Table of Contents Overview and How to Use This Guide... 3 Licensing Technology... 3 Preinstalled... 4 Volume Licensing... 5 Open License Agreement... 5 Open Value Agreement... 6 Select License Agreement and Enterprise Agreement... 6 Proof of License Table... 7 Glossary... 14 Useful Resources... 15 2
Overview and How to Use This Guide As part of any successful software asset management project, it is important that you understand the various ways in which your customers acquire and use software, as well as the rules that govern the use of that software, and the best ways of documenting that the software has been correctly licensed. This guide will help you to evaluate your customers software licenses, and to advise your customers on how to reduce the risks associated with either mislicensing or acquiring and deploying non-genuine products. This guide will help you to understand the many ways in which technology is acquired, and what documentation should be considered as evidence of proper licensing during Software Asset Management ( SAM ) reviews. This guide is intended for use only in connection with SAM engagements. As you probably know, there are specific legal requirements to prove that someone is licensed for a particular software title. The proof of licensing standards set forth in this guide are not actual legal proof of licensing requirements under audit standards. SAM engagements are not audits. Most End-User License Agreements (EULAs) that accompany retail and preinstalled software set forth the requirements for the proof of licensing of that specific product. The content in this guide does not replace or supersede the EULA. The proof of licensing guidelines in this document were drafted in anticipation of the relatively limited amount of time a SAM advisor has to review a customer s licensing history in order to formulate the customer s licensing position. Different products and versions of those products may have specific requirements for proving that they are correctly licensed. Some retail and preinstalled (or original equipment manufacturer ( )) products today (and more in the future) use a single-proof-oflicense methodology that relies only upon the 5 5 product key on the Certificate of Authenticity ( COA ) or the 5 5 product key on the retail product key label as proof of license. At the end of this guide, you will find tables that illustrate the primary and secondary sources that can be used to evaluate customers licensing positions during a SAM review. Licensing Technology There are various options for licensing software, including retail (full packaged product), preinstalled (), and Volume Licensing agreements. Each has its unique requirements for providing proof of license. Maintaining proof of license records will not only bolster your customers software asset management (SAM) practices, but can also be used during a -sponsored SAM engagement. 3
A software license grants the user the right to run or access a software program. Licensing software is not the same as purchasing a car or house customers are not buying the software itself. Rather, they are buying a license that sets forth the way in which the software may be used, along with various restrictions, such as those relating to the transferability of software licenses, or to a customer s ability to downgrade to an earlier version of the software. The nature of these rules and restrictions varies according to the software title and the type of software preinstalled, retail or volume licensing software. Preinstalled New PCs are commonly purchased with software already installed by the original equipment manufacturer (). The desktop operating system and Office are frequently purchased in this way. The initial version of the operating system license is only available through two channels as preinstalled software or as retail full packaged product (FPP) software. There are no Volume Licensing programs that provide the initial full version of. Volume Licensing agreements provide only a means of upgrades, and require a full underlying version of the software for each upgrade 1. When the PC comes with software preinstalled, the purchaser should also receive an accompanying Certificate of Authenticity (COA) with the 5 5 product key. For, the COA will be affixed to the PC. For preinstalled applications, including Office, the COA will be affixed to the packaging containing the software media or disc. A COA helps identify genuine software, but is not a software license as such. Purchased by itself, or stand-alone, a COA has no value. When purchased with the appropriate software and components, a COA is one of a number of visual identifiers that assist in determining whether or not the software running on the PC is genuine. Without the COA, it cannot be known conclusively whether the PC is running genuine software. For XP SP2, Vista, and the versions of Office XP, Office 2003, and the 2007 Office system, the only proof of license required in the context of a SAM license review is the COA, which includes the 5 5 product key. Refer to the table at the end of this guide for many other preinstalled software requirements in addition to the COA, and how they relate to various products. These proof of licensing requirements may include the EULA, software media, and an invoice or receipt for the purchase of the licensed software. If a question arises as to what are the licensing requirements under a particular EULA, copies of the EULAs can be found online at www.microsoft.com/about/legal/useterms. The EULA provides the terms and conditions of use to which the end user agrees before using the software. 1 As a one-time option through Volume Licensing, a customer can sign a Get Genuine Agreement to properly obtain a full version of XP in a mislicensing scenario. 4
