Beware Audit Terms in Microsoft’s New MPSA
Microsoft is in the process of transitioning many of its volume-licensing customers from the Select Plus Agreement to the new Microsoft Products and Services Agreement (MPSA). (More information on the transition framework is available here.)
A notable difference between the Select Plus Agreement and the MPSA is that the MPSA is self-contained and is not signed subject to a master agreement, such as a Microsoft Business and Services Agreement (or its predecessor, the Microsoft Business Agreement). Under Select Plus (and still under the Microsoft Enterprise Agreement), most of the important, substantive legal terms associated with the licensing relationship were contained in the MBA/MBSA. Those terms included Microsoft’s duty to defend against certain third-party claims, limitations of liability, and governing law, among others. They also included Microsoft’s audit rights.
Unfortunately for Select Plus customers, though consistent with Microsoft’s notorious habit of steadily making its agreements less and less advantageous for its customers, the audit terms contained in the MPSA are significantly more onerous and markedly less reasonable than were the corresponding terms in past master agreements. A comparison of the MPSA terms to the terms in an MBA (which still remain in effect for many Microsoft customers) reveals the following:
- Under the MBA, Microsoft could initiate an audit only during the term of a license agreement and for one year thereafter. There is no such limitation in the MPSA. The practical effect of that difference may be somewhat less significant for MPSA customers than it would be, for example, for Enterprise Enrollment customers, since the MPSA has no defined term. Nevertheless, if an MPSA customer were to decide in the future that it wanted to cancel the MPSA, the audit rights in the MPSA would remain in effect in perpetuity. (It is worth mentioning that Microsoft’s current MBSA also contains no time limitation on audits, so Enterprise Agreement customers face the same problem under the default terms.)
- Under the MBA, Microsoft’s auditors were required to be subject to “a confidentiality obligation.” We often have relied on that language in advising our clients to obtain non-disclosure agreements with auditors before the commencement of audit activity. There is no corresponding language in the body of the MPSA.
- Under the MBA, Microsoft was required to provide advance notice of audits, which had to be conducted during normal business hours and “in a manner that does not interfere unreasonably with [the customer’s] operations.” There are no such requirements in the body of the MPSA.
- The MPSA requires the customer to “promptly provide any information reasonably requested by the independent auditors retained by Microsoft in furtherance of the verification, including access to systems running the Products.” There was no such specificity in the MBA, and there certainly was no requirement for the customer to provide “access” to its computer systems. Especially for licensees in heavily regulated industries, that term may conflict directly with applicable obligations related to IT security.
- The MPSA indicates: “Additional details about the [audit] process are included in the Licensing Manual.” The Licensing Manual is defined as “the statement published by Microsoft (updated from time to time) at the Licensing Site. The Licensing Manual includes details about the processes supporting this Agreement.” The Licensing Manual (currently available here) includes the notice, confidentiality and “unreasonable interference” audit terms that, as noted above, otherwise are missing from the body of the MPSA. However, the MPSA states: “…Microsoft may change the…Licensing Manual from time to time, subject to the terms of this Agreement.” The MPSA does not contain any stated limitations on Microsoft’s right to change the Licensing Manual. Therefore, the durability of the procedural audit protections noted in the MPSA is wholly subject to Microsoft’s discretion.
- Finally, under the MBA, in the event that “material unlicensed use” was found, the licensee was required to purchase any necessary licenses at retail rates. Under the MPSA, that purchase must be made at 125% of prices then available to the licensee. That upcharge could lead to significantly higher compliance costs following an audit. (Bear in mind that Microsoft typically does not accept uninstalling software as an acceptable remedy for unlicensed usage – license purchases almost always are required.)
In my opinion, the MPSA’s audit language is wholly unacceptable. Before accepting the agreement, my recommendation would be to insist on amendments addressing the above concerns. However, many current Select Plus customers with agreements that now are set to be terminated may find that they have little leverage to demand any changes to the default terms. Since the MPSA does not require a three-year purchasing commitment (like an Enterprise Agreement), Microsoft may have little up-front incentive to negotiate reasonable and appropriate revisions to the agreement terms.
Finally, the above concerns related to audit terms are in addition to indemnification and limitation-of-liability language in the MPSA that also may be inadequate, especially if the customer has plans to invest heavily in Microsoft’s Online Services offerings (e.g., Office 365 and Azure).
Current Select Plus customers need to carefully weigh their licensing needs and alternatives before moving forward with any significant expenditures under an MPSA.