Are you having trouble keeping up with Microsoft’s obscure and ever-changing EULAs? If the answer is “yes,” you’re apparently not alone. Companies and consultants offering Microsoft license training are cropping up by the dozen, offering multiple-day classes and two-inch thick handbooks intended to untangle the software giant’s labyrinth of licensing policies.
Because it’s my job to understand the world in which our customers live and, ultimately, translate their needs into product functionality, I recently attended one such Microsoft licensing class. One of the highlights of this “Microsoft Licensing Boot Camp,” led by Directions on Microsoft, was the guest speaker: a software auditor from one of the “Big Four” financial auditing firms who had some fascinating insights and anecdotes relating to his experiences auditing end-user organizations. But perhaps even more interesting were the collective experiences of the attendees themselves. I found it especially interesting that of the 70 or so attendees, most hailed from Fortune 500 (or larger) companies, many of whom had taken the class more than once—further reinforcing the utter complexity of the subject matter.
While I could take up a colossal amount of space with this blog post attempting to clarify the countless nuances of Microsoft licensing, it would be a losing proposition; there is just too much material to cover (and after all, there are classes for that!). But I will highlight some of my own top takeaways from the class, as there are a few very important areas of licensing risk that anyone responsible for asset management should be familiar with.
So here they are, in no particular order:
1) Client access licenses (CALs) are the single most confusing aspect of Microsoft licensing. While CALs reportedly represent 80% of the cost of Microsoft software, they can’t be inventoried or enforced like traditional software because they don’t have digital footprints. CALs define which users and/or devices are entitled to access a given piece of software, and can perhaps be best described as a surcharge above and beyond the cost of the software itself. There are Windows CALs, SQL CALS, Exchange CALs, Remote Desktop CALs; the list goes on and on. But here’s where things can get especially confusing: CALs can be bought in suites, such as an Enterprise CAL suite, which includes CALs for some products, but not for others. And different product editions have different licensing rules, some of which may or may not require CALs. Take SharePoint for example: SharePoint 2013 can be installed as Foundation 2013, Server 2013 Standard Edition, or Server 2013 Enterprise Edition. If you choose Foundation, it has limited functionality for as many users as you want. But if you choose Standard or Enterprise, you need to buy a CAL for all your users.
2) SQL and SharePoint create significant exposure—not just Office and Windows OS. Generally speaking, people spend a lot of time worrying about Office and Windows OS compliance. And rightly so, as together they represent an overwhelming portion of businesses’ overall licensing spend. However, when Microsoft audits you, they focus equal energy on other Microsoft titles that are deployed within the organization. It is worth investing time brushing up on your understanding of the license rules for SQL (be particularly careful of the rules with respect to virtualization!) and SharePoint (pay attention to CALs), as they are exceedingly complex.
3) Don’t rely on your Microsoft Licensing Statement (MLS)—it’s often incorrect! Many assume that because the MLS comes directly from Microsoft, it must be current and accurate. But beware: attendees who had been audited commented that more often than not, their MLS’s were incorrect. According to experts in the room, Microsoft generally updates the MLS right before an auditor goes on site, which means you are very likely relying on information that is not current. For this reason, I would strongly suggest that you don’t rely exclusively on your MLS to manage your license position; instead, implement solid processes and reputable tools that provide an always up-to-date view of your compliance status.
4) Be careful running Microsoft applications on Citrix. If you have per-seat Microsoft licenses, you cannot—I repeat, you can NOT — extend access to these applications to an equal number of users via Citrix without very likely running afoul of your license agreement. You might be surprised just how many companies commit this transgression, as though there were an unwritten exception to the “per-seat” rule by mere virtue of Citrix’s ubiquity within the enterprise. But Microsoft will not forgive those who either wittingly or unwittingly violate the per-seat stipulation: the auditor recounted the story of a colleague putting Visio on a Citrix server and making it available to the entire company—a screw-up that wound up costing the end-user company over a million dollars.
5) Microsoft’s reps (and reseller reps) often don’t understand their own license rules—so if you seek clarification, get it in writing! It’s important to remember that Microsoft reps aren’t licensing experts; they are, first and foremost, salespeople with meetings and quotas and contracts to draw up. One attendee described how his organization decided not to renew its enterprise agreement, and a week later migrated from Windows XP to Windows 7. When it became clear to him in class that this is permitted only under the terms of a current enterprise agreement, he said, somewhat incredulously, “Our Microsoft rep told us it was OK to do that,” prompting the inevitable question, “Did you get it in writing?” (I’m sure you can guess his answer.) I, too, have personally called Microsoft to ask licensing questions and once experienced a situation where three different people gave me three different answers. You cannot rely on Microsoft reps’ interpretations; it’s up to you to master the complexity and ensure you get any guidance outside the license agreement in writing.
6) Don’t spill the beans—hold your cards close. We all like to talk about our IT projects: major technology implementations, platform migrations, software deployments; it’s the stuff we eat and breathe on a daily basis, and we’re proud of our accomplishments. But when it comes to talking to your ISVs and/or auditors when they come on site, it’s best to let them do the talking. Otherwise, you risk inadvertently alerting them to potential licensing issues; whether it’s providing access to email via mobile devices (see#1 above) or making applications available to remote employees via Citrix (see #4 above), your words have the potential to subject you to greater scrutiny. The auditors may eventually arrive at the same conclusion with or without your help, but trust me, you don’t want to be the one who scatters the bread crumbs!
For anyone looking to strengthen their grasp on Microsoft licensing, I highly recommend the Directions on Microsoft’s Licensing Boot Camp or another such course. The investment is well worth every penny, and has the potential to save your organization tens or hundreds of thousands of dollars should the dreaded audit letter eventually find its way into your hands.