Microsoft SPLA vs CSP for Hosting Providers: Which Model Fits Your Business?

The Question Every Hosting Provider Is Asking in 2026

Microsoft's SPLA Listed Provider restriction, effective 1 October 2025, blocked SPLA use on AWS, GCP, Azure, and Alibaba Cloud overnight. For hosting providers who had built their commercial model around SPLA-on-hyperscaler arbitrage, the cutoff was immediate — and many are still carrying the audit exposure. The question of whether to be in SPLA, CSP Hoster, or both has never been more consequential.

The question has become more urgent since October 2025, when Microsoft's Listed Provider restriction effectively blocked SPLA use on the four major public clouds — AWS, GCP, Azure, and Alibaba. Providers who had been running SPLA workloads on hyperscaler infrastructure had to either migrate to CSP Hoster, shift workloads back to owned or co-located data centres, or exit those product lines entirely. Many are still navigating the transition.

This guide covers what each programme is, where they differ, which products they cover, and — most practically — how to decide which programme should anchor your licensing strategy in 2026.

What SPLA Is and How It Works

The Service Provider License Agreement (SPLA) is a monthly licensing programme designed specifically for organisations that host Microsoft software as a service for customers. Under SPLA, you — the service provider — hold the Microsoft licences and report usage to a Microsoft-authorised SPLA reseller on a monthly basis. Customers receive the hosted service; they do not hold individual Microsoft licences.

SPLA operates on a rolling three-year term, renewed at each anniversary. You report the peak monthly usage of each product, and your reseller invoices you accordingly. There are no annual minimums or upfront commits — SPLA is designed for variable, service-driven consumption. This monthly flexibility has made it the dominant model for hosting providers running server infrastructure for multiple customers.

What SPLA Covers

SPLA's product catalogue is built around Microsoft server workloads. The core products available under SPLA include:

• Windows Server (Standard and Datacenter editions) — licensed per processor core or via Subscriber Access Licences (SALs)
• SQL Server (Standard and Enterprise) — licensed per core or per SAL
• Exchange Server — licensed per SAL for hosted mailbox services
• SharePoint Server — licensed per SAL
• Remote Desktop Services (RDS) — licensed per SAL, enabling hosted desktop and application delivery
• System Center — for managed infrastructure and monitoring
• Skype for Business Server — licensed per SAL (legacy unified communications)
• Dynamics 365 on-premises versions — select legacy Dynamics products

The No-CAL benefit is a critical SPLA feature: customers who access Microsoft software through a licensed SPLA provider do not need to hold their own Client Access Licences (CALs). The service provider's SPLA subscription covers the access rights. This significantly simplifies the commercial model for hosted services and is one of the primary reasons SPLA remains attractive despite newer alternatives.

SPLA Licensing Models: SAL vs Processor

Within SPLA, most products can be licensed on one of two models. The Subscriber Access Licence (SAL) model prices per named or concurrent user or device — well-suited to hosted desktop, hosted exchange, and hosted SharePoint deployments where the user count is known and relatively stable. The processor/core model licenses the underlying hardware, irrespective of how many users are served from it — often more economical for infrastructure-heavy workloads with many users sharing a small number of physical servers.

Choosing the right model requires modelling your specific deployment architecture. In hosted desktop environments with high user density, the SAL model typically wins. In SQL Server environments running shared infrastructure at high core utilisation, the core model can be significantly cheaper. Getting this wrong is one of the most common sources of over-spend we see in SPLA engagements.

What CSP Hoster Is and How It Works

The CSP Hoster programme is a subset of Microsoft's Cloud Solution Provider (CSP) framework, specifically designed for partners providing hosted desktop and cloud services from their own data centres. Unlike standard CSP reselling — where you are effectively distributing Microsoft cloud services like Microsoft 365 and Azure — CSP Hoster allows you to pre-build and pre-activate virtual machines with Windows 11 and Microsoft 365 Apps, then deliver those as hosted services to your customers.

Under CSP Hoster, licences are assigned to individual customers — unlike SPLA, where the service provider holds the licence. Each customer has their own licence attached to their subscription. The commercial terms follow standard CSP pricing: monthly commit at list price with no standard discount, annual commit at up to five percent discount, or three-year commit for better rates but reduced flexibility.

What CSP Hoster Covers

CSP Hoster's strengths are in modern desktop and productivity workloads. The programme's primary use cases include:

• Windows 11 — pre-activated virtual machines in hosted desktop environments
• Microsoft 365 Apps (formerly Office 365 ProPlus) — pre-activated Office apps in hosted desktop delivery
• Microsoft 365 subscriptions (E1, E3, E5, E7) — resold to customers as part of a hosted service
• Windows Server via license-included offers — available through CSP Hoster where SPLA is not appropriate

The CSP Hoster programme also supports Bring Your Own Licence (BYOL) scenarios, where customers bring their existing Microsoft licences to the hosted environment. This is relevant for customers with existing Microsoft 365 Enterprise Agreements who want to use those entitlements in a hosted desktop delivered by a CSP Hoster partner. All hosting providers — not just those enrolled in CSP Hoster — may permit customer BYOL for Windows Server on multi-tenant hardware, but CSP Hoster adds the ability to deliver license-included services using current product entitlements.

