by Lane Shelton\n\nYou\u2019ve probably noticed a constant shift in the licensing landscape as software publishers strive to accommodate evolving customer requirements (thought I\u2019d put it nicely). For example, bundling is a popular tactic, where products are grouped together and additional discounts or advantageous use-rights applied when you acquire the bundle. In many cases, a bundle represents an attractive option; however, at times they also include unintended pitfalls. Lately, I\u2019ve seen one specific issue surface quite a bit. What\u2019s more, it has serious compliance ramifications so I\u2019d like to spend some time getting you up to speed. If you currently have a Microsoft Enrollment for Application Platform (EAP), or the newest incarnation called the Server\/Cloud Enrollment (SCE), you should know that from a logistical standpoint there could be a dark cloud looming over your organization, so please read on.\nThe EAP and SCE licensing programs can be excellent choices provided you are comfortable committing your entire production environment to Software Assurance (SA is required for participation in the program on SQL and the Core Infrastructure Suite). Everything has SA, everything has license mobility, everything is licensed for whatever versions you are running. Sounds great, but it might be time to worry.\nLook Closely\nPull a Licensing Statement and you might see rogue purchases of SQL server or Windows Server without Software Assurance. Although seemingly subtle, you are perfectly entitled to question the situation and wonder how this could occur\u2014especially because you are now out of compliance with the program. Why be concerned? First, this happens frequently; second most people don\u2019t realize it happens frequently, and third, it represents a costly compliance risk.\nIn most cases, organizations fall out of compliance because of this scenario:\n\nYou are doing a services engagement with a 3rd party.\nThe provider uses the Open License program to acquire Windows or SQL servers on your behalf as part of the project. (The Open License program makes it easy to buy the licenses on your behalf and embed that in the total cost of the service.)\nThe license purchase was not itemized on the services invoice.\nThe licenses are acquired, work is finished, and you never knew that licenses were bought on your behalf.\n\nSo What\u2019s the Big Deal?\nWindows and SQL servers licenses are rarely bought with Software Assurance. As a result, those purchases fail to meet the \u201call production environments must have SA\u201d requirements of the EAP or SCE. And there is a clear compliance problem that is arguably no one\u2019s fault because everyone was just trying to complete the work on time. Sadly as the saying goes, \u201cno good deed goes unpunished.\u201d The good news (if we dare use the phrase \u201cgood news\u201d in the context of a compliance problem) is that the quantities are usually very small. Nevertheless, SQL issues are not cheap and the fix can quickly become an unplanned expense and a very unpleasant experience.\nBest Advice: Avoid Completely\nLet\u2019s be honest: the situation explained here is rarely full of malicious intent. It can be viewed as some careless documentation and detail oversight. However, the consequences are very real, with very real cost implications. Here are some tips to guard against it ever happening in the first place:\n\nMake sure your people know that if you\u2019re doing any services work to ask the provider to itemize any software purchase requirements. Remember that their business is services and getting things done right and on time. Licensing is not their forte, so they may not be aware how important it is to itemize a software purchase on an invoice (aka they don\u2019t do it). In their world: Job gets done, job costs X, invoice = X.\nYou should ask about specific purchases and then double-check the invoice and ask again. This will help ensure that purchases go through the proper channels.\nHave your reseller pull a Microsoft License Statement at least once a year and review it together for accuracy. Simply send your reseller a one-line email stating \u201cI give reseller X permission to pull my Microsoft license history,\u201d and that\u2019s all it takes to get the report.\n\nMy Professional Advice?\nThese types of rogue purchases are very difficult to spot in all the data, but trained eyes can identify them quickly and bring them to your attention. In some cases, if you catch them early enough you can return the licenses and put replacement purchases through the proper channels. Think of it as early detection, and you\u2019ll likely avoid a lot of headaches and hassles.\nNot sure what your Microsoft history is like? You can always ask your Account Manager to pull it up. It\u2019s as easy as sending an email to give your permission.