Autodesk audits: How did Autodesk know to audit you and what to do now?
Facing a software audit is a daunting process, which takes time, money, and resources to complete. Typically, the first question the target of an audit asks is whether the audit is legitimate, closely followed by why the company has been selected for an audit.
What triggers an Autodesk audit?
Disgruntled employee: One of the common ways an audit may be initiated is a report from a current or former employee, often seeking a monetary reward or to punish the company. Autodesk makes it easy to report a company for unlicensed software at this web site.
- Autodesk reporting technology: Many of Autodesk’s software products have reporting technology embedded that automatically updates Autodesk about installation and usage from the initial installation through various reporting periods. Therefore, if a company has AutoCAD 2018, for example, and it reports to Autodesk that it is installed for multiple users, Autodesk’s compliance team can check those deployments against any registered licenses for that company. If none are found, then the legal team will likely initiate an audit and seek copyright infringement damages for any unlicensed software.
- Database of Illegal Serial Numbers: Autodesk regularly tracks unlicensed software by collecting illegitimate or “cracked” serial numbers. If these numbers are entered by a company into an Autodesk database or online profile, it may trigger an audit.
- Vendor: Although it is less common, sometimes a vendor will report a company for unlicensed software if a company obtains a large quote and fails to make the purchase. This type of reporting is less common for a number of reasons. The company could have simply purchased from another vendor and has the proper licenses it requires, and more importantly, a vendor found to be reporting on potential customers would permanently alienate business.
- Social media or LinkedIn: In one particularly unique situation, Autodesk admitted that it targeted a company because the principal was endorsed by someone on LinkedIn for having expertise in a particular Autodesk software product, and Autodesk’s attorney determined that no Autodesk licenses were registered to that company. This quickly became problematic because the principal did not, in fact, have experience with Autodesk or have it installed on any of the company’s machines. At that time, it was not possible to manage an endorsement from a colleague on LinkedIn. However, the company spent significant time and money defending against the Autodesk audit.
- BSA or other agency: BSA | The Software Alliance is an entity that has Power of Attorney from Autodesk (and other software publishers) to pursue copyright infringement claims against businesses. These audits are often triggered in the same ways an Autodesk audit is initiated (from a vendor or an informant). However, these audits are not limited to only Autodesk products, and can be triggered by other publishers, with Autodesk opting in the audit.
What information does Autodesk have regarding deployment data?
If a current or former employee shared data with Autodesk, it is possible that Autodesk could have a detailed account of the deployments. This is a particular concern if the former or current employee has access or administrative rights to the network through the IT department.
In addition to a report from an employee, Autodesk can obtain deployment data through authorization checks built into the software. Not only does Autodesk likely have a record of the installation on the network, it is possible that the serial numbers may trigger an audit if they are known to be illegitimate. However, much older versions of Autodesk software may not have the same type of reporting, so it is possible Autodesk may not be aware of these installations unless they were properly registered and recorded with Autodesk when purchased.
Many Autodesk users recently reported a problem with the authorization checks in AutoCAD 2018 single-user licenses after the authorization check crashed the system. If you have encountered this issue, Autodesk has provided the following instructions to troubleshoot:
Download and install the Autodesk License Service 5.1.5 Hotfix 1.
To download updates and hotfixes, use the Autodesk Desktop App (see Where to get Product Updates, Add-ons, and Enhancements) or access the direct links below. Before installation, ensure the internet connection is working and repaired if needed.
Performing a Windows installation:
- Stop all Autodesk products that are running.
- Download the following file based on the installed Autodesk software:
Autodesk License Service (x64) – 5.1.5 HotFix 1(560 KB)
Autodesk License Service (x86) – 5.1.5 HotFix 1 (1820 KB)
- Double-click the downloaded file to begin the installation.
Performing a Mac OS installation:
- Stop all Autodesk products that are running.
- Download the following file:
- Double-click the downloaded file to begin the installation.
Note: When manually downloading and installing the license hotfix, the installer will install and then quit without a message of completion.
How to determine whether installed products are properly licensed?
Autodesk has significantly cut the risk of unlicensed software by making the transition from a perpetual licensing model to a subscription-based model. However, many customers continue to deploy and use older, perpetual products.
If a company has not been audited by a software publisher, it is likely only a matter of time before it receives an audit request. Therefore, if you have not conducted an internal analysis of the company’s software assets, it is prudent to do so immediately. By catching potentially illegitimate software prior to an audit can save thousands to hundreds of thousands of dollars in potential copyright infringement penalties and legal fees.
All Autodesk products contain a serial number for each installation. There are a number of common illegitimate or “cracked” serial numbers circulating the web, including ones that repeat (for example, 696-696969) or ones that increase numerically (123-456789). If any of the serial numbers assigned to current Autodesk installations are similar to these numbers, they are likely invalid and should be immediately removed and replaced with legitimate Autodesk licenses.
