White paper viii · Microsoft · Full text

The SAM engagement at the first letter.

Twenty-four pages on the SAM, SAS and formal-audit engagement tiers; first-letter response; scope contestation; MAP toolkit treatment; parallel evidence file; ELP reconciliation; settlement framing; and the closing memorandum that does not become a commercial uplift.

AuthorMarcus T. Bennett
Pages24
PublishedOctober 2024
UpdatedApril 2026
Reading time38 minutes
Read in browser. Independent. Buyer-side. Not a partner, reseller, or affiliate of Microsoft or any other software vendor.

Inside the paper

  1. Why the SAM engagement exists
  2. SAM versus SAS versus formal audit
  3. First-letter response protocol
  4. Scope contestation
  5. MAP toolkit treatment
  6. Evidence-gathering protocol
  7. The effective licence position
  8. Settlement framing
  9. Closing posture
  10. Reading list and references
Section i

Why the SAM engagement exists.

Microsoft runs a structured asset-management programme across the enterprise installed base. The programme is staffed by Microsoft compliance personnel, supported by a network of third-party reviewers and underpinned by the audit clause in the Enterprise Agreement. The publisher-side commercial logic is the recovery of unrecognised entitlement and the conversion of compliance exposure into renewal value.

The four-year EA renewal cycle is the rhythm against which the SAM cadence runs. A SAM letter that lands in the buyer’s inbox eighteen months before the EA renewal is not a coincidence; it is a deliberate piece of cycle architecture that brings the compliance posture into the procurement conversation at the moment the buyer’s leverage is at its lowest.

The buyer-side reading is that the SAM engagement is an audit by another name, and the buyer-side response protocol should treat it as an audit from the first letter. The cooperative framing is real; the underlying commercial mechanic is the same. This paper sets out the ten-section defence the Admodum Microsoft practice runs across the audit window inside the Audit Defence Programme.

Section ii

SAM versus SAS versus formal audit.

Microsoft engages the buyer’s estate at three distinct tiers, each with different commercial DNA and a different buyer-side posture. The tiers are SAM, SAS and the formal audit invoked under the EA audit clause.

SAM (Software Asset Management)

The lightest tier. SAM is positioned as a cooperative engagement run by Microsoft-employed compliance personnel, often presented as an optimisation review or a licensing health check. The deliverable is a SAM ELP (Effective Licence Position) and a closing conversation; there is no formal third-party reviewer and no direct audit-clause invocation. The buyer’s nominal right of refusal is intact, though commercial pressure to engage is real.

SAS (Software Asset Services)

The intermediate tier. SAS engagements are run by a third-party reviewer (typically one of the major audit firms) under a Microsoft-funded engagement. The reviewer is contractually independent but commercially aligned to Microsoft; the closing deliverable is shared with Microsoft for commercial follow-up. The SAS posture should be read as a near-audit, with the same evidence-discipline as a formal engagement.

Formal audit

The highest tier. The audit is invoked under the audit clause of the Enterprise Agreement (or the equivalent clause in the MCA-E or MBSA) and the buyer’s contractual obligation to provide access, deployment data and entitlement records is at its strongest. The third-party reviewer is funded by Microsoft and the closing report is delivered to both parties.

The tier is not chosen by the buyer. The tier is chosen by Microsoft. The buyer’s posture is to read which tier is in play and respond in kind.

The distinction is load-bearing. The buyer should not concede SAS-level evidence inside a SAM engagement, and should not concede formal-audit-level access inside an SAS engagement. The first-letter response (Section III) establishes which tier the engagement is, and the rest of the defence protocol is calibrated to the answer.

Section iii

First-letter response protocol.

The Microsoft engagement letter lands on the buyer’s desk inside an SLA-style courtesy frame: please confirm receipt within fourteen days, please nominate a single point of contact, please indicate availability for an initial scoping call. The fourteen-day window is real and should be used to set the buyer’s posture before the engagement opens.

The opening posture is firm, cooperative and procedural. The buyer is not refusing the engagement; the buyer is establishing the rules of engagement under which the work will run.

Section iv

Scope contestation.

The default Microsoft scope in any audit engagement is broad: all Microsoft products, all legal entities, all geographies, all deployment locations, all time periods within the audit window. The buyer-side discipline is to reduce the scope to the smallest defensible perimeter at the first scoping call.

