Oh, the joys of software licensing, empowering you with the technology your company needs to grow. Of the software licenses out there, at MetrixData360, we have seen many people come to us asking for help regarding their Microsoft SPLA licensing, a delightful jewel in Microsoft’s licensing crown. Is investing in an SPLA license a smart move for your company? What will happen if you are audited on your SPLA? In this article we’ll tackle some of your most pressing questions regarding SPLAs, so that you can make an informed decision that drives your company’s future development instead of hindering it.

What is an SPLA

Microsoft’s Services Provider License Agreement (SPLA) gives you the ability to play Microsoft’s middleman if your business involves some element of hosting applications, data, or websites. It is the most common license that they offer to their customers who are service providers. When you’re given an SPLA license, you can provide the software you’ve purchased to your end-users and charge them monthly for your software as a service (SaaS).

In turn, Microsoft charges you monthly as well based on your license consumption rate, as opposed to simply paying an upfront fee like perpetual licenses. Unlike other forms of licensing, such as MSPA, where the license merely is transferred through you (Microsoft gives it to you, you give it to your customer and the customer becomes the licensee), with a Microsoft SPLA your name remains on the licenses for the products that your clients use and you report the usage of your licenses back to Microsoft. Being a reseller of Microsoft can be a wonderful business opportunity, creating for you a fruitful income and the option of having a uniquely packaged solution for your customers.

Do I need an SPLA?

Here are the three most common scenarios where an SPLA is required:

You host a third-party application with Microsoft’s Infrastructure?
You are Hosting as a Service (HaaS), which includes website hosting, data hosting, and file-sharing?
You have a Multi-Tenant Cloud platform or have a multi-tenant Infrastructure as a Service (IaaS)?

Benefits of an SPLA

There are many benefits to purchasing a Services Provider License Agreement:

The services you provide to your customers are tailored to their needs.
You pay-as-you-go, no start up fees, no long-term commitments, it can prove ideal if many of your customers have seasonal work that needs to be adjusted throughout the year.
Microsoft will give you and your clients the latest software products.
Your services can be offered to anyone in any country that you are legally allowed to sell Microsoft to.
You can sample the products yourself before they are offered to your customers and, in return, you can offer sample products to up to 50 of your clients to test the software for a free 60 day trial period.
You can sell to academic institutions at specific pricing.
You can leverage data center providers for IaaS or outsourcing capabilities.
Your Microsoft Business and Service Agreement (MSBA) needs only to be signed once. After that, all smaller and simpler SPLA licensed can be filed under it, which you need to sign every three years.

The VSA and the SPLA Audit

An SPLA audit reveals the treacherous complexity of the software contract that you’ve signed up for. The reason why Microsoft conducts these audits are to both ensure compliance and to confirm that the MBSA (Microsoft Business and Services Agreement) provides them with the right to audit their customers. You may incur the wrath of either Microsoft’s verified self-assessment (VSA) or an SPLA audit.

It can often be tricky to initially tell if you’ve been notified for either a VSA or a SPLA. VSA notifications are done usually through email (make sure to verify its authenticity before handing over sensitive data or clicking any links, there are scammers out there sending emails disguised as legitimate SAM reviews). A full SPLA audit will usually be sent through a formal letter and will usually disclose whether it is an audit or a VSA. You can expect a SPLA audit or VSA to arrive sooner rather than later if you and your company have experienced any of the following recently:

You have gone through a merger or acquisition
You have missed an SPLA report
Your SPLA reporting has increased or decreased
Providing a Microsoft Solution to your customers without the SPLA to back it up
Your reports only display minimum usage while your business shows signs of growth

A Microsoft SPLA Full Audit

Once you have determined the ifs, whys, and hows, the process is pretty similar for VSAs and SPLAs. You will be asked to retrieve data either at the auditors’ beck and call (in a full audit) or using your own internal resources (VSA). A Microsoft SPLA audit runs a similar course to a regular audit and a more in-depth look of the audit procedure can be found in our articles, Software Audits: The Fundamentals, and Software Audit Preparation. There are a few differences between an SPLA audit and regular audit, including:

An SPLA audit will involve looking at data that goes back much farther compared to the data examined in a regular audit, sometimes looking as far back as three years. For this reason, it’s important to maintain a pristine long-term record of your monthly reports, since a lack of this data will mean that the auditors will assume the worst-case (and most expensive case for you) is the reality.
Auditors will be interested in data that involves user access to products as opposed to actual usage, since an SPLA has different product use rights compared to perpetual licenses.
BYOLs and License Mobility will prove a focal point of the audit, since many hosts will allow end users to bring in licenses from their own EAs, and as such, it is important that you verify compliance in regard to these scenarios.

The Self-Certification Audit or Verified Self-Assessment(VSA)

The latest version of Microsoft’s audit, the self-certification audit or verified self-assessment (VSA), runs a little differently from regular audits since you’ll be able to prove your compliance without having to supply your deployment data, as has been the tradition of to this point. Instead, Microsoft will give you the choice of doing your own internal review. From there, you will affirm that you either have no missing licenses, or that you are missing licenses and will purchase the licenses that are required to make up for any unlicensed usage. You will also likely be required to present a corrective strategy that will decrease the likelihood of this happening again in the future. The process can be concluded quickly since there is no need to present evidence or negotiate over a settlement.