How to Survive a Microsoft Audit: Part 2, Self-Certification Microsoft Audit

Self-Certification Microsoft AuditIn our last post, we provided an overview of the two types of Microsoft audits you may encounter. In this post, we will look at the first type of Microsoft audit you may find yourself facing: a Self-Certification Audit.

Procedures for a Self-Certification Microsoft Audit

If you are asked to conduct a self-audit, then what do you do? Where do you start? What should the game plan be?

Below are the procedures we use at Mirazon for situations like this. Although this is something you can do on your own, it usually helps to bring in a consulting firm (such as Mirazon) with experience in this type of thing (cough, Mirazon, cough) who can help you with both the technical side and the licensing side of things. (Did I mention that Mirazon has skilled engineers and certified licensing experts? Just a suggestion.)

So without further ado, here are our suggested procedures for your self-audit:

Step 1:

(Conference call or meeting with Mirazon engineer, Mirazon purchasing team member, and the client.)

Compile a quick list of the client’s order history and inventory. We just need the big picture at this point, so don’t get bogged down in the details. Here are some questions to consider:

  • Through what channels do you typically order your Microsoft licenses? What percentage of your licenses are Original Equipment Manufacturer (OEM)? What percentage are Full Packaged Products (FPP)? What percentage are Volume Licenses? (See herehere, and here for further explanations of these types of licenses.)
  • What are the alternate names for your company that Microsoft may have used to issue volume licenses in the past? Proof of purchase or ownership will need to be supplied, which could include paid invoices to authorized Microsoft resellers or photographs of the Certificate of Authenticity stickers that are attached to the hardware or original packaging.
  • Do you share networking environments with any partner companies or subsidiaries? If so, do those partner companies or subsidiaries also order Microsoft licenses? If so, what are the names of those companies? Basically we want to know how many companies are bringing licenses to the table so we know how wide to conduct our search.
  • What Microsoft products are you currently running in your environment(s) today? This will include both servers and desktops. (Again, nothing too detailed at this point. We just need the big picture.)

Step 2:

(To be completed by the Mirazon purchasing team.)

Gather a list of and proof of purchase for volume licenses owned by the client. Mirazon will request a Microsoft License Statement (MLS) from Microsoft for the client and their affiliates. This is a comprehensive list of all the volume licensing Microsoft has on record for the client, including licenses purchased through resellers other than Mirazon.

Step 3:

(To be completed by client.)

Gather a list of and proof of purchase for OEM and FPP licenses owned by the client. The client will compile a list of OEM and FPP products they have purchased. Proof of purchase or ownership will need to be supplied, which could include paid invoices to authorized Microsoft resellers or Certificate of Authenticity stickers that are attached to the hardware or original packaging. Only products that are currently being used need to be included in this inventory, so don’t worry about that Windows NT box you have sitting in the closet.

Step 4:

(To be completed by Mirazon engineer and client.)

Gather a list of what is currently running in the client’s environment(s).  A Mirazon engineer with assist the client with taking an inventory of the products currently running in their environment(s).  This will involve running the Microsoft Assessment and Planning (MAP) Toolkit.

The MAP Toolkit is “an agentless inventory, assessment, and reporting tool that can securely assess IT environments for various platform migrations—including Windows 8, Windows 7, Office 2013, Office 2010, Office 365, Windows Server 2012 and Windows 2008 R2, SQL Server 2012, Hyper-V, Microsoft Private Cloud Fast Track, and Windows Azure.” Basically this product will take a survey of your network and report back to you what it finds running.

Step 5:

(To be completed by Mirazon Purchasing Team.)

A member of the Mirazon purchasing team will take the results from Steps 2, 3, and 4, and will compile a list of all the licenses owned by the client and a list of everything that is being used. These lists will be used to determine if the client is in or out of compliance with Microsoft. A copy of these lists will also be supplied to the client.

Step 6:

(To be completed by Mirazon Purchasing Team.)

If the client is out of compliance, Mirazon will supply them with a quote to purchase additional licensing to get them back into compliance.

Step 7:

(To be completed by client.)

The client will complete the Self-Audit Certification statement which is required by Microsoft. This was included with the Self-Audit Notification email that was sent by Microsoft. This statement will need to be on company letterhead, signed by an officer of the company, and emailed to Microsoft. The statement will either say that the client is currently within compliance or it will say that the client has ordered sufficient licenses to get within compliance.

And that’s it! So when you receive your “Self-Audit Notification” from Microsoft, don’t sweat it. Just go step-by-step through this process. If you need help, call in the professionals and we’ll walk you through it. At the end of the day, you may need to buy a few licenses to get back into compliance, but really staying in line with the law is what will be best in the long run anyways.

In our next post in this series, we will look at some suggested procedures for surviving a “Software Asset Management Review” (a Microsoft-assisted audit).

If you would like assistance with your self-audit or if you have any questions about Microsoft licensing, Mirazon would love to help.  Please contact us at 502-240-0404 or at sales@mirazon.com.