software (FPP) is traditionally shipped in a shrink-wrapped box or plastic case. Customers can purchase FPP from a store or from an online retailer. Customers who purchase retail software usually do so because they are purchasing in relatively small quantities. The retail packaging for current software versions will include a box top COA to assist with authentication and product identification and a 5 5 product key Proof of License label. versions of, Office, and many other products 2 also contain media with edgeto-edge holograms. In addition, the retail package will indicate the appropriate geographic area of sale for that particular software 3. For the retail versions of XP SP2, Vista, Office XP, Office 2003, and the 2007 Officesystem, the 5 5 product key is considered to be proof of license. Refer to the table at the end of this guide for many other software proof of licensing requirements in addition to the 5 5 product key. These may include the EULA, software media, and an invoice or receipt corresponding to the purchase of licensed software. Volume Licensing Volume Licensing offers programs that are designed to meet the needs of your customers businesses. These agreements are tailored according to the size and purchasing preferences of your customers, and they provide simple, flexible, and affordable licensing solutions. The primary volume licensing programs are Open License, Open Value, Select License Agreement, and the Enterprise Agreement. Specific programs for academic institutions and government entities also exist, in addition to regional offerings. Please note that the Volume Licensing programs do not provide the initial full version of, but only provide an upgrade that requires that a full version already be licensed on the PC 4. Set forth below is a brief description of each of these volume licensing programs. Open License Agreement A volume purchasing plan for small businesses, offered as an alternative to purchasing software through the retail channel. With a one-time initial purchase of five licenses for one or more products, customers can continue to purchase single quantity orders of any product available through the Open License program at volume pricing. A benefit of the Open License program is access to the eopen Web site at https://eopen.microsoft.com, where customers can view the terms of their agreement and their history of order confirmations. This 2 Visit www.microsoft.com/resources/howtotell/listview.aspx?displaylang=en to view all products and their visual piracy prevention features. 3 A parallel import is sometimes referred to as gray market software. It s software that was intended for distribution in a country other than the one in which it is found. 4 As a one-time option through Volume Licensing, a customer can sign a Get Genuine Agreement to properly obtain a full version of XP in a mislicensing scenario. 5
agreement and order confirmation history represent the customers proof of license. In regions where eopen is not available, customers will receive paper order confirmations. For customers with older Open License agreements, they may have a cover page to confirm their license purchases (this applies to agreements that predate the 6.x version of our volume agreements). These paper confirmations are considered proof of licensing for these older agreements. Open Value Agreement A volume purchasing plan that enables small to midsize organizations with fewer than 250 PCs to use and manage software licenses under a single agreement. Open Value offers simplified license management, better control over customers investment, and better management of software costs. A benefit of the Open Value program is access to the Volume Licensing Services (MVLS) Web site at https://licensing.microsoft.com, where customers can log on to view their history of volume license order confirmations. Customers signed agreements, order confirmation history, and evidence of payment represent their proof of license under this program. Select License Agreement and Enterprise Agreement A volume purchasing plan for organizations with more than 250 PCs. The Select License program is priced based on a customer s forecasted level of purchasing. Customers sign Select License agreements, and then purchase their licenses under those agreements. The agreements themselves do not specify the number of licenses purchased, but do forecast the volume of licenses to be purchased. The Enterprise Agreement helps customers standardize IT across the enterprise, simplifies license management, and provides maintenance benefits to help