Microsoft SPLA: A Complete Guide to Licensing
Learn what Microsoft SPLA is, how it works, reporting requirements, compliance risks, and best practices for service providers.
Microsoft SPLA (Services Provider License Agreement) is the licensing framework that allows hosting companies, managed service providers, and ISVs to legally offer Microsoft software as part of their hosted services. Understanding how the Microsoft SPLA works is essential for any organization that delivers technology services built on Microsoft products.
This article covers the structure, reporting obligations, compliance risks, and practical strategies for managing a SPLA agreement. It is educational content and should not be treated as legal advice. Consult a licensing attorney or Microsoft licensing specialist for guidance specific to your situation.
What Is the Microsoft SPLA?
The Microsoft Services Provider License Agreement is a volume licensing program designed specifically for service providers. Unlike traditional perpetual licenses or subscription models such as Microsoft 365, the SPLA allows organizations to license Microsoft software on a month-to-month basis and use it to deliver services to third-party customers.
The SPLA covers a broad range of Microsoft products, including:
- Windows Server (Standard and Datacenter editions)
- SQL Server (Standard, Enterprise, and Web editions)
- Remote Desktop Services (RDS) client access licenses
- Microsoft Office (in certain hosted scenarios)
- SharePoint Server and Exchange Server
- System Center products
A SPLA is not a direct agreement with Microsoft. Instead, service providers work through an authorized SPLA reseller who manages the commercial relationship, processes monthly orders, and submits reports to Microsoft on the provider's behalf.
How Microsoft SPLA Licensing Works
The SPLA operates on a fundamentally different model than retail or enterprise agreement licensing. Instead of purchasing licenses upfront, providers report their usage each month and pay only for what they deployed.
Monthly Reporting Cycle
Each month, the SPLA holder must count the number of licenses in use across their infrastructure and report those figures to their authorized reseller. The reseller then processes the order and remits payment to Microsoft. This cycle repeats for the duration of the three-year agreement term.
License Metrics
Different products use different license metrics under SPLA:
- Per-core licensing: Windows Server and SQL Server are licensed based on the number of physical processor cores in the host server, with a minimum of eight cores per processor and 16 cores per server.
- Per-user SALs (Subscriber Access Licenses): Products like Exchange Server and SharePoint Server require a SAL for each unique user who accesses the hosted service.
- Per-device SALs: Some products allow licensing based on the number of devices that access the service rather than users.
- Per-processor licensing: Certain legacy products still use per-processor metrics, though Microsoft has largely transitioned to per-core.
Agreement Structure
A SPLA has a three-year term with automatic renewal options. During the term, the provider can add products and increase deployments without renegotiating. However, the provider cannot decrease their commitment below certain minimums without waiting for the renewal period.
SPLA Eligibility and Enrollment Requirements
Not every organization qualifies for a SPLA. Microsoft imposes specific eligibility criteria.
Who Qualifies
Organizations that provide hosted services to external end customers are eligible. This includes:
- Managed service providers (MSPs)
- Hosting and colocation providers
- Independent software vendors (ISVs) who host their applications
- Cloud solution providers offering infrastructure services
- Outsourcing firms that manage IT on behalf of clients
Who Does Not Qualify
Organizations that only use Microsoft software internally do not qualify for SPLA. If you are licensing software for your own employees or internal operations, you need an Enterprise Agreement, Microsoft Customer Agreement, or retail licenses instead.
Enrollment Steps
- Identify an authorized SPLA reseller in your region
- Complete the SPLA enrollment form and submit it through the reseller
- Accept the SPLA terms, which incorporate the Microsoft Product Terms by reference
- Set up your internal tracking and reporting processes before deploying any software
- Begin monthly reporting from the first month of deployment
SPLA Compliance and Audit Risks
Microsoft actively audits SPLA holders, and non-compliance can carry serious financial consequences. Understanding the audit process and common pitfalls helps providers avoid costly mistakes.
The Audit Process
Microsoft reserves the right to audit any SPLA holder at any time during the agreement term and for one year after expiration. Audits are typically conducted by third-party firms such as Deloitte or Ernst and Young. The process generally involves:
- A formal audit notification letter with a 30 to 45 day preparation window
- Deployment of automated inventory scanning tools across the provider's infrastructure
- Interviews with technical and business staff
- Comparison of deployed licenses against reported usage
- A findings report with any identified shortfalls
Common Compliance Failures
The most frequent compliance issues discovered during SPLA audits include:
- Under-reporting of cores: Providers fail to count all physical cores, particularly in blade server or high-density environments
- Missing SALs: Users or devices accessing hosted services without corresponding Subscriber Access Licenses
- Internal use on SPLA licenses: Using SPLA-licensed software for internal business operations rather than customer-facing services
- Incorrect product editions: Deploying Enterprise edition features while reporting Standard edition licenses
- Virtual machine sprawl: Failing to track and report VMs that run Microsoft operating systems or applications
Financial Consequences
Audit shortfalls typically result in back-dated licensing fees calculated from the point the non-compliance is estimated to have begun. In practice, this can mean paying for two to three years of under-reported licenses at list price, plus potential penalties. Some providers have reported settlement demands exceeding $500,000 for significant shortfalls.
SPLA Reporting Best Practices
Accurate monthly reporting is the foundation of SPLA compliance. Providers who invest in reporting processes early avoid painful corrections later.
Automate Inventory Tracking
Manual spreadsheet tracking does not scale. Use automated discovery tools to scan your environment and generate accurate counts of deployed Microsoft products. Options include Microsoft's own MAP Toolkit, third-party license management platforms, and custom scripts that query hypervisor APIs.
