Contact Us Today! (877) 276-5084

Attorney Steve® Blog

Microsoft CAL licensing explained

Posted by Steve Vondran | Jul 25, 2015 | 0 Comments

Software Audit Essentials – “CAL” license shortages!


Microsoft software runs the world.  Many businesses both large and small rely on a wide variety of Microsoft software products to run their business.  One of the trending areas of software audit defense we see is the rise of calls from Clients who are being audited for shortages of CAL licenses (sometimes part of a “Software Asset Management Review“).  Some clients don't even know what “CAL” means and what they are supposed to have in order to be in compliance.  This blog is meant to be a starting guide for the small to mid-size company and even larger companies to help try to demystify this somewhat complex software legal and compliance issue.  If you have a volume license agreement with Microsoft, according to many IT professionals, you have a greater chance of being audited.  These audits can apply to companies, organizations, schools, universities and other types of businesses.  To begin, let's discuss some basic concepts such as servers.

What is a server?

The first thing to perhaps make sure you understand is what is a server. I think we all have basic concepts of what a server is, but a server is basically a computer on a network that provides services to other computers on the network.  A computer you buy at BestBuy or Staples is a computer (ex. a HP computer) and once plugged in and connected to another device on the network it is able to perform a server function (ex. share files, or allow the printer to be shared).

Microsoft Server 2012 is another version of a server, more powerful and robust than your home computer and this server (which may be stored in the closet for some smaller companies or contained in a “data center” for larger companies).  This server can perform many functions including providing the following types of services to the companies users, employees, staff and executives:

A.  Email server (ex. Microsoft exchange server) – this allows your employees to access their emails and the exchange server basically collects the emails, figures out who they belong to, and routes them to the proper employee.

B. Remote access server (VPN) – VPN stands for “virtual private network” – this allows remote employees and others to access the local network and be treated as local once they gain access.  Meaning, they have access to all files, folders, and privileges to which they have been granted permission to.

C.  File server – this server allows employees and users to access and share files, save them and so on.

D.  Printer server – many printers have their own built in server, but there could also be a separate printer server that allows employees to access the network and print on one or more printers.

E.  Web server (Microsoft IIS) – allowing companies to serve up web pages and other media to website visitors.  This will be much more robust than something a website owner can serve up on their Windows XP for example.

F.  Authentication server (ex. Active Directory Server) – there is a serve to handle incoming authentication requests.  The server validates the request and provides the user or employee with access to the services that the user is granted permission for.

G.  Database Servers – these are your MySQL databases (“SQL servers”) or Microsoft Sequel databases.  These servers store and serve up data.  For example, a customer contact software program will store date about a companies customers on their company databases.  Companies will need to make sure they have the proper number of “SQL Server CAL licenses” for users or devices accessing SQL software.

H.  FTP server – this is a server that allows the transfer of large files from one computer to another.

I.  Microsoft terminal servers – According to one popular soft-tech site:

“The Microsoft Windows Terminal Server (WTS) is a server program running on its Windows NT 4.0 (or higher) operating system that provides the graphical user interface (GUI) of the Windows desktop to user terminals that don't have this capability themselves.”

A SQL CAL license will run approximately $200.  If you are short on licensing, you could win up paying a multiplier on damages.

These are some of the typical SERVERS/SERVICES a company's USER or DEVICE will want to access in the normal course of a business day.  Access rights require a LICENSE and prof of purchase.

When you purchase the Windows 2012 Server Software (either the “standard” or the “data center” version) you get the software that empowers all of these services, but you do NOT get licenses for each of your users and devices to access the these services UNLESS:

1.  You purchased OEM software (ex. an HP computer that came “bundled” with 5 CAL licenses),


2.  You buy the CAL licenses that you need for EITHER your (a) USERS or (b) your company DEVICES that will access the server.  Windows Server 2012 does NOT come with CAL access licenses.

NOTE:  If you obtain either the FOUNDATION edition you get 15 pre-bundled seats out of the box,  If you purchase the ESSENTIALS edition you receive 25 prepaid seats.  For these two versions CAL licenses are NOT required.

 What is a CAL software license?

Okay, let's get down to it. What is a “CAL license?”  CAL stands for “Client Access License.”  The client (that's YOU, the business owner) wants to access the Windows 2012 Server with:




When this is the case, the company has to figure out WHICH license they want.  The USER or the DEVICE license.

