Or, if you’d prefer, “Welcome to Your Triennial Microsoft Rectal Probing”
Here’s the thing.
Software Piracy pisses me off. If you want software that’s under a paid license model, then buy it. If you can’t afford it, find a way, find a free alternative, or go without.
“Open Source! Open Source! #LoveThePenguin! Down with Micro$oft!”
Yeah, yeah, great, how about you sharpen your pitchforks and loosen up your skinny jeans somewhere else. Just go back to Instagram’ing your Starbucks Latte on your iPhone and leave me to my rant.
I’m in the process of what is called in Microsoft terms as a SAM Audit at work, again. We went through one in 2012 as well.
SAM stands for “Software Asset Management”.
Essentially a SAM Audit is an audit performed by an authorized anti-piracy contractor of Microsoft’s. They select businesses based on some criteria that seems to guarantee that small to medium sized business who have the fewest staff resources to handle the audit, and are the least likely to pirate software are the ones who get audited the most often. It looks to be at around a 2-3 year time frame.
When we were audited in 2012 the audit took us 9 months to resolve. 9 MONTHS!!
The root cause of why it took so long is because of their entire auditing model and because I don’t think they expected us to fight back.
A SAM Audit will have somewhere buried deep within it’s fine print some wording stating that it is 100% Voluntary. Even the way the auditors will speak on the phone and in their emails will be extremely vague and dance around any outright saying that the company is required to undergo the audit.
It’s supposed to be Microsoft’s way of ‘helping’ companies who might have inadvertently installed improperly licensed software to get back within their license requirements. The problem is the audit is performed by contractors who are given financial incentives to find discrepancies. They’re encouraged to report back any areas of the audited companies where potential future software purchases could be marketed to. Funny thing is half the time the auditor probably knows less about Microsoft licensing than the IT staff of the company being audited.
Essentially the SAM Auditor is really hoping your company will fail the audit and be too overworked or confused to argue their decision because that’s how they make money.
“But, it’s voluntary. I can tell them I’m not participating in the audit”
Yeah, sure kid. You go right ahead with that.
The thing is, there’s another kind of audit, called an LCC Audit.
Stands for Legal Contract and Compliance Audit. An LCC Audit, isn’t mandatory. It’s performed by some low level Microsoft lawyer and/or licensing expert who will most likely come to your place of business and turn it inside out until they’re satisfied or your company is bankrupt, whichever happens first.
The flip side of this is, in all honesty, a SAM Audit can be good for companies who use Microsoft software.
Microsoft’s licensing sucks! Even they don’t understand how it works half the time.
As such it’s quite easy to have honest mistakes in your IT structure that a SAM Audit will bring to light and you can fix the issues.
So, if you get “lucky” enough to get selected for one. Just grit your teeth and do it.
So, in a nutshell, that’s a SAM audit.
Now, back to my earlier comment about how their auditing model sucks.
It’s performed every 2-3 years. Just long enough to let issues that were found, and fixed, in a previous audit (if any) slip again. Or new issues to arise because, like I said, often times the companies are either too small to have the IT staff. Or they might not even be the same staff that were at the company during the last audit. Or they might be so large that discrepancies simply happen.
SAM audits are performed by contractors. Often not even the same auditing contractor as previously. The person who is performing your audit probably is only barely trained in Microsoft licensing.
They’re financially incentivized to find problems.
A better method?
Get audited voluntarily, Annually.
Yeah, I said it. Annually.
No, not anally. That goes back to my initial premise.
Every Year. By Choice.
Contact your Microsoft VAR Provider, aka, Value Added Reseller, and see if they do annual audits. You’re going to be buying your licensing from them anyway. So you get the SAM audit hell out of the way. This gets you all nice and proper in your licensing records and a clean slate.
Then you can have your VAR perform their own review of the audit. Then they can maintain your records moving forward and in 12 months they can submit a voluntary license report to Microsoft.
By doing so you stay off Microsoft’s RADAR for future SAM audits.
Even if you did happen to get picked for one, a simple email or phone call to your Microsoft VAR Partner and they send you a report that you send the SAM auditor and you ruin their day because they will know immediately that they won’t find anything.
Poof, you call it a day and go have a much needed beer.