Microsoft SPLA Licensing Guide 2026: Complete Reference for Hosting Providers

What Is the Microsoft SPLA Program?

The Services Provider License Agreement is a Microsoft volume licensing agreement designed specifically for organisations that provide software services to end customers on a hosted basis. Unlike the Enterprise Agreement — which is designed for an organisation's internal use of Microsoft products and covers the SKU stack from M365 E1 through E3, E5, and the current top tier E7 — SPLA exists exclusively for external hosting scenarios where the licensee's customers access Microsoft software capabilities delivered as a managed service.

SPLA operates on a monthly reporting and payment model. At the end of each calendar month, the SPLA licensee reports to their Microsoft-authorised reseller (LAR or distributor) the maximum number of licenses deployed during that month. Payment is calculated against the reported quantities at the current SPLA rate for each product. The agreement itself is a three-year term, but there is no minimum annual commitment — only a modest monthly minimum (currently approximately $100 per month) after the first six months of the agreement.

This monthly model is SPLA's primary commercial advantage for hosting providers: license costs scale directly with customer deployments, there is no upfront capital outlay for licenses, and providers can add and retire product lines in response to customer demand without penalty. The contrast with perpetual licensing models — where providers would need to purchase license quantities upfront and carry the cost regardless of utilisation — is significant for businesses with variable customer loads.

Who Should Use SPLA?

SPLA is the appropriate licensing vehicle for three distinct types of organisations. The first is traditional hosting providers who operate their own data centre infrastructure and deliver hosted Windows Server, SQL Server, or other Microsoft server products to end customers under a managed service model. These providers benefit most from SPLA's cost structure, which aligns license cost with billable customer consumption.

The second category is independent software vendors who develop Microsoft-platform applications — Windows desktop or server applications, SQL Server-based databases, SharePoint-integrated workflow tools — and want to host their application for customer access as a software-as-a-service model without each customer needing to own the underlying Microsoft platform licenses. SPLA allows the ISV to include platform licensing in their hosted service pricing.

The third category is managed service providers who manage customer IT environments using Microsoft server products on the customer's behalf, either in the customer's own data centre or in an MSP-operated facility. SPLA provides the framework for an MSP to license Microsoft products for deployment in managed customer environments from a single agreement rather than requiring each customer to maintain their own volume licensing.

SPLA Eligible Products in 2026

The SPLA product list is defined by Microsoft and updated periodically. Not all Microsoft products are SPLA-eligible — consumer products, cloud subscription services such as Microsoft 365, and certain server products released after specific dates are excluded. The core server products that form the basis of most SPLA deployments remain available in 2026, with some notable changes.

Windows Server

Windows Server remains available under SPLA in Standard and Datacenter editions. SPLA Windows Server is licensed per processor or per core depending on the version, and covers virtual machine rights for the Datacenter edition. The per-core licensing model introduced with Windows Server 2022 applies under SPLA: a minimum of eight core licenses per physical processor, and a minimum of 16 core licenses per physical server. Virtual machines on a Datacenter-licensed host have unlimited virtualisation rights.

Windows Server 2025 is SPLA-eligible. Pricing for Windows Server under SPLA was not subject to the ~10% increase that applied to other products at the start of 2026, remaining at prior-year rates subject to any applicable foreign exchange adjustments.

SQL Server

SQL Server is available under SPLA in Standard and Enterprise editions. The Web Edition, previously available at a significantly lower SPLA rate for internet-accessible workloads, was discontinued in the SQL Server 2025 release. Providers who relied on SQL Server Web Edition for lower-cost hosting configurations are required to migrate to Standard Edition or restructure affected workloads.

SQL Server Standard under SPLA has per-core and Server plus SAL licensing models available. Per-core requires a minimum of four core licenses per physical processor. SQL Server Standard is subject to its resource constraints: 24 cores maximum per instance and 128GB of addressable RAM. Workloads that exceed either limit require SQL Server Enterprise licensing at a substantially higher per-core rate.

SQL Server pricing under SPLA, like Windows Server, was not included in the January 2026 ~10% increase, maintaining prior-year rates.

