An Effective License Position is only as strong as the data behind it. Here are the sources Microsoft uses, the ones you should use, and where the two diverge.
An Effective License Position is a reconciliation of what you have deployed against what you are entitled to use. The reconciliation is only ever as good as the data on both sides. Knowing exactly which sources feed it, and which sources Microsoft will lean on, is the difference between an ELP you can defend and one that defends the auditor.
The ELP sets deployment against entitlement and reports the gap. The deployment side counts every install and every use that consumes a license. The entitlement side counts every license you own through your agreements, including any rights you carry forward. The number that matters is the difference. When unlicensed use reaches 5 percent or more of total use in a formal audit, the contract clause requires you to reimburse Microsoft for verification costs and to acquire the missing licenses at 125 percent of the current price. That single threshold is why the data underneath each side has to be exact rather than approximate.
The ELP is not a single figure handed down at the end. It is a model built from many data sources, and every source you do not control is a source the auditor will interpret in its own favor.
Microsoft does not build your position from your spreadsheets. It builds it from its own methodology applied to its own data. Three sets of telemetry feed the picture, and each one is largely invisible to most internal teams until it is quoted back to them in a draft.
In 2026 Microsoft applies anomaly detection across this telemetry to choose audit targets. A sudden usage spike, an entitlement mismatch, or Azure Arc telemetry showing servers that never appeared in a report all raise the risk score. The data sources are not only inputs to the ELP. They are the trigger that starts the process.
Your defensible position is rebuilt from primary records, not from a single discovery scan. The goal is to hold a position that is at least as complete as Microsoft's, sourced from systems you own and can stand behind.
A clean internal count and Microsoft's count rarely match on the first pass, and the divergence is where exposure is created or removed. The most common gaps come from counting methodology rather than from genuine over deployment.
| Area | How it can inflate the position | The defensible correction |
|---|---|---|
| Virtual cores | Counted at the host as if every core is always licensed | Map workloads to entitlement and licensing rules before accepting the count |
| Dormant accounts | Assigned licenses read as active consumption | Reconcile assignment against real sign in activity |
| Carried rights | Older entitlements omitted from the entitlement side | Restore documented rights from prior agreements |
| Non production use | Test and development counted as production | Separate and evidence the use rights that apply |
None of these corrections are tricks. They are the difference between the auditor's data interpreted one way and your records interpreted accurately. The figures are indicative and show the shape of the divergence, not real client data.
A SAM tool can produce a tidy ELP, but a tidy ELP is not a defended ELP. Microsoft counts with its own methodology and its own telemetry, and Microsoft's calculation governs the contract. A clean tool output that ignores Azure signals, Microsoft 365 activity, or virtualization mapping will still differ from the number Microsoft brings, and the difference falls on you. The data sources behind your ELP have to anticipate the data sources behind theirs. Building your own position from primary records first is a recognized defensive move, covered in our guidance on how to present an ELP to leadership once the model is built.
Start by listing every source that feeds your position and asking, for each one, whether you control it and whether Microsoft can see something you cannot. The pillar on the Effective License Position walks through the full model, and our white paper sets out the data map in detail.
When the exposure is real, our ELP exposure modeling team stress tests every line the auditor will count.
Download the guide and map every data source that feeds your ELP. Fixed Fee from $18,000 or Gainshare, both backed by our guarantee.
Download guideWeekly intelligence on Microsoft and SPLA audit moves and the buyer side defenses that work.