[jasonjayr]

I have heard/read that should be audited by Microsoft or any of the other large software houses that do that, they don't care for any certificate of authenticity or license keys, or anything.

They want to see a valid purchase order for the SKU of the license.

So, I think using a keygen might raise some red flags if the auditing software reports back the key even if it's the same SKU you paid for (and it had better be) but the proof of a paid order is what determines if you are licensed.

[EvanAnderson]

I've experienced multiple MSFT compliance audits at small business Customers in the 2004-2020 timeframe. MSFT only ever cared about reconciling what was in use with what was paid-for. I've been asked for photos of OEM key stickers attached to hardware but never asked to retrieve keys from installed software.

I assume keys are another facet of keeping specific details around licenses vague enough that there's always room for MSFT to argue or bargain.

[jm4]

My experience was similar at a medium size business. We had reusable keys that we used as needed. Once a year, we would run their audit tool and pay the difference.

I never got the impression they cared where the keys came from. We knew exactly when they were coming every year. They were easy to deal with and I don’t recall ever having any issues.

We also had an ELA with VMware and they were awful. We only stuck with them because the software fulfilled a need. They treat you like dirt during the sale and every renewal. In between, they act as if they’re the ones doing you a favor by allowing you to be a customer. The support was terrible.

But oddly enough, they always gave us more licenses than we paid for. Every time, they would throw in products we didn’t purchase and weren’t cheap about it either. It was always like 100+ seats and one time it was 1000.

[op00to]

I worked at enterprise software companies, and I have seen them usually give 25% “buffer” where software keys restrict usage to account for growth, with a reconciliation at renewal.

[to11mtm]

> MSFT only ever cared about reconciling what was in use with what was paid-for. I've been asked for photos of OEM key stickers attached to hardware but never asked to retrieve keys from installed software.

If I recall correctly, CALs don't really get 'installed', so my guess is that going off of 'provable licenses' keeps the audit process more uniform and streamlined.

[pc86]

So if you're using the same SKU(s) and are not oversubscribed, it should still be fine shouldn't it? If you buy SKU A and get Key 1, then use keygen to get Key 2 which is for SKU A, I'm not seeing where the audit will come back against you as long as you're only using one instance of SKU A.