Summary
🔥 Click here for our UPDATED expert review for 2024.
Key outtakes:
SPLA is here to stay for the time being.
Microsoft is not only improving, but it is also actively pushing BYOL.
CSP licensing on hosting offers a new model for long-term client revenue generation.
Significant opportunities arise for SaaS and ISVs in expanding offerings through CSP licensing.
Elimination of QMTH opens hosting capabilities to a broader provider base.
The shift from physical to virtual core counting for Windows Server impacts SPLA providers and favours CSPs.
The article is based on a conversation between our lead experts, Alexander Golev and Daryl Ullman.
Is SPLA being retired?
Daryl Ullman: Let's begin by addressing a significant strategic question we've received in various forms: "Is Microsoft planning to phase out SPLA? As ISVs, hosting providers, and SaaS providers, how should we prepare for this, and where is Microsoft headed in 2023?"
Alexander Golev: Microsoft's official position is that SPLA will continue, as stated officially in their blog posts and through other channels. The same message is being relayed to me via unofficial channels.
Assuming that the current partner team stays intact – since we must remember that Microsoft is a huge corporation, and we depend on specific teams to spearhead particular initiatives, like SPLA – I wouldn't be too concerned about the fate of SPLA for at least the next three years.
However, it's worth considering what Microsoft is doing around the "bring your own license" concept. If you follow our channel, we've posted several videos discussing the changes Microsoft implemented in October 2020. I'd advise watching them all.
So, SPLA isn't going anywhere, but it's important to note that Microsoft has been opting not to renew SPLA agreements in certain regions, specifically with providers they don't deem as strategic partners. What should you do if you're one of these providers?
Starting October 01 2022, you are allowed to host your end clients' licenses even if you are not a License Mobility Partner.
You can begin hosting your end client licenses, and you could even sell them the licenses first and then host them. This way, you can secure margins on both the license and your services. The only downside is that monthly CSP licenses are 20% more expensive than SPLA. So, if you have long-term clients, you need to consider this strategically.
If you're shifting to this licensing model, long-term clients on annual subscriptions to your services or those on three-year subscriptions won't be adversely affected. If they're with you for the long term, you can change the licensing model from SPLA to CSP.
However, if you need to maintain the monthly flexibility of SPLA, there's an unfortunate 20% premium on the monthly CSP licenses.
Daryl: So, from what you're saying, SPLA isn't going away anytime soon, at least for the next three years?
Alexander: That's right, SPLA is here to stay.
How to choose between SPLA and CSP-Hosting?
Daryl: But Microsoft is trending towards strategically moving the channel to CSP and CSP hosting. 2023 seems to be the pivotal year for this shift. Is that an accurate summary?
Alexander: Yes, that's a very apt summary.
Daryl: In that case, here's a follow-up question: if I'm an SPLA provider or a CSP provider today, a reseller, how do I prepare for 2023? How can I add more value for my end customers and, ultimately, increase revenue?
Alexander: That's a pertinent question. How to increase revenue? I'd categorise hosting providers, ISVs, SaaS, and business process outsourcers differently.
For traditional hosting providers with numerous clients on monthly subscriptions, I'd suggest sticking with SPLA unless you already offer services like license mobility. If you're solely an SPLA provider, begin reviewing CSP hosting and the hosting of end client licenses—Bring Your Own License—thoroughly. I wouldn't recommend jumping right in, but nothing is stopping you from exploring this today.
Hosting providers should start evaluating if they want to allow their clients to bring their own licenses. If these providers are also CSP resellers, regardless of being Tier 1 or Tier 2, they might want to begin transitioning slowly. I would advise against making a sudden, complete switch.
Can you cease using SPLA entirely?
Daryl Ullman: We've received inquiries from clients who want to fully transition to CSP and cease using SPLA.
Alexander Golev: If you are considering this shift, assess whether it would be more profitable and help maintain longer relationships with your clients. Besides offering services through the pay-as-you-go SPLA model, you can also sell them CSP licenses to host in your data centre. It's as simple as that, and you don't have to be a designated CSP-Hoster for that.
To elaborate a little, you could sell them a license, earn a margin on the license, and then sell them the services, thereby making a margin on the services too.
As I mentioned earlier, there's no one-size-fits-all solution for every provider. I've been working with providers for over a decade, specifically focusing on SPLA and other hosting-related matters, including ISVs. I've yet to encounter two identical providers or a templated approach applicable to everyone. The only standardised approach we suggest is reviewing the changes and determining whether it works for your specific configuration.
Positive changes for SaaS and small providers
Daryl: We have an excellent follow-up question providing a relevant example. If I'm a SaaS provider or an ISV with an application running on Windows 10 or Windows 11, what are my opportunities? Is there a new opportunity I didn't have before?
Alexander: Well, you could definitely expand your offerings. Previously, to run your SaaS applications that required a Windows 10 or Windows 11 desktop environment, you had to sell a CSP license to your clients, but only if you were a so-called QMTH provider.
Globally, there are only a few hundred QMTH providers, and some countries have none at all. ISVs and SaaS providers, however, are everywhere. For instance, Israel is a significant case, with numerous ISVs and SaaS companies. It's essentially a major start-up hub, yet there isn't a single QMTH provider. There are many countries like this, particularly across Europe.
Now the QMTH requirement is waived, thus presenting a significant new opportunity for SaaS and ISV providers.
You can be a small provider, even if you only have a single rack of servers or just five servers, and you can still provide services hosting your end-clients' licenses. This is crucial for start-ups using their own or another provider's data centre – remember that you cannot use AWS or Google. Still, it could be someone else's data centre, for example, Digital Ocean, OVH, or another second-tier hyperscaler.
So, it's now possible and entirely legitimate. As mentioned earlier, you can even sell and host monthly CSP subscriptions, though they are a bit pricier.
For instance, we spoke last year to a company providing testing services in a Windows 11 environment. They can now do so, whereas before, they had to deploy something in Azure, which didn't technically and commercially work for them.
Daryl: You're saying that Microsoft has increased flexibility for small hosting providers and SaaS and ISV companies, aren't you?
Alexander: Indeed, there's a tremendous opportunity in the market. You can diversify, offer more services, and possibly achieve a higher margin because now you can provide a comprehensive service to your end clients.
I want to clarify at this point that at SAMexpert, we don't sell licenses. Our discussions here are completely unbiased. We don't deal in license sales. If you approach us to buy a license, we don't sell them. We advise on business opportunities and on how to make money, pay less, and earn more, all revolving around Microsoft licensing and cloud providers.
Windows Server licensed per VM on hosting
Daryl Ullman: I want to explore the recent changes to Windows Server licenses. There's been a significant shift from counting physical cores to counting the server's virtual cores. How does this impact SPLA or CSP providers? What's the change? What's the opportunity?
Alexander Golev: I was asked by a friend, who is a mid-sized provider, about how we can apply the new Windows Server per core licensing model in SPLA. Unfortunately, this model was not extended to SPLA.
However, if you want to host server machines licensed per virtual core, you could either sell Windows Server per core licenses to your client or allow them to bring their own licenses on a subscription model. The subscription can be any type: Software Assurance, CSP subscription, it doesn't matter.
Is Microsoft tilting the scale in favour of CSP?
Daryl: So, to clarify, there's a disadvantage for SPLA providers, but an advantage if you're a CSP. It seems like Microsoft is tilting the scale in favour of CSPs to strategically edge out SPLA. Would you agree?
Alexander: While we might say it's a disadvantage for pure SPLA providers and an advantage for pure CSPs, it's not as clear cut. There's no distinct line between advantages and disadvantages.
Until October 01 2022, SPLA providers had to jump through extra hoops and sign a License Mobility Addendum to enhance the bring-your-own-license offerings. Then, they had to sign QMTH to enhance them further.
And now, most providers are still unaware that they can start offering bring-your-own-license options without going through all these hoops, which is definitely a good thing.
If they're solely SPLA, like some of our mutual friends (who shall remain unnamed), and choose to stick exclusively with SPLA, they will not benefit from this licensing model. Unfortunately, what we think may happen is that their competition will start offering this model. And then, they will have to revisit the idea of providing a bring-your-own-license option for Windows Server.
Risks and hidden traps of BYOL for providers
Daryl: Let's focus on a couple of queries we've received. Firstly, if I'm an SPLA provider, can I use the BYOL approach? Are there any regulations or constraints I need to be aware of?
Alexander: At this point in time, there are none. From a compliance standpoint, if you haven't opted for the newly introduced CSP-Hosting authorisation, you're purely an SPLA provider. Presently, there's a grey area concerning the requirement to verify end-user licenses and report them. As it stands, there are no obligatory measures for verification or reporting unless you are a CSP-Hoster. However, we're advising providers we collaborate with to initiate license verification.
Daryl: Why initiate verification if it's not mandatory? Are you anticipating it to become a requirement?
Alexander: Imagine a scenario where you're audited. How would you substantiate that you didn't need to report a specific instance or user through SPLA? Even if the rules aren't explicit now, you require proof that you've been accepting authorised licenses from your users.
Daryl: You mention authorised licenses, which leads to my next question. What constitutes an authorised license or a BYOL that I can employ? What should I verify? What evidence should I request from my clients?
Alexander: The specifics aren't defined yet. However, we recommend requesting screenshots from the Office 365 admin portal displaying CSP licenses, extracts from the VLSC portal, or a Microsoft license statement.
The necessary proof from the client should be a Microsoft-verified document confirming the existence of adequate licences on an active subscription – active Software Assurance or an active CSP subscription. I would urge caution with accepting purchase orders, invoices, or any other non-formal documentation.
What licenses qualify for BYOL?
Daryl: Does the origin of the license matter? For instance, if a client brings a license from an Enterprise Agreement, a CSP, or an MPSA, are there specific aspects I should be mindful of?
Alexander: We've published an article on SAMexpert.com titled "Flexible Virtualisation Benefit". It details the official definitions from the Microsoft Product Terms in the Universal Licensing Terms for all software.
