Just to clarify as I have dealt with this in the past, have consulted attorneys, and have done extensive research on MS licensing compliance. MS has three ways that they perform audits:
But first, a word from the lawyers.... Understanding licensing agreements are not for the faint of heart, nor for those who have not had professional legal training. They are complex, and even most attorneys will not attempt to tackle this multidimensional albatross. The law firm we used referred us to a firm that specializes in software licensing. They are expensive, and unless you are the target of an actual Microsoft license compliance verification or a Business Software Alliance audit you will not have to go down this rabbit hole.
Back to their methods:
SAM audit, or Software Asset Management audit. This is voluntary, and is always done by a third party reseller. This is the most common encountered, and a lot of companies comply because they think it is required. It is not, and is in almost all cases, a sales pitch intended to extract licensing fees from the company whether they are needed or not. Again, this is voluntary, and you can refuse with no repercussions. I know what you are going to say..."But won't this lead to a full audit?" Nope... refused a number of them and never heard another word.
Microsoft license compliance verification. This is invoked by Microsoft and is done by a third party accounting firm. This type of audit is rarely done, and if you are the target, you would receive a certified letter directly from Microsoft. At this point, you should engage an attorney. If you are the target of this type of audit, you are probably out of compliance, and you would probably already know you are out of compliance.
BSA or Business Software Alliance audit. In most cases, this is triggered by a whistle blower who turned in your company. They offer rewards, so there is incentive for people to turn in companies who are pirating software. They do not exclusively audit Microsoft products, but this is by and large their biggest customer. They also act on behalf of Adobe, Autodesk, Oracle, and a litany of others. Again, with a BSA audit you would receive a certified letter, not an email, and again, if you get one of these, contact an attorney before doing anything.
At the end of the day, if you have been issued a EULA, and your software activates, you are probably just fine and have nothing to worry about.
Even if you end up with BSA or direct Microsoft audit, you will probably just have to buy some licenses and move on. Unless you are knowingly installing pirated software, or using some tool to bypass the activation process, you will likely never encounter anything beyond a SAM request.
I hope this clarifies some issues and belays some concerns.