CSP Hoster Replaces QMTH

The CSP Hoster programme effectively supersedes the Qualified Multitenant Hoster (QMTH) programme that preceded it. QMTH was previously required for hosting providers to deliver Windows 11 and Microsoft 365 Apps on multi-tenant shared infrastructure. Microsoft has since expanded those rights through CSP Hoster, making QMTH redundant for new participants. If you are an active QMTH provider, migration to CSP Hoster is voluntary but recommended — QMTH will not receive updates to reflect newer products and entitlements.

The October 2025 Listed Provider Restriction

One of the most significant changes in Microsoft hosting history took effect on 1 October 2025: the Listed Provider restriction. Under this rule, SPLA licences may no longer be used on infrastructure hosted by AWS, Google Cloud Platform, Microsoft Azure, or Alibaba Cloud. The restriction applies immediately — service providers who were running SPLA workloads on these hyperscalers had to cease that practice from the effective date.

The practical impact has been substantial. Many hosting providers and ISVs had built cost arbitrage models — running SPLA licences on third-party cloud infrastructure to undercut the hyperscalers' own licensing prices. That model is now gone. The options available to affected providers are:

• Move workloads back to owned or co-located data centres where SPLA remains permissible
• Migrate to CSP Hoster for products covered by that programme
• License workloads through Azure Hybrid Benefit under an Enterprise Agreement (if the workloads are running on Azure itself)
• Exit those specific hosted product lines if the economics no longer work without the SPLA arbitrage

It is worth noting that this restriction applies to using SPLA on Listed Provider infrastructure. Customers who own their own licences (BYOL) and wish to run workloads on AWS or Azure are governed by a separate set of licence mobility rules — BYOL is not affected by the SPLA Listed Provider restriction.

The January 2026 SPLA Pricing Changes

Separate from the Listed Provider restriction, Microsoft implemented price increases for several SPLA products effective January 2026. The increases were not uniform across the catalogue:

• Exchange Server SAL — approximately 10% increase
• SharePoint Server SAL — approximately 10% increase
• Skype for Business Server SAL — approximately 10% increase
• Legacy Dynamics on-premises versions — approximately 10% increase
• Windows Server — held flat
• SQL Server — held flat

The pattern is deliberate. Microsoft is applying pricing pressure to the legacy server products where cloud migration is the obvious strategic path — Exchange, SharePoint, and Skype for Business all have cloud equivalents in Microsoft 365. The flat pricing on Windows Server and SQL Server reflects their continued importance to infrastructure-heavy hosting deployments where there is no direct equivalent cloud replacement.

For hosting providers running Exchange or SharePoint as managed services, the 2026 price increase reinforces the commercial case for migrating customers from hosted Exchange Server to Exchange Online via CSP. The numbers increasingly favour the cloud model.

Key Differences: SPLA vs CSP Hoster Side by Side

Licence Ownership

Under SPLA, the service provider holds the Microsoft licences and customers access the service. Under CSP Hoster, licences are assigned to individual customers — each customer has their own Microsoft subscription. This has significant operational implications: in SPLA, the provider's compliance burden is total; in CSP Hoster, individual customer licence assignments must be accurately maintained and reported.

Product Coverage

SPLA covers the on-premises Microsoft server catalogue — Windows Server, SQL Server, Exchange Server, SharePoint Server, RDS, System Center, and legacy Dynamics. CSP Hoster covers modern desktop and productivity workloads — Windows 11, Microsoft 365 Apps, and Microsoft 365 subscriptions including the full E1 through E7 SKU stack. The two programmes are genuinely complementary rather than overlapping, which is why most full-service hosting providers need both.

Commercial Terms

SPLA is a monthly variable model — you report what you used and pay accordingly, with no upfront commit. CSP Hoster follows standard CSP terms: monthly commits at list price with no discount, annual commits at up to five percent, or multi-year commits at better rates. SPLA's flexibility is a significant operational advantage for providers with variable customer workloads; CSP's predictable per-customer billing is better suited to desktop-as-a-service environments with stable user counts.

Cloud Deployment

SPLA cannot be used on Listed Provider infrastructure (AWS, GCP, Azure, Alibaba) since October 2025. CSP Hoster is designed for provider-operated data centres and does not carry this restriction for hosted desktop workloads. However, CSP Hoster also does not provide a route to Azure Hybrid Benefit — that requires an Enterprise Agreement. Providers building cloud-native services on Azure are typically better served by direct CSP reselling or Enterprise Agreement programmes than by either SPLA or CSP Hoster.

Support and Partner Requirements

Both programmes require working through an authorised Microsoft reseller or distributor — you cannot contract directly with Microsoft under either SPLA or CSP Hoster. CSP Hoster carries an additional requirement: partners must demonstrate capability to pre-build and pre-activate hosted environments, which involves additional verification steps. SPLA qualification is more accessible for smaller providers, while CSP Hoster suits organisations with an established hosted desktop practice.