Exchange Server, SharePoint Server, and Skype for Business

Exchange Server, SharePoint Server, and Skype for Business (the on-premises product, distinct from Microsoft Teams) are SPLA-eligible and are licensed primarily on the SAL model — requiring a Subscriber Access License for each unique user who accesses the hosted service. Standard and Enterprise SAL tiers are available for Exchange and SharePoint, with Enterprise SAL providing access to the advanced feature sets (Exchange Enterprise includes compliance archiving and Unified Messaging; SharePoint Enterprise includes business intelligence and PerformancePoint).

These three products were included in the January 2026 SPLA price increase of approximately 10%. Providers who build hosted Exchange or SharePoint services should revisit their customer pricing models to account for the increased SPLA cost basis.

Remote Desktop Services

Remote Desktop Services (RDS) SALs are a critical component of SPLA deployments for providers delivering Windows desktop environments as hosted virtual desktops. RDS SALs allow end users to connect to Windows Server sessions through Remote Desktop Protocol. SPLA RDS is available in per-user and per-device SAL variants. VDA (Virtual Desktop Access) rights for accessing Windows 10 or Windows 11 virtual desktops require separate consideration — RDS SAL does not provide Windows Client access rights, which must come through a qualifying customer-side agreement or through CSP subscription.

System Center and Management Products

System Center products (Configuration Manager, Operations Manager, Virtual Machine Manager) are SPLA-eligible and licensed per managed OS environment (OSE) on the server side. These are commonly used by MSPs delivering managed infrastructure services, providing the management platform for Windows Server environments under a single SPLA line item.

Dynamics 365 On-Premises (Legacy Dynamics)

Certain legacy Dynamics ERP and CRM products — Dynamics NAV (now Business Central on-premises), Dynamics GP, and legacy Dynamics CRM — remain SPLA-eligible. These products were included in the January 2026 ~10% price increase. The strategic direction for new Dynamics deployments under a hosted model is toward Dynamics 365 cloud subscriptions through CSP, not SPLA.

SPLA Licensing Models: SAL Versus Processor

Understanding which licensing model applies to each SPLA product is fundamental to correct monthly reporting. SPLA products use one of two primary licensing models: the Subscriber Access License (SAL) model and the processor or core-based model.

The SAL Model

SAL licensing applies to products accessed by individual users or devices over a network: Exchange Server, SharePoint Server, Skype for Business, RDS, and legacy Dynamics products. A SAL must be reported for every unique user or unique device that accesses the hosted service during the reporting month, regardless of the level of usage. A user who accesses the hosted Exchange mailbox once during the month requires one SAL for that month. SAL counts are reported as the maximum number of unique users or devices with access during the month, not as daily or peak concurrent counts.

The distinction between user SALs and device SALs matters in environments where multiple users share a device (kiosk or shift-based scenarios benefit from device SALs) or where one user accesses from multiple devices (user SALs cover all devices for that user). Choosing the wrong SAL type for your deployment scenario is a common audit finding.

The Processor and Core-Based Model

Windows Server and SQL Server are licensed on a per-processor or per-core basis. The licensee reports the maximum number of physical processors (or physical cores, depending on version) on which the licensed product runs during the reporting month. For virtualised environments, the relevant metric is the physical host hardware — not the number of VMs. Running SQL Server Standard in a VM does not reduce the core count to the VM's allocated cores if the physical host has more cores available to the hypervisor scheduler.

The No-CAL Benefit

One of SPLA's most commercially important features is the No-CAL benefit: SPLA SALs include the equivalent of a Client Access License for the end user. Under a standard volume licensing agreement, internal users accessing Microsoft server products from client devices require separate CAL licenses in addition to the server license. Under SPLA, the SAL replaces the CAL requirement for the hosting provider's customers — customers accessing a SPLA-hosted service do not need to hold their own CALs. This benefit extends to CSP Hoster (the No-CAL equivalent applies there too), but it is absent from standard EA structures, making SPLA and CSP Hoster fundamentally more cost-effective per-user for hosted service delivery than trying to repurpose EA licenses for customer hosting.

Monthly Reporting: How SPLA Works in Practice

SPLA reporting is a contractual obligation performed monthly, not a voluntary exercise. At the end of each calendar month, the licensee reports to their reseller the maximum quantities of each SPLA product deployed during that month. The reseller submits these reports to Microsoft and invoices the licensee for the applicable SPLA fees.

