A Microsoft SAM engagement is not a compliance partnership — it's a commercial exercise. Understanding how to respond, what to share, and how to protect your position can reduce your exposure by millions.
A Microsoft Software Asset Management (SAM) engagement is Microsoft's primary mechanism for identifying licensing gaps in enterprise customers' environments. Despite being framed as a "compliance partnership" or "software asset management review," its commercial purpose is to generate additional revenue by finding products in use that exceed what has been licensed.
SAM engagements are not random. Microsoft's telemetry — gathered through Microsoft 365 admin centre, Azure Monitor, Windows Update, and diagnostic data — gives Microsoft significant visibility into what software is running in your environment before they contact you. By the time you receive a SAM engagement request, Microsoft typically already has a hypothesis about where the gaps are.
SAM engagements are typically conducted by Microsoft-approved SAM partners rather than Microsoft directly. These partners are paid, at least in part, based on the value of findings — creating an inherent conflict of interest. As covered in our guide to software audit defense, preparation and independent expertise are essential before engaging with any Microsoft-initiated SAM process.
A SAM partner working on a Microsoft engagement is not a neutral third party — they are compensated by finding licensing gaps. Never treat a SAM engagement as a cooperative exercise. Engage an independent licensing advisor to conduct your own analysis before sharing any data with a Microsoft SAM partner.
Understanding the distinction between a SAM engagement and a formal audit is important for managing your response.
Want independent help negotiating better terms? We rank the top advisory firms across 14 vendor categories — free matching, no commitment.
| Characteristic | SAM Engagement | Formal Audit |
|---|---|---|
| Contractual basis | Informal / voluntary | Contractual right under license terms |
| Conducted by | SAM partner (third-party) | Microsoft or appointed auditor |
| Data sharing requirement | Negotiable / voluntary | Legally required per license agreement |
| Timeline | Flexible | Defined in contract (typically 180 days) |
| Outcome if gap found | Commercial negotiation | Back-payment + potential penalties |
| Refusal consequence | Possible escalation to formal audit | Breach of contract / legal action |
Most organisations should engage with SAM engagements (rather than refuse) because refusal typically escalates to a formal audit with less favourable terms. However, engaging does not mean cooperating unconditionally — you retain the right to manage scope, timing, and the data you provide.
The first 30 days after receiving a SAM engagement request are the most critical. Your initial response sets the tone for the entire process and determines whether you enter the engagement from a position of strength or vulnerability.
Do not agree to deploy Microsoft Assessment and Planning (MAP) Toolkit or any other scanning tool without first understanding exactly what data it collects and where that data goes. Do not provide Microsoft or the SAM partner with access to your license management systems, CMDB, or Active Directory without independent review. Do not make verbal commitments about your license position — anything said can be referenced in settlement discussions.
Get the IT Negotiation Playbook — free
Used by 4,200+ IT directors and procurement leads. Oracle, Microsoft, SAP, Cloud — all covered.
Facing a Microsoft SAM engagement?
Get independent expert support before committing to any SAM data sharing or settlement terms.
Microsoft SAM engagements consistently target the same high-value, high-complexity licensing areas. Understanding these ahead of any engagement allows proactive remediation.
Windows Server licensing in virtualised environments (VMware, Hyper-V, and now Broadcom-owned VMware) is the single highest-value SAM finding in most enterprise estates. Windows Server Standard requires licenses per two VMs per physical host. Windows Server Datacenter covers unlimited VMs per licensed host but requires all cores on the host to be licensed.
The critical exposure: if you run Windows Server VMs on VMware clusters, Microsoft requires you to license all physical hosts in the cluster — not just the hosts where Windows VMs are running — because VMware's vMotion can move VMs between hosts. This "potential for movement" rule creates enormous licensing exposure in large VMware estates. See our Microsoft license right-sizing guide for virtualisation licensing detail.
