The premise of a SAM tool is straightforward: discover what Microsoft software is deployed in your environment, reconcile it against what you are licensed to use, and identify gaps and waste. The execution is far harder than the premise suggests — particularly for Microsoft licensing, where the compliance position depends not just on deployment counts but on licence metrics (per-user vs per-device vs per-core vs per-processor), entitlement layering (SA benefits, step-up rights, downgrade rights, dual-use rights), virtualisation rules (host-based vs VM-based counting), and product-specific exceptions that change without notification in Microsoft's monthly Product Terms update.
An enterprise that purchases a SAM tool and uses it in isolation — without Microsoft licensing expertise to interpret what the data means — has invested in expensive data collection, not in compliance management. The £340K average annual Microsoft overspend figure cited in industry data is not caused by a lack of data; it is caused by a lack of understanding of what the data means in licence terms. This guide helps procurement, IT, and SAM teams evaluate SAM tools specifically for Microsoft licensing capability — not just general ITAM functionality.
The Five Evaluation Dimensions
SAM tools should be evaluated across five dimensions for Microsoft-specific licensing effectiveness. General ITAM capabilities (hardware discovery, software normalisation, CMDB integration) are necessary but not sufficient. The Microsoft-specific dimensions are what determine whether the tool is genuinely useful for compliance management or just a sophisticated asset inventory system.
1. Discovery Coverage and Accuracy
Discovery is the foundation. The tool must reliably identify Microsoft software across all deployment scenarios in your environment:
- On-premises Windows environments: Full Windows Registry scan, WMI query, and MSI inventory are table stakes. The question is accuracy of identification — can the tool distinguish SQL Server 2016 Standard from SQL Server 2016 Enterprise, and identify the edition installed rather than just the product name?
- Virtual environments: VMware vSphere, Hyper-V, and Azure VMs all require specific discovery approaches. Does the tool discover at the hypervisor level (host) as well as the VM level? This matters for SQL Server and Windows Server licensing, where host-based licensing is often the most efficient model.
- Cloud and SaaS: Microsoft 365, Azure, and Dynamics 365 are not discovered through agent-based tools — they require Microsoft Graph API integration and Azure billing API access. Does the tool integrate with the Microsoft 365 Admin Center and Azure Cost Management to pull consumption data?
- Agentless discovery: Devices that cannot receive an agent (network devices, legacy systems, OT/IoT environments) require agentless discovery via WMI, SSH, or SNMP. What percentage of your environment is agent-deployable versus agentless?
- Remote and BYOD devices: Devices outside the corporate network require either VPN-dependent scanning (unreliable for remote-first organisations) or cloud-based agent management. How does the tool handle devices that are never on the corporate network?
2. Microsoft Licensing Rule Accuracy
This is where most SAM tools fall short. Microsoft's licensing rules are complex, product-specific, and subject to frequent change via the Product Terms. A tool's licensing engine — the component that translates deployment data into a compliance position — is only as good as its Microsoft licensing knowledge base. Key questions to probe:
- SQL Server virtualisation: Does the tool correctly implement the per-core counting rules for SQL Server in VMware environments, including the four-core minimum per physical processor, the virtual machine licensing alternative, and the Soft-NUMA exception? Most tools get the basic rule right and miss the exceptions.
- Windows Server Standard vs Datacenter: Does the tool correctly model the 2-VM right under Standard licensing and the unlimited VM right under Datacenter, including the running VM vs allocated VM distinction?
- M365 user-level consumption: Can the tool identify which M365 features are actively used by which users, enabling licence harvesting analysis? Or does it simply report assigned licences without usage data?
- RDS CAL counting: Does the tool correctly count Remote Desktop Services CALs — distinguishing Device CAL and User CAL models and correctly handling concurrent session environments?
- Product Terms update cadence: How frequently is the licensing knowledge base updated to reflect Microsoft's monthly Product Terms changes? Tools that update quarterly are working with outdated rules for 75% of the year.
3. Entitlement Data Integration
Discovery alone does not produce a compliance position. The compliance position requires reconciliation of discovery data against entitlement data — what you are licensed to use. Entitlement data lives in multiple Microsoft systems, and a SAM tool's ability to integrate with those systems determines whether the compliance calculation is automated or manual.
