The self assessment is the customer driven license review that produces a defensible internal effective license position before Microsoft asks for one. The engagement is preventative rather than reactive. It surfaces non compliance the customer can remediate quietly, documents compliance the customer can defend under scrutiny, and produces the baseline that every subsequent contractual event runs against. The audit defense begins before the audit notice arrives.
The customer who has documented a defensible effective license position in writing, kept the documentation current, and treats it as the operational baseline for every Microsoft engagement, holds a fundamentally different posture than the customer who has not. The first customer is preempting findings. The second customer is responding to findings. The work is the same. The control over the outcome is not. The self assessment is the engagement that produces the first posture, and it converts every downstream Microsoft engagement into a stronger one.
The self assessment produces a documented effective license position by product, by entity, and by deployment. It identifies areas of confirmed compliance, areas of documented entitlement that the customer can defend with confidence, and areas of potential non compliance that the customer can remediate before exposure becomes material. Each finding is paired with the contractual basis, the deployment evidence, and the remediation path where one is required.
The deliverable becomes the customer’s operational baseline. It is referenced at every true up cycle, every renewal posture engagement, every SAM offer, every audit notice. The baseline does not eliminate exposure. It converts the customer’s posture from reactive interpretation to documented position.
The exposure that surprises customers in formal audit is rarely structural ignorance. It is documentation gap. The customer typically had the entitlement, had the deployment configured correctly, and had the contractual basis for the position. What the customer did not have was the written documentation that a structured audit could reference directly. The self assessment closes that documentation gap.
Across the practice, customers who maintained a current self assessment baseline going into a formal audit settled at exposure levels 60 to 80 percent below customers who had not. The substantive position was the same. The documented position was different.
The self assessment engagement runs in four phases over six to twelve weeks depending on the estate size and the product mix complexity.
Active directory extract. Microsoft 365 admin center pull. Azure subscription map. On premises deployment inventory. The factual deployment baseline.
Contract reconciliation. Active EA terms, MCA E terms, CSP terms, MPSA terms. The contractual entitlement baseline against which deployment is measured.
Deployment versus entitlement reconciliation. Per product, per entity, per deployment. Areas of compliance, areas of risk, areas of remediation.
The written effective license position. The contractual basis, the deployment evidence, the remediation plan. The baseline the customer carries forward.
The self assessment covers every Microsoft product category that carries license exposure. The depth varies by category, by deployment, and by the customer’s historical posture, but the coverage is comprehensive.
E3, E5, F3, add on stack. Defender, Purview, Copilot. Per user assignment reconciliation. Active versus licensed gap. Shared mailbox and service account treatment.
Subscription map. Reserved instance portfolio. Hybrid benefit application. AHB eligibility per workload. MACC application against forward commit.
Windows Server datacenter and standard licensing. SQL Server core licensing. CAL position. RDS user CAL coverage. Cloud PC and AVD assignments.
Sales, Customer Service, Finance, Supply Chain, Business Central. Per user license type reconciliation. Team member coverage. Operations license assignment.
Power BI Premium capacity and per user. Power Apps per app and per user. Power Automate flow assignment. Capacity planning against active consumption.
Visual Studio subscription assignments. GitHub Enterprise seat reconciliation. Copilot Business assignments. Azure DevOps user mapping.
The customer who maintains a current self assessment is not avoiding the audit. The customer is preparing for whichever contract event arrives first. The same baseline serves the renewal, the true up, the SAM offer, and the audit notice.Managing analyst · Self assessment practice
The self assessment is not a one time deliverable. It is a baseline that informs every Microsoft contract event the customer manages, and its value compounds with each cycle.
The renewal posture work references the baseline to inform the right size target and to defend the negotiated floor against Microsoft seller assumptions about consumption growth. The true up engagement references the baseline to dispute the auditor’s count and to restructure the SKU mix against the actual deployment. The SAM defense engagement references the baseline to scope the customer’s cooperation and to rebut findings that contradict the documented position. The formal audit response engagement references the baseline as the customer’s opening substantive position against the auditor’s draft.
The same baseline serves all four. Customers who maintain it across the contract lifecycle compound the work into structural posture. Customers who treat it as a single deliverable absorb the upstream value without the downstream leverage.
The practice supports an annual refresh of the self assessment baseline tied to the EA anniversary, with mid year updates for material organizational changes. The maintenance is operationally light once the initial baseline is established, and the cost is materially lower than rebuilding the position each time a contract event arrives.
The self assessment is run by buyer side counsel rather than by Microsoft, by a SAM partner, or by an internal team that reports through procurement to a Microsoft account relationship. The independence is structural. A baseline built by a party with a vendor relationship is, structurally, evidence the vendor can reference.
The buyer side baseline is the customer’s document. It is not shared with Microsoft, not shared with a SAM partner, and not referenced by any party outside the customer’s contractual structure. The protection is in the independence.
The self assessment methodology is structured to produce a position that holds under formal audit scrutiny. The discipline matters because the same position is the customer’s baseline in renewal, in true up, in SAM defense, and in formal review. A position that holds in one context but not in another is not a baseline. It is a draft.
Each finding in the self assessment is supported by three layers of evidence. The contractual basis, drawn from the active EA, MCA E, CSP, or MPSA paper that governs the entitlement. The deployment evidence, drawn from administrative system extracts and configuration documentation. And the operational evidence, drawn from active usage data, authentication logs, and provisioning records that confirm the deployment is being consumed in the way the entitlement contemplates.
The three layers reinforce each other. A finding supported by all three is structurally defensible under any subsequent scrutiny. A finding supported by only one layer is a draft that requires further work before it can serve as a baseline.
The methodology is operated by buyer side analysts without contractual or financial relationships with Microsoft, with any Microsoft partner, or with any party that participates in Microsoft’s compliance ecosystem. The independence is structural. A self assessment produced by a party with vendor entanglement is, structurally, evidence the vendor can reference. A self assessment produced by independent counsel is the customer’s own document and remains so across the contract lifecycle.
The independence is the protective layer that allows the document to serve as the customer’s baseline rather than as discoverable correspondence.
The self assessment runs on an annual rhythm anchored to the EA anniversary or to the equivalent contract anniversary the customer holds with Microsoft. The initial baseline is the substantial engagement. The annual refresh is operationally light, narrowly scoped, and structurally protective. Each refresh updates the baseline against the deployment changes of the prior twelve months, surfaces any new exposure introduced through organizational change or product rollout, and reconfirms the contractual basis for the documented position. Customers who hold the cadence retain a current baseline at all times and never face a Microsoft contract event from a position they have not already documented. Customers who let the cadence lapse rebuild the baseline at every contract event and absorb the cost of that rebuild against the cycle they are already negotiating. The cadence is the operational discipline that converts the self assessment from a one time deliverable into a structural posture.
Two analyst calls. No pitch. We tell you what we would do, what the leverage actually is, and whether we are the right firm for this engagement.