The CAL User license means you pay for every user who accesses services through the server.  For example, if you have a USER that accesses the server through their laptop, iPad, Smartphone or PC, then this USER needs a license.  You buy that separately.  This license is touted as being good when you have “companies with employees who need to have roaming access to the corporate network.”  You can get 5 users licenses for approximately $189 bucks.

The CAL Device license means you pay for each device that is accessing services through the server.  Again, five devices will cost you about $189 bucks.  The device license is considered better when you have less users and more devices.  For example, if you have “shift” workers who access computers on occasion.  The thought is why pay for a “user” license for each employee, just pay for the devices that access the server.  This means you will have to keep track of precisely which computers (or other devices such as an iPad or smartphone) are accessing the network, but this could save the company or organization in the long run.  This is something every company has to evaluate for itself – which CAL license is best.

Either license can be purchased through Microsoft approved resellers or online (click on the links I set in this paragraph above).

To be clear, CAL licenses DO NOT come with the licensing of the Windows Server 2012 and must be purchased separately.

C.  The third type of CAL license is the “RDS” (remote desktop services – “remote serve CAL”).

These licenses are basically for administrators who need to access the servers remotely.  A 1 user CAL RDS license goes for about the same price as the other CAL's.

Click to watch a video from our Youtube Legal Channel which discusses Microsoft software audits and CAL licenses

NOTE:  Make sure to Click on the RED “V” to subscribe for FREE business and real estate law legal updates.  Our Channel is growing and we appreciate your support.

Do you have to “activate” your CAL license?

No, the CAL licenses do not need to be activated.  They just need to be purchased and maintained as part of a software compliance or SAM (Software Asset Management) or IT asset management corporate practice.

NOTE:  The RDS license has an activation code.

What are the three types of CAL's

These were discussed above.  The USER license; the DEVISE license and the RDS license (for administrators).  Whenever any of a company's users or devices are accessing Microsoft applications (ex. office, visio, project, etc.) or servers the user or device must have a CAL (Client Access License).  If not, you can be found to be SHORT on licensing, which can be seen as a form of software piracy or infringement.

Does my OEM software come bundled with CAL licenses?

OEM stands for “Original Equipment Manager.”  This means companies that take product components from other companies and assemble them under their own brand and sell them.  For example, DELL, IBM and HP make their own products based in part on the products of other companies (ex. using intel processors).  Some of these OEM products will come bundled with CAL licenses.  Each company needs to check to see if they are getting these licenses. If not, and if they have USERS or DEVICES of ADMINISTRATORS (i.e. the RDS license) accessing Windows Server 2012 on the network, this could be perceived as pirating software (i.e. federal copyright infringement).

Which one is best for most companies the “user” CAL or “device” CAL?

On one video I watched (see my software lawyer library) the Microsoft representative claims “the user license is the best” and it is the easiest to track.  If you have one employee using the CAL USER license and they get fired, a new employee can use their license (meaning, the USER license IS transferrable to another employee).  At the end of the day, the CIO, CTO, IT asset manager or other professional needs to analyze the needs of the business and make the call and purchase the proper licenses to cover their usage.  Again, a shortage of CAL licenses can lead to a costly software audit which could result in litigation or worse, the bankruptcy of a company.

Should I obtain my CAL licenses at the time I purchase Windows server 2012?

It probably makes sense to purchase the needed licenses at the same time you purchase the server software.  This will help you keep track of what you have and how to best make sure you have the proper licenses if your company is ever called out for an audit. If you don't have what you need, however, go get your licenses now, and you can use the above links.  I do not make any money on affiliate programs or anything like that, so feel free to shop around to find the best price you can get.

What is the “RDS CAL license?”

As set forth above, this is the access license for the remote desktop server the remote administrator needs to obtain.  See description above.  This license needs to be activated and is only good for the same year and version (ex. a 2012 CAL RDS is needed for access to Windows 2012 server).

Will my 2008 or 2003 CAL apply to my 2012 Windows Server CAL?

This is a tricky question and worth paying close attention to.  If you have a 2008 CAL license, it is good for 2008 Windows Server, or 2003 Windows server.  It is NOT good for 2012 Windows server.  This would cause a shortage of all employees, users or devices accessing the 2012 server operating software (OS).  From what I have gathered, the Microsoft position is to basically “buy the latest and greatest CAL licenses” whenever you get the chance, that way you will usually be protected. However, the down side to this is at some point you may be overpaying or overbuying software.