ensure that customers maintain a competitive advantage and increase employee productivity. The Enterprise Agreement provides a specific number of licenses for a specified range of software titles and is trued up annually to adjust the numbers of licenses needed. Both of these programs are only available through the Large Account Reseller (LAR) or Enterprise Software Advisor (ESA) channels. A benefit of the Select License program and the Enterprise Agreement is access to the Volume Licensing Services (MVLS) Web site at https://licensing.microsoft.com, where customers can log on to view their history of volume license order confirmations. Customers signed agreements, order confirmation history, and evidence of payment represent their proof of licensing under these programs. For licenses acquired prior to the 6.x version of our volume agreements, the license confirmations would have been received by the customer in paper form. 6
Proof of License Table Listed below are two types of evidence of licensing for various types of and FPP software primary evidence and secondary evidence. The primary evidence indicates proof of licensing for the purposes of the SAM license review. The secondary evidence components are secondary sources we can look to when customers do not have any primary evidence, or when we need information to supplement the primary evidence a customer provides. By itself, secondary evidence may not always serve as adequate proof of licensing. However, we have to realize that customers may have misplaced their primary evidence, even though they are properly licensed. Considering supplemental, or secondary, evidence allows us to do all we can to help customers show that they are licensed during a SAM engagement. For example, an invoice might help us track down the proof of licensing from the source of the software. If a customer had purchased systems from Dell, for example, and the invoice reflects that the systems were purchased with, then that invoice would help us to confirm that the systems were initially properly licensed. Similarly, if the invoice reflects that a customer purchased stand-alone EULAs for software, then the invoice would help us to determine that the customer is not properly licensed. 7
Product Channel Primary Secondary Product ID Checks Office Office box with If you find large numbers of FPP 4.2/4.3 to EULA COA, CD sets, floppy disks, EULAs or CD sets always ensure they were originally shipped as complete boxed invoices products. Office 95 Always ensure is still installed on original PC, or was when upgrades were Office 4.2/4.3 to Office 95 Green generic COA on CD sets/manuals CDs, manual, invoices applied. No need to count if they aren t being used as underlying licenses. A common infringing offering is a combination of and components that would not result in a licensed installation. Look out for an CD set consisting of an COA on the front, but a CD Key label on the rear. Common counterfeit. Look out for large numbers of FPP EULAs or CD sets. Check whether components were supplied standalone. Check CD has Mould/Master IFPI Office 97 EULA or License Pak ( MLP ) agreement box with COA, CD sets, manual, invoices codes. Look out for EULAs with no Work Order and Stock Keeping Unit references and the part number 91073 on the rear/bottom left of the EULA, especially outside North America. Also, check WO number on License Paks. High numbers could indicate risk of counterfeit. Invoices should not indicate loose components, like CD sets or EULAs. 8
Product Channel Primary Secondary Product ID Checks Office Common counterfeit. Make sure CD set includes CD, not retail CD. Liners will Office 97 Green generic COA on CD sets/manuals CD sets, manual, invoices be black and white. Look out for / component mix, namely an COA and retail CD key. Check CD has Master/Mould IFPI codes. Should be no CD key label on jewel case. Generic COA must be attached to CD set/manual to confirm product. Common counterfeit, Professional and Premium. Conduct tear test on interwoven thread of EULA. Check CD has Master and box with Mould IFPI codes. Look out for L826 master Office EULA COA, CD sets, or IFPI (especially outside Asia Pacific) and 2000 invoices / component mix, normally CD set with CD. Invoices should not indicate loose components, like CD sets or EULAs. Common counterfeit, especially Professional. Check ICC for genuine Office 2000 ICC manual or COA label on cardboard slip CD sets, manual, invoices interwoven thread using tear test. Check CD has Master/Mould IFPI codes. Look out for L826 master IFPI code (especially outside Asia Pacific). Invoices should not indicate loose components, like CD sets or licenses. Office XP 5 5 product key label on CD set box with COA, CD, manual insert, invoices Check E2E hologram CD for Mould IFPI code and ensure E2E hologram is not a label. Office XP 5 5 product key on COA on cardboard slip CD, invoices Check E2E hologram CD for Mould IFPI code and ensure E2E hologram is not a label. 9
