Workflow Templates for Software Asset Management: Software License Management Checklist

License Inventory and Discovery

Pull installed-software inventory from RMM

Export the software inventory from your RMM (NinjaOne, Datto, ConnectWise Automate, Kaseya VSA) covering every managed endpoint and server. Include version and edition — Visio Standard vs. Professional and SQL Server Standard vs. Enterprise are billed very differently.

Export SaaS subscriptions from SSO and finance

Pull the SSO app catalog from Entra ID or Okta and cross-reference with credit-card and AP records from Finance. Shadow IT shows up here — apps paid on personal cards, free-tier accounts, or trial subscriptions that auto-converted to paid.

Classify license type for each title

Tag every entitlement as perpetual, subscription, OEM, CAL (per-user vs. per-device), concurrent, or named-user. Microsoft EA, Adobe VIP, and VMware Per-Core have meaningfully different audit math; mis-tagging here distorts everything downstream.

Record purchase and renewal dates

Attach the consolidated register (CSV or vendor portal export) to this run. Each row should carry SKU, quantity, term start, term end, agreement number, and reseller. IT Glue, Hudu, or a SAM tool like Flexera or ServiceNow SAM Pro is the system of record — never a one-off spreadsheet on someone's laptop.

Flag over-allocated and under-allocated titles

Compare deployed instances to entitled quantities. Under-licensed titles are an audit liability; over-allocated titles are a budget liability. Pay particular attention to SQL Server, Windows Server, and any title with per-core licensing — VM sprawl makes these the most common audit findings.

Compliance and Vendor Audit Prep

Reconcile installs against entitlement records

For each vendor, produce an Effective License Position (ELP) showing entitled vs. deployed. Microsoft uses MAP Toolkit data; VMware uses vCenter inventory; Oracle uses LMS scripts. The ELP is what you'll hand auditors — get it right before they ask.

True-up under-licensed titles with the reseller

Self-disclose and true-up before a vendor audit notice arrives — penalty pricing during an audit can be 2-3x list. Work through your LSP (Microsoft) or authorized reseller; preserve email trail showing voluntary remediation.

Verify per-user vs per-device terms

Microsoft 365 E3 is per-user; Windows Server CALs can be per-user or per-device. Shared workstations (kiosks, lab PCs, shift workers on one device) shift the math — getting this wrong produces phantom shortages or phantom surpluses.

Archive agreements and SKU receipts in IT Glue

EULA, MSA, order forms, and proof-of-purchase emails go in the documentation system tagged by client and vendor. Auditors ask for source documents; an answer of "we know we bought it" without paperwork loses.

Check for active vendor audit notices

Check legal-notice mailboxes and AP for letters from Microsoft SAM, Oracle LMS, VMware GLC, or third-party audit firms (Connor Group, House of Brick). Audit notices often go to a generic AP or legal address — confirm nothing is sitting unanswered past its response window.

Engage licensing counsel for audit response

Loop in legal and a SAM advisor before submitting any data to the auditor. Scope the audit (which entities, which products, which time period) in writing first. Never run vendor-supplied scan scripts without reviewing what they collect.

Renewal and Expiration Management

Build a 90/60/30 day renewal calendar

Every term-based subscription gets reminders at 90, 60, and 30 days before end-of-term. Auto-renew traps and price hikes hide here — Adobe, Atlassian, and most SaaS vendors quietly increase renewal pricing 5-15% if nobody pushes back.

Configure renewal alerts in the PSA

Recurring tickets in ConnectWise PSA, Autotask, or Halo PSA tied to the renewal calendar. Assign each ticket to a named owner — "the team" owns nothing.

Review renewal need with application owner

Schedule a 15-minute call with the business owner of each title 60 days before renewal. Three questions: still using it, how many seats, any contractual changes coming. Tools no one champions are the cleanest savings.

Negotiate co-term and pricing with reseller

Push co-termination of multiple SKUs to a single anniversary date for negotiating leverage. Multi-year commitments earn discounts but lock in price; weigh against vendor stability. Document the final negotiated price next to the original quote in the register.

Reclaim or reassign unused seats

Pull last-login data from each SaaS admin console. Seats with no login in 60+ days get reclaimed. Coordinate with HR — terminated employees should already be deprovisioned, but offboarding-checklist drift means stragglers survive for months.

Cost Optimization

Calculate cost per active user per title

Annual contract value divided by 30-day active users. Titles above $200/active-user/month deserve scrutiny. M365 E3-vs-E5 mix is the highest-leverage decision in most estates — E5 priced per seat is rarely justified once you exclude security and Power BI features being used.

Evaluate volume licensing or EA options

Compare current direct/CSP pricing against Microsoft EA, MPSA, or Adobe VIP Marketplace tiers. Crossover points typically hit around 250 seats; smaller orgs often overpay by buying retail-equivalent SKUs through a CSP.

Reclaim licenses from inactive accounts

Walk the SSO last-sign-in report and each SaaS admin's inactive-user list. Disable in IdP first, wait 14 days for complaints, then revoke the license. Track the reclaimed-seat count — it's the number that justifies the SAM program at budget time.

Consolidate overlapping SaaS subscriptions

Multiple departments often buy adjacent tools — Asana plus Monday plus ClickUp; Zoom plus Teams plus Webex. Pick one and migrate the smallest user base. Net savings often exceed the migration cost within a single renewal cycle.

Update the annual software budget forecast

Roll the renewed contract values, expected seat growth, and reclaimed savings into a 12-month forecast for Finance. Keep a separate line for known-coming price hikes (vendors typically pre-announce 60-90 days out) so quarterly variance reports don't surprise the CFO.

User Access and Training

Provision licenses via SCIM and group-based assignment

Tie license assignment to Entra ID / Okta security groups, not to individual users. Group membership comes from HRIS (Workday, BambooHR, Rippling) via SCIM so joiners and movers update licenses automatically. Manual per-user assignment is the source of most license drift.

Train staff on acceptable use and BYOL policy

Cover the named cases: no installing personal copies on company hardware, no running company licenses on personal devices outside BYOD policy, no sharing accounts. Reference the most recent vendor audit settlement so the consequences are concrete.

Monitor SaaS usage via SSO logs

Feed SSO sign-in logs into the SIEM (Sentinel, Splunk) and build dashboards for per-app activity. Sudden drops indicate decommissioned tools that still have active subscriptions; sudden spikes can indicate credential sharing.

Communicate non-compliance consequences

Annual reminder via the security awareness platform (KnowBe4, Hoxhunt) or a manager cascade. State the financial exposure to the business and the disciplinary policy for personal use of company licenses.

Collect application owner feedback

Short survey to each application owner: is this tool still essential, are there gaps, is the seat count right for next year. Feeds the next quarter's renewal-need conversations and the vCIO's tech stack roadmap.