Microsoft’s ‘SAM’ - Software Asset Management Engagement Review’s scope and impact in India

admin's picture
Posted by admin

Microsoft and its product suits are household names in India. Individuals and businesses of all sizes, from SMEs to large scale corporations mostly rely on Microsoft products for daily operations. These products however, come under a license which is a must have if you own a computer. However, these licenses are often misunderstood, neglected or purposely not procured due to the costs, especially considering the vast difference in rates in USD and INR.

This situation leads to licensing issues, and bad performance in terms of Microsoft deployed products. Microsoft on its part has appointed various third-party licensing consultants to monitor and review SME, IT & Software companies & Corporates to set their books in order with regards to licenses of software.

This process is called the Software Asset Management Engagement Review (SAM ‘Uncle’) – a subtle way of redefining the menacing ‘Audit’ in a company. The procedure is fairly comparable to allowing someone to poke their noses right into your business enterprise whether you like it or not.

Now one may think why such an email came to their inbox; should one strike the panic button, or not? Isn’t it an invasion of my business dealings and secrets of the company?

If the customer is up to date with his compliances – then there seems to be no need to worry. But in case that isn’t so – then it may be a cause of two sided worry. One would be for paying for the term of using the software and the other would be to buy the required software then and there.

Is it mandatory for the customer to revert back to them? What right do they have to poke their nose around in the customer’s business? What if the customer refuses to allow the SAM Review?

Saying “NO” would undoubtedly make the demands for an Audit more explicit and harsh with an underlying indirect threat of legal consequences in case of non-compliance. The next step would most probably initiate a forced audit called Microsoft Legal Contracts and Compliance (LCC) Audit by Microsoft’s SAM team which would also mean disruption of work for the day.

On what basis has Microsoft or its partners initiated this kind of a review of your company?

The answer is fairly simple – this matter of right is mentioned in Microsoft’s Business and Services Agreement that comes with every purchase that we do of their products. Overall it is a way to set the compliances in order.

What is the process that entails the SAM Audit?
The process starts when Microsoft’s third-party partner sends an email to the customer. The contents of the email specifically impose that the customer is having insufficient licenses for the Microsoft products that they are using in the company and due to this a Software Asset Management review is to be performed.

An attachment called the Deployment Form is sent to the customer who is advised to conduct a personal audit to verify whether or not they are compliant in regards to the Open Licenses of Microsoft products. The software key details of the licenses are to be filled up in the MS Excel Deployment Form and send to in a revert email to the SAM partner in a designated period of time. The partner in turn will verify the software keys with their data in hand for the compliances. The customer can also use the Microsoft Assessment and Planning Toolkit for the same purpose, though it is first advised to fill up the Deployment spreadsheet form.

A second email comes demanding to provide details of the quantity of PCs, laptops, notebooks, software installed and locations of the company’s offices.

Thereafter the SAM conducting partner sends a team to the company’s premises to verify what they have stated to be true, or not. Additionally, an expert team will data mine from their resources for any deviation as per their records.

But still why would one want anyone to interfere around? These and many other such questions flow in freely to the mind.

It is normal to guess that the SAM team would be die-hard loyal to Microsoft. In this case any sensitive data of the company or clients would go in open hands and prying eyes. In such a scenario, it is more of a necessity to have a “Non-Disclosure plus Confidentiality Contract” signed with the SAM team to sidestep a severe ‘conflict of interest’ – as that is the only savior to protect your interest? It is really important to know what are the terms of contract between Microsoft and the third party partner before allowing the SAM team into your office premises.
This auditing process does not have to be traumatic for your business, Legal Advice India can guide you and help make it as smooth as possible. With our assistance you can regain your peace of mind knowing that you are or will be fully compliant and your businesses recognized as reliable and trustworthy. The best possible way is to conduct a self-audit periodically so that you may be well aware of your pros and cons in the above said issue.