The requirement is quite straightforward: it needs to be a current, recurring subscription with Microsoft. There are no limitations to what Volume Licensing agreements are eligible. However, this does exclude OEM and ISV licenses. So, if you're dealing with any of the major commercial agreements with Microsoft, as long as it's not a purely perpetual license, it may be utilised in hosting.
Daryl: Now, let's say I'm a provider, perhaps a SaaS provider or an ISV hosting provider. I've collected all the necessary evidence. Should I be vigilant about the end dates of these subscriptions or CSP licenses? Given that these aren't perpetual and will eventually expire, should I monitor their status and ensure my customer renews them, or is this outside my jurisdiction?
Alexander: Absolutely. I would strongly advise keeping track of the expiration dates. In fact, a proactive approach would be to reach out to clients about a month prior to the expiration date. Ask them about their renewal plans and remind them of the upcoming end date. Moreover, if you're selling CSP licenses, this interaction could serve as an opportunity to present a commercial offer. It's a potential avenue for expanding your business.
Daryl: So, not only does tracking licenses serve as a compliance measure, it also creates opportunities for those selling subscription licenses. That's a valuable insight. Thank you.
What if you got a SPLA audit in 2023?
Daryl: We've started to see an old question resurface: the topic of Microsoft audits, specifically SPLA audits. What would you advise if a provider receives a Microsoft SPLA audit letter? How should they react, respond, and what responsibilities do they hold?
Alexander: When I receive calls about this, my first advice is to stay calm. Nothing drastic has occurred yet. You may attempt to cancel it, although chances of success are slim. You have a contractual period of 30 days to respond to the notice letter – not to agree or disagree, to acknowledge its receipt.
Next, you'll likely have a call or meeting with the auditor appointed by Microsoft. At this stage, nothing adverse has happened. The key is to maintain control and breathe.
What's vital is that you remain calm, take control, participate in the kickoff call, and listen. That's our primary advice. After receiving the letter, you have 30 days to prepare your team, reach out to partners or companies like ours for assistance, and then attend the kickoff call with the auditor. Just listen and don't share any information yet.
Another critical step to take during the kickoff call, before releasing any data, is to request your own Non-Disclosure Agreement (NDA). It gives you multiple advantages. Firstly, it allows you to control the timeline because their project plans are meaningless. More time also gives you space to breathe and assess the situation, which often isn't as bad as it initially appears.
By the time you need to start submitting data, you'll be in a much better position than if you had rushed into the audit unprepared and overshared information. I don't mean hiding details, but sharing the right information is crucial.
For instance, if you have a mixed environment, you must clarify what information is necessary for this product audit. Do you have to share details about everything – internal, external, all of your customers – or should you focus specifically on the Microsoft-related aspects?
To illustrate the importance of this, let me share a brief horror story. A provider submitted all their clusters to the auditor without specifying which were used for hosting and which weren't. The auditor counted them all and presented a report with surprisingly high numbers. The provider then spent months with the auditor and Microsoft trying to exclude the clusters that shouldn't have been in the scope to begin with. So, once again, my advice is to take your time, stay calm, and remember that nothing adverse has happened yet.
Who conducts Microsoft SPLA audits?
Daryl: To clarify, because not everyone on this call has experienced an audit, and I hope many of you never will, who actually conducts these audits? Is it Microsoft directly, or does Microsoft assign providers or partners as auditors?
Alexander: Microsoft will indeed assign an auditor, per the contract terms. In most countries, with a few exceptions, the auditor will be from one of the 'Big Four' consulting firms - KPMG, EY, PWC, or Deloitte. These firms typically manage the audit process. It's worth noting that Microsoft outsources this task, and there's always a question about who pays for these services. If your organisation is found to be non-compliant, you'll be expected to cover the audit services' cost.
Non-compliance and auditor fees
Daryl: Could you elaborate on what constitutes non-compliance?
Alexander: A SPLA audit report essentially offers a monthly licensing position throughout the audit's duration. All these shortfalls combined, if they amount to less than five per cent of the total devices you were required to report, then Microsoft foots the bill for the audit. However, if the shortfalls exceed five per cent, your organisation will be responsible for paying for the audit services.
The most significant opportunity of 2023 for providers
Daryl: Looking into 2023, what do you foresee as the most significant opportunity for SaaS, ISV hosting providers, specifically regarding the Microsoft platform and the choice between SPLA and CSP?
Alexander: The biggest opportunity lies in the increased flexibility. There's no universal solution for everyone, but for many, the switch to CSP hosting - and I want to stress, I'm not suggesting becoming a CSP hoster, those are two different things - may offer additional business benefits.
Intriguingly, since many regional Microsoft offices aren't rewarded for SPLA license sales but are for CSP license sales, making this switch could also strengthen your relationship with Microsoft.
Daryl: Right, so selling through CSP not only provides more flexibility but also fosters better relations with your local Microsoft representative, whose internal compensation is tied to CSP and not SPLA. Building good relationships, particularly regarding Microsoft business, is certainly valuable.
Talk to a Service Provider Licensing expert
Do you have questions about SPLA, audits, CSP-Hosting? We work with many providers across the globe daily. We also don't sell licenses so our advice is truly unbiased.
Use the form below and tell us about your challenges. One of the senior partners will be in touch with you as soon as possible.