I've often wondered, I have an MSDN universal license, and a technet license, so I have all the licenses I need to do what I need, which is software development.
If I was a dishonest person, and simply gave a license key for say an enterprise version of SQL server, to someone (or worse charged them for it), and they used it in a production environment, how does Microsoft catch people?
In the old days, when most software that was installed on a desktop, it was always pretty obvious when a company bought one copy of a piece of software and installed it on the desktops of 500-1000 or more people (I worked at a company like that. Ultimately, someone ratted them out and the software police came and handed down a big fine...)
If a dishonest company installs a illegal copy of server software and 1000 or more people use it, there would be no way anyone except the sysadmin would know...I have to believe MS has a way of dealing with this...but how?
I think this article pretty much covers all of your questions:
http://www.aaxnet.com/topics/slicense.html
I was once working with a client who contacted Microsoft to ask what it would take to become "compliant" and fully licensed.
By the time the (several) conversations were over, they opted to switch everything they could over to Linux.
It was quite the undertaking but when it was all done it easily saved them money.
I'm not bashing Microsoft here, I actually like several of their products and even recommend them (best tool for the job, etc). It just seems that the bigger or more complex the business is... the harder it is for the business to stay licensed, in compliance, and safe.
Open source is turning out to be a very good way of avoiding the most common issues such as too many copies of Microsoft Office, too many web servers, a SQL server that's set up as a SaaS (Software as a Service) provider, etc, etc.
Just my 2 cents. Hope the link above sheds more light on it for you.
I've had experience with three Customer organizations that received notice from Microsoft that a complaince audit was being performed. One was a Fortune 1000 company, one was a school district w/ roughly 10,000 students, and one was a small company w/ 150 employees.
I was directly involved with the 150 person company's compliance audit so I can speak about it in some detail.
Microsoft started by sending a letter indicating that a compliance audit was being requested. The letter contained information about tools and the desired reporting format.
A follow-up letter arrived with an itemized list of all of the volume license purchases that Microsoft was aware of for this Customer.
Finally, a third letter arrived indicating a desired completion date and hinting that Microsoft would exercise their right to perform an on-site audit using third-party auditors if the Customer did not comply with their requests.
I didn't get to assemble the response materials (that duty fell to one of my busness partners). My understanding is that we provided photocopies of a subset of our OEM product keys, counts of computers where installations had been performed, and copies of invoices for volume license purchases.
All-in-all it was fairly straightforward, but it was clear to us that Microsoft intended the process to be taken seriously and that they would exercise their rights relative to audit if the Customer did not comply.
I worked for a company with roughly 500 employees, and we spanned 2.5 floors of the building. Microsoft Australia shared the other half of one of the floors and as a result we were audited, by them, every 12 months at least.
Someone would come around with a USB stick, pop it into the computer, it would autorun, download license details (I assume), pop up a message, and they would go to the next PC, repeat and rinse.
I was at the bottom of the food chain so I never know about these audits until they happened so I've no idea what the official process was. All I know is that I had quite a few unlicensed products that management weren't aware of, but nothing ever came back to me about it.
Microsoft tracks key activations, and if you do something dumb like put your volume activation key on a messageboard, they will request a meeting when they see your copy of Office being installed in Mongolia.