Product Channel Primary Secondary Product ID Checks Office Office 2003 5 5 product key label on CD set (DVD case) box with COA, CD, manual insert, invoices Check E2E hologram CD for Mould IFPI code and ensure E2E hologram is not a label. Common counterfeit. Check E2E hologram Office 2003 5 5 product key on COA on cardboard slip CD set, manual, invoices CD for Mould IFPI code and ensure E2E hologram is not a label. Make sure interwoven strip for COA is not simulated and properly threaded. Take sample COA numbers (14 digit) if in doubt. Check edge-to-edge ( E2E ) hologram Office 2007 5 5 product key label on plexiglass case Plexiglass case with COA, CD, manual insert, invoices CD for Mould IFPI code and ensure E2E hologram is not a label. The 5 5 product key label should be an interwoven or submerged strip. 5 5 product key Common counterfeit. Check E2E hologram Office 2007 on COA, on cardboard slip (D) or inside media less kit (MLK) (System Builder only) DVD CD set inside cardboard slip (D) or MLK as DVD case (SB), invoices CD for Mould IFPI code and ensure E2E hologram is not a label. Make sure interwoven strip for COA is not simulated and properly threaded. Take sample COA numbers (14 digit) if in doubt. MLK should not have CD. If it does, case authenticate E2E CD. 10
Product Channel Primary Secondary Product ID Checks 95/ 98/ NT Workstation EULA box with COA, CD sets, manual, invoices If you find large numbers of FPP EULAs always ensure they were originally shipped as complete boxed products. Common counterfeit is 98 SE. Check ICC for genuine interwoven thread 95/ 98/ NT Workstation Green generic COA on manual, or Integrated Certificate of Authenticity Cover ( ICC manual ), or PC COA label CDs, EULA, manual, invoices. (For PC COA label version only, you can accept invoices or purchase records to confirm license counts and use COAs (representative PC sampling) as corroboration.) using tear test. Check CD has Master/Mould IFPI codes. Look out for L826 master IFPI code strain for 98 SE (especially outside Asia Pacific). Conduct tear test on interwoven thread on original pink/green COA Labels. For E2E 98 CDs ensure E2E hologram is not a label and Mould IFPI code is present. Take sample COA numbers (14 digits). Only count if it is still installed on original PCs. Focus on System Builder channel 98 SE, which has D on COA. You should never find loose COA Labels. 2000/ME EULA box with COA, CD sets, manual, invoices Conduct tear test on interwoven thread of EULA. Check CD for Mould IFPI code and ensure E2E hologram is not a label. 2000/ME PC COA label with 5 5 product key for sampling/ corroboration CDs, manual, and to be practical in SAM license review scenario use invoices/purchase records for overall license count Common counterfeit. Conduct tear test on interwoven thread on original pink/green COA labels, record sample COA numbers. Blue silver COA labels are common counterfeit too. Record sample COA numbers and product keys if in doubt. Focus on System Builder channel (not D) for counterfeit. XP 5 5 product key label on CD set box with COA, CD, manual insert, invoices Counterfeit possible. Check edge-to-edge (E2E) hologram CD for Mould IFPI code and ensure E2E hologram is not a label. 11
Product Channel Primary Secondary Product ID Checks Common counterfeit. For sampling, blue silver COA labels are common counterfeit. Record sample COA numbers and XP PC COA label with 5 5 product key for sampling/corroboration CDs, manual, and to be practical in SAM license review scenario use invoices/purchase records for overall license count product keys if in doubt. Conduct tear test checks on interwoven thread of Porky and Porthole and Ranger COA labels. Each porthole should be unique, with interwoven thread. Focus sampling on System Builder channel. D will be branded. Record sample COA numbers. You should never find loose COA Labels. Check E2E hologram CD for Vista 5 5 product key on plexiglass case Plexiglass case with COA, CD, manual insert, invoices Mould IFPI code and ensure E2E hologram is not a label. The 5 5 product key label should be an interwoven or submerged strip. Counterfeit possible. For sampling, conduct tear test on interwoven thread of Porky and Vista PC COA label with 5 x 5 product key CDs, manual insert in DVD case; for sampling/corroboration, and to be practical in SAM license review scenario use invoices/purchase records for overall license count Ranger COA labels. Counterfeit Porky COA label has red interwoven strip, when it should be silver. Each porthole should be unique, properly interwoven. Focus sampling on System Builder channel. D Ranger COA will be branded. Record sample COA numbers. You should never find loose COA labels. Check E2E hologram CD for Mould IFPI code and ensure E2E hologram is not a label. 12