Decision Framework: Which Programme Should You Be In?

The right starting point is to map your current product portfolio against what each programme covers, then layer in your infrastructure model and customer base characteristics.

Use SPLA When:

• You host Windows Server or SQL Server workloads for customers from your own or co-located data centres
• You operate hosted Exchange or SharePoint services (on-premises versions) and have not yet migrated customers to cloud equivalents
• You offer hosted Remote Desktop Services or application virtualisation
• Your customer workloads are variable month-to-month and the flexible monthly reporting model is commercially important
• You need the No-CAL benefit to simplify your customer-facing commercial model

Use CSP Hoster When:

• You deliver hosted desktop services (Desktop-as-a-Service) using Windows 11
• You pre-activate Microsoft 365 Apps in virtual machine images for customers
• Your customers want Microsoft 365 E1, E3, E5, or E7 subscriptions included in their hosted service
• You need to support BYOL customers bringing their existing Microsoft 365 licences into your hosted environment
• You are migrating customers away from on-premises Exchange or SharePoint toward hosted Microsoft 365 services

Run Both When:

Most mature hosting providers serve customers across a spectrum that spans legacy server workloads and modern cloud-connected desktop services. A full-service hosting or managed service provider will typically need SPLA for the infrastructure layer — Windows Server, SQL Server, RDS — and CSP Hoster for the productivity and desktop layer. This dual programme approach is common and supported by Microsoft, though it requires careful operational separation to avoid compliance gaps at the boundary between the two.

Common Mistakes Hosting Providers Make

Across more than 200 SPLA and CSP Hoster engagements, Redress Compliance sees the same patterns of exposure appearing repeatedly. The most consequential are these four.

Continuing SPLA on Listed Provider Infrastructure After October 2025

Some providers were slow to act on the Listed Provider restriction and continued running SPLA workloads on AWS or Azure infrastructure past the October 2025 effective date. This creates material audit exposure. Microsoft SPLA audits are conducted by Big Four accounting firms under the audit rights provisions of the SPLA agreement, and non-compliance on infrastructure placement is straightforward to identify. If you are in this position, the priority is to remediate the deployment placement first, then document the remediation timeline for any audit defence.

Under-Reporting Monthly SPLA Usage

SPLA requires reporting peak monthly usage — the highest count of active SALs or active processors/cores in the reporting period, not an average or end-of-period snapshot. Providers who report averages, or who miss counting processors in newly provisioned environments, consistently under-report. Microsoft's audit methodology identifies this pattern through infrastructure inventory cross-checks. The typical penalty uplift in SPLA audits ranges from 25 to 125 percent on underpaid amounts.

Using the Wrong Licensing Model (SAL vs Processor)

The choice between SAL and processor licensing is not locked in at SPLA agreement level — providers can use different models for different products or customer environments. But without deliberate modelling, providers often default to one model across the board and systematically overpay. For RDS environments with high user density and low core counts, SAL is almost always more expensive than processor licensing. For Exchange environments serving a modest number of users across many servers, SAL is typically cheaper.

Treating CSP Hoster as Turnkey Compliance

CSP Hoster simplifies Microsoft 365 deployment for hosted desktop, but it does not eliminate compliance obligations. Licence assignments must accurately reflect the users accessing the hosted environment. Pre-activated VM images that have been cloned, replicated, or deployed to users beyond their assigned licence count create unlicensed usage. The activation model makes over-deployment easy to miss — and auditors know this.

How Redress Compliance Supports Hosting Providers

Redress Compliance has worked with hosting providers, ISVs, and managed service providers across EMEA and North America on SPLA and CSP Hoster licensing for over two decades. Our work falls into three categories.

Compliance assessments identify current exposure before it becomes an audit finding. We map your deployed infrastructure, reconcile it against your reported SPLA usage, verify licence assignments in CSP Hoster environments, and produce a remediation roadmap with prioritised actions. Assessments typically take two to four weeks and are conducted on a fixed-fee basis.

Microsoft audit defence covers the full lifecycle of a Microsoft SPLA audit — from the initial notification and engagement with the Big Four auditor through to finding negotiation and final settlement. We have successfully challenged audit methodologies, identified auditor over-counts, and negotiated settlements materially below the initial findings in SPLA audits across all major product categories.

Programme optimisation addresses the structural question of whether your current programme mix — SPLA, CSP Hoster, or both — is commercially optimal. We model licensing costs under alternative programme configurations, identify products where migration from SPLA to CSP Hoster would reduce total cost, and advise on reseller contract terms that give you appropriate flexibility at renewal.

If you are navigating the aftermath of the October 2025 Listed Provider restriction, managing a SPLA audit, or evaluating whether your programme mix still fits your 2026 business model, the starting point is a conversation with our Microsoft EA advisory specialists who work exclusively on the buyer side.