Three Overlooked Microsoft Audit Tips
There are few single words that can change your mood, your day, and potentially your life in an instant. One of those words is “Audit”. No one likes audit. It’s a simple five-letter word, a basic concept, and yet once it’s out there – there is nothing simple about the aftermath.
Audits come in two main flavors: there is the friendly audit, also known as a license review, and the not-so-friendly version. As one admin put it,
“Do not ignore a friendly audit request from Microsoft as this could make it become unfriendly real quick.”
Audits can be a matter of survival, or at least feel that way. If you’ve ever experienced a software audit, you know the experience can be described as ‘painful’, ‘awful’ or ‘like a root canal’. It takes months to complete, eats up valuable time from your schedule and many others in your organization, from IT to legal, to executive leadership. At the end of it all – you are likely to owe money, possibly much more than you imagined, and your job could be on the line.
There are a few schools of thought on how to avoid the bad experience of an audit.
- Use all the software you want, pirate it, over-deploy it, and fight when they come after you, channel your inner Jack Sparrow.
- Move everything to the cloud, that way you can’t be out of compliance and everything is fine. There’s an app for that, right?
- Don’t use software, pads of paper and pencils work just fine, use pens when you’re feeling bold.
All jokes aside, if you are facing an audit, you need a comprehensive game plan. Here is a great blog series detailing five key steps to take. But as with an audit, there is always more. Here are three often overlooked tips to consider when preparing for or facing an audit.
- VDI and CSP Don’t Mix. One scenario to watch out for involves Cloud Solution Providers (CSP), a Microsoft designation that allows cloud vendors to offer greater billing flexibility such as month-to-month subscriptions. However, Windows 10 subscriptions cannot be deployed on Virtual Desktop Infrastructure (VDI). Use VDI with a CSP subscription, and your audit will end in a hefty fine. If you already run VDI, make sure your Windows 10 is through a non-CSP subscription. Likewise, if you are running your Windows 10 through CSP, don’t migrate to VDI until you migrate your licensing subscriptions off CSP. Your provider has the flexibility to repurpose subscriptions and can often help you make the necessary transition to the right license structure.
- SaaS Still Requires Compliance. Many organizations have the expectation or assumption that compliance concerns go away since cloud usage is monitored and often metered by the SaaS provider. The old saying about the risk of making assumptions holds true with cloud migration, as there are some potential pitfalls that organizations have inadvertently run into:
- Compliance issues as users share login credentials
- Office Mobile usage that is listed as “Free” but are governed by Terms & Conditions that stipulate usage requires an Office 365 subscription
- Exceeding the allowed device count, especially as more users bring their own devices and log in from personal systems outside of the visibility of IT.
- The “Reverse-Audit”. Imagine a “reverse-audit” which puts money back in your budget. This sounds like a fairy-tale, a world of flying unicorns and T-Rex with lasers, that only exists in the dreams of IT admins. However, thousands of admins have been living this reality – and you could too. The key to making this happening is to employ an automated process for identifying what software is actually being used – whether it be for on-premise or device-based licensing, or subscription-based licensing for SaaS/cloud applications – down to an application level of granularity, not just what you have installed on employees’ systems. Next, compare this usage to what you are paying for, your current entitlements. You are likely to find that a raft of unused software. A great example is Office 365 subscription levels. Getting an awesome discount of 25% off of 2,000 top of the line E5 subscriptions ends up being a really bad deal when the reality is that 500 of those employees only needed E3, and the other 1,500 simply needed Outlook. Gathering this granular usage information is possible with a robust Software Asset Management solution and is the first step in achieving the “reverse-audit”, the next step is #winning.
Avoiding overlooked pitfalls and finding opportunities can make your audit experience a better one, even a beneficial one. We invite you to sign up for this informative webinar with ITAM Review that details the key components, technologies, and tactics that will get you prepared to thrive instead of just survive your next audit.