Every Microsoft and SPLA audit runs on the same authority: the audit clause in your Microsoft Business and Services Agreement. Read it the way the auditor reads it, and you can see exactly where your defense lives.
Most organizations sign the Microsoft Business and Services Agreement, the MBSA, without reading the audit clause closely. It is short, it is standard, and it sits in the background until the day an audit notice arrives. On that day it becomes the most important paragraph in your contract, because it is the authority for everything the auditor does. This article walks through what the clause actually says, what it lets Microsoft do, and just as important, what it does not. The defense is built inside the boundaries of the clause itself.
The MBSA is the master agreement that sits beneath your Microsoft licensing relationship, whether you are an end customer running volume licenses or a hoster operating under SPLA. The audit clause in the MBSA is the common root of both audit tracks. For an end customer, the clause authorizes a formal audit run by a third party accounting firm that produces an Effective License Position. For a hoster, the same clause authorizes a SPLA audit run by a Big Four firm across a 36 month lookback. One clause, two tracks, the same source of authority.
Read plainly, the audit clause gives Microsoft a defined set of rights. Understanding each one tells you what to expect and where the limits sit.
The clause grants Microsoft the right to verify that your use of its software complies with your licensing. This is the foundation. It is a right to check, and you agreed to it when you signed. There is no value in disputing that the right exists. The value is in how the verification is conducted and what it concludes.
The clause provides for the verification to be carried out by an independent third party, typically an accounting firm. For end customers this is the third party firm that builds the ELP. For hosters it is a Big Four firm. The auditor is independent of you, and the auditor works to the scope the clause defines. The independence cuts both ways: the auditor is not your advocate, but the auditor is also bound by the clause and by professional standards, and that gives you a basis to hold the process to its proper bounds.
Audit clauses generally require reasonable notice and that the audit be conducted in a way that does not unreasonably interfere with your operations. These are real constraints. They give you standing to manage timing, scope, and the manner of data collection rather than submitting to whatever is asked on whatever schedule is demanded.
The clause does more than authorize a check. It sets out what happens financially when the check finds a shortfall, and these terms are where the cost lives.
For end customers, the clause carries a specific consequence. If the auditor concludes that unlicensed use is 5 percent or more, you reimburse Microsoft for the cost of the verification and you acquire the licenses you are short on at 125 percent of price. The 5 percent figure is a trigger, not a tolerance band you are entitled to use. The 125 percent is the contractual uplift on the catch up purchase. Both terms are written into the clause you signed, which is why the defense focuses so heavily on keeping the measured gap below the trigger.
For hosters, the financial structure is different. Where the audit finds under reporting, you owe back fees at the price file rate, and those back fees are not negotiable. On top of that the auditor can apply a penalty uplift ranging from 25 to 125 percent. The uplift is negotiable. The leverage to negotiate it comes from demonstrating reporting discipline across the lookback.
The clause is a grant of specific rights, not an open license to assume the worst. Reading it line by line reveals the limits as clearly as the powers.
The clause is the map of the engagement. Used well, it tells you exactly where to stand.
We are the defense that sits between you and Microsoft and its appointed auditor, and we operate inside the clause, not against it. We hold the process to the bounds it sets, contest the conclusions it does not make final, and rebuild your position from your own evidence.
We work on a Fixed Fee from $18,000 or on Gainshare, a share of verified savings or avoided penalty with zero retainer and no risk to you. Our guarantee is plain: we reduce your exposure or we reimburse our service fee. Across more than 300 Microsoft and SPLA audits we have defended more than $500M in Microsoft exposure, holding clients in the 95 to 100 percent range of penalty exposure defended, with more than 20 years of combined experience.
Send it to us. We will read the clause the way the auditor does and show you exactly where your defense begins.