MS SAM Audit
-
@BraswellJay said in MS Audit???:
The contact I had had email of [email protected] so I thought was legit as did our MSP. We were out of compliance on a handful of user CALs and they let us purchase them through our regular supplier. They never asked us to purchase anything from them.
Because the audit is happening, they get paid no matter how you buy the licenses - MS knows who is auditing them. Your MSP, like many, just didn't know the drill. Everyone has to learn somewhere, it's industry tribal knowledge. It's just that your MSP hasn't researched these and doesn't spend time in communities to share knowledge, most likely, so they are running blind. Almost all of the industry does or these kinds of scams wouldn't make money.
SAM audits are pretty new. Ten years ago, they were unheard of. Today, it's a massive scam and everyone sees it constantly. But if you know how to respond, they will just go away. You can be polite "Oh, no thanks, we understand that the SAM audits are inaccurate and unofficial and we will decline to participate as we already ensure our licensing is correct with MS and don't trust that the SAM audit will correctly track licenses." And they just say "okay", and move on to someone who doesn't know the drill. It's that easy.
So if your MSP isn't doing their homework, this is all new to them and they don't have the exposure to know that this is a scam and how it works.
-
@BraswellJay said in MS Audit???:
Our MSP said it was contractors working direct for Microsoft, mostly with call centers in New Zealand.
Not contractors, third parties off shore that pay for the lists.
-
@BraswellJay said in MS Audit???:
Anyway, for us it was a bit of a time sink to go through, and like I said we were a little out of compliance but nothing significant. We made good through our normal way of getting licenses and it all ended after that.
How do you know? SAM audits are neither official nor accurate. That's actually how everyone figured out that they were a scam - they get the audits so completely wrong and often the auditing process isn't even aware of current MS licensing and products. It's generally really obvious that MS isn't even providing them with the most basic information, like a product list. It's just random people with no knowledge of MS licensing trying to figure out what they can convince you to buy.
You should always be auditing yourself to know if you are compliant. If you worry that you are not, you want to bring in a licensing expert to help (it's not expensive and very fast.) But a SAM audit is the worst thing to do, because they act like experts but lack knowledge, expertise, or any reason to be accurate because they don't report to you or to Microsoft and in a court case are protected because they are off shore and not affiliated with anyone, they are just scammers offering a free service - so there is no one for you to sue. You are the only one at risk in a SAM audit.
-
@scottalanmiller said in MS Audit???:
@BraswellJay said in MS Audit???:
Anyway, for us it was a bit of a time sink to go through, and like I said we were a little out of compliance but nothing significant. We made good through our normal way of getting licenses and it all ended after that.
How do you know? SAM audits are neither official nor accurate. That's actually how everyone figured out that they were a scam - they get the audits so completely wrong and often the auditing process isn't even aware of current MS licensing and products. It's generally really obvious that MS isn't even providing them with the most basic information, like a product list. It's just random people with no knowledge of MS licensing trying to figure out what they can convince you to buy.
I guess I don't really. It would have been more accurate to say that they quit contacting us regarding the issue.
In my case they actually did have information which was accurate. They provided me a spreadsheet that had correct license count information in it, in terms of the number of Windows and SQL server licenses and their respective user CALs. It matched exactly with our records of what we had purchased. I think that plus the fact that they had a microsoft.com email gave it legitimacy in my eyes. I'll know better next time if they try again.
You should always be auditing yourself to know if you are compliant. If you worry that you are not, you want to bring in a licensing expert to help (it's not expensive and very fast.) But a SAM audit is the worst thing to do, because they act like experts but lack knowledge, expertise, or any reason to be accurate because they don't report to you or to Microsoft and in a court case are protected because they are off shore and not affiliated with anyone, they are just scammers offering a free service - so there is no one for you to sue. You are the only one at risk in a SAM audit.
Good advice and something I have already adopted. Part of my scheduled yearly tasks now is to review our license posture, review any changes that have been made in the previous year and make sure we have stayed compliant.
-
@BraswellJay said in MS Audit???:
In my case they actually did have information which was accurate. They provided me a spreadsheet that had correct license count information in it, in terms of the number of Windows and SQL server licenses and their respective user CALs. It matched exactly with our records of what we had purchased. I think that plus the fact that they had a microsoft.com email gave it legitimacy in my eyes. I'll know better next time if they try again.
Yes, of course that is accurate. What is not accurate is what they tell you to buy. They don't know, they don't have any special licensing knowledge. They might be right, they might be totally off. Often they just guess. It's often wildly wrong, and their collection methods often have no possibility of accuracy because they don't count things that matter.
-
@BraswellJay said in MS Audit???:
Good advice and something I have already adopted. Part of my scheduled yearly tasks now is to review our license posture, review any changes that have been made in the previous year and make sure we have stayed compliant.
yeah, good documentation is the best possible thing.
-
@scottalanmiller said in MS Audit???:
You should always be auditing yourself to know if you are compliant. If you worry that you are not, you want to bring in a licensing expert to help (it's not expensive and very fast.)
Do you know of a good tool to run to run to detect the Windows licences being used? Something you could use if you walked into a new client that had used multiple different MS licencing channels but didn't properly keep track of things.
I did see a guide before on a private forum that I no longer have access to that showed off a special tool that could be run that would get all kinds of information of the Windows licence on the system and how to interpret them. So I know it would be possible for something to be out there, or is it best to outsource to an auditing company that already has the tools needed for the job?
