Home / Vendors / Microsoft
Vendor in M&A

Microsoft Licensing in M&A: Audit Risk

Microsoft licensing in M&A looks simple and rarely is. Per core server products, tenant drift and Enterprise Agreement terms all turn into inherited exposure for a buyer.

Microsoft licensing in M&A is the exposure most buyers assume is simple and most often is not. Microsoft spans server products licensed per core, user and device subscriptions, the Enterprise Agreement true up, and the Services Provider License Agreement for hosters. Each has its own change of ownership behaviour, and an acquired estate frequently carries the kind of quiet gaps that a transaction brings into focus.

Why Microsoft licensing in m&a is a deal risk

The Microsoft estate looks well documented because subscriptions are visible, but the risk sits in the products that are not subscriptions. SQL Server and Windows Server are licensed per core with specific virtualisation rules, and an acquired environment often runs more cores, more instances or higher editions than it holds. The Enterprise Agreement adds an annual true up that captures growth, and acquired headcount can quietly increase the count.

A change of ownership matters because Enterprise Agreements commonly contain change of control and assignment terms, and because Microsoft, like other publishers, treats a transaction as a prompt for a Software Asset Management engagement run through a partner. That engagement is an audit in all but name.

Where Microsoft exposure hides

Per core server licensing is the largest hidden area. SQL Server in particular carries strict rules on cores, editions and virtualisation, and license mobility depends on Software Assurance being in place. Acquired estates that virtualised heavily, or that lost track of which servers carried Software Assurance, can be materially under licensed without any visible signal.

Microsoft 365 looks safer but still drifts. Acquired tenants may mix license levels, retain assigned licenses for departed staff, or run security and compliance add ons that were enabled but never fully entitled. Bringing two tenants together at integration is the point where the totals are reconciled and any shortfall becomes visible.

Where Microsoft exposure concentratesBar comparison of the relative size of Microsoft exposure areas in an acquired estate, led by per core server licensing.Where Microsoft exposure concentratesindexed 0 to 100Per core server (SQL, Windows)highestMicrosoft 365 driftmoderateSecurity and compliance add onsmoderateEA true up on growthlower
Illustrative weighting of Microsoft exposure areas in a typical acquired estate. Per core server products usually carry the largest unquantified risk.
Microsoft licensing areas to test in a deal
AreaHow it arisesBuyer action
SQL Server coresCore and edition rules exceededRecount cores against entitlement
Windows ServerVirtualisation rights misappliedVerify license mobility and Software Assurance
Microsoft 365Stale or mixed assignmentsReconcile tenants before merging
Enterprise AgreementChange of control and true upReview EA terms against the deal

How Microsoft audits behave after a deal

Microsoft rarely calls it an audit. The usual route is a Software Asset Management review delivered by a partner, framed as an optimisation exercise, that nonetheless measures deployment against entitlement. The opening position tends to assume the highest applicable edition and the least favourable virtualisation reading, which inflates the gap.

The defence is the same discipline used elsewhere: a reconstructed entitlement position, an accurate core and virtualisation count, and clarity on where Software Assurance does and does not apply. For an acquired estate this evidence is usually incomplete and has to be rebuilt before the review can be challenged.

Microsoft and deal structure

In a stock purchase the Enterprise Agreement generally continues, but change of control and assignment clauses should be read, because some agreements require Microsoft consent or allow repricing. In an asset purchase, subscriptions and licenses may not transfer cleanly and the buyer may need new agreements. In a carve out, the divested unit usually sat inside the parent Enterprise Agreement and Microsoft 365 tenant and must be stood up independently, which is both a risk and a chance to resize.

Each structure changes which Microsoft agreements survive, so the licensing consequence should be mapped to the chosen deal path before signing.

What buyers should do about Microsoft licensing in m&a

Test Microsoft as part of software due diligence: recount server cores, confirm Software Assurance and license mobility, reconcile the Microsoft 365 estate, and read the Enterprise Agreement for change of control terms. Quantify the gap so it can be priced or indemnified.

After close, M&A software audit defense manages any Software Asset Management review and challenges inflated edition and virtualisation assumptions. We are independent and paid only by the acquirer.

Key takeaways

  • Microsoft risk concentrates in per core server products, not visible subscriptions.
  • SQL Server and Windows Server virtualisation rules are where acquired estates drift.
  • A Software Asset Management review run by a partner is an audit in all but name.
  • Enterprise Agreements carry change of control and assignment terms worth reading early.

Recommendations for buyers

  1. Recount the cores. Treat SQL Server and Windows Server as the primary Microsoft exposure.
  2. Confirm Software Assurance. License mobility and virtualisation rights depend on it being current.
  3. Reconcile tenants. Clean up Microsoft 365 assignments before merging two estates.
  4. Read the EA. Check change of control and true up terms against the deal structure.
Per core
How SQL Server and Windows Server are licensed, where most hidden exposure sits.
SAM review
Microsoft route to measuring an acquired estate, an audit in all but name.
Reconcile
Merging tenants and recounting cores is where the real number appears.

Frequently asked questions

Why is Microsoft a licensing risk in M&A?

Because the real exposure sits in per core server products like SQL Server and Windows Server, not the visible subscriptions. Acquired estates often exceed core, edition or virtualisation entitlements, and a transaction prompts Microsoft to measure the gap.

Does Microsoft audit acquired companies?

Microsoft usually runs a Software Asset Management review through a partner rather than a formal audit, but it measures deployment against entitlement the same way. A change of ownership is a common trigger for that engagement.

What is the biggest Microsoft exposure in a deal?

Per core licensing of SQL Server and Windows Server, especially in heavily virtualised estates where mobility and Software Assurance rules are misapplied. These gaps are invisible on invoices and surface when the estate is recounted.

How does the Enterprise Agreement affect a transaction?

Enterprise Agreements often contain change of control and assignment clauses and an annual true up. Depending on deal structure, Microsoft consent may be needed, the agreement may reprice, or the acquired unit may need its own agreement.

Can inherited Microsoft exposure be reduced?

Yes. An accurate core and virtualisation count, clarity on Software Assurance, and a clean reconciliation of the Microsoft 365 estate can replace inflated assumptions and bring a review position down.

When should Microsoft exposure be assessed?

Before signing. Recounting cores, confirming Software Assurance and reading the Enterprise Agreement during diligence lets the buyer price the gap rather than absorb it after close.

Related reading
M&A software audit risk pillarM&A software audit defenseHow Microsoft audits follow mergersPost merger Microsoft consolidation saves 2.4mSoftware due diligence service

Quantify your inherited Microsoft licensing exposure.

We recount cores, reconcile tenants and read the Enterprise Agreement to size Microsoft exposure before signing and defend it after close. Independent, buyer side.

Request a confidential assessment