When Microsoft proposes a Software Asset Management engagement, it is presented as a free optimization, a friendly look at your estate. What it actually produces is a map of your gaps and a pipeline of sales. The instinct to cooperate by handing over data is understandable, and it is the wrong first move. The disciplined move is to run your own internal assessment first, in private, and respond from what you find rather than from what the engagement surfaces.
This is not obstruction and it is not hiding. It is the difference between walking into a conversation knowing your own number and walking in to learn it from the other side. This article covers why the internal assessment works, how to run one that survives scrutiny, and where its limits are. For the full motion, see the SAM engagement playbook.
Why the assessment comes first
There are three ways Microsoft verifies an end customer, and they are not equal. A SAM engagement is voluntary and sales led. A self verification is a contractual demand you cannot decline. A formal audit runs through a third party accounting firm under the MBSA audit clause. The internal assessment is what lets you meet any of the three from a controlled position instead of an exposed one.
Know your own number before anyone offers to find it for you.
The reason this is decisive is the 5 percent clause. If unlicensed use reaches 5 percent or more of total use, you reimburse Microsoft's verification costs and acquire the shortfall at 125 percent of price. An internal assessment tells you where you sit against that line while you still have time to act on it: to true up quietly, to document credits, to correct a misconfiguration, all before any of it becomes a finding in someone else's report.
What an internal assessment actually is
An internal assessment is a private reconstruction of your Effective License Position, the reconciliation of what you have deployed against what you are entitled to use. Done well, it mirrors the data Microsoft would draw on, including Azure, Microsoft 365, and your management tooling, so that your number and theirs are built on the same foundation. The point is not to produce a comfortable answer. It is to produce an accurate one you can defend.
- It is private, run under your control and not shared with the vendor
- It is complete, covering the same products and entities a formal review would
- It is reconciled, crediting downgrade rights, prior agreements, and use that should not count
- It is honest, because an assessment that flatters you is worse than none at all
How to run one that holds up
An internal assessment is only useful if it would survive being checked. That means running it with the rigor of the review you are preparing for, in a clear sequence.
Why a SAM tool report is not the same thing
It is tempting to treat a Software Asset Management tool export as the assessment. It is not, and relying on it is a common and costly mistake. Microsoft uses its own counting methodology and its own data, and a clean tool export can still differ from Microsoft's calculation. When the two disagree, Microsoft's calculation governs. The tool is an input, not the answer.
| Aspect | Raw SAM tool report | Reconciled internal assessment |
|---|---|---|
| Counting method | The tool's own logic | Aligned to Microsoft's methodology |
| Credits applied | Often missed | Downgrade rights and prior agreements included |
| Cloud and telemetry | Frequently incomplete | Azure and Microsoft 365 usage reconciled |
| Defensibility | Anchors a number you cannot stand behind | A position you can carry into a negotiation |
The danger of the raw export is that handing it over can anchor a worse number than the truth. A reconciled assessment does the opposite: it gives you a number you checked and can defend.
The position you keep
When you have run your own assessment first, every later step is easier. You can decline the initial SAM review without anxiety because you already know what it would have found. You can meet a self verification with a reconciled position instead of a scramble. And if a formal audit ever comes, you arrive with your own Effective License Position in hand, which is the single most valuable thing you can bring to that table.
A buyer side advisor runs this assessment with you, on the same data Microsoft uses, and tells you the truth about where you stand. Our guarantee applies: we reduce your exposure or we reimburse our service fee, and with gainshare you pay only from verified savings. The internal assessment is where that defense begins. For the complete sequence, download the SAM engagement playbook.
When the numbers start to look serious, our Microsoft audit defense team manages every exchange with the auditor on your behalf.