TermsBox
PricingBlog
LoginGet Started
PricingBlogLogin
Get Started
  1. Home
  2. Blog
  3. Microsoft Volume License: A Complete Guide to Licensing
Legal Compliance

Microsoft Volume License: A Complete Guide to Licensing

Understand Microsoft volume licensing programs, compliance requirements, and how they affect your organization's legal and privacy obligations.

TermsBox Team|April 3, 202613 min read

A Microsoft volume license is a bulk licensing arrangement that lets organisations purchase software at discounted rates, with centralised management and standardised terms. Whether your organisation runs 50 or 50,000 devices, understanding how Microsoft volume licensing works is essential for both cost management and legal compliance.

This guide covers the available Microsoft volume licensing programs, their compliance requirements, audit risks, and the privacy implications of deploying Microsoft products at scale. This article provides educational information only and does not constitute legal advice. Consult a qualified attorney or licensing specialist for guidance specific to your organisation.

What Microsoft Volume Licensing Is and How It Works

Microsoft volume licensing replaces the need to buy individual retail software licences for each computer, user, or device. Instead, an organisation enters into a volume licensing agreement that covers a specified number of licences under a single contract with negotiated terms.

The core mechanics are straightforward. Your organisation signs a licensing agreement, receives a volume licence key or digital entitlement, and can deploy the software across your environment up to the number of licences purchased. Activation is handled through Volume Activation Services (KMS or Active Directory-Based Activation) rather than individual product keys.

Volume licensing agreements also typically include Software Assurance, an optional maintenance benefit that provides upgrade rights, training vouchers, deployment planning services, and other benefits for the duration of the agreement. Software Assurance is included by default in some programs and optional in others.

The legal framework governing these agreements is the Microsoft Product Terms, which is updated monthly and specifies the use rights for every product available through volume licensing. Any organisation operating under a volume licence agreement is bound by the version of the Product Terms in effect at the time of purchase.

Microsoft Volume Licensing Programs

Microsoft offers several volume licensing programs, each designed for different organisation sizes and purchasing patterns.

Enterprise Agreement (EA)

The Enterprise Agreement is designed for large organisations with 500 or more users or devices. It provides the deepest discounts and the most flexibility.

  • Minimum commitment: 500 users or devices, covering the entire organisation
  • Term: Three years with annual payments
  • Structure: Organisation-wide standardisation on a platform (Microsoft 365, Windows, or both)
  • Software Assurance: Included for all products
  • Best for: Large enterprises that want predictable annual costs and the broadest set of benefits

The Enterprise Agreement pricing depends on the organisation's size, the products selected, and the level of commitment. Microsoft categorises organisations into pricing levels (A, B, C, D) based on the number of enrolled users or devices, with deeper discounts at higher tiers.

Enterprise Subscription Agreement (ESA)

The ESA mirrors the Enterprise Agreement structure but operates on a subscription basis rather than a perpetual licence model. When the agreement ends, the organisation's right to use the software ends as well, unless renewed.

  • Term: Three years, subscription-based
  • Cost: Lower annual payments than the EA, since there is no perpetual licence component
  • Best for: Organisations that prefer operating expenditure over capital expenditure

Microsoft Customer Agreement (MCA)

The Microsoft Customer Agreement replaced the older Open Licence and Open Value programs for most online purchasing scenarios. It is the standard agreement for buying Microsoft cloud services.

  • Minimum commitment: None for cloud services
  • Term: Evergreen (no fixed end date)
  • Structure: Pay-as-you-go or commitment-based pricing for Azure, Microsoft 365, Dynamics 365
  • Best for: Organisations of any size purchasing cloud services

Open Value and Open Value Subscription

Open Value serves small to mid-sized organisations that want volume licensing benefits without the scale required for an Enterprise Agreement.

  • Minimum commitment: Five licences
  • Term: Three years (Open Value) or annual subscription (Open Value Subscription)
  • Software Assurance: Optional in Open Value, included in the subscription variant
  • Best for: Organisations with five to 499 users that want centralised licence management

Select Plus (Discontinued for New Agreements)

Microsoft retired Select Plus for new enrolments, but some existing agreements remain active. Organisations still on Select Plus should plan their transition to the Microsoft Customer Agreement or an Enterprise Agreement.