-
@flaxking said in MS Audit???:
Do you know of a good tool to run to run to detect the Windows licences being used?
I don't think that there is one. So much of MS licensing isn't technical, it's all on paper. You have to know how things are licensed. A few things like RDS, track their usage. But the big, obvious stuff like desktop licenses and CALs, are impossible to track at the network level and can only be done on paper.
-
@flaxking said in MS Audit???:
I did see a guide before on a private forum that I no longer have access to that showed off a special tool that could be run that would get all kinds of information of the Windows licence on the system and how to interpret them. So I know it would be possible for something to be out there, or is it best to outsource to an auditing company that already has the tools needed for the job?
Yeah, there are some for grabbing certain kinds of licenses and knowing where they are. But it only tells you what is applied, not what should be or where it came from.
-
@scottalanmiller said in MS Audit???:
@flaxking said in MS Audit???:
Do you know of a good tool to run to run to detect the Windows licences being used?
I don't think that there is one. So much of MS licensing isn't technical, it's all on paper. You have to know how things are licensed. A few things like RDS, track their usage. But the big, obvious stuff like desktop licenses and CALs, are impossible to track at the network level and can only be done on paper.
I meant only for the Windows OS licence itself, CALs is a whole different world.
It looks like slmgr might be able to do what's needed here. I'll have to check how it displays the different licencing channels.
-
Yeah, a SAM audit, not to be confused with a Scott Alan Miller audit, is complete and utter BS. The easiest way to figure this out is to specifically ask them if it is a required audit or voluntary. If it's voluntary, why would you ever do it? There is simply no upside. The only time I would be concerned is if BSA contacted me. Then I would go to a CDW or a PC Connection for a licensing expert. Plus, in every case of the BSA getting involved, your company attorney(s) should be called in.
At the end of the day, those companies who are really violating licensing know they are doing it, and should not be surprise when BSA comes knocking. This is things like installing a retail Office on 30 computers, or using one server license across a whole server stack.
If you are working with a good reputable reseller, and are doing your best to be compliant, you will likely never have a problem.
-
@pchiodo said in MS Audit???:
Yeah, a SAM audit, not to be confused with a Scott Alan Miller audit, is complete and utter BS. The easiest way to figure this out is to specifically ask them if it is a required audit or voluntary. If it's voluntary, why would you ever do it? There is simply no upside. The only time I would be concerned is if BSA contacted me. Then I would go to a CDW or a PC Connection for a licensing expert. Plus, in every case of the BSA getting involved, your company attorney(s) should be called in.
At the end of the day, those companies who are really violating licensing know they are doing it, and should not be surprise when BSA comes knocking. This is things like installing a retail Office on 30 computers, or using one server license across a whole server stack.
If you are working with a good reputable reseller, and are doing your best to be compliant, you will likely never have a problem.
I wouldn't trust your reseller on being the licencing expert. I've talked to a CDW 'licencing expert' before and know first hand that they are only experts in comparison to your account manager
-
@flaxking said in MS Audit???:
I meant only for the Windows OS licence itself, CALs is a whole different world.
Yeah, you can definitely find ways to poll those.
-
@pchiodo said in MS Audit???:
Plus, in every case of the BSA getting involved, your company attorney(s) should be called in.
This is important. A true audit is a pure legal matter and while IT needs to be involved, it's about attorneys, not techs. It's not a casual thing and requires Microsoft to pull a contract out and go down a path that would be insanely dangerous for anyone except corporate counsel to coordinate and all responses would go back through the attorney.
-
@flaxking said in MS Audit???:
I wouldn't trust your reseller on being the licencing expert. I've talked to a CDW 'licencing expert' before and know first hand that they are only experts in comparison to your account manager
I agree, they are normally just casually aware sales people. At the end of the day, either study up or bring in paid consultants. Your reseller can assist a little, but they have very little insight and unless they offer indemnification, they can't help. Although, ask your lawyer, as MS doesn't sell direct and forces you to use a reseller, in some jurisdictions you may be able to use a fraud defense against MS.
-
@scottalanmiller said in MS Audit???:
@flaxking said in MS Audit???:
I meant only for the Windows OS licence itself, CALs is a whole different world.
Yeah, you can definitely find ways to poll those.
Unfortunately slmgr doesn't seem to be able to detect if it's using a product key from a Visual Studio subscription. But maybe we just have to use some logic.
i.e. says it's Retail, but we don't have any Retail licences purchases so it must be a VS licence. Or it's MAK but doesn't match our recorded MAK
-
@flaxking said in MS Audit???:
Unfortunately slmgr doesn't seem to be able to detect if it's using a product key from a Visual Studio subscription. But maybe we just have to use some logic.
That's one of the toughest things is all of the many ways that something can be licensed. Each scheme is so different, it can be very had for a tool to monitor all regime options.
-
@flaxking said in MS Audit???:
I wouldn't trust your reseller on being the licencing expert. I've talked to a CDW 'licencing expert' before and know first hand that they are only experts in comparison to your account manager
Absolutely true. Although in most cases, they'll generally keep you in compliance and you'll never hear from MS or BSA.
-
Good thing I have been ignoring these jerks. They have even called me. -
I got few emails from them too, it says somewhere that these audits are voluntary so I basically told them to pound sand and never to call me again. They did about a year later, and they got the same replay. I actually told them they'd have to pay me $300/h to do the audit, I won't do their work for free.