Summary
As a provider, you're in business to make a profit. Of course, you are also on a mission to improve the world and create the most sustainable environment. But your business needs to make money to achieve its objectives. And in the Service Provider business, a few obstacles are in the way of making that profit.
1. You are undercharging for your services
Why aren't you billing for what you're delivering in the first place?
If you don't understand the structure of your licenses, if you're underpaying Microsoft unknowingly, you may be undercharging your end clients for the services you provide. If you don't see a clear picture of your inbound costs, how do you know if you are making a profit?
Here's a common scenario. A client signs up for 20 users with the appropriate licenses and, over the years, expands to 700. The sysadmins make changes to the infrastructure, but sales never hear about them. Without proper monitoring, nobody notices. Maybe you've got scripts, maybe manual reporting. Either way, the gap between what you're delivering and what you're billing just grows month after month.
The licensing aspect compounds this problem. You're billing for 100 active users because that's what you see in your usage reports, but 5,000 employees are authorised to access the system. Microsoft expects you to license all 5,000. The distinction between "active" and "authorised" trips constantly trips up providers. If every user in the organisation can potentially access Microsoft software, you have to pay for every user, regardless of whether they actually log in. Most providers naturally assume they'll just bill for the people who are actually using it. Microsoft doesn't share that view.
There are other variations. Sometimes the sysadmins deploy additional software without telling sales. Sometimes your end client deploys it themselves without having BYOL licenses. Either way, you're delivering services you're not billing for.
The numbers work out like this. An RDS SAL costs about $7 per month, and an Office SAL costs about $18. That's roughly $25 per user per month in Microsoft licensing costs alone.
In that first example with the 680 missed users, at $25 per month in Microsoft licensing costs, your actual charge to clients isn't just that $25. You've got your margin, your infrastructure costs, your support, your management overhead. So you're probably charging clients $50-60 per month per user, possibly more. Which means those 680 missed users represent $34,000-40,000 per month in lost revenue. Over two years, you're looking at $800,000 to $1 million gone.
Now, in cases like this where there's a complete communication breakdown, chances are you weren't paying Microsoft for these licenses either. So you're not actively losing money on delivery, but you're still not charging for services you're providing. In rare cases, you were actually paying Microsoft but forgot to bill the client. That's worse because you've been subsidising users out of your own pocket.
Can you go back to the client now and present them with a million-dollar invoice for services already consumed? We've tried before. It never works. The client will refuse, bring in lawyers, or just leave. Even if you can prove these were unauthorised users, the relationship is unlikely to survive.
The money won't be coming back.
And when Microsoft comes auditing and demands their 125% back-payment for those under-reported licenses, that's coming entirely out of your pocket. You've got no revenue to offset it.
2. You are overpaying Microsoft
We often see providers underpaying for some licenses and overpaying for others. In almost every case, SPLA audits and audit-readiness exercises identify both noncompliance and overpayments.
Overpayments occur for two main reasons.
First, there's defensive over-licensing. You need X cores of Windows Server, but you pay for X+ "just in case" because you don't have visibility into what's actually running, and you're terrified of an audit finding under-licensing. This happens particularly often with Windows Server, where 5-10% overpayments don't sound dramatic, but they compound month after month. On a large estate over 12-24 months, you're looking at tens or hundreds of thousands of dollars evaporating quietly.
Second, you're paying for things that should be free or heavily discounted, simply because you don't know they're available.
Disaster Recovery environments are a good example. We recently worked with a provider overpaying $1.4 million per year for DR clusters. All DR licenses are free if you comply with the strict rules of DR licensing, including Windows Server. This is documented in SPUR. The provider just didn't know the exemption existed.
Then there are the free provisions in the SPLA agreement itself: evaluation environments, testing environments, demos, end-client evaluations, and 20 administrator licenses per data centre. Providers either don't know these exist or don't know how to use them properly, so they're licensing environments that SPLA explicitly allows for free.
SPUR is publicly available on Microsoft's website. Your SPLA agreement is sitting in your filing system or email archives from when you signed up. Both documents are readily accessible.
3. Audit penalties
Non-compliance leads to penalties. A Microsoft SPLA audit is inevitable. If you haven't had one yet, start preparing for it today.
Why inevitable? Because Microsoft has to audit its partners. A SPLA provider is a Microsoft partner, and Microsoft must audit to maintain a level playing field in their channel. If Provider A is compliant and paying full freight, whilst Provider B is under-reporting, Provider B has an unfair cost advantage in the market. Microsoft has to audit everyone to prevent anticompetitive advantages. Some would even say there's a legal requirement to do so.
If an auditor discovers non-compliance, the penalties are hefty: 125% of the list price for all the under-reported licenses for up to 5 years backwards, plus auditor fees.
And here's where all the previous obstacles compound into something worse. You've already lost the revenue you couldn't bill your clients for (obstacle #1). You've been overpaying Microsoft in other areas, possibly by substantial amounts (obstacle #2). Now, Microsoft is finding underpayments and demanding penalties.
Will they credit your overpayments against the penalties? No. Microsoft dismisses overpayments, even when you have solid evidence. Can you negotiate some consideration for them? Yes, but don't expect that to be easy, and you'll never recover 100% of the overpaid sums.
Your overpayments are just permanent losses. Your underpayments cost you penalties. The asymmetry is complete.
4. Microsoft is using audit results to push Azure
How? If your non-compliance is too high, Microsoft will probably pursue the penalties. It's their right. They want their revenue.
But if it's more or less a reasonable number, you may end up in negotiation: "Fine. We will forgive you this if you lift some of your end-customer workloads and shift them to Azure."
That activity is especially prominent in regions where Microsoft deploys new Azure presences.
Sounds like relief. Microsoft forgives, say, $500,000 in audit penalties if you commit to $2 million in Azure spend over three years. That looks straightforward enough.
Until it becomes a binding contractual requirement, if you hit $1.95 million instead of $2 million, you owe the full original $500,000 penalty back. You've turned a one-time hit into a multi-year Damocles sword hanging over your business. Miss the target by any amount, and you're back where you started, except worse.
This only makes sense if you already had certain Azure expansion plans. If you were genuinely planning that level of Azure spending anyway, then yes, the forgiveness is real relief.
But if you weren't, you're now forced to drive clients toward Azure, whether it makes sense for your business model or not. You've traded a concluded audit penalty for years of contractual obligation where one misstep means disaster.
You may want to do this. You can continue your service provider business whilst using Microsoft data centres.
But do you want to? That is the question.
Do it now
Get your SPLA management under control.
Get a good understanding of your SPLA and non-SPLA scope.
Isolate different workloads and services into dedicated clusters.
Check your contractual compliance with SPLA.
Make sure you have all the necessary evidence for a SPLA audit.
These aren't surface-level problems. If they were obvious, you'd have spotted them already. Using SPLA efficiently requires knowing every provision, every exemption, every trap. And getting honest answers means working with someone who isn't trying to sell you something else.
Talk to a SPLA expert
We are an independent consulting business that sells no licenses or Cloud services. That is on purpose, so our advice is unbiased.
We have specialised in SPLA for years, saving our clients over $500 million in audit fees and license costs.
Please send us a message using the form below, and we'll get in touch as soon as possible for a no-obligation call.