MS SAM Audit
-
@scottalanmiller said in MS Audit???:
@BraswellJay said in MS Audit???:
Anyway, for us it was a bit of a time sink to go through, and like I said we were a little out of compliance but nothing significant. We made good through our normal way of getting licenses and it all ended after that.
How do you know? SAM audits are neither official nor accurate. That's actually how everyone figured out that they were a scam - they get the audits so completely wrong and often the auditing process isn't even aware of current MS licensing and products. It's generally really obvious that MS isn't even providing them with the most basic information, like a product list. It's just random people with no knowledge of MS licensing trying to figure out what they can convince you to buy.
I guess I don't really. It would have been more accurate to say that they quit contacting us regarding the issue.
In my case they actually did have information which was accurate. They provided me a spreadsheet that had correct license count information in it, in terms of the number of Windows and SQL server licenses and their respective user CALs. It matched exactly with our records of what we had purchased. I think that plus the fact that they had a microsoft.com email gave it legitimacy in my eyes. I'll know better next time if they try again.
You should always be auditing yourself to know if you are compliant. If you worry that you are not, you want to bring in a licensing expert to help (it's not expensive and very fast.) But a SAM audit is the worst thing to do, because they act like experts but lack knowledge, expertise, or any reason to be accurate because they don't report to you or to Microsoft and in a court case are protected because they are off shore and not affiliated with anyone, they are just scammers offering a free service - so there is no one for you to sue. You are the only one at risk in a SAM audit.
Good advice and something I have already adopted. Part of my scheduled yearly tasks now is to review our license posture, review any changes that have been made in the previous year and make sure we have stayed compliant.
-
@BraswellJay said in MS Audit???:
In my case they actually did have information which was accurate. They provided me a spreadsheet that had correct license count information in it, in terms of the number of Windows and SQL server licenses and their respective user CALs. It matched exactly with our records of what we had purchased. I think that plus the fact that they had a microsoft.com email gave it legitimacy in my eyes. I'll know better next time if they try again.
Yes, of course that is accurate. What is not accurate is what they tell you to buy. They don't know, they don't have any special licensing knowledge. They might be right, they might be totally off. Often they just guess. It's often wildly wrong, and their collection methods often have no possibility of accuracy because they don't count things that matter.
-
@BraswellJay said in MS Audit???:
Good advice and something I have already adopted. Part of my scheduled yearly tasks now is to review our license posture, review any changes that have been made in the previous year and make sure we have stayed compliant.
yeah, good documentation is the best possible thing.
-
@scottalanmiller said in MS Audit???:
You should always be auditing yourself to know if you are compliant. If you worry that you are not, you want to bring in a licensing expert to help (it's not expensive and very fast.)
Do you know of a good tool to run to run to detect the Windows licences being used? Something you could use if you walked into a new client that had used multiple different MS licencing channels but didn't properly keep track of things.
I did see a guide before on a private forum that I no longer have access to that showed off a special tool that could be run that would get all kinds of information of the Windows licence on the system and how to interpret them. So I know it would be possible for something to be out there, or is it best to outsource to an auditing company that already has the tools needed for the job?
-
@flaxking said in MS Audit???:
Do you know of a good tool to run to run to detect the Windows licences being used?
I don't think that there is one. So much of MS licensing isn't technical, it's all on paper. You have to know how things are licensed. A few things like RDS, track their usage. But the big, obvious stuff like desktop licenses and CALs, are impossible to track at the network level and can only be done on paper.
-
@flaxking said in MS Audit???:
I did see a guide before on a private forum that I no longer have access to that showed off a special tool that could be run that would get all kinds of information of the Windows licence on the system and how to interpret them. So I know it would be possible for something to be out there, or is it best to outsource to an auditing company that already has the tools needed for the job?
Yeah, there are some for grabbing certain kinds of licenses and knowing where they are. But it only tells you what is applied, not what should be or where it came from.
-
@scottalanmiller said in MS Audit???:
@flaxking said in MS Audit???:
Do you know of a good tool to run to run to detect the Windows licences being used?
I don't think that there is one. So much of MS licensing isn't technical, it's all on paper. You have to know how things are licensed. A few things like RDS, track their usage. But the big, obvious stuff like desktop licenses and CALs, are impossible to track at the network level and can only be done on paper.
I meant only for the Windows OS licence itself, CALs is a whole different world.
It looks like slmgr might be able to do what's needed here. I'll have to check how it displays the different licencing channels.
