The Hoster Audit Defense Pack

SPLA is Microsoft's monthly licensing program for hosters, managed service providers, and outsourcers who deliver Microsoft software to external customers. It is pay as you consume, and that word monthly is the whole story when an audit lands. A Big Four firm conducts the audit under the MBSA audit clause as an independent third party, and it does not ask what you run today. It verifies compliance for every monthly reporting cycle across a 36 month lookback, which means it expects a complete and consistent record for each of the last 36 months.

That is a demand most operations teams have never been asked to meet all at once. Day to day, a hoster reports SAL or processor counts each month and moves on. The pack is what turns 36 separate months of routine reporting into a single defensible body of evidence. Without it, the auditor reconstructs the missing months with assumptions, and those assumptions run against you. With it, you decide what the record says, because you kept it.

A complete hoster audit defense pack has six parts, and each one answers a question the auditor will ask. The monthly SAL reports prove what you declared and when. The sealed daily authentication counts prove the figures behind each report were captured at the time and not revised later. The customer mapping ties every reported SAL block to a named external customer, which is what separates licensed external use from everything else. The product version mapping shows which edition and version each report covered, so the right SPUR rules can be applied. The documented multi tenant boundaries show how customers are isolated, which matters wherever shared infrastructure could otherwise look like unlicensed spread. And the contract and amendment file holds the agreement terms that govern the whole arrangement.

A SPLA finding splits into two very different numbers. Back fees at the price file rate, charged for under reported use across the lookback, are not negotiable. They are arithmetic once the under reporting is established. The penalty uplift is the negotiable part, and it ranges from 25 to 125 percent depending on the severity, the duration, and the nature of the under reporting. That spread is enormous, and it turns almost entirely on the story the records tell.

A complete pack tells a story of discipline. It shows that reports went in on time, that figures were sealed at capture, that customers and versions were mapped, and that any error was bounded and explainable rather than systemic. That is the evidence that argues the uplift down toward the floor. An empty or inconsistent record tells the opposite story, and invites the auditor to read every gap as evidence of careless or willful under reporting, which pushes the uplift toward the ceiling. The pack does not make the back fees disappear, but it is the single biggest lever you hold over the part of the bill that can still move. The full mechanics of that calculation are set out in the SPLA audit defense guide.

The hard truth about the pack is that most of it cannot be created after the fact. A sealed daily authentication count captured today says nothing about what happened eighteen months ago. A customer mapping reconstructed under deadline is weaker than one maintained as customers were onboarded. This is why the pack belongs to standing operations rather than to incident response. The discipline that keeps it current is a monthly habit, and the calendar that drives that habit is laid out in the hoster compliance calendar. As an estate grows, the question of who owns that habit becomes its own decision, which we take up in when to add a compliance lead to hoster operations.

We help you assemble and maintain the pack, and we defend the lookback line by line if an audit lands. We sit between you and Microsoft and its appointed auditor, on your side of the table, and we never take vendor money. We work on a Fixed Fee from $18,000, or on Gainshare, a share of verified savings or avoided penalty with zero retainer and no risk to you. Our guarantee is plain: we reduce your exposure or we reimburse our service fee.