The Distinction That Changes Everything
When a Microsoft representative or third-party firm contacts your organisation about a licensing review, the single most important thing you can determine in the first 24 hours is whether you are facing a Software Asset Management (SAM) engagement or a formal contractual audit. These are not interchangeable terms for the same process. They differ in legal basis, in who conducts them, in what access you must provide, and critically — in whether you have any choice about participating at all.
Organisations that conflate the two either comply unnecessarily with a voluntary SAM engagement (expending significant internal resource with a commercially incentivised third party) or — worse — treat a formal audit notice as an invitation to negotiate participation terms, which creates both legal and commercial exposure. The financial stakes are significant: average formal Microsoft audit settlements run to $1.8M for mid-enterprise organisations, with a documented 38–52% reduction in liability for organisations with pre-validated Effective Licensing Positions and independent representation. See the Microsoft audit defense pillar guide for the full framework.
What a SAM Engagement Actually Is
A Microsoft SAM engagement is a licensing review programme managed through Microsoft's SAM partner network — an ecosystem of third-party resellers and consulting firms that have a financial relationship with Microsoft. These partners are engaged by Microsoft to identify licensing gaps in the customer base. When they find shortfalls, the resulting purchase transaction earns the SAM partner reseller margin. The engagement is presented to your organisation as a complimentary, helpful service. The commercial reality is different.
Who Initiates SAM Engagements
SAM engagements are typically initiated either by your Microsoft account team (who may refer you to a SAM partner) or by the SAM partner directly, reaching out cold to organisations they have identified as likely candidates. The outreach language typically frames the engagement as a risk management service — an opportunity to "understand your licensing position" before Microsoft pursues more formal routes. This framing is not neutral. It is designed to create urgency and compliance.
The key question to ask when you receive this contact: is the initiating party Microsoft directly, or a third-party partner firm? If it is a partner firm, check whether your EA contains a SAM engagement clause. Many older EAs include an explicit SAM participation obligation; many newer EAs and MCA agreements do not. If your contract does not contain a SAM clause, you have no contractual obligation to participate. Review your EA audit rights before making any commitment to participate.
The SAM Partner Incentive Structure
Understanding the SAM partner's incentive structure is essential for managing the process correctly. SAM partners earn revenue from two sources: Microsoft pays them a programme fee for conducting the engagement, and they earn reseller margin on any licences purchased as a result of findings. This creates a structural bias toward identifying gaps rather than validating compliant positions. It does not mean SAM partner findings are fabricated — but it does mean that their findings need independent validation before any purchase decision.
In practice, SAM partners typically deploy Microsoft's MAP Toolkit or SCCM-based discovery tools to inventory your environment and compare deployed software against your licence records in the VLSC. The raw data comparison frequently overstates gaps because it does not account for SA-covered upgrade rights, AHB entitlements, licence mobility provisions, or test/dev environment exemptions. These adjustments require licensing expertise that is explicitly not in the SAM partner's commercial interest to apply.
Before agreeing to participate in any SAM engagement, review your EA for a SAM participation clause. If none exists, you can decline. If one does exist, you can set the terms of participation — scope, timeline, tools — rather than accepting the SAM partner's proposed approach.
What a Formal Contractual Audit Is
A formal Microsoft audit is initiated by Microsoft directly — not a partner — through a written notice that cites the audit clause in your Enterprise Agreement. Most current EA templates contain an audit provision in Section 6 (the exact numbering varies by EA version and amendment), which grants Microsoft the right to audit your licence compliance with reasonable notice. Reasonable notice is generally interpreted as 30 days, though the contract language should be reviewed in each case.
Contractual Obligations Under a Formal Audit
Unlike a SAM engagement, a formal audit notice creates genuine contractual obligations. Refusing to cooperate with a legitimately initiated formal audit places your organisation in breach of your EA. That breach has commercial and legal consequences — including potential termination of the EA and loss of licence entitlements that you have paid for. Treating a formal audit notice as optional is not a viable defense strategy.
What is viable — and what distinguishes effective audit defense from poor audit defense — is how you structure your participation. The EA grants Microsoft the right to audit; it does not grant Microsoft unlimited access to your systems, unilateral choice of audit methodology, or an unrestricted timeline. The scope of audit, the methodology for inventory collection, the tools used, and the timeline for completion are all subject to negotiation. See the detailed treatment in how Microsoft audits work and responding to a Microsoft audit letter.
Who Conducts Formal Audits
Microsoft increasingly uses specialist audit firms for formal audit fieldwork. These are typically large professional services firms — KPMG, Deloitte, and certain specialist Microsoft audit practices — engaged by Microsoft to conduct the inventory assessment and produce an ELP (Effective Licensing Position) report. When a professional services firm is involved, the audit process becomes more structured, the documentation requirements are more rigorous, and the findings are harder to challenge informally. Independent licensing expertise is not just useful at this point — it is effectively necessary to protect your position.
SAM Engagement vs Formal Audit: Direct Comparison
The table below sets out the key distinctions between a SAM engagement and a formal contractual audit across every dimension that matters for your response strategy.
| Dimension | SAM Engagement | Formal Contractual Audit |
|---|---|---|
| Legal basis | Contractual only if SAM clause in EA; otherwise voluntary | Mandatory under EA audit clause |
| Initiated by | Microsoft SAM partner (third party) | Microsoft directly |
| Can you decline? | Yes — if no SAM clause in EA | No — breach of contract risk |
| Partner incentive | Financially incentivised to find gaps | Professional auditor (neutral mandate) |
| Methodology control | Entirely negotiable | Partially negotiable — within EA framework |
| Typical timeline | 60–90 days | 90–180 days |
| Findings independently validated? | Rarely — without independent adviser | Audit firm validates; still challengeable |
| Settlement leverage | High — no contractual compulsion | Moderate — within EA framework |
| Independent adviser value | High — prevents overpayment on gaps | Critical — defines negotiation outcome |
The Participation Decision Framework for SAM Engagements
When you receive a SAM engagement offer — whether from your Microsoft account team or directly from a partner — work through the following decision sequence before committing to any participation.
Step 1: Identify the Initiating Party
Is the contact from Microsoft directly, or from a partner firm? If it is a partner firm, you are dealing with a SAM engagement. If it is from Microsoft's own licensing compliance team, verify whether a formal audit clause has been cited — if yes, you have received a formal audit notice, not a SAM engagement.
Step 2: Review Your EA for a SAM Clause
Pull your current EA and amendments. Search for language referencing "software asset management", "SAM engagement", or the partner firm's name. If no such clause exists, you are not contractually obligated to participate. Document this review — you will need to reference it if the SAM partner escalates or claims your participation is required.
Step 3: Assess Your Internal ELP Readiness
Do you have a current, validated Effective Licensing Position? If yes, you can engage from a position of strength — your pre-validated ELP will expose any SAM partner overstatements quickly. If no, you face a choice: participate without validated data (high risk — the SAM partner's inventory becomes the de facto baseline), or build your ELP first before engaging. Building your ELP independently typically takes 4–8 weeks and costs significantly less than the average SAM finding.
Step 4: If Participating, Set Your Own Terms
If you decide to engage — either because of a contractual obligation or as a strategic choice — negotiate the terms of participation. Define the scope (which products, which business units), the tools used for inventory (you should control data collection or validate the SAM partner's tools), the timeline, and how findings will be shared and disputed before any purchase recommendation is made. The SAM engagement management guide covers the process in detail.
Never provide unreviewed inventory data to a SAM partner. Raw tool outputs from SCCM or MAP Toolkit contain virtualisation instances, test environments, and software that may not require a licence — yet will appear as "deployed" in an uncurated inventory. Always review and annotate your inventory data before submission. This single step eliminates the most common source of SAM overstatement.
When SAM Engagements Escalate to Formal Audits
A common pattern that enterprises encounter: they decline a SAM engagement (correctly, where no contractual obligation exists), and Microsoft subsequently follows up with a formal audit notice. This is a documented escalation pathway. It does not mean declining the SAM engagement was wrong — it means Microsoft assessed that the organisation represented sufficient audit risk to warrant a formal process.
The important point is that the formal audit notice restores Microsoft's contractual rights. Your obligation to cooperate with a formal audit is independent of your prior decision on the SAM engagement. If you receive a formal audit notice after declining a SAM engagement, treat it as a new event. Review the notice for accuracy (is it genuinely a formal audit notice citing the EA audit clause?), assemble your response team, and engage independent licensing representation before responding. The audit letter response guide sets out the 72-hour response framework in detail.
The strategic implication: the decision to decline a SAM engagement should always be accompanied by internal ELP validation work. An organisation that has declined a SAM engagement and maintains a clean, documented ELP is well-positioned to navigate a formal audit. An organisation that declined and conducted no internal remediation is exposed if the formal audit escalation follows.
The Independent Adviser Role in Both Pathways
Whether you are facing a SAM engagement or a formal audit, the structural problem is the same: the party conducting the licensing assessment has a financial interest that is not aligned with yours. The SAM partner earns margin on gaps. The formal audit firm is engaged and paid by Microsoft. Neither party is your advocate.
An independent licensing adviser — one with no commercial relationship with Microsoft or Microsoft's audit ecosystem — provides three specific functions. First, pre-engagement ELP validation: building a clean, defensible inventory before any Microsoft-affiliated party sees your data. Second, findings challenge: reviewing SAM partner or audit firm findings against the licensing rules they have applied, identifying where SA benefits, AHB rights, virtualisation exemptions, or counting methodology errors have been misapplied. Third, settlement representation: negotiating the gap calculation and any resulting purchase requirements from a position of validated data rather than acceptance of Microsoft's draft findings.
Across our engagements, independent representation at the SAM engagement stage reduces average agreed gap values by 35–60% compared to organisations that respond directly. At the formal audit stage — where the stakes are higher and the process more structured — independent representation consistently delivers outcomes below Microsoft's initial findings, typically in the range of 40–55% reduction. See the independent audit defense guide for the full rationale.
Which Are You Facing?
If you have received contact from a Microsoft partner about a "complimentary licensing review" or a "SAM engagement": check your EA for a SAM clause before responding. If no clause exists, you are not obligated to participate. If one does exist, negotiate the terms of participation before providing access or data.
If you have received a written notice from Microsoft directly, citing your EA and requesting a licensing audit: you are facing a formal audit. Do not treat this as negotiable on participation, but do treat the scope, methodology, timeline, and findings as entirely negotiable within the framework that the EA audit clause establishes.
In both cases, the most consequential decision you can make is to engage independent licensing expertise before you respond to Microsoft or its appointed parties. The position you establish in your first response — the scope you agree to, the data you provide, the timeline you accept — shapes everything that follows. Reversing those commitments once made is significantly harder than setting the right terms from the outset. Contact Microsoft Negotiations for an independent assessment of the notice you have received before making any response commitment.