Understanding Microsoft Volume Licence Compliance

Compliance is the area where volume licensing creates the most risk for organisations. Microsoft actively audits licensees, and the financial consequences of non-compliance can be significant.

What Compliance Means

Volume licence compliance means that the number of software installations across your environment does not exceed the number of licences you have purchased and that your usage adheres to the Product Terms for each product. This sounds simple, but in practice it is complicated by several factors:

  • Licence metrics vary by product: Some products are licensed per user, others per device, others per core, and some by a combination. Mixing up licence metrics is one of the most common compliance failures.
  • Virtual environments create complexity: Running Microsoft software on virtual machines has specific licensing rules. SQL Server, Windows Server, and other products have different virtualisation rights depending on your licence edition and whether you have Software Assurance.
  • Subsidiary and affiliate coverage: An Enterprise Agreement may or may not cover subsidiaries and affiliates, depending on how the agreement is structured.
  • Hybrid use rights: Some licences allow deployment both on-premises and in the cloud (Azure Hybrid Benefit), but the terms and eligibility requirements are specific.

Microsoft Licence Audits

Microsoft reserves the right to audit any volume licence customer. The audit clause is standard in all volume licensing agreements. Audits are typically conducted by third-party firms like Deloitte or Ernst and Young on Microsoft's behalf.

The audit process generally follows these steps:

  1. Notification: Microsoft sends a formal audit notification letter, typically providing 30 to 45 days' notice.
  2. Data collection: The auditing firm requests deployment data, including software inventory tools output (MAP Toolkit or similar), purchase records, and agreement documentation.
  3. Analysis: The auditor compares deployed software against purchased entitlements.
  4. Findings report: A report is issued detailing any compliance gaps.
  5. Resolution: The organisation must purchase licences to cover any shortfall, often at full retail pricing.

Organisations that proactively manage their licence positions through regular self-audits using tools like the Microsoft Assessment and Planning Toolkit or third-party Software Asset Management platforms reduce their exposure significantly.

Cost Considerations for Microsoft Volume Licensing

Understanding the financial structure of volume licensing helps organisations make informed purchasing decisions and avoid overspending.

Pricing Tiers

Enterprise Agreement pricing uses a tiered structure based on organisation size:

  • Level A: 500 to 2,399 users or devices
  • Level B: 2,400 to 5,999 users or devices
  • Level C: 6,000 to 14,999 users or devices
  • Level D: 15,000 or more users or devices

Each level provides a progressively higher discount from the estimated retail price. The exact discount percentages are not publicly listed and depend on negotiation, but the difference between Level A and Level D can be substantial.

True-Up and True-Down

Enterprise Agreements include an annual true-up process where organisations report any increase in the number of users or devices and pay for additional licences at the agreed pricing. Some newer agreements also allow true-down, reducing the licence count if the organisation has shrunk.

The true-up process is legally binding. Failing to report increased deployments during a true-up is a compliance violation.

Software Assurance Value

Software Assurance adds 25% to 29% to the licence cost but provides meaningful benefits:

  • Upgrade rights: Access to new product versions released during the agreement term
  • Training vouchers: Vouchers for Microsoft-certified training courses
  • Deployment planning: Planning services for complex deployments
  • Home Use Program: Allows employees to install Office at home
  • Licence mobility: Move licences between servers, including to cloud environments

Whether Software Assurance is worth the cost depends on how frequently you would otherwise purchase upgrades and how many of the additional benefits your organisation actually uses.

Microsoft Volume Licensing and Data Privacy

This is where volume licensing intersects with privacy compliance, an area many organisations overlook. Deploying Microsoft products at scale means processing significant quantities of personal data, which triggers obligations under privacy laws.

Microsoft as Data Processor

Under the Microsoft Products and Services Data Protection Addendum (DPA), Microsoft acts as a data processor when providing enterprise cloud services like Microsoft 365, Azure, and Dynamics 365. Your organisation is the data controller.

Privacy Policy Generator

Create a comprehensive privacy policy for your website or app. Create yours in minutes with TermsBox.

Generate Now

This distinction matters because data controllers bear primary responsibility for compliance. Under Article 24 of the GDPR, the controller must implement appropriate technical and organisational measures to ensure processing complies with the regulation. Using Microsoft under a volume licence does not transfer this responsibility.