Keep in mind for illustrative purposes, if you have a 2012 CAL license (user, device or RDS) this is good not only to access the 2012 Windows server software, but also 2008, or 2003 Windows server.  So your company's licensing rights will travel DOWNSTREAM, but NOT UPSTREAM if that makes sense.  This is where CAL licensing shortages can occur.  When a mid size to large company (sometimes due to a merger, negligence, inadvertence, etc.) has both Windows 2003, 2008 and 2012 servers in its networks there needs to be a proper accounting for licensing rights.  When multiple versions of server software is used in the corporate network, it can become confusing as to what and who is actually licensed to access what server(s).

Attorney Steve Tip:  The RDS administrator license is “version specific.”  In other words, if you have a 2008 RDS license, it is only good for the 2008 Windows server. The 2012 CAL RDS license WORKS ONLY with the 2012 Windows server software.

Do all editions of Windows Server 2012 require a CAL license?

No.  As mentioned above, the ESSENTIALS edition and FOUNDATION edition DO NOT REQUIRE a CAL license.  This is important to keep in mind when you are engaged in a software audit and are taking inventory of your usage.

Where can I purchase CAL'S if I don't have them?

I have provided links above that you can use to purchase the user, device, or RDS licenses.  Feel free to call any authorized Microsoft resellers or your software consultant to discuss with them your need to purchase these licenses.  If they did not properly inform you of this issue, then you may have a case against them for negligence, especially if your business suffers large damages following a software audit conducted at the threat of copyright litigation.

What happens if I am found to be short on these licenses?

If Microsoft (a member of the Business Software Alliance) or “BSA” learns that you are short on your CAL licenses, you could get a letter from a law firm demanding that you submit to a software licensing audit at risk of facing a federal copyright infringement charge.  You could be asked to complete a “deployment summary” (basically a spreadsheet outlining your software installs and providing proofs of purchase).  This is where you need to contact us and have an intellectual property law firm step in and assist you.  You do not want to speak to the opposing lawyers on your own in a “do-it-yourself” fashion. There are too many pitfalls to mention, and we have discussed this on other blogs.  Visit our Software Audit blog page for more information and resources about defenses to a BSA or SIIA, Autodesk or Microsoft audit.  We can help officers and directors avoid personal liability for the licensing shortages.

What if I have OVER-PURCHASED CAL's will Microsoft provide our company with a refund?

LOL.  Don't we wish.  The answer I was given was “NO” there is no compensation paid for over buying or over-purchasing licenses.  The best Microsoft will allow you to do is:

a.  Downgrade your licenses

b.  Seek a refund within 90 days

What types of proofs of purchase will Microsoft generally accept?

For all proofs they want either:

a. Unique product key,


b. Dated proof of purchase from an authorized Microsoft reseller,


c. Proof of license via volume licensing – ex. volume license agreement number (you can go to the Microsoft Volume Licensing Service Center  for more help.  Note:  They also offer a help desk to assist you.


d. OEM receipt – (ex. proof of purchase from a retail outlet that pre-installed the software).

What do I do if I get a letter from Microsoft or the BSA regarding an audit of my software?

You may have received a letter from an individual, corporate compliance department, or even the Microsoft Legal and Corporate Affairs Department labeled: “Microsoft Software Asset Management Review” or something to that effect.  If the letter is from the legal department, it is even more crucial to seek legal counsel before responding as your company has obviously hit their “legal radar.”  Our IP lawyers can help you assess your licensing position, and  where necessary, obtain a “Microsoft Volume Licensing Statement” (“MLS”) to identify your prior purchases and identify potential shortages.  We can also request more time to conduct the audit, or seek to limit the audit to certain products.

Also, companies and organizations need to be aware, there are SCAM software “compliance” companies who could be sending you the audit letter, so having a law firm review this and do the background research before you attempt to respond may make good sense.  We had one occasion where the “software compliance” company literally disappeared after receiving our initial letter or representation and request for further information.

Again, this is the time to “lawyer up.”  Hiring a law firm to handle your case does not “make you guilty” as some think.  Rather, it makes you smart to hire an experienced legal professional to take the case and protect your rights. We can seek to secure your communications to the best extent possible under the Federal Rules of Evidence 408.  We can help you raise defenses, and help you analyze your licensing status and negotiate a settlement that will keep you out of court.  Copyright lawsuits are expensive and in most cases the BSA, Microsoft and its lawyers will be willing to settle on fair terms.

What types of responses is Microsoft looking for?