- VLSC integration: The Volume Licensing Service Centre is the primary source for EA purchase history, SA coverage dates, and product entitlement records. Can the tool import VLSC data via the API, or does it require manual CSV imports? Manual imports mean entitlement data is always stale.
- Microsoft 365 Admin Center: For cloud licensing, the M365 Admin Center holds current licence assignments and subscription quantities. API integration with the Admin Center ensures the tool reflects current subscription state, not last month's data.
- Azure billing API: For Azure consumption commitments (MACC), the Azure billing API provides the data needed to track MACC draw-down against commitment. Does the tool integrate this data, or is Azure treated as outside scope?
- Entitlement layering: Beyond raw purchase records, does the tool correctly layer SA benefits (version upgrade rights, downgrade rights, License Mobility, dual-use rights) onto the entitlement record? The raw purchase quantity is not the licence entitlement for SA-covered products.
A SAM tool that produces a "compliance gap" figure without a licensing analyst reviewing the methodology used to calculate that figure is not producing a reliable compliance position — it is producing an algorithmic output that may contain systematic errors. Before acting on any SAM tool compliance report, verify: (1) which virtualisation counting methodology the tool applied for SQL Server and Windows Server; (2) whether SA benefits were correctly applied to the entitlement; (3) whether downgrade rights were used where applicable. These three checks alone routinely change "gap" figures by 20–40%.
4. Reporting and Actionability
The purpose of a SAM tool is not to produce compliance reports for their own sake — it is to drive decisions: licence harvesting, entitlement optimisation, audit preparation, and EA renewal intelligence. Evaluate tools on whether their outputs directly support these decision contexts:
- Harvesting analysis: Does the tool identify unassigned, unused, and under-utilised licences with enough specificity to drive harvesting actions? Aggregated "utilisation rate" metrics are not sufficient — you need per-user, per-product usage data to identify which specific assignments to reclaim.
- EA renewal intelligence: Does the tool provide trending data — licence growth rates, product mix shifts, Azure spend trajectory — that can be used to model the EA renewal position? A tool that only shows current state, not trend, provides limited renewal preparation value.
- Audit-ready evidence package: If Microsoft initiates an audit, can the tool produce an organised evidence package — entitlement records, deployment data by product and version, virtualisation topology — in the format expected by Microsoft's audit process? Or does producing audit evidence require significant manual extraction and formatting?
- Workflow integration: Does the tool integrate with your procurement, ITSM, or HR systems to automate licence provisioning and deprovisioning workflows? Reporting that requires manual action is less effective than reporting that triggers workflow.
5. Vendor Relationship and Independence
Some SAM tools are developed and marketed by Microsoft LSP partners or by organisations with significant Microsoft relationship revenue. This creates the same structural tension described in the context of independent audit advisors: a tool vendor who is also a Microsoft reseller has a financial incentive to surface compliance gaps (which generate licence purchase opportunities) rather than entitlement credits (which reduce purchase requirements). This is not a reason to automatically exclude LSP-affiliated tools, but it is a reason to scrutinise how the tool's compliance position methodology handles entitlement credits and to verify findings independently before acting on gap recommendations.
| Evaluation Dimension | Key Test Questions | Common Weaknesses |
|---|---|---|
| Discovery Coverage | Can it discover agentless? How does it handle VMs, cloud, remote devices? | Gaps in agentless, cloud, VDI environments |
| Licensing Rule Accuracy | SQL Server virtualisation counting? Product Terms update frequency? | Generic rules, outdated Product Terms, missed exceptions |
| Entitlement Integration | VLSC API? M365 Admin Center API? SA benefit layering? | Manual imports, SA benefits not modelled, MACC excluded |
| Actionability | Per-user harvesting data? Audit evidence package? Trending? | Aggregate metrics only, no trend data, manual evidence extraction |
| Vendor Independence | Does vendor have reseller revenue? How are entitlement credits treated? | Conflict of interest in gap reporting, credits underweighted |
Market Landscape Overview
Rather than provide a vendor-by-vendor ranking — which would require continuous updating as products evolve — it is more useful to describe the market segments:
Dedicated ITAM/SAM Platforms
These tools are purpose-built for software asset management across multiple publishers, with Microsoft as a primary focus. Examples include Snow Software, Flexera One, Ivanti (formerly Cherwell and LANdesk), and Certero. These platforms typically offer the strongest Microsoft-specific licensing knowledge bases and the most mature discovery coverage. They are the appropriate choice for organisations with complex multi-vendor licensing environments where Microsoft is one of several major publishers requiring active management.
