Microsoft has more than one way to check your licensing, and they are not equal. Knowing which track you are on, and what changes when Microsoft escalates, decides how much exposure you carry into the room.
When the first message arrives from Microsoft, most teams cannot tell whether it is a friendly offer of help or the opening move of an audit. That confusion is by design. Microsoft verifies licensing three ways, and each carries a different level of obligation, a different operator, and a different cost if the numbers go against you. This article explains the difference between a Software Asset Management engagement and a formal audit, what genuinely changes when Microsoft escalates from one to the other, and the defensive posture that protects you at every step.
Before you can tell a SAM engagement from a formal audit, you need the full map. Microsoft verifies licensing through three distinct channels:
These are not three names for the same thing. They sit on a ladder of pressure, and Microsoft can move you up that ladder. Understanding the rungs is the whole game.
A SAM engagement is sales led. The output is meant to feed a conversation about what you should buy next. A Microsoft account team, or an authorized partner working on Microsoft behalf, proposes to review your environment, often using a tool that inventories installed products and cross references them against your purchase history. The pitch is helpfulness: we will show you where you are over deployed and where you are paying for licenses you do not use.
The important thing to understand is that a SAM engagement is voluntary. You are not under a contractual obligation to participate in a sales led review. That single fact changes your options dramatically, because anything you say or share in a SAM engagement can shape the commercial position Microsoft takes later. The friendly review is also a discovery exercise, and the data you hand over becomes the foundation for the next ask.
A SAM tool produces a number. That number is not audit defense, and it is not a settlement figure. Microsoft uses its own counting methodology and its own data, drawn from Azure, Microsoft 365, and your management tooling. The SAM tool view and the Microsoft view rarely match, and where they differ, Microsoft relies on its own. Treating a SAM tool result as the truth of your position is one of the most common and most expensive mistakes a buyer can make.
A formal audit is enforcement. It runs through a third party accounting firm appointed under the audit clause in your Microsoft Business and Services Agreement, often referred to as the MBSA. The auditor is not there to help you buy the right amount. The auditor is there to measure your deployment, compare it to your entitlements, and produce an Effective License Position, the ELP.
The ELP is the document that defines your exposure. It states, product by product, how much you are deemed to be using and how much you are licensed to use. The gap between those two figures is the unlicensed use, and that gap drives everything that follows.
The audit clause carries a specific consequence. If the auditor concludes that your unlicensed use is 5 percent or more, two things happen. First, you reimburse Microsoft for the cost of the verification. Second, you acquire the licenses you are short on at 125 percent of price. That uplift is the penalty built into the contract you already signed. The 5 percent figure is not a courtesy buffer. It is a trigger, and once you cross it the cost structure of the whole engagement changes.
Escalation from a SAM engagement to a formal audit is not a change of tone. It is a change of legal footing, operator, and cost. Here is what actually shifts:
The reason escalation matters is that the choices you make early, while you are still in the voluntary phase, determine how much room you have once the enforcement clause is live. Decisions made in the friendly phase are rarely friendly in hindsight.
Your defense is not the same on both rungs of the ladder. Match your response to the track you are actually on.
Because participation is voluntary, you control the pace and the disclosure. Declining the initial SAM review and running your own internal assessment first is a recognized defensive move. You establish your own Effective License Position on your own terms, you understand your true exposure before anyone else does, and you walk into any later conversation with a position you have already tested rather than one handed to you. You never want Microsoft to know your numbers before you do.
Once the audit clause is live, the work is about discipline and challenge. Every figure in the draft ELP is contestable. Microsoft counting methodology makes assumptions about editions, roles, virtualization, and user counts, and those assumptions frequently overstate usage. The defense is to reconstruct the position from your own evidence, contest the auditor assumptions line by line, and reduce the gap below the thresholds that trigger penalty. This is precise, evidence driven work, and it is where exposure is won or lost.
We are the defense that sits between you and Microsoft and its appointed auditor. We are independent and buyer side, which means our only job is to reduce your exposure. We work on a Fixed Fee from $18,000 or on Gainshare, a share of verified savings or avoided penalty with zero retainer and no risk to you. Our guarantee is plain: we reduce your exposure or we reimburse our service fee. Across more than 300 Microsoft and SPLA audits we have defended more than $500M in Microsoft exposure, holding clients in the 95 to 100 percent range of penalty exposure defended.
Send us the first message you received from Microsoft. We will tell you what it means and what it puts at risk, before you reply.