The affiliate question

The audit clause in most EA versions extends the audit right to affiliates of the enrolled entity. The clause is broad on its face; the buyer-side reading is that affiliates are the entities under the enrolled entity’s direct control, not every legal entity in the corporate group. The scope letter should be reviewed against the legal-entity tree and the audit perimeter should be drawn at the enrolled entity and its direct subsidiaries, with any extension to indirect affiliates subject to a documented evidentiary basis.

Geographic reach

The default scope is global. The buyer-side posture is the geography in which the enrolled entity is contractually domiciled, with extensions to other geographies only where the deployment record demonstrates Microsoft product usage routed through the enrolled entity’s contracts.

Product perimeter

The audit-window product perimeter is the products carried on the buyer’s Microsoft licensing record (SCAP / VLSC / MCA-E admin centre) plus any product the auditor can demonstrate is deployed under the enrolled entity’s contractual relationship. The auditor cannot assert a product is in scope merely because it is deployed; the auditor must demonstrate the deployment is under the buyer’s Microsoft entitlement record. The SQL Server and Windows Server perimeter is typically the most contested, because of the historical complexity of downgrade rights, re-imaging and Hybrid Benefit.

Scope contestation is the highest-leverage activity in the first half of the engagement. A successful scope reduction is the equivalent of a settlement reduction at the same percentage.

Section v

MAP toolkit treatment.

The Microsoft Assessment and Planning toolkit is the auditor’s preferred discovery tool. The MAP toolkit is a Microsoft-published scanning utility that enumerates installed Microsoft software, server roles, virtual-machine deployment and SQL Server instances across the buyer’s estate. The auditor will request the MAP toolkit be deployed at full scope, with the resulting database exported in full to the auditor’s analysis environment.

The buyer-side reading is that the MAP toolkit deployment at full scope is over-disclosure. The MAP output enumerates more product information than the audit scope requires, and the data-export discipline is therefore the central buyer-side protection inside the discovery phase.

The buyer-side alternative

The Admodum protocol deploys the MAP toolkit (or an equivalent buyer-side discovery tool) inside the buyer’s own environment, runs the discovery against the agreed audit scope only, and exports a filtered dataset that matches the scope. The auditor receives the filtered dataset; the auditor does not receive the full MAP database. The buyer’s own data-protection and confidentiality discipline is preserved.

Where the auditor insists on a full MAP deployment, the buyer’s posture is that the discovery must run under buyer control, against the agreed scope, with the buyer’s own legal and information-security review of the export before it is transferred. The transfer mechanism must be documented; the data-handling obligations must be specified; and the destruction protocol at the end of the engagement must be confirmed in writing.

The MAP toolkit is a discovery tool. It is not a data-transfer instrument. The buyer controls the export.
Section vi

Evidence-gathering protocol.

The buyer runs a parallel evidence file from the first letter. The parallel evidence file is the buyer’s independent reconstruction of the entitlement position, deployment position and effective licence position, run alongside the auditor’s work but not shared with the auditor in real time.

Entitlement reconstruction

The entitlement file is rebuilt from the historical purchase record (SCAP, VLSC, MCA-E admin centre, prior EA enrolments and select-plus records). The reconstruction reads the full audit-window history (typically three years) and reconciles purchases to current entitlement at the product, edition and SKU level. The reconstruction includes the downgrade-rights and re-imaging entitlement positions, the BYOL position for Azure deployments and the Hybrid Benefit position for Windows Server and SQL Server.

Deployment reconciliation

The deployment file is rebuilt from the buyer’s configuration-management database, the SCCM / Intune / Defender deployment record, the virtualisation platform inventory and the Azure resource inventory. The deployment file is reconciled to the audit scope and is the basis on which the buyer-side ELP is computed.

The four-pass review

The buyer-side ELP is computed in four passes. Pass one is the auditor-default position. Pass two is the buyer-side scope-reduction position. Pass three is the buyer-side entitlement-recovery position (downgrade rights, re-imaging, Hybrid Benefit, License Mobility). Pass four is the buyer-side commercial position (settlement framing, renewal coupling, BATNA framing). Each pass reduces the headline exposure; the final pass is the position the buyer takes into the settlement conversation.

Section vii

The effective licence position.

The ELP is the central numerical output of the engagement. The auditor produces an ELP; the buyer produces a parallel ELP. The negotiation runs across the gap between the two.