What Gets Reported

For processor and core-licensed products (Windows Server, SQL Server), the reported quantity is the maximum number of physical processors or cores running the licensed software at any point during the month. Adding a new server host mid-month creates a reporting obligation for that host for the full month in which it was first deployed. Decommissioning a host reduces the reporting obligation from the following month — the decommission month requires reporting the host as if it were active throughout.

For SAL-licensed products (Exchange, SharePoint, RDS), the reported quantity is the maximum number of active SALs at any point during the month. Users provisioned mid-month must be reported for the full month. Deprovisioned users reduce the count from the following month's report.

There is no minimum monthly reporting quantity per product after the first six months of the agreement, but the total monthly minimum of approximately $100 across all reported products applies throughout the agreement term.

The Reseller Relationship

SPLA licensees do not have a direct procurement relationship with Microsoft. All SPLA transactions flow through a Microsoft-authorised reseller (a Large Account Reseller or authorised SPLA reseller). The reseller relationship affects pricing — SPLA rates are not public, and the rate a licensee pays reflects their reseller's cost and margin — as well as compliance support, since the reseller is responsible for the accuracy of reported quantities submitted to Microsoft.

For Microsoft licensing advisory on SPLA, Redress Compliance engages on the reseller selection and rate negotiation as well as the compliance framework, since reseller commercial terms have a direct impact on the monthly cost of the SPLA program.

The October 2025 Listed Provider Restriction

The most significant structural change to the SPLA program in its history took effect on October 1, 2025. The restriction prohibits SPLA licensees from deploying their SPLA licenses on the infrastructure of Listed Providers — Amazon Web Services, Google Cloud Platform, Microsoft Azure, and Alibaba Cloud.

Why Microsoft Implemented This Restriction

Microsoft's stated rationale is that SPLA was designed for providers who own and operate their own data centre infrastructure. Over time, many MSPs and hosting providers adopted a model where they used their own SPLA licenses to deploy Microsoft software on third-party public cloud infrastructure (primarily AWS and Google Cloud), effectively arbitraging the SPLA rate against the hyperscaler's own license-included pricing. Microsoft viewed this as a misuse of the SPLA program that undermined both its own Azure commercial interests and the economics of Listed Providers' own licensing programmes.

Who Is Affected

Any SPLA licensee that was, as of October 1, 2025, deploying SPLA licenses on AWS, Google Cloud, Azure, or Alibaba Cloud infrastructure is in scope. Providers with workloads in their own colocated data centre space, or in fully private cloud environments not classified as Listed Provider infrastructure, are not directly affected. The restriction applies at the infrastructure level — a provider that owns physical servers in a third-party colocation facility is deploying on its own infrastructure even if the facility is owned by someone else.

Migration Options Post-October 2025

Providers affected by the Listed Provider restriction have several paths forward. Migrating workloads to owned or co-located infrastructure restores SPLA eligibility. Transitioning affected customer workloads to CSP Hoster, which allows providers to resell Microsoft cloud subscriptions on Listed Provider infrastructure, is the path Microsoft recommends. Customers can also Bring Their Own License (BYOL) — if they hold Windows Server volume licenses with active Software Assurance or CSP subscription licenses, they can use those licenses on Listed Provider infrastructure under BYOL rights without needing the MSP to provide SPLA coverage. See our full guide on SPLA to CSP migration for a step-by-step transition framework.

2026 SPLA Pricing Changes

Microsoft announced on-premises SPLA price increases effective January 1, 2026 for a specific set of products. The increase is approximately 10% on list price, subject to foreign exchange adjustments by region. Windows Server and SQL Server were explicitly excluded from this round of increases.

The products affected include Exchange Server (Standard and Enterprise SALs), SharePoint Server (Standard and Enterprise SALs), Skype for Business Server (Standard and Enterprise SALs), and certain legacy Dynamics ERP products. For hosting providers who have built their Exchange, SharePoint, or legacy Dynamics hosted services on SPLA pricing, this increase directly impacts the cost basis of those services and should prompt a review of customer contract terms, service pricing, and SPLA product strategy.

SPLA Compliance: Building a Sustainable Reporting Framework

SPLA compliance failures almost always originate from the same structural gap: the deployment management system that tracks what is running in the environment is not directly connected to the SPLA reporting process. Deployment data lives in hypervisor management consoles, CMDB records, or provisioning system databases; SPLA reports are assembled manually each month from whatever information the compliance team can gather. The gap between these two systems is where discrepancies accumulate.