Reconcile Monthly
Before submitting each monthly report, reconcile your automated inventory data against your previous month's report. Look for unexpected increases or decreases that might indicate unreported deployments or decommissioned servers that are still running.
Document Everything
Maintain records of:
- Server hardware configurations (processor types, core counts)
- Virtual machine inventories with creation and deletion dates
- Customer agreements that specify which Microsoft products are included in their service
- Internal versus external use designations for every deployment
- Communications with your SPLA reseller
Separate Internal and External Use
One of the most critical distinctions in SPLA licensing is the boundary between internal use and customer-facing services. If your operations team uses the same SQL Server instance that also serves customer workloads, you may need both SPLA licenses (for customer-facing use) and separate internal licenses. Keep these environments segregated whenever possible.
SPLA vs. Other Microsoft Licensing Programs
Understanding where SPLA fits among Microsoft's licensing options helps providers choose the right model.
| Program | Use Case | Payment Model |
|---|---|---|
| SPLA | Hosting services for external customers | Monthly usage-based |
| Enterprise Agreement (EA) | Large organizations licensing for internal use | Annual commitment |
| CSP (Cloud Solution Provider) | Reselling Microsoft cloud services (Azure, M365) | Monthly per-user |
| Microsoft Customer Agreement | Direct purchase for internal use | Varies |
| Open Value | Small to mid-size internal licensing | Annual |
Many service providers hold both a SPLA (for on-premises hosted services) and a CSP agreement (for reselling Microsoft cloud products). These programs are complementary, not mutually exclusive.
Privacy Policy Generator
Create a comprehensive privacy policy for your website or app. Create yours in minutes with TermsBox.
Generate NowHow SPLA Relates to Privacy and Compliance Obligations
Service providers operating under a SPLA are typically processing data on behalf of their customers, which triggers data protection obligations under regulations like the GDPR and CCPA.
Data Processing Agreements
Under Article 28 of the GDPR, service providers acting as data processors must have a Data Processing Agreement (DPA) in place with each customer. The DPA should specify what personal data is processed, the purposes, security measures, and sub-processor chains. Microsoft itself provides a DPA covering its role as a sub-processor when you use its products.
Privacy Policies for Service Providers
If your hosting business collects personal data from end users (even indirectly through the services you host), you need a comprehensive privacy policy. A privacy policy generator can help you create a baseline document that covers data collection, processing purposes, third-party sharing, and individual rights under applicable laws.
Customer-Facing Legal Documents
Beyond your own compliance, your hosted customers also need proper legal documentation. Helping your customers maintain accurate terms of service and privacy policies strengthens your entire service offering and reduces your liability exposure.
Managing SPLA Costs Effectively
SPLA licensing costs can escalate quickly as deployments grow. Strategic planning helps control expenses.
Right-Size Your Deployments
Audit your own infrastructure regularly to identify:
- Idle virtual machines running Microsoft software that could be decommissioned
- Over-provisioned SQL Server instances that could run on Standard instead of Enterprise edition
- Windows Server instances that could be consolidated through higher-density virtualization
Consider Hybrid Approaches
For some workloads, migrating to Azure under a CSP agreement may be more cost-effective than maintaining on-premises SPLA deployments. Azure Hybrid Benefit allows you to apply existing license investments to cloud workloads, potentially reducing costs in both environments.
Negotiate With Your Reseller
SPLA resellers have some flexibility on pricing, particularly for larger deployments. Request volume pricing tiers, and compare quotes from multiple authorized resellers before committing. Some resellers also offer compliance consulting as part of their service, which can offset audit risk.
Plan for Audit Readiness
Budget for compliance tooling and periodic self-audits. The cost of proactive license management is a fraction of what a failed Microsoft audit can cost. Many providers conduct internal audits annually, treating them as a routine operational expense.
Key Changes and Future of Microsoft SPLA
Microsoft continues to evolve its licensing programs, and SPLA holders should monitor changes that affect their obligations.
Recent developments include stricter enforcement of the "Listed Provider" restrictions, which limit certain SPLA rights for the largest cloud service providers. Microsoft has also tightened rules around running SPLA-licensed software in third-party data centers and adjusted pricing to encourage migration to Azure-based solutions.
Providers should review the Microsoft Product Terms quarterly, as these terms are updated regularly and incorporate changes that affect SPLA rights. The Product Terms document (available at microsoft.com/licensing/terms) is the authoritative reference for what you can and cannot do under your SPLA.
Staying current on licensing changes is part of your broader compliance posture. Tools like TermsBox can help service providers monitor their website compliance obligations alongside their software licensing requirements, ensuring that privacy policies and cookie consent mechanisms stay current as regulations evolve.
Frequently Asked Questions
What is a Microsoft SPLA?
A Microsoft SPLA (Services Provider License Agreement) is a volume licensing program that lets service providers and independent software vendors license Microsoft software on a monthly basis to deliver hosted services to their end customers.
Who needs a Microsoft SPLA?
Any organization that hosts Microsoft products (such as Windows Server, SQL Server, or Office) to provide services to external customers needs a SPLA. This includes managed service providers, hosting companies, ISVs, and cloud solution providers.
How often do SPLA holders need to report usage?
SPLA holders must submit monthly usage reports to their authorized SPLA reseller. Reports must accurately reflect the number of licenses deployed during that reporting period, and late or inaccurate reporting can trigger audit actions.
What happens if you fail a Microsoft SPLA audit?
Failing a SPLA audit can result in back-dated license fees for the entire non-compliant period, financial penalties, termination of your SPLA agreement, and potential legal action for intellectual property violations. Some providers have faced six-figure settlement demands.