Buried in the audit clause of the Microsoft Business and Services Agreement is a single number that reshapes the cost of an audit finding: 5 percent. It sounds small. In practice it is the hinge the whole financial outcome turns on. Below the threshold, a finding is a true up at ordinary prices. At or above it, the same finding pulls in penalty pricing and cost reimbursement. Understanding where that line sits, and how it is calculated, is the foundation of any sensible penalty defense.
This article explains what the clause actually says, how the 5 percent is measured, what happens on each side of the threshold, and the defensive moves that keep a finding from tipping over. For the full method, the Microsoft audit survival guide carries it further.
What the clause actually says
The audit clause gives Microsoft the right to verify your licensing, typically through a third party accounting firm. The clause then sets out a consequence that depends on the size of any shortfall the verification finds. If unlicensed use is found to be 5 percent or more of your total use, two things happen at once. You reimburse Microsoft for the cost of the verification, and you acquire the licenses you are short at 125 percent of the current price rather than the ordinary rate.
If the unlicensed use comes in below 5 percent, the reimbursement and the 125 percent uplift do not apply. You still buy the licenses you are short, but you buy them at the normal price and you do not pay for the auditor's time. The clause is written so that a clean or near clean estate is treated very differently from one with a material gap.
Five percent is not a rounding error. It is the boundary between a true up and a penalty.
How the 5 percent is measured
The threshold is a ratio, not a flat count. It compares unlicensed use against total use, which means the denominator matters as much as the numerator. A handful of unlicensed installs in a small estate can breach 5 percent easily. The same number in a large estate may not move the ratio at all. This is why two companies with identical gaps can land on opposite sides of the line.
The measurement is done on Microsoft's methodology, using its data. The auditor counts deployment against entitlement product by product, and Microsoft draws on its own telemetry from Azure, Microsoft 365, and management tooling to do it. A clean internal count from your own tooling can still differ from the auditor's calculation, and the auditor's calculation is the one that decides whether you crossed the threshold. That gap between your numbers and theirs is exactly where the defense works.
- The numerator is unlicensed use, measured product by product on Microsoft's count
- The denominator is total use, which your own evidence can legitimately expand
- Entitlements you hold but did not surface to the auditor lower the numerator
- Use that was never actually deployed, only provisioned, can be argued out of the count
A worked example of the threshold
Consider an estate the auditor reconstructs at 10,000 units of total use, with 600 units it calls unlicensed. That is 6 percent, above the line. The finding now carries reimbursement of verification costs plus licenses at 125 percent of price. The figures below are indicative and are used only to show how the ratio behaves.
| Scenario | Unlicensed | Total use | Ratio | Treatment |
|---|---|---|---|---|
| Auditor draft | 600 | 10,000 | 6.0% | Penalty pricing, costs reimbursed |
| After unsurfaced entitlements | 420 | 10,000 | 4.2% | Ordinary true up, no penalty |
| After base correction | 420 | 10,600 | 4.0% | Ordinary true up, more headroom |
Surfacing 180 units of entitlement the company held but had not produced takes the gap from 600 to 420. That alone drops the ratio to 4.2 percent and pulls the finding under the threshold. Correcting the total use base upward where the auditor undercounted it adds further headroom. Nothing here is invented. It is the same estate, counted with the evidence the company actually had.
Why the threshold rewards preparation
The clause punishes the estate that cannot account for itself and rewards the one that can. The difference between 6 percent and 4 percent is rarely about buying more licenses at the last minute. It is about evidence: entitlements that were held but not surfaced, deployments that were counted but never truly in use, and a total use base that the auditor undercounted. Each of these is a legitimate adjustment, and together they routinely move a finding across the line.
The companies that stay under 5 percent are usually the ones that ran their own internal assessment before the auditor arrived, so they knew their real position and could defend it line by line. The companies that breach it are often the ones that accepted the auditor's first reconstruction because they had nothing of their own to put against it.
Defending the threshold
A buyer side defense treats the 5 percent clause as the central fact of the case, not a footnote. We rebuild the count on your evidence, surface every entitlement you hold, challenge use that was provisioned but never deployed, and correct the total use base where it was undercounted. The aim is simple: keep the finding under the threshold where that is achievable, and where it is not, shrink the unlicensed base that drives both the back charge and the 125 percent uplift.
Our guarantee applies to this work directly. We reduce your exposure or we reimburse our service fee, and with gainshare you pay only from verified savings, with zero retainer and no risk to you. To see the full method for defending a Microsoft finding, including the clause and the negotiation that follows, download the Microsoft audit survival guide.
If you would rather not face that alone, our Microsoft audit defense service sits between you and the auditor from first letter to final settlement.