Automation Is the Foundation

A sustainable SPLA compliance framework is built on automated extraction of deployment data. For Windows Server and SQL Server, this means pulling host-level inventory data — including physical processor and core counts — from the virtualisation platform (Hyper-V, VMware vSphere, or the relevant cloud management plane) at the end of each reporting month. For Exchange and SharePoint, it means automated user count extraction from the applicable directory service or mailbox database, capturing the peak user count for the month rather than the end-of-month snapshot.

The extraction process should produce a monthly report that maps directly to the SPLA reporting template, with full auditability back to the source deployment records. If a Big Four auditor asks you to evidence your September 2024 report with deployment data, you should be able to produce the raw inventory export that produced that month's report. Providers who cannot produce this evidence are treated as having submitted unverifiable reports, which significantly worsens their position in an audit.

The Quarterly Internal Audit

Automating monthly extraction eliminates the most common source of reporting errors, but it does not address process gaps in how deployments are provisioned and deprovisioned, edge cases in product eligibility assessment, or changes in the SPLA product list or licensing rules. A quarterly internal compliance review — conducted using the same methodology a Big Four auditor would apply — identifies and closes these gaps before they accumulate into material audit exposure.

The quarterly review should include a walk through every SPLA product line, verification that reported quantities match deployment records for the three most recent months, a check against the current SPLA product list to confirm all reported products are still SPLA-eligible, and a review of any new customer deployments or product additions since the previous quarter to confirm their licensing basis is correctly assessed. Redress Compliance provides this quarterly review as a managed service for hosting providers who want external validation of their compliance posture without carrying the overhead of a permanent internal SPLA compliance function.

SPLA in Context: The Broader Microsoft Licensing Landscape

SPLA does not exist in isolation from the rest of Microsoft's licensing portfolio. Understanding where SPLA fits in the broader landscape helps hosting providers make informed decisions about which licensing vehicle is appropriate for each customer workload and service model.

For internal staff and management users within the hosting provider's own organisation, the applicable licensing vehicle is not SPLA but a standard volume licensing agreement — either an Enterprise Agreement or the newer Microsoft Customer Agreement (MCA). These internal users might access M365 productivity tools (E1, E3, E5, or the new top-tier E7 which bundles advanced AI and security capabilities previously sold as add-ons) for their own collaboration and productivity needs, while the customer-facing hosted services run on SPLA.

For customer workloads that are cloud-native and Microsoft 365-based — hosted Exchange Online, Teams, SharePoint Online — the appropriate vehicle is not SPLA at all but CSP, specifically CSP-NCE (New Commerce Experience), which allows resellers to provision Microsoft 365 subscriptions for their customers. SPLA covers only on-premises server products deployed in the provider's hosted environment, not Microsoft's own cloud services.

Key Recommendations for SPLA Licensees in 2026

Assess your Listed Provider exposure immediately: If any of your SPLA-licensed workloads were running on AWS, Google Cloud, Azure, or Alibaba Cloud infrastructure after October 1, 2025, you have an active compliance exposure. Quantify the scope and engage independent legal and licensing counsel before any audit activity occurs.

Reassess Exchange and SharePoint SPLA strategy: The January 2026 ~10% increase in Exchange and SharePoint SAL rates, combined with Microsoft's strategic push toward Exchange Online and SharePoint Online cloud services, makes this a commercially rational moment to evaluate whether hosted on-premises Exchange and SharePoint services should migrate to a CSP-based cloud model.

Audit your SQL Server Web Edition deployments: If your SPLA portfolio included SQL Server Web Edition and your reporting has not been updated to reflect its removal in the SQL Server 2025 cycle, you may be reporting a non-SPLA-eligible product. This creates audit exposure that is easily resolved proactively but becomes a formal finding if an auditor identifies it first.

Automate your SPLA reporting: Manual monthly reporting is the single largest contributor to SPLA compliance risk. Automating the extraction of deployment data and its mapping to SPLA report templates eliminates the most common class of audit findings at minimal investment relative to the cost of a single audit engagement.

Engage independent advisors for reseller rate negotiation: SPLA rates are not public and vary by reseller relationship. Independent assessment of your current reseller terms — and benchmarking against available alternatives — typically identifies 5 to 15 percent savings opportunities in the monthly SPLA cost base without requiring any change to your product or deployment strategy.