Privacy Policy Implications

When your organisation deploys Microsoft 365, you process employee personal data (emails, documents, usage telemetry, calendar data) and potentially customer data through tools like Teams, SharePoint, and Outlook. Your organisation's privacy policy must disclose:

  • That you use Microsoft products to process personal data
  • What categories of data are processed (communications, documents, usage data, diagnostic data)
  • The legal basis for processing (typically legitimate interest or contractual necessity for employee data)
  • That Microsoft processes data as a sub-processor in data centres whose locations are specified in the DPA
  • Individual rights regarding their data, including access and deletion requests

Under Article 13 of the GDPR, this information must be provided to data subjects at the time their data is collected. CCPA-covered businesses must similarly disclose the categories of personal information collected and the business purpose for collection.

Telemetry and Diagnostic Data

Microsoft products collect diagnostic and telemetry data at various levels (Required and Optional in current Windows and Microsoft 365 settings). This data can include information about feature usage, device configuration, performance metrics, and crash data.

European data protection authorities, notably the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), have scrutinised Microsoft's telemetry practices. In 2019 and subsequent reviews, they identified concerns about the transparency and necessity of diagnostic data collection. Organisations should configure telemetry to the minimum level required for their needs and disclose the collection in their privacy notices.

Data Processing Agreements

Volume licensing agreements for cloud services automatically incorporate Microsoft's DPA, which addresses GDPR requirements including:

  • Sub-processor disclosures and notification of changes
  • Data breach notification within 72 hours of awareness
  • Assistance with Data Protection Impact Assessments
  • Data deletion upon contract termination
  • International data transfer mechanisms (Standard Contractual Clauses)

Organisations should review the DPA when entering or renewing a volume licensing agreement to ensure it aligns with their compliance requirements. The DPA is updated periodically, and significant changes may require adjustments to your own data processing records.

Managing Microsoft Volume Licences Effectively

Proper licence management reduces audit risk, controls costs, and ensures compliance. These practices form the foundation of effective volume licence administration.

Maintain a Software Asset Management Program

A Software Asset Management (SAM) program tracks what software is deployed, what licences are owned, and where gaps or surpluses exist. Microsoft offers the SAM Incentive Program, which provides free or subsidised SAM engagements through qualified partners.

Key SAM practices include:

  • Regular inventory: Automated discovery of all installed Microsoft software across servers, desktops, and virtual environments
  • Entitlement tracking: A central register of all licence purchases, agreement details, and entitlements
  • Gap analysis: Quarterly comparison of deployments against entitlements
  • Licence optimisation: Identifying unused licences that can be reallocated before purchasing new ones

Use the Volume Licensing Service Center

The Microsoft Volume Licensing Service Center (VLSC) provides access to product keys, agreement details, licence summaries, and download links. Ensure that your organisation's VLSC administrator role is assigned to a current employee and that access is reviewed regularly.

For organisations on the Microsoft Customer Agreement, the Microsoft 365 Admin Center and Azure Portal provide licence management capabilities directly.

Plan for Agreement Renewal

Volume licensing agreements have fixed terms (typically three years). Begin renewal planning at least six months before expiry to:

  • Evaluate whether your current program is still the best fit
  • Negotiate terms based on updated user or device counts
  • Assess whether moving workloads to cloud changes your licensing needs
  • Review the latest Product Terms for changes that affect your deployment

Compliance Risks Beyond Software Licensing

Volume licensing compliance involves more than counting installations. Organisations should be aware of these adjacent risks.

End-of-Support Software

Running Microsoft products past their end-of-support date is not a volume licensing violation per se, but it creates security risks that may conflict with your obligations under data protection laws. Article 32 of the GDPR requires appropriate technical measures to ensure data security. Running unpatched, unsupported software is difficult to reconcile with this obligation.

Shadow IT

Employees installing Microsoft software outside of IT's management, or using personal Microsoft 365 accounts for work purposes, creates both licensing and privacy compliance issues. Work data processed through personal accounts falls outside the organisation's terms of service and data processing agreements.

Contractor and Third-Party Access

Providing Microsoft licences to contractors, temporary workers, or third parties may not be permitted under all volume licensing agreements. The Product Terms specify who qualifies as a licensed user, and extending access beyond this scope is a compliance violation.

Frequently Asked Questions

What is a Microsoft volume license?