Microsoft-Native Tools
Microsoft offers its own tools that provide partial SAM functionality: the Microsoft 365 Admin Center usage reports, Azure Cost Management, and the Microsoft Endpoint Configuration Manager (MECM/SCCM) hardware and software inventory. These tools are free and well-integrated but do not provide the cross-product compliance reconciliation or entitlement management that a dedicated SAM tool does. They are appropriate as supplementary data sources within a broader SAM programme, not as replacements for it.
ITSM-Adjacent Tools
ServiceNow, BMC Helix, and similar ITSM platforms have added SAM modules. These modules benefit from deep CMDB integration but typically have less mature Microsoft-specific licensing knowledge than dedicated SAM platforms. They are appropriate for organisations that prioritise ITSM/CMDB integration over deep licensing accuracy, or where a consolidated toolset is a strategic priority.
Procurement and Implementation Guidance
When procuring a SAM tool specifically for Microsoft licensing, the following practical steps improve selection quality and reduce implementation risk:
Proof of Concept with Your Data
Require any shortlisted vendor to run a proof of concept against a defined scope of your actual environment — not a demo environment. The POC should cover your most complex Microsoft licensing scenarios: your virtualisation topology for SQL Server or Windows Server, your M365 licence mix, and any product areas where you believe your current position is unclear. The POC output should produce a draft compliance position. Then have an independent Microsoft licensing specialist review that position for accuracy — not the vendor's implementation consultant.
Licensing Knowledge Base Transparency
Ask vendors to show you the specific rule set applied to SQL Server virtualisation in a VMware environment. If they cannot show you the rule logic — if the licensing engine is a black box — you cannot verify whether it is correct. Transparent rule logic is a pre-requisite for using the tool in any context where the compliance position will be used defensively (audit preparation, internal governance reporting).
Total Cost of Ownership
SAM tool TCO extends well beyond the licence fee. Include implementation costs (typically 30–60% of Year 1 licence cost for complex environments), ongoing support and maintenance (typically 20% per year), and the internal resource requirement for data stewardship and analysis. A tool that costs $80K/year but requires a dedicated SAM analyst to maintain and interpret may have a higher effective TCO than a $150K/year tool with better automation. Build the full 3-year TCO model, including internal headcount, before the selection decision.
SAM Programme Advisory
SAM tools are a component of a Microsoft SAM programme — not the whole programme. The tool provides data; the intelligence comes from knowing what the data means in licence terms. We work with organisations to design SAM programmes, evaluate tool options, and ensure that compliance positions are accurate and defensible before they are used for governance or audit purposes.
SAM Programme Design
Independent advisory on SAM tool selection, programme architecture, and governance integration — without reseller conflict.
Talk to an AdvisorCompliance Position Review
We review SAM tool outputs for accuracy — checking licensing rule application, entitlement credits, and virtualisation counting methodology before you act on the data.
Our ServicesSAM Programme Guide
The complete framework for building a Microsoft software asset management programme that supports governance, audit defence, and renewal strategy.
Read GuideRelated SAM and Audit Defence Resources
- Building a Microsoft SAM Programme — the complete SAM programme framework covering entitlement records, discovery, gap analysis, and governance
- Microsoft SAM Engagement Guide — understanding the Microsoft-authorised SAM programme versus independent SAM assessment
- Microsoft Audit Defence: The Complete Guide — audit types, rights, response process, and findings disputes
- Using an Independent Audit Advisor — when and how to engage an independent advisor in a Microsoft licensing audit
- How to Track Microsoft Licence Usage — native Microsoft tools for monitoring M365, Azure, and on-premises deployment data
- Microsoft Licensing Governance Framework — the policies and processes that give SAM tool data organisational context