SQL Server is licensed per core, with a minimum of 4 cores per processor. Complex issues arise around virtual environments (SQL VMs must license all cores assigned to the VM, plus host-level licensing if not hard-partitioned), SQL Developer editions used in non-development contexts, and Standard vs Enterprise edition enforcement. SQL Server Enterprise running on hardware without appropriate Enterprise licenses is a common and expensive SAM finding.
M365 licenses are per named user. Organisations with seasonal workers, contractors, or high staff turnover frequently have periods where active users exceed licensed counts. Microsoft 365 admin centre data (accessible to Microsoft) shows active user counts — discrepancies between active users and licensed counts are easily identified. Conduct regular user count reconciliation, particularly before quarterly billing cycles.
As covered in our Power Platform licensing guide, premium connector usage by unlicensed users is increasingly a SAM finding. Microsoft's telemetry in the Power Platform admin centre identifies premium connector usage across your tenant — gaps between licensed Premium users and actual premium connector users appear directly in Microsoft's data.
An effective SAM defense strategy is built on preparation, independent validation, and controlled engagement.
Before engaging with any SAM data collection, conduct your own independent license position assessment. Use your CMDB, software asset management tools, and license documentation to build your own view of entitlements versus deployments. Your independent position is your reference point for challenging the SAM partner's findings and negotiating the final outcome.
You control what data you provide to the SAM partner. Run the MAP Toolkit or agreed scanning tools yourself rather than allowing the SAM partner to run them directly. Review the output before sharing — ensure it reflects your environment accurately and does not over-report deployments due to scan artefacts, test environments, or decommissioned systems.
SAM partners frequently apply overly conservative license interpretation. Challenge virtualisation rules (is this truly a VMware cluster subject to cluster-wide licensing, or is it a standalone host?), apply all available Software Assurance benefits (downgrade rights, licence mobility, Azure Hybrid Benefit), and verify that all applicable license types are counted (MSDN/Visual Studio subscriptions, OEM licenses, volume license pools).
When a gap is identified, the settlement negotiation is a genuine commercial discussion. Key principles for negotiating the best outcome follow.
Never accept the initial demand. The first settlement figure from Microsoft is a starting position. Organisations that accept the initial figure pay more than those that challenge and negotiate. The acceptable discount from initial demand varies — experienced advisors typically achieve 30–60% reduction.
Convert gap to a renewal position. Frame any SAM gap as a forward-looking licensing purchase rather than a back-payment. Agreeing to add licenses in an EA renewal (at negotiated EA pricing) is far more favourable than paying a back-settlement at list or penalty prices. Use the EA renewal as the mechanism for resolving the SAM finding.
Use cloud migration as settlement currency. Microsoft is highly motivated to accelerate on-premises to cloud migration. Committing to migrate on-premises SQL Server or Windows Server workloads to Azure within a defined timeframe can be used as partial settlement currency — Microsoft may reduce or waive historical gap findings in exchange for Azure MACC commitments that represent future cloud spend.
Challenge the calculation timeline. Microsoft's standard approach is to calculate gap value based on current list pricing across the full audit period. Negotiate the calculation basis — shorter lookback period, lower effective pricing (EA pricing rather than list), or applying credits against future EA commitments rather than cash settlement.
The most cost-effective approach to Microsoft SAM is prevention — maintaining a clean, well-documented license position that eliminates material gaps before Microsoft initiates an engagement.
A robust SAM prevention programme includes quarterly license reconciliation comparing deployed software against licensed entitlements, automated alerts when deployment counts approach license thresholds, a governance policy preventing deployment of software without procurement approval, regular review of EA true-up obligations, and annual third-party validation of your effective license position. Proactive SAM management costs a fraction of reactive SAM defense — and eliminates the distraction of a lengthy engagement process.
Reference our comprehensive SAM advisory guide for the full preventive programme framework, and our Microsoft true-up guide for managing the annual EA true-up cycle.
Our Microsoft licensing advisors have defended hundreds of SAM engagements — from initial response through settlement negotiation.