A Microsoft volume license is a licensing arrangement that allows organisations to purchase software licences in bulk at discounted rates, rather than buying individual retail copies for each device or user. Microsoft offers several volume licensing programs, including the Enterprise Agreement for large organisations (500+ users), Open Value for mid-sized businesses, and the Microsoft Customer Agreement for cloud services. Each program provides different pricing tiers, payment terms, and management tools.

How many licences do you need to qualify for Microsoft volume licensing?

The minimum threshold depends on the specific program. The Enterprise Agreement requires a minimum of 500 users or devices across the organisation. Microsoft Open Value starts at just five licences, making it accessible to small businesses. The Microsoft Customer Agreement for cloud services has no minimum licence count, as it is designed for flexible, pay-as-you-go cloud purchasing.

What happens if you fail a Microsoft licensing audit?

If a Microsoft licensing audit reveals non-compliance, the organisation must purchase licences to cover the shortfall, typically at full retail pricing rather than volume discount rates. Microsoft may also charge back-maintenance fees for Software Assurance coverage during the period of non-compliance. In severe or wilful cases, Microsoft can pursue legal action for copyright infringement under applicable intellectual property laws. Penalties vary by jurisdiction but can include statutory damages and legal costs.

Does Microsoft volume licensing affect privacy policy requirements?

Yes, indirectly. Microsoft volume-licensed products like Microsoft 365, Dynamics 365, and Azure process significant amounts of personal data, including employee data, customer data, and telemetry. Under the GDPR (Article 13) and similar privacy laws, your organisation's privacy policy must disclose the use of these services, the types of data processed, and the legal basis for processing. Microsoft acts as a data processor under the Microsoft Products and Services Data Protection Addendum, but your organisation remains the data controller responsible for transparency.

Related Tools

Privacy Policy Generator

Create a comprehensive privacy policy for your website or app

Related Articles

Legal Compliance

AI and Data Privacy: A Practical Guide for Businesses

Learn how AI and data privacy intersect, including legal obligations, compliance strategies, and steps to protect personal data in AI systems.

April 4, 202613 min read
Legal Compliance

AI GDPR Compliance: A Practical Guide for Businesses

Learn how AI GDPR rules affect your business, including legal obligations, compliance steps, and penalties for AI systems processing personal data.

April 4, 202614 min read
Legal Compliance

Apple's Data & Privacy Website: How to Use privacy.apple.com

Apple's data & privacy website at privacy.apple.com lets you download, correct, or delete your data. A step-by-step guide, plus how long a request takes.

April 4, 202613 min read

Ready to Create Your Legal Documents?

Generate professional privacy policies, terms of service, and more in minutes. Free to start, no credit card required.

View All Generators

On This Page

  • What Microsoft Volume Licensing Is and How It Works
  • Microsoft Volume Licensing Programs
  • Enterprise Agreement (EA)
  • Enterprise Subscription Agreement (ESA)
  • Microsoft Customer Agreement (MCA)
  • Open Value and Open Value Subscription
  • Select Plus (Discontinued for New Agreements)
  • Understanding Microsoft Volume Licence Compliance
  • What Compliance Means
  • Microsoft Licence Audits
  • Cost Considerations for Microsoft Volume Licensing
  • Pricing Tiers
  • True-Up and True-Down
  • Software Assurance Value
  • Microsoft Volume Licensing and Data Privacy
  • Microsoft as Data Processor
  • Privacy Policy Implications
  • Telemetry and Diagnostic Data
  • Data Processing Agreements
  • Managing Microsoft Volume Licences Effectively
  • Maintain a Software Asset Management Program
  • Use the Volume Licensing Service Center
  • Plan for Agreement Renewal
  • Compliance Risks Beyond Software Licensing
  • End-of-Support Software
  • Shadow IT
  • Contractor and Third-Party Access
  • Frequently Asked Questions
TermsBox

Scan your website, auto-generate legal documents, add a consent banner, and stay compliant. One platform for everything.

Product

  • Cookie Scanner
  • Consent Banner
  • Cookie Policy Generator
  • Pricing

Generators

  • Privacy Policy Generator
  • Terms and Conditions Generator
  • EULA Generator
  • Disclaimer Generator
  • Return and Refund Policy Generator

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
GDPR
ePrivacy
CCPA
LGPD
Google Consent Mode v2
IAB TCF 2.2
© 2026 TermsBox. All rights reserved.