This will depend on the type of communication you receive.  In some cases your company may just receive an email asking you to self-audit and report your compliance.  This may be something your internal IT staff can handle, especially if you feel you are in compliance.   The letter or email could come from persons such as Mr. Mike Carlson, the National SAM manager and could be labelled “USA FAQ” or “USA introduction” and could contain a sample deployment spreadsheet for your company to conduct its audit.  In other cases you might receive a phone call from the US SAM team.  You should think carefully before responding by phone as the call me be tape recorded which could pin down your testimony in a way that can come back to harm you, or lead to decreased bargaining strength if software shortage negotiations ensue. You could be asked about cloud bundles purchased and developer tools being used.   Your responses could either end the inquiry, or could lead to federal copyright litigation and a public embarrassment to your company.  Our software lawyers can help you minimize your exposure.

How did Microsoft find out about the CAL licensing shortage?

It is not always easy to say how these things are learned. Microsoft is a large and powerful software company with the financial means to figure out if their software is being illegally used.  In some cases, the violations may appear in a “true-up” process self reporting additional software that was installed during the previous year as part of obligations under the Enterprise licensing agreement (“EA”) or End-User Licensing Agreement (“EULA”).  For example, if you self report 50 copies of Microsoft Office (which includes Outlook) and disclose 1000 CAL USER licenses to access the exchange server, this disclosure could trigger the audit letter.  In other circumstances, it could be an “informant” seeking a reward, or seeking to retaliate against the organization for a wrongful termination for example.  These things are common.  The BSA offers rewards for reporting software piracy, so does the SIIA.

There are also other agreements that may need to be reviewed such as a “Product Use Rights” (“PUR”) document which contains terms, conditions and restrictions on how certain Microsoft products may be used.

Should I hire a “software consultant” or SAM specialist company to assist with my Microsoft audit (as opposed to an IP law firm)?

The choice is yours, but most of our Clients like the fact that we are lawyers and can advise the corporation, and communications and exchanges of information with our firm are protected by the attorney-client privilege, the work-product doctrine, and we have the ability to seek rule FRE 408 confidentiality agreements to try to protect information being disclosed during the settlement negotiations. We are also lawyers trained to review and negotiate settlement agreements.  Companies that are doing this run the risk of charges of unauthorized practice of law when they exceed “consulting” and move into the area of providing “legal advice.”


  1. Microsoft CAL Access License Decision Tool

Contact our software licensing lawyer for a free confidential discussion and case analysis

If you have received an audit letter from a law firm demanding your company submit to a voluntary self-audit of your software licenses, or from auditing firms such as KPMG, Price Waterhouse Copper (“PWC”), or Deloitte & Touche, contact us for a free initial case evaluation.  We offer affordable legal fees and tenacious and responsive legal representation.  We will not be beat on price or quality of services.  We can be reached at (877) 276-5084.  You may also leave your NAME and PHONE number (use email address on the right side of this page) and one of our software compliance lawyers will call you back at a time convenient to you.  We look forward to working with you.

About the Author

Steve Vondran

Thank you for viewing our blogs, videos and podcasts. As noted, all information on this website is Attorney Advertising. Decisions to hire an attorney should never be based on advertising alone. Any past results discussed herein do not guarantee or predict any future results. All blogs are written by Steve Vondran, Esq. unless otherwise indicated. Our firm handles a wide variety of intellectual property and entertainment law cases from music and video law, Youtube disputes, DMCA litigation, copyright infringement cases involving software licensing disputes (ex. BSA, SIIA, Siemens, Autodesk, Vero, CNC, VB Conversion and others), torrent internet file-sharing (Strike 3 and Malibu Media), California right of publicity, TV Signal Piracy, and many other types of IP, piracy, technology, and social media disputes. Call us at (877) 276-5084. AZ Bar Lic. #025911 CA. Bar Lic. #232337


There are no comments for this post. Be the first and Add your Comment below.

Leave a Comment

Contact us for an initial consultation!

For more information, or to discuss your case or our experience and qualifications please contact us at (877) 276-5084. Please note that our firm does not represent you unless and until a written retainer agreement is signed, and any applicable legal fees are paid. All initial conversations are general in nature. Free consultations are limited to time and availability of counsel and will depend on the type of case you are calling about (no free consultations for other lawyers). All users and potential clients are bound by our Terms of Use Policies. We look forward to working with you!
The Law Offices of Steven C. Vondran, P.C. BBB Business Review