Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Conference 2016 -
-
Upload
martin-thompson -
Category
Technology
-
view
279 -
download
6
Transcript of Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Conference 2016 -
The ITAM Review UK Conference 2016 The ITAM Review US Conference 2016
The ITAM Review UK Conference 2016
Introductions ITAM Intelligence What we do: § Provide strategic SAM and ITAM Services on a
retainer basis § Our customers are small to medium size enterprises
who need deep subject ma@er experBse but not on a full Bme basis
Kylie Fowler – Principle Consultant Specialising in: § Develop and implement IT asset management
strategies and frameworks § Coach and mentor ITAM pracBBoners § Manage audit defence & lead vendor negoBaBons § Mergers & acquisiBons advice and support
The ITAM Review UK Conference 2016
Microsoft Audit Defence
Kylie Fowler, Principle Consultant
The ITAM Review UK Conference 2016
You are now the CPO
Welcome to your new role….
As Chief Porcine Officer
Aka as Piggy in the Middle
The ITAM Review UK Conference 2016
MS SAM Review vs MS Audit
There is a difference!
But it is mainly financial
“If unlicensed use is 5% or more, Customer must reimburse Microso7 for the costs Microso7 has incurred… and acquire the necessary addi=onal licenses at 125% of the then current price list and Customer price level…”
MBSA June 2014
The ITAM Review UK Conference 2016
How does an audit / review work?
Licenses Owned
License Compliance
Licenses Used
Simples, really
The ITAM Review UK Conference 2016
What to do when you receive a request?
Rule #1 – Don’t ignore it!
But you can push back… sometimes
ü Cloud negoBaBons in progress
ü Request to subsidiary rather than parent
The ITAM Review UK Conference 2016
Preparations
An audit is a project…
… it has a beginning and an end (although it may not feel like it sometimes)
The End!
The End!
The ITAM Review UK Conference 2016
The Team
The project needs a team
J Senior Sponsor
J Business Units
J IT OperaBons
J IT ApplicaBon Management team
J Procurement / negoBaBon support
J Licensing experBse (may be external)
J Project manager (you?!)
The ITAM Review UK Conference 2016
Risk Management
You must implement robust risk management processes
You must manage 2 types of risk: -‐ Business risk -‐ Project risk Communicate risks to the senior sponsor so they can ensure appropriate resource is engaged and business risks are escalated
The ITAM Review UK Conference 2016
Other Preparations
Also consider
J NDAs with 3rd party auditor
J Timelines and high level plan
J Role of LSP
The ITAM Review UK Conference 2016
Entitlement
Licenses Owned
License Compliance
Licenses Used
The ITAM Review UK Conference 2016
Entitlement
Step 1: Get a Microsoft Licensing Statement (MLS)
Step 2: Check the MLS for accuracy
Step 3: Check for other entitlement
Ask me for the Microsoft Licensing Entitlement Checklist!
The ITAM Review UK Conference 2016
Deployment
Licenses Owned
License Compliance
Licenses Used
The ITAM Review UK Conference 2016
Deployment
Discovery is easy….
…you must understand HOW your applications are being used
The ITAM Review UK Conference 2016
Deployment
Think about:
End User Estate -‐ Desktop and applicaBon virtualisaBon -‐ Device vs User CALs -‐ Mobile devices -‐ Correct OEM versions -‐ Secondary use rights -‐ MSDN use rights -‐ O365 transiBon
The ITAM Review UK Conference 2016
Deployment
Think about:
On-‐Premise Infrastructure Estate -‐ Clusters, hosts and virtual machines -‐ External facing servers -‐ Development and test environments -‐ Hot vs cold DR
Cloud Infrastructure Estate -‐ SPLA licensed OS -‐ Corporate licensed ApplicaBons
The ITAM Review UK Conference 2016
Deployment
This is where you really start to feel you’re piggy in the middle….
L Slow response from techies
L Lack of configuraBon records
L Poor coverage of tools
L People fed up with constant quesBons and queries
The ITAM Review UK Conference 2016
Effective License Position (ELP)
Licenses Owned
License Compliance
Licenses Used
The ITAM Review UK Conference 2016
ELP
In theory, an ELP is a simple statement of licenses owned vs licenses used…
The ITAM Review UK Conference 2016
The rush to the finish
Now you’re really squeezed!
Auditor Auditee
The ITAM Review UK Conference 2016
Gotchas
Most companies have at least some gotchas
L
Incorrect OEM OperaBng Systems
L Packaging errors
L Lack of Sobware Assurance in DCs / Cloud
L
Citrix / Terminal server issues
L External Connectors L Enterprise CAL requirements
L O365 Pro Plus downgrade rights
Ask me for the Microsoft Licensing ‘Gotchas’ Checklist!
The ITAM Review UK Conference 2016
Validate, validate, validate
The ELP is almost certainly wrong!
You need to do a deep dive into the results
The ITAM Review UK Conference 2016
Negotiate!
If you are non-compliant, you need to buy some licenses
But you can always negotiate! May be more difficult it it’s a real audit
-‐ O365 / Azure transiBon -‐ Push for addiBonal discounts -‐ Ask LSP to lower margin -‐ Consider strategic and long term
drivers
The ITAM Review UK Conference 2016
Never again!
The majority of significant licensing risk is the result of poor Solutions Design
-‐ Ensure SAM is engaged at Project / Programme iniBaBon stage to assess licensing risk
-‐ Conduct SAM Risk assessments at SoluBons Design stage BEFORE implementaBon
‘ITAM by Design’ Ask me for the ITAM by Design Checklist!
The ITAM Review UK Conference 2016
Comments?
The ITAM Review UK Conference 2016
The ITAM Review UK Conference 2016
Thank You