Microsoft SPLA Audit Look-Back Periods
In a typical Microsoft audit of software licensed under perpetual licenses, the auditors usually will compare installations of Microsoft products against licenses owned, and Microsoft will require the audited business to purchase additional licenses required to cover any gaps discovered by the auditors. An audit under a Services Provider License Agreement uses a similar framework, but the analysis is complicated by the fact that SPLA is a monthly, pay-as-you-go arrangement, where the audited company may have been reporting SPLA licenses to its reseller for many years. If the auditors identify discrepancies, Microsoft’s audit demand will be based on the number of licenses required to cover any gaps discovered during the month audited, times the number of months that it assumes the discrepancy to have existed.
Many SPLA-audited businesses ask us: Just how far back can Microsoft look?
The answer likely depends on two things: (1) the look-back assumptions described in the SPLA, and (2) the terms of the audited company’s Business Agreement (or Business and Services Agreement) with Microsoft. Most SPLAs contain language stating that Microsoft may assume unreported use to have commenced upon the commencement of the customer relationship (or relationships) associated with the discrepancy, unless the audited business can reasonably demonstrate a different scope and duration of unreported use.
However, the terms of the MBA/MBSA may constrain that potentially very lengthy look-back period to the effective date of the current or past SPLAs. Those terms (especially in older-form master agreements) state that Microsoft may audit a company’s compliance during the term of a licensing agreement (like SPLA) and for a period up to one year after the termination of that agreement. Therefore, even if a SPLA customer relationship may have been in place for, say, seven years, if the company’s previous SPLA terminated more than one year before the date of Microsoft’s SPLA audit notice letter, then that company has a strong argument that Microsoft is time-barred under the terms of its own agreements from seeking penalties for periods falling during the term of that prior agreement.
However, newer MBSA forms (unsurprisingly) do not include the one-year cut-off language. Therefore, companies being audited by Microsoft under SPLA need to carefully review their license agreements with counsel before the investigation commences. If the contracts do not clearly define the periods of time that Microsoft may include in the scope of an audit, then it is important to secure a commitment from Microsoft before the audit commences regarding how far back the calculations may extend. Having that information at an early stage will put the company in a better position to estimate its exposure before receiving any opening settlement demand from Microsoft.