A SPLA audit is decided by evidence, not argument. The auditor reconstructs every month of a 36 month lookback and tests it. Where you can produce a supported number, the audit confirms it. Where you cannot, the auditor substitutes its own assumption, and the assumption always favors the larger finding. The SPLA Audit Defense Pack is the file that leaves no gap for an assumption to fill. This article walks through each component and shows how the pack maps directly onto the way an audit is run.
What the pack is
The pack is a single, organized evidence file that reconstructs your true licensable position month by month and ties every reported figure to a source the auditor can verify. It is built from your own operational data, not from a SAM tool snapshot, because the audit reaches backward across the whole lookback rather than capturing a point in time. Assembled well, it does two things at once: it shrinks the base on which non negotiable back fees are calculated, and it demonstrates the kind of control that supports a low penalty uplift.
The pack answers every question the auditor will ask before the auditor asks it. That is what takes the assumptions off the table.
What goes in it
Six components carry the weight. Each one closes a specific gap the auditor would otherwise price against you.
| Component | What it protects against |
|---|---|
| Monthly SAL reports for every month | Gaps that get filled with the least favorable estimate |
| Sealed daily authentication counts | Numbers being dismissed as unsupported |
| Customer mapping for each SAL block | Being charged for users you never served |
| Product version mapping | Pricing at the most expensive edition by default |
| Documented multi tenant boundaries | Shared capacity read as fully licensable |
| SPUR application notes per product | A misread rule applied across the lookback |
The monthly SAL reports establish that a number exists for every cycle. The sealed daily authentication counts establish that the number is measured rather than estimated. Customer mapping ties each reported block to the customer it actually served. Product version mapping ties each deployment to the exact edition and version, so the price file rate applied is yours and not the auditor's worst case. Documented multi tenant boundaries show which workloads served which tenants on shared infrastructure. And the SPUR application notes record how you read each product rule, so a single interpretation can be defended rather than re argued month by month.
Every figure in the pack points to a source. A figure with a source is a fact the auditor confirms. A figure without one is an opening for the assumption that costs you the most.
How the pack changes the number
Back fees at the price file rate are not negotiable, so the only way to reduce them is to prove the base is smaller than the auditor assumed. The pack does exactly that, month by month, which is where most of the saving is found. The penalty uplift, which ranges from 25 to 125 percent, is negotiable, and the pack strengthens that negotiation too. A hoster that arrives with complete records and clean mapping is demonstrably in control, and that supports an argument for the uplift to sit near the bottom of its range rather than the top.
For the full sequence of how the pack fits with the audit timeline, the data request, and the uplift negotiation, the SPLA Audit Defense Guide sets out the complete hoster defense.
We build this pack for hosters under audit and for hosters who want to be ready before one arrives. We sit between you and Microsoft and its appointed Big Four auditor, reconstruct the position from your own records, and defend it line by line. We reduce your exposure or we reimburse our service fee. If you are facing a SPLA audit or want the pack built in advance, get a quote and we will scope it to your estate.
Build the pack before the auditor does
Whether your audit is open or still ahead of you, the defense pack is what converts assumptions into evidence. Tell us about your estate and we will scope the work.