is negotiated after the report is delivered. The report is the beginning of that conversation. A customer who signs off on the first version accepts every assumption baked into it. A customer who treats it as a draft to be tested recovers the value those assumptions removed.
The same is true for hosters
On the hoster side, a SPLA audit produces its own finding, and the same principle applies with one important distinction. A SPLA finding has two parts. Back fees at the price file rate are not negotiable, so there is no room to argue the rate itself. But the size of the back fees depends on the reported quantities, which are challengeable, and the penalty uplift, which ranges from 25 to 125 percent, is fully negotiable. So even where part of the number is fixed, the components that drive its size are open to challenge, and accepting the first finding hands over both the disputable quantities and the negotiable uplift without a word.
Why SAM tool output does not settle it either
Some customers believe a clean internal number protects them, and that if their own SAM tool says they are compliant, the auditor's figure must be wrong and will simply be corrected. It is not that simple. Microsoft uses its own counting methodology and its own data, drawn from Azure, Microsoft 365, and management tooling, and Microsoft's calculation governs. A clean SAM tool result is useful evidence, but it does not automatically override the auditor's position. The point is not that your number wins by default. It is that neither number is final until the two are reconciled, and that reconciliation is the negotiation. The first figure the auditor presents is simply their side of a conversation that has not happened yet.
A worked illustration
Consider an end customer presented with an opening ELP. The figures here are indicative and used only to show how the position moves once it is tested.
| Stage | Exposure | What changed |
|---|---|---|
| Opening ELP as delivered | 100 | Auditor assumptions all in Microsoft's favor |
| Surface held entitlements | 78 | Rights the customer held but had not credited |
| Remove dormant and decommissioned | 64 | Systems counted as live that were not |
| Correct edition mapping | 52 | Higher cost defaults reset to actual use |
The same audit moves from an opening exposure of 100 to a defended position of 52 without disputing a single genuine shortfall. Nothing here is evasion. It is the correction of assumptions that were never accurate, made visible only because the customer refused to treat the first number as the last.
How a buyer side defense challenges the first number
Challenging an opening position is methodical work, not argument for its own sake. It rests on rebuilding the position from evidence and meeting the auditor's number with a defensible one.
Where this leaves you
The first audit value is engineered to look final. It is delivered formally, backed by a respected name, and presented as a result. None of that makes it the number you owe. The Effective License Position is an opening position negotiated after the report, a SPLA finding has challengeable quantities and a negotiable uplift, and Microsoft's calculation, while it governs, is still met by a defensible counter position. The customers who pay the most are the ones who accept the first figure. The customers who pay what they actually owe are the ones who treat it as the start of the work, not the end.
To see how to test an opening number from first letter to final settlement, download the Microsoft Audit Survival Guide and use it to pressure test any figure an auditor puts in front of you.
If the timeline is already running, our Microsoft audit defense team manages every exchange with the auditor on your behalf.