Microsoft enterprise licensing is tricky enough as it is. Add BYOD and cloud apps to the equation and companies have a recipe for licensing compliance issues.
Many end users access the OnLive Desktop app to get Microsoft Office on their iPad for free, for example, but the app violated Microsoft's licensing rules up until recently. Employees who use that app or other cloud-apps that aren't licensed for use on the corporate-owned device can unwittingly put their employer out of compliance, one analyst said.
"Most [companies] have a very large liability for what employees use their own devices for, and I'd include ordinary home PCs as well as the latest gadgets," said Paul DeGroot, principal consultant for Pica Communications, a Microsoft licensing consultancy based in Camano Island, Wash.
Often, companies know that their employees bring personal devices to the workplace and allow them to access corporate Wi-Fi, but don't consider these devices official corporate assets. Regardless, employees set up Exchange email on their iPads and smartphones and may use cloud-based file sharing services such as DropBox to access corporate data on those devices, said Keith Norbie, vice president of Nexus Information Systems, an IT solutions provider based in Minnetonka, Minn.
"There is a ton of BYOD stuff that happens whether IT knows it or not," Norbie said. "So, the new problem I see is control; it's an illusion that people are trying to deal with, and IT is not dealing with it very well. They are using old methodologies to handle new ways of app delivery, and it isn't working."
This is particularly risky for companies that have Microsoft Enterprise Licensing Agreements (EA), where customers commit to licensing any device that is used "for the benefit" of the company with whatever Microsoft software is covered in their EA, he explained.
The standard EA includes licenses for Windows, Office and a suite of Client Access Licenses (CALs).
"If that's what you have in your EA, then any phone, home PC, tablet or other device that employees use in any way for work needs to be included in the EA, which means purchasing all those licenses for all of those devices," DeGroot said.
More on BYOD:
BYOD security: How application streaming and VDI can help
BYOD licensing rules not set; beware of snags
Microsoft clarifies cloud-hosted desktop licensing, stings OnLive
Microsoft doesn't appear to be enforcing this rule strictly, but it could at any time, DeGroot said. After all, Apple iPads are "whittling away at PC sales" while running Microsoft's software -- including Exchange and Office.
"Imagine that you are ignorant of this rule and decide that you want to get out of your EA," DeGroot said. "Microsoft comes along and says, 'Oh, before you go, we'd like to see an inventory of any device that has ever touched your system, even indirectly."
Evidence that employees use their own devices for work could prompt Microsoft to come up with its own estimate, as many customers wouldn't be able to supply the data, he said.
"If they decide that, on average, each employee has used one personal device (home computer, phone, portable PC) to access their work environment over the last year, and those devices should be included in the count, your final true up will include payment, at prices ranging from about $550 to $850, for each device," DeGroot said.
IT pros simply need to be proactive and investigate what their end users do with their devices. The next step is to set bring your own device (BYOD) policies to govern employees, DeGroot said.
"Ignorance about what devices your people are using and how they'll use them could deliver a big surprise, and most CEOs don't like big surprises on the expense line," he added.
Companies that move to officially sanction BYOD must develop a remote access strategy where apps, data and/or entire desktops are delivered to end users in a controlled, licensed manner, Norbie said.
One approach is to deliver VDI-based virtual desktops, which can be accessed on various devices. Another approach is Desktops as a Service (DaaS), where virtual desktops are delivered from a cloud services provider.
"With any of these options, you have to investigate the licensing compliance and what they actually offer in terms of end user performance and availability," Norbie said.
There are also Identity as a Service (IaaS) products that let IT provision and license cloud-based apps to end users to stay in compliance. Centrix Software, Ltd., for instance, lets enterprise IT aggregate commonly used off-premise cloud apps with on-premise legacy applications to deliver them all within the same user portal. This way, IT can track licenses and adjust accordingly.
Other app management options that help IT pros track licensing include VMware Inc.'s Horizon App Manager and Okta Inc.'s identity management service.