-
Yeah, a SAM audit, not to be confused with a Scott Alan Miller audit, is complete and utter BS. The easiest way to figure this out is to specifically ask them if it is a required audit or voluntary. If it's voluntary, why would you ever do it? There is simply no upside. The only time I would be concerned is if BSA contacted me. Then I would go to a CDW or a PC Connection for a licensing expert. Plus, in every case of the BSA getting involved, your company attorney(s) should be called in.
At the end of the day, those companies who are really violating licensing know they are doing it, and should not be surprise when BSA comes knocking. This is things like installing a retail Office on 30 computers, or using one server license across a whole server stack.
If you are working with a good reputable reseller, and are doing your best to be compliant, you will likely never have a problem.
-
@pchiodo said in MS Audit???:
Yeah, a SAM audit, not to be confused with a Scott Alan Miller audit, is complete and utter BS. The easiest way to figure this out is to specifically ask them if it is a required audit or voluntary. If it's voluntary, why would you ever do it? There is simply no upside. The only time I would be concerned is if BSA contacted me. Then I would go to a CDW or a PC Connection for a licensing expert. Plus, in every case of the BSA getting involved, your company attorney(s) should be called in.
At the end of the day, those companies who are really violating licensing know they are doing it, and should not be surprise when BSA comes knocking. This is things like installing a retail Office on 30 computers, or using one server license across a whole server stack.
If you are working with a good reputable reseller, and are doing your best to be compliant, you will likely never have a problem.
I wouldn't trust your reseller on being the licencing expert. I've talked to a CDW 'licencing expert' before and know first hand that they are only experts in comparison to your account manager
-
@flaxking said in MS Audit???:
I meant only for the Windows OS licence itself, CALs is a whole different world.
Yeah, you can definitely find ways to poll those.
-
@pchiodo said in MS Audit???:
Plus, in every case of the BSA getting involved, your company attorney(s) should be called in.
This is important. A true audit is a pure legal matter and while IT needs to be involved, it's about attorneys, not techs. It's not a casual thing and requires Microsoft to pull a contract out and go down a path that would be insanely dangerous for anyone except corporate counsel to coordinate and all responses would go back through the attorney.
-
@flaxking said in MS Audit???:
I wouldn't trust your reseller on being the licencing expert. I've talked to a CDW 'licencing expert' before and know first hand that they are only experts in comparison to your account manager
I agree, they are normally just casually aware sales people. At the end of the day, either study up or bring in paid consultants. Your reseller can assist a little, but they have very little insight and unless they offer indemnification, they can't help. Although, ask your lawyer, as MS doesn't sell direct and forces you to use a reseller, in some jurisdictions you may be able to use a fraud defense against MS.
-
@scottalanmiller said in MS Audit???:
@flaxking said in MS Audit???:
I meant only for the Windows OS licence itself, CALs is a whole different world.
Yeah, you can definitely find ways to poll those.
Unfortunately slmgr doesn't seem to be able to detect if it's using a product key from a Visual Studio subscription. But maybe we just have to use some logic.
i.e. says it's Retail, but we don't have any Retail licences purchases so it must be a VS licence. Or it's MAK but doesn't match our recorded MAK
-
@flaxking said in MS Audit???:
Unfortunately slmgr doesn't seem to be able to detect if it's using a product key from a Visual Studio subscription. But maybe we just have to use some logic.
That's one of the toughest things is all of the many ways that something can be licensed. Each scheme is so different, it can be very had for a tool to monitor all regime options.
-
@flaxking said in MS Audit???:
I wouldn't trust your reseller on being the licencing expert. I've talked to a CDW 'licencing expert' before and know first hand that they are only experts in comparison to your account manager
Absolutely true. Although in most cases, they'll generally keep you in compliance and you'll never hear from MS or BSA.
-
Good thing I have been ignoring these jerks. They have even called me. -
I got few emails from them too, it says somewhere that these audits are voluntary so I basically told them to pound sand and never to call me again. They did about a year later, and they got the same replay. I actually told them they'd have to pay me $300/h to do the audit, I won't do their work for free.
-
@marcinozga said in MS Audit???:
I actually told them they'd have to pay me $300/h to do the audit, I won't do their work for free.
Yup, that's totally an option.
-
I had it once, and thought the same thing, mandatory. But, even if I knew it was voluntary, I probably still would have done it anyway to force the company I worked for to get compliant (and upgrade a bunch of old dyeing PCs). So for me the self audit helped lol.
-
@smartkid808 said in MS Audit???:
I probably still would have done it anyway to force the company I worked for to get compliant (and upgrade a bunch of old dyeing PCs).
It can be nice for that. But you could just fake the audit and do it accurately if you want.