Used rights versus assigned rights

The Microsoft licensing model distinguishes used rights (the rights the buyer has deployed) from assigned rights (the rights the buyer has assigned to specific users or devices). The auditor-default ELP tends to count assigned rights at the high water mark of the audit window. The buyer-side ELP counts used rights at the audit reference date, with reassignment between users and devices treated as a legitimate licensing activity inside the licence terms.

Downgrade and re-imaging

The downgrade-rights position is the buyer’s entitlement to deploy a previous version of a licensed product under a current licence. The re-imaging position is the buyer’s entitlement to deploy multiple copies of an OEM-licensed product under a single volume-licensing key. Both positions are valuable entitlement-recovery levers and are commonly understated in the auditor-default ELP.

BYOL and Hybrid Benefit

The BYOL position is the buyer’s entitlement to use existing Microsoft licences with Software Assurance against Azure deployments. The Hybrid Benefit is the same logic for Windows Server and SQL Server, with explicit pricing recognition on the Azure side. The two positions can materially reduce the Azure VM and Azure SQL Database licensing exposure inside the audit, and should be claimed in the buyer-side ELP wherever the Software Assurance position supports them.

Section viii

Settlement framing.

The audit closes with a settlement conversation. The settlement is rarely paid as a back-licensing penalty in the form the auditor proposes; the settlement is converted into a commercial transaction inside the renewal cycle.

The Microsoft commercial posture is to take the audit ELP gap and structure it as a forward-purchase commitment inside a new EA, an MACC commitment increase or a multi-year SA renewal. The framing is favourable to Microsoft because it converts a one-time penalty into multi-year recurring revenue.

The renewal coupling

The buyer-side posture is to decouple the audit settlement from the renewal terms wherever possible. Where the coupling is unavoidable (Microsoft will sometimes condition a renewal discount on a settlement) the buyer-side discipline is to value the settlement and the renewal independently and to assess whether the bundled deal is genuinely better than the un-bundled position.

BATNA framing

The buyer’s best alternative to the negotiated agreement is the strongest single posture inside the settlement conversation. The BATNA may be the formal audit defence under the audit clause (if Microsoft has not yet invoked it), the contractual right to refuse a SAM optimisation engagement (if no audit clause has been invoked), or the right to defer the renewal discussion until the audit is closed on its own terms. The BATNA must be credible and contemporaneously documented; without a credible BATNA the settlement conversation is one-sided.

The closing memorandum should record the audit outcome, the settlement basis, the products covered, the chain-of-custody for the deployment data, the data-destruction confirmation and the audit-quiet window. The closing memorandum is the document that closes the audit; it is not the document that opens the renewal.

Section ix

Closing posture.

The audit closes; the contractual relationship continues. The buyer’s closing posture is the renegotiation of the audit clause at the next EA renewal.

The closing posture protects the buyer’s position across the next four-year cycle. Without the closing posture, the audit defence repeats from the first letter on the next cycle.

Section x

Reading list and references.

The Microsoft SAM Audit Defence paper sits inside the Microsoft cluster of the Admodum white paper library and the broader audit-defence collection. The companion papers extend the methodology to adjacent commercial mechanics:

The methodology in this paper has run across the Microsoft audit window for hundreds of buyers. Each engagement is structured as fixed fee, contingency / gainshare or annual retainer, depending on the buyer’s posture at the first letter. The full case studies library carries SAM and LMS engagement summaries; the blog publishes the running practice analysis; the Microsoft knowledge hub aggregates everything in one place.

Next in the series

Paper xi. SAP Digital Access.

The SAP indirect-access problem, the nine Digital Access document types, the audit posture, the conversion-credit logic and the renewal posture inside the RISE and S/4HANA cycle.

Companion programme

Bring an advisor. Audit Defence.

The methodology in this paper runs inside the Audit Defence Programme on a fixed-fee, contingency or annual-retainer basis. The first letter is the moment the defence is set; the Programme is the operational envelope inside which the closing memorandum is drafted.

Independence
Admodum is not a partner, reseller, or affiliate of Microsoft, or of any other software vendor. No reseller margin, no audit-subcontract fee, no certified-implementer commission.
Software licensing white paper

Run the methodology with a senior advisor.

A senior Admodum advisor will walk the methodology through with your CIO, CFO, General Counsel or sourcing team on a private call. Engagements run as fixed fee, contingency or annual retainer.