Home  ›  Blog  ›  Microsoft SPLA
Microsoft · Service Provider Licensing

Microsoft SPLA — the rules that govern hosting Microsoft software.

SPLA — the Services Provider Licence Agreement — is the monthly, pay-as-you-go programme that licenses Microsoft software when you host it for third parties. If your customers, not your employees, are the users, SPLA is almost always the correct vehicle, and your volume-licensed servers are not. It is governed by the Services Provider Use Rights (SPUR), carries no perpetual rights, and is reported monthly through a SPLA reseller. This guide covers the third-party test, SAL versus per-core, License Mobility, and the audit patterns hosters face.

Updated: June 2026 Reading time: 11 min Audience: Hosting/MSP leaders, SAM, Finance
Cloud hosting data centre
The short answer

What is Microsoft SPLA and who needs it?

SPLA is Microsoft's licensing programme for service providers who make Microsoft software available to third parties as a hosted or managed service. You need SPLA whenever an external party — a customer, a tenant, a subscriber — uses software running on infrastructure you operate. Unlike an Enterprise Agreement, SPLA has no perpetual licences and no Software Assurance: you report actual usage every month and pay for what you provisioned, through a Microsoft-authorised SPLA reseller. The defining rule is the third-party test. Volume licences (EA, MPSA, CSP) cover your own organisation; the instant a non-affiliated third party becomes the user, you are hosting, and SPLA — or a License Mobility path — applies.

This is the hosting deep-dive in our Microsoft server licensing guide cluster. If you are licensing servers for your own employees, start with the Windows Server licensing mechanics instead; SPLA only enters the picture when you are the provider.

The test

How do I know if a workload needs SPLA?

Apply one question to each workload: is a third party the user of the software? If your employees administer a system that your customers log into, the customers are the users and SPLA applies. If you simply run software your own staff use to deliver a service, that may be covered by your own volume licences. The grey zone — and the most common audit exposure — is the managed-services provider who runs customer-dedicated environments on volume licences bought under the customer's name, or worse, on the MSP's own EA. The table sets out the boundary.

The third-party hosting test — which licensing vehicle applies to a given workload.
ScenarioWho is the userVehicle
You host an app your customers log intoThird partySPLA
Customer brings own licences to your cloudThird party (their licence)License Mobility (SA) / Azure
You run software your employees useYour orgVolume licensing (EA/CSP)
Dedicated outsourced environment for one customerThat customerSPLA or customer's licences via Listed Provider rules

Unsure where the SPLA line sits?

We map each hosted workload to the correct vehicle before an audit forces the question.

Contact Us →
Metrics

SAL or per-core — which SPLA metric applies?

SPLA products are licensed one of two ways. A Subscriber Access Licence (SAL) is counted per unique user (or device) with access during the month — the model for products like Windows Remote Desktop Services, Office, and most application servers. Per-core licensing applies to the infrastructure tier — Windows Server and SQL Server — and follows the same core-counting logic as volume licensing, including the per-processor minimum, reported monthly against the cores you ran. Some products offer both and the cheaper model depends on user density per core.

SPLA metrics by common product family (representative; confirm against the current SPUR).
ProductTypical SPLA metricCounted on
Windows ServerPer-corePhysical cores you ran (min per proc)
SQL ServerPer-core (or SAL for some editions)Cores allocated to SQL
Remote Desktop ServicesSALUnique users with RDS access
Office / Microsoft 365 appsSALUnique users provisioned
System CenterPer-coreCores of managed servers

The reporting discipline matters more under SPLA than anywhere else in the Microsoft estate, because you self-report every month and the numbers compound. Two patterns drive over-reporting: counting provisioned-but-dormant SALs (users who no longer have access but were never removed), and reporting peak rather than actual concurrent core allocation. Both are recoverable with a monthly reconciliation process — the same rigour we apply on the buyer side to System Center core counts.

Get the Microsoft Server & SPLA Licensing Playbook.

The SPLA decision tree, the SAL-vs-core worksheet, the License Mobility map, and the monthly-reporting controls that survive an audit.

Get the playbook →
Mobility

When can a customer bring their own licences instead?

License Mobility through Software Assurance lets a customer move eligible server application licences — SQL Server, SharePoint, Exchange and others — into a provider's shared-hardware environment, so the provider does not need SPLA for that workload. Windows Server itself is generally excluded from License Mobility on shared hardware; that is what the per-core SPLA or the dedicated-host hosting rules exist to cover. For providers, the practical effect is a split estate: customer-owned SA licences for the application tier where eligible, SPLA for Windows Server and for any customer without SA. Mapping which workloads can ride on customer SA versus which must be SPLA is the single biggest cost lever a hoster has.

Audit

What does a SPLA audit look for?

SPLA audits — run by Microsoft or its appointed auditors — concentrate on three things: under-reported usage versus deployed capacity, use of non-SPLA (volume) licences to serve third parties, and desktop-operating-system hosting, which SPLA does not grant on multi-tenant shared hardware outside the specific QMTH/multitenant hosting rights. The exposure is rarely a single month; it is the back-bill across the reporting history plus the corrected forward run-rate. In our audit-defence engagements, the recoverable position is almost always in the reporting methodology — dormant SALs, peak-versus-actual core counts, and workloads that were eligible for customer License Mobility but reported under SPLA.

SPLA audit letter in hand?

The reporting-methodology defence is time-sensitive. We have cut claimed SPLA exposure substantially across hosting clients.

Contact Us →

For providers above meaningful monthly SPLA spend, an independent review across the third-party test, SAL hygiene and License Mobility eligibility typically pays for itself many times over. This pairs with our license optimization service and, where a notification is live, with vendor audit defence. For the broader Microsoft commercial picture, our Microsoft EA optimization work and the case behind it — an $8.7M Microsoft outcome — show the same methodology applied across the estate.

Hosting on the wrong licence?
The SPLA boundary is where audits start.

$1.8B+ documented client savings · 340+ engagements · 68% average audit-claim reduction · Gartner recognised · buyer-side only since 2016.

The Compliance Brief

Weekly compliance intelligence for IT leaders.