Unfortunately, this process may be more expensive in the short term because an old perpetual copy of AutoCAD Design Suite, for example, cannot replaced with a newer perpetual version of the same product. Now that the licensing models have changed, a company will be required to obtain a subscription, which can be purchased in 1- to 3-year increments.
Autodesk offers standalone or networked license options, which may be found here.
What steps should a company take to respond to an Autodesk audit?
The first step for any audit is to conduct an analysis of the deployments in its environment. This process seems straight-forward but can become very complicated. Obtaining an accurate inventory is critical to determine whether any of the software is unlicensed. After the initial assessment, the second step is to conduct a quality control analysis in order to isolate any instances of false positives such as remnants in the registry of older, uninstalled products, trial versions, or any free reader versions. Once an accurate inventory is collected, the third step is to compare the data to licenses registered to the company.
This process may be complex due to license restrictions and rules relating to software installed on servers, networked licenses, and standalone licenses, in addition to the license rules for transferring licenses between employees. The final step is to determine whether the license applied to each installation is proper and falls within the software license rules is a crucial step in determining potential exposure for unlicensed software.
It is not uncommon for a company to own more licenses than are installed and expect those licenses to cover a shortfall on another, unrelated product. The licensing rules for Autodesk products may be found in an Autodesk End User License Agreement. There are also a number of license terms for online services and subscription licenses.
Once the data and licenses are verified, the audit results are submitted to Autodesk, and a company will begin to negotiate a resolution with Autodesk for any unlicensed software, which may include both penalties and the replacement cost for obtaining legitimate licenses.
How to avoid purchasing illegitimate software:
The best way to avoid purchasing illegitimate software is to buy from an Autodesk authorized reseller or Autodesk directly. Options are a bit more limited with the subscription-based model, but it is still possible to procure a slight discount.
Many companies will note that they are Authorized Resellers on their web site but will not necessary sell legitimate software. You can search for resellers in your area on Autodesk’s web site, or simply acquire the software directly from Autodesk.
How to manage future Autodesk compliance:
In addition to conducting internal audits, it is possible to manage licenses through the Autodesk network licensing manager.
The following are step by step instructions from Autodesk’s web site for managing licenses, user access, and deployments:
Managing User Access
- Sign in to your Autodesk Account at autodesk.com.
- Select Management to view your Products & Services.
- Click on the Users icon in the left-hand navigation menu.
Note: The User Management icon is only visible to account administrators such as a Contract Managers and Software Coordinators.
The User List is the primary interface for managing users in your Autodesk Account. Click the arrow next to a user name to display the following information:
- Name & Email Address: Used to sort users and grant access to Account benefits.
- Product & Services: Number of software assets or cloud services assigned to a user.
- Benefits: Items such as access to software downloads and customer support.
- Status: A check indicates the user has accessed assigned benefits.
4. Click the Edit Access link to the right of the user’s name or select multiple users and select Edit Access from the Actions pull-down menu.
5. Select Benefits from the Edit Access screen to display the available contracts and options. Click the arrow next to the contract number to expand the contract information display. Change the options in the Show menu at the top to limit the number of contracts shown.
6. Click to the check the box next to each of the Benefits listed that you wish to assign to the user(s). Click the Save button when finished.
- Product Downloads: Allows the download of full installer files for Autodesk Software from Autodesk Account. If you do not want to allow users to download and install their own software, do not assign this benefit. Note: This assignment applies to all contracts.
- Web Support: Allows the user to see the “View my support cases” option in the support menu and submit support requests as a benefit of a paid subscription contract.
- Product Extensions: Allows the download and installation of software through Autodesk Account that adds functionality to or enhances features of software products on the contract. If you wish to control access to additional software downloads, do not assign this benefit.
Note: In this example, all benefits (2/2) have been assigned for a single contract, but the same benefits have not been granted (0/2) for the second contract on the account.
7. Select Products & Services to display the available contracts and options. Click the arrow next to the contract number to expand the information display. Change the options in the Show menu at the top to limit the number of contracts shown.
8. Click to check the box next to each of the products and services that you wish to assign to the user(s). Click the Save button when finished.
- Products: Listed by software title. Assigning an available seat allows that user to activate and use the software listed.
- Services: Controls access to online storage and other cloud services associated with a software title. Options vary depending on the software. Please refer to your software documentation for descriptions of available services.
Note: In this example, a single available seat for AutoCAD LT has been assigned to the user along with 4/4 available cloud services. No access to Maya LT on a different contract was granted.
Any companies interested in a comprehensive software asset management program should adopt a policy company-wide that includes all software installed on its network. The program should include a way to manage all deployments and licenses in real time in order to avoid any potential license gaps.
It is important to note that transferring licenses between users may require some additional steps, so it is critical that the company understands and reads the license agreement and terms for each Autodesk license. Customers should also promptly uninstall and delete trial versions at the expiration of the trial period in order to avoid remnants or trial versions triggering a false positive in a future audit.
When in doubt, contact an attorney with experience in Autodesk licensing and defending against Autodesk audits.