Bad news: you are responsible for every piece of Microsoft software in your data centres, even if you did not install it, even if you do not support it.
Good news: Microsoft gave you the legal tools to protect yourselves and your business from rogue installations by your end customers.
What is an SPLA provider responsible for
With all due respect, Microsoft didn't do a good job explaining to SPLA providers their obligations and the tools it provides.
First of all, everything in your data centres, whether in a public cloud, co-location, or your end customer's hardware, is your responsibility unless you have evidence to the contrary and contractual tools to protect you.
We are often involved in SPLA audit defence. About 80% to 90% of our clients begin the audit journey unaware of their compliance responsibilities. We often hear: "We only support operating systems".
Unfortunately, unless it's contractually clear, supported by evidence, and your end-client agreements are compliant with SPLA terms, all the rogue Microsoft software installations by your end-clients will be added to the audit bill.
And so that you are prepared for the "bill shock", the average share of operating systems and databases across SPLA audits is only around 20%. The rest, 80%, is in subscriber access licenses: RDS, Office, Project, Visio, Visual Studio.
What can you do to protect (indemnify) your provider business?
Strictly speaking, SPLA is designed to bundle licenses in your services. You are not licensed to simply resell SPLA licenses to your end clients. You are supposed to have admin access to all the virtual machines you rent out.
The reality, however, is that often there are end clients that require extra IT security: government, intelligence, security, finance. There's very little chance they will voluntarily give you access to their virtual machines.
Is there anything you can do to avoid being penalised for what they installed without your knowledge if it?
End-User License Terms (EULT)
Surprisingly, the most straightforward tool is the most often overlooked.
Microsoft requires you to include End User License Terms (EULT) in every end-client contract. EULT has stipulations for:
End client responsibility to Microsoft for license compliance,
Agreement to share all the compliance-related data with Microsoft in case of an audit.
It's easy to see how EULT protects providers.
But what if you want to let your end clients bring their own licenses to your data centres to let them deploy Microsoft software using the licenses they already have? It's only natural to do so if you provide pure IaaS.
Then you need to become an authorised License Mobility Partner. But that's not all.
Here's what you must do:
Publish educational materials explaining to your end clients how License Mobility works,
Refer to these requirements in your end client agreements,
Require your end clients to complete License Verification forms,
Maintain a register of all License Verification forms,
Collaborate with Microsoft if they suspect that an end client is non-compliant.
Your services resellers and SPLA partners
You may have partners that resell your services. Almost every client of ours has a software services reseller channel.
You may also have other providers that use your services as a "Data Center Provider". And they may also have their resellers and their end customers. All these workloads may end up in your data centres.
You must ensure that all of your partners include EULT in all their end client agreements. It is required by SPLA.
What to do if you only sell your services via an online portal?
Do what Amazon does:
Publish your contract templates,
Publish your end-user license terms,
Publish user-friendly explanatory pages about licensing on the web,
Make it a part of your public offer, a box they tick when they procure your services.
If you made all the efforts in good faith, Microsoft only expects you to help Microsoft resolve issues they suspect with compliance of your end clients. It stops being your non-compliance responsibility.
Please send us a message using the form below if you'd like to discuss your situation: