Why Microsoft Licensing Compliance Should Be on Every M&A Due Diligence Checklist

When buyers and their advisors create a due diligence checklist, they usually focus on the usual
areas: financials, contracts, HR, real estate, and litigation. These are good starting points.
However, one area often overlooked has the potential to create significant costs after a deal
closes.

Microsoft licensing compliance is one of the most frequent sources of surprises after the
acquisition of technology companies. This is particularly true when the target acts as a managed service provider, a cloud hoster, or uses Microsoft software extensively throughout its infrastructure.

Why Licensing Is Different from Other IT Assets

Most tech due diligence focuses on systems, security, and architecture. Licensing falls into a
different category. It’s not just about what software a company uses. It’s about whether that
software is authorized, reported correctly, and organized in a way that allows for a smooth
transfer to a new owner.

Microsoft’s licensing framework is built on a set of agreements that are entity- and purpose-
specific. When a company is acquired, those agreements do not automatically follow. A buyer
can inherit the infrastructure of a target without inheriting the rights to run the software on that
infrastructure. That gap – between what is running and what is actually licensed – is where post-close liability lives.

The Risk Is Larger in Hosted Environments

For companies that deliver hosted or managed services to their own customers, the stakes are
higher. Many of these businesses operate under a Service Provider License Agreement, or
SPLA. This consumption-based agreement requires the hoster to accurately track and report all Microsoft products used on behalf of end customers each month.

When one of these companies is acquired, the acquiring party inherits not just the software
environment but the reporting obligation. If the target has been under-reporting usage or
misclassifying products, that liability transfers with the deal.

Microsoft compliance audits can lead to substantial back-billing and penalties. Buyers who find a compliance gap after the deal usually have few options unless the issue was clearly
mentioned and dealt with in the purchase agreement.

What Good Licensing Due Diligence Looks Like

A thorough licensing review during due diligence should address several key questions.
First, what licensing agreements are in place and who are the contracting entities? Enterprise
Agreements, SPLA contracts, CSP relationships, and volume licensing agreements are all structured differently and need to be reviewed individually to understand what transfers, what
terminates, and what requires re-negotiation.

Second, is the deployment and usage consistent with the entitlements? This means comparing
what Microsoft products are actively deployed against what the company is actually licensed to run. Gaps here become the buyer’s problem at closing.

Third, for SPLA hosters specifically, have the monthly reports been accurate? SPLA reporting
errors can compound significantly over time. A small monthly discrepancy becomes a large
liability when it is multiplied across 12, 24 or even 60 months and audited retroactively. Typically the period in scope is the current and prior agreements. If server creation dates go back further, the scope can creep to more than five years of back-billing required.

Fourth, are there any open audits, unresolved compliance notices, or Microsoft Azure
commitment obligations that have not been disclosed? We’ve been hired by companies who
were not even aware of contractual commitments to the Microsoft cloud that stemmed from
previous compliance engagements. These are common items that sellers may not surface
unless a buyer asks directly.

Who Should Be Asking These Questions

Attorneys advising buyers on tech acquisitions are well-positioned to flag this risk and engage
the right resources to investigate it. Most deal teams include financial advisors, HR specialists,
and environmental consultants where relevant – but a Microsoft licensing specialist is rarely on
the list unless someone has been through a bad experience before.

The cost of a proper licensing review is small relative to deal size. The cost of missing a
compliance gap, however, can be substantial. Depending on the size of the environment and
the duration of the reporting errors, a post-close licensing liability can run from tens of
thousands to well over a million dollars.

A Practical Recommendation

Treat Microsoft licensing as a discrete workstream in your due diligence process, not an
afterthought under general IT review. Request copies of all Microsoft agreement documents,
current SPLA reports, inventory and active directory outputs, and any correspondence with
Microsoft or its audit teams. Engage a Microsoft licensing specialist to review them before
closing and consider whether representations and warranties in the purchase agreement should specifically address license compliance.

Buyers who approach this systematically protect themselves from surprises. Sellers who have
clean license records move through due diligence faster and with fewer points of negotiation.

In a market where deal timelines are tight and post-close integration demands are high, license
compliance is a risk category that is entirely avoidable with correct preparation.

If you have questions relating to the content of this article, Paul Lindberg of Altaris Cloud
welcomes the opportunity to answer them. Altaris Cloud has more than 40 years of combined experience in Microsoft licensing compliance, SPLA management, and licensing due diligence.
He can be reached through the Altaris Cloud M&A services page at altariscloud.com/merger-
and-acquisitions
or at [email protected].

Similar Posts