Reconciling deployment against entitlement is the heart of an Effective License Position. Done first, on your own terms, it is the single most effective way an end customer can shape a Microsoft audit before Microsoft sets the number.
Every Microsoft audit, whatever route it takes, ends in the same calculation: what you have deployed, measured against what you are entitled to use. The gap between the two is your exposure. Microsoft will perform this reconciliation its own way, with its own data and its own counting rules, and present the result as an Effective License Position. The most powerful move available to an end customer is to do that reconciliation first, accurately, so you walk into the audit knowing your real position rather than learning it from the auditor. This article explains how the reconciliation works and how to build one that holds up.
What reconciliation actually compares
Reconciliation sets two pictures side by side. On one side is deployment, everything you actually have installed and in use, across servers, devices, and cloud services. On the other side is entitlement, everything you are licensed to use under your agreements, purchases, and subscriptions. The Effective License Position is the net of the two, product by product, showing where you are covered, where you have surplus, and where you are short. The shortfalls are the exposure, and they are what an audit is built to find.
Why Microsoft's number is not the only number
It is tempting to assume that once Microsoft produces an ELP, the figure is settled. It is not. Microsoft uses its own counting methodology and draws on its own data from Azure, Microsoft 365, and management tooling, and that calculation can differ from a clean reconciliation built from your records. The auditor's first figure is an opening position. A customer who has done its own reconciliation can compare the two line by line, find where the methodologies diverge, and challenge the differences on evidence rather than accepting a single number on trust.
This is also why a SAM tool output is not audit defense. A tool can produce a tidy internal ELP, but Microsoft's calculation governs, and the two will not always agree. The defense is not a tool result, it is a reconciliation you understand well enough to defend.
Building the deployment side
The deployment picture has to be complete and current, because anything you miss, the auditor will find and count against you. The core sources are consistent across most estates.
- Installed software inventory across servers and devices, with versions and editions
- Cloud service consumption from Azure and Microsoft 365, where telemetry already reflects usage
- Virtualization and clustering detail, which drives how server products must be counted
- User and device counts for products licensed on those metrics
The aim is a deployment picture that matches what Microsoft can already see through its own telemetry, so there are no surprises that hand the auditor an easy finding.
Building the entitlement side
Entitlement is often the messier side, because it accumulates over years through different agreements and purchasing channels. A complete entitlement picture pulls together everything you are licensed to use.
- Volume licensing agreements and the purchases recorded under them
- Subscriptions and their current seat or capacity counts
- Rights carried by active Software Assurance, including version and mobility rights
- Prior entitlements that still apply, which are easily overlooked and often reduce a finding
Overlooked entitlement is a common and expensive error, because it understates your own coverage. A thorough entitlement picture frequently closes part of an apparent gap before any negotiation begins.
A worked reconciliation
The mechanism is straightforward once both sides are complete. For each product, set deployment against entitlement and read the net.
| Product | Deployed | Entitled | Net position |
|---|---|---|---|
| Server product A | 120 | 140 | Surplus of 20 |
| Server product B | 90 | 75 | Short by 15 |
| User product C | 500 | 500 | Balanced |
Indicative. Real reconciliation depends on your products, editions, virtualization, and the rights in your agreements.
The short position on product B is the exposure. Knowing it before the audit means you can decide how to address it, whether by surfacing overlooked entitlement, correcting the deployment, or preparing to negotiate, rather than first hearing about it in the auditor's report and the 125 percent pricing that can follow a finding.
The next step
Reconciliation is the foundation of every Effective License Position, and doing it first is the foundation of a controlled audit. The full method is in our pillar, the Effective License Position Guide. To go further, read the Effective License Position guide and why a SAM tool ELP is not audit defense. Download the guide below for the full reconciliation method and the data sources behind it.
If an auditor is already asking questions, our Microsoft audit defense team manages every exchange with the auditor on your behalf.
Know your real position before Microsoft sets it.
Get the Effective License Position Guide and the reconciliation method that shapes the audit on your terms.
Download guide