[ale] OT: Microsoft "audit"

Blake, Joseph S joseph.blake at isye.gatech.edu
Thu May 17 10:57:51 EDT 2018 

It’s best to cooperate early. Your EULAs with Microsoft give them the right to audit your usage of the software, so unless you can prove you have zero Microsoft software in your environment, you’re subject to their audits.

They have three levels, first is the friendly “lightweight” audit you did before. If you refuse, they’ll usually come back with a little more forceful yet still “voluntary” audit. If you refuse that one and they suspect you’re out of compliance will come the legally forced audit via an official FedEx package with the details. Each one is more invasive than the last, and the ‘get a Fedex envelope’ level audit is an IRS level forensic exam.

Luckily I don’t have to deal with this type of stuff anymore, but have had to go through one in a past life. Philosophical issues aside I suggest you cooperate as soon as they contact you, especially if you are very sure that you’re in compliance. The more in depth they get, the more likely it is that they’ll find something technically out of compliance. Certain products (like SQL) have licensing so convoluted that even MS doesn’t know the proper answer, so whether they ding you can sometimes be purely up to the auditor.


From: Ale <ale-bounces at ale.org> On Behalf Of Edward O. Holcroft via Ale
Sent: Wednesday, May 16, 2018 11:03 AM
To: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
Subject: [ale] OT: Microsoft "audit"

All,

I'm pretty sure this topic has been covered in the past, but here we go again ...

A few years back we went through a fairly lightweight (I think) Microsoft audit process and I kinda panicked and did everything in my power to cooperate with them. I didn't want to piss them off in case we were out of compliance. It was quite a lot of work on my side, and it was handy I'll concede, to know that we were all in the clear once the "audit" was complete.

Since then I have switched the company to a lot of Linux on the server side (replaced all our regional office Server 2003 with CentOS), and at the same done done a much better job of monitoring proprietary license compliance. We still use a small number of Server 2012 servers for auth and group policy, which we are heavily locked into. And of course ... Doze on the desktop. About 350 users.

Last year, they wanted to run trough the process again. I declined, even though the were pretty persistent for a while, they eventually went quiet. So now we get to 2018 and they've started at it again. My position on this has evolved over the years, and I reached a point where I just do not want to cooperate with Microsoft on "checking up" on us after we've thrown hundred of thousands of dollars into the bottomless pit of their POS software over the years. I know we're pretty much license compliant as an organization and I find myself irritated, even offended by this Microsoft audit request.

So to my question: does anyone possess knowledge on where I stand? Microsoft does a pretty good job of making it sound like they're legally entitled to do this and that I do not comply at great peril. Is this true? Has anyone out there repeatedly declined their offer of license compliance "help"? How did it go? Is it better to just bend over? I feel like if they want to do this, I should make them legally compel us, if that's even possible without them accusing us of a crime.

ed

_________________________________________

Edward O. Holcroft
IT Operations Manager

Madsen, Kneppers & Associates, Inc.
Construction Consultants & Engineers
11695 Johns Creek Parkway, Suite 250
Johns Creek, GA 30097

O  770.446.9606  |  F  770.446.9612  |  C  770.630.0949  |  eholcroft at mkainc.com<mailto:eholcroft at mkainc.com>

www.mkainc.com<http://www.mkainc.com>

MADSEN, KNEPPERS & ASSOCIATES USA WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or privileged. If you are not the intended recipient, please notify the sender immediately then delete it - you should not copy or use it for any purpose or disclose its content to any other person. Internet communications are not secure. You should scan this message and any attachments for viruses. Any unauthorized use or interception of this e-mail is illegal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180517/5cf8cb10/attachment.html>

More information about the Ale mailing list