Product Channel Primary Secondary Product ID Checks Server Common counterfeit, shipped as loose components or complete boxed product. If you NT Server 4.0 EULA and CAL box with COA, CD sets, manual, invoices find large numbers of FPP EULAs, always ensure they were originally shipped as complete boxed products. Check CDs (all 4) have Mould/Master IFPI codes. If the customer is outside of North America, look out for items marked For U.S./Canada only, as they are often counterfeit. NT Server 4.0 Green generic COA on manual, or ICC manual, or COA label CDs, floppy disks, EULA, manual or invoice Not a common counterfeit. Be wary of unlicensed second-hand usage, where software from one system is moved to another one. EULA or 5 5 2000Server product key label on CD set as the license, plus box with COA, CD, invoices Less common counterfeit. If you find large numbers of FPP EULAs, always ensure they were originally shipped as complete boxed products. paper CAL 2000Server PC COA label with 5 5 product key CD, manual, invoices; For corroboration, look to invoices or purchase records Less common counterfeit. For sampling, conduct tear test on interwoven thread of Porky and Porthole COA Labels. Focus sampling on System Builder channel for counterfeit. D will be branded. Record sample COA numbers. 5 5 product key on CD set box with Counterfeit not likely. Check E2E hologram Server as the COA, CD, CD for Mould IFPI code and ensure E2E hologram 2003 license, plus invoices is not a label. Paper CAL should be present too. paper CAL CD, manual invoices; for Counterfeit possible. For sampling, conduct tear Server 2003 PC COA label with 5 5 product key sampling/ corroboration, invoices/purchas e records for test on interwoven thread of Porky and Porthole COA labels. Focus sampling on System Builder channel for counterfeit. D will be branded. Record sample COA numbers. You overall license should never find loose COA labels. count 13
Glossary Certificate of Authenticity (COA) The COA is a label that is affixed to the packaging or to the computer in the case of preinstalled software. It is one of a number of visual identifiers that assists in determining whether or not the software running on the PC is genuine. End-User License Agreement (EULA) This is the agreement between and the end user, providing the terms under which the end user may use the software. Frequently, the EULA will be agreed to by the end user upon first attempted use of the software. The language from the EULA is available on line at www.microsoft.com/about/legal/useterms. Full packaged product (FPP) software purchased from retail sources, such as a store or an online retailer. It is packaged in a box or, more recently, in plastic packaging. FPP software is sometimes called retail software. The license agreement for FPP software permits it to be taken off of one computer and moved to another. The licensing terms for software do not permit the software to be moved from one computer to another. Get Genuine Agreement This is a volume license agreement to help a customer correct XP Professional desktop licensing deficiencies. This agreement is available through Volume Licensing corporate programs. This agreement is available to corporate customers only, and not to academic or government customers. ICC Manual A manual that has an integrated Certificate of Authenticity on its cover. This is an older version of the COA, and was used for 98 and Office 2000. License An agreement by the owner of the intellectual property to permit the use of a particular version of software by an end user or a licensed entity. Mislicensing This term is used by to refer to instances where customers do not have the proper licensing to run the software they are using. Examples of mislicensing include using a volume license agreement as the basis for an installation of the full version of software, or using academic licensing when a customer is not a qualified academic customer. Original equipment manufacturer () Entity that builds computers or servers, often providing preinstalled software, such as the desktop operating system, with new computers it builds. IFPI Codes The International Federation of the Phonographic Industry. Each genuine CD-ROM has a mould and a master IFPI code. The mastering code is put on by the machine that creates the master from which all the CD-ROM s are stamped. The mould code is a manufacturing code which is machine tooled onto part of the mould that CD-ROM s are pressed in. has required all of its authorized replicators to produce discs with both these codes since January 1996. E2E Hologram - A genuine Edge to Edge (E2E) hologram is embedded into the CD-ROM during the manufacturing process and is not a label. 14
Useful Resources Software Inventory Analyzer: www.microsoft.com/resources/sam/msia.mspx How-to-Tell site: www.microsoft.com/resources/howtotell/ Review policies and procedures for SAM: www.microsoft.com/resources/sam/implementing_policy.mspx Implementing SAM into your business: www.microsoft.com/resources/sam/implementing.mspx Learn more about Volume Licensing: www.microsoft.com/licensing Learn more about software piracy: www.microsoft.com/piracy SAM training material and practical tools: http://partner.microsoft.com/sam2 2008 Corporation. All rights reserved. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT., the Office logo,, NT, Server, and Vista are trademarks of the group of companies. This information is provided to help guide your authorized use of products you license; it is not your agreement. Your use of products licensed under your license agreement is governed by the terms and conditions of that agreement. In the case of any conflict between this information and your agreement, the terms and conditions of your agreement or license control. 15