A SPLA audit settlement is two numbers wearing one label. One is fixed and one is negotiable. This playbook shows hosters how to tell them apart, rebuild the monthly SAL base across the 36 month lookback, and argue the penalty uplift down on evidence.
SPLA is Microsoft's monthly licensing program for hosters, managed service providers, and outsourcers that deliver Microsoft software to external customers. It is pay as you consume, and that single feature shapes the entire audit. Compliance is not checked once against your current position. It is verified for every monthly reporting cycle across a 36 month lookback, which means a reporting habit that drifted two years ago is still on the table today.
A Big Four firm conducts the audit under the MBSA audit clause as an independent third party, with broad authority to request deployment records, server configuration data, customer contracts, and usage logs. When the firm reconstructs your monthly positions, every gap in the record is read as under reporting and compounded across the lookback. That is how a modest drift becomes a large draft.
The settlement has two components. Back fees are the license charges you should have paid, calculated at the price file rate. They are not negotiable. The penalty uplift is an additional charge that runs from 25 to 125 percent depending on the severity, duration, and nature of the under reporting. The uplift is negotiable, and on a large base it is where most of the recoverable money sits. The first job is to stop arguing the back fee rate and start rebuilding the base it is applied to.
The illustration below shows the shape of a defended outcome. The corrected base shrinks the back fee, and evidence of good faith reporting discipline pulls the uplift toward the floor of the range.
| Line | Auditor draft | Defended | Effect |
|---|---|---|---|
| Monthly SAL base, 36 months | inflated | rebuilt | base cut |
| Back fee at price file rate | $2.4M | $1.1M | follows the base |
| Penalty uplift applied | 110% | 30% | negotiated down |
| Total exposure | $5.0M | $1.4M | defended |
Indicative figures shown to illustrate the mechanics, not a quoted outcome.
The base only holds if each reported month ties to real consumption. The reconciliation pattern below is the one the full playbook builds out month by month.
| Month | Reported SAL | Sealed auth count | Mapped to customer |
|---|---|---|---|
| Cycle 1 | 420 | 418 | yes |
| Cycle 2 | 0 | 431 | gap corrected |
| Cycle 3 | 440 | 439 | yes |
| Lookback view | reconstructed | sealed | complete |
Sealed daily authentication counts and customer mapping are the evidence that converts a disputed month into a defended one.
The full playbook continues with the reporting discipline checklist, the short window to correct a reporting mistake, and how to walk into the audit already holding the reconstructed base. For the active engagement that does this on your behalf, read our Penalty Mitigation service.