A software license audit is only daunting if you’re unprepared. Issues like undocumented usage, triggering unexpected fees, or resulting in penalties if compliance isn’t provable may arise if you’re not able to proactively manage software licensing audits. That’s why it’s crucial to understand the process to prevent license audit problems before they exist. In this guide, we will walk you through the best practices and strategies in managing software licensing audits.
At a glance
| Task | Purpose |
| Task 1: Maintain a centralized license inventory | To have a single source of truth for all software licenses, enabling easier tracking, auditing, and compliance verification |
| Task 2: Use PowerShell to discover installed licenses and software | To quickly identify installed applications and their license information across endpoints, improving visibility for compliance checks |
| Task 3: Detect Adobe licensing via registry and admin console | To verify Adobe Creative Cloud license assignments and detect mismatches or unlicensed installations |
| Task 4: Use GPO to enforce licensing compliance and application control | To ensure only licensed and approved applications can run on endpoints by applying Group Policy restrictions |
| Task 5: Validate via CMD and Windows license tools | To confirm Windows license activation status and troubleshoot licensing errors using built-in command-line tools |
| Task 6: Automate non-compliance alerts and cleanup | To proactively detect and address licensing violations by alerting admins and removing unauthorized software automatically |
Prerequisites for managing software licensing audits
Before proceeding with software licensing audit management, make sure your environment meets the following requirements:
- Microsoft 365 Admin Center access and any Volume Licensing portals for managing Microsoft subscriptions and licenses.
- Adobe Admin Console centrally manages Creative Cloud and Acrobat DC licensing.
- PowerShell 5.1 or later, with administrative privileges at your management stations. (Check your PowerShell Version)
- Endpoint coverage via RMM tools or GPOs to reach all devices.
- Mechanisms to detect endpoints, such as registry checks, installed-software inventories, or file-system scans.
Task 1: Maintain a centralized license inventory
📌 Use Case:
Maintaining a centralized license inventory enforces a strong compliance posture. This task tracks every software title, licensing type, and activation model.
Below are recommended steps for maintaining a centralized license inventory.
- Track the following:
- Per-user licenses: These include licensing tied to an individual user account. Examples include software like Microsoft 365, Adobe CC, and more.
- Per-device licenses: This covers licenses assigned to specific hardware, including volume licensing, OEM licenses, and other license types.
- Subscription vs. perpetual: This task identifies subscription licenses (paid on a recurring basis) from perpetual licenses (paid once for perpetual use).
- Cloud-assigned vs locally installed: Tracking of licenses to determine which software is provisioned through a cloud service, and which ones are physically stored on device storage.
- Store the inventory using the following:
- Cloud storage platforms: Store inventory data in cloud storage platforms like OneDrive or SharePoint.
- IT documentation services: A purpose-built IT documentation platform for MSPs is also ideal for this task. Some comprehensive endpoint management platforms, like NinjaOne, also have integrated IT asset management, which can also be used to store and manage your license inventory.
- Custom PowerShell-generated reports: Specific scripts also automatically pull licensing and installation data from endpoints, format it into readable reports (CSV, HTML, etc.), and save it in a central repository for ongoing audit readiness.
Task 2: Use PowerShell to discover installed licenses and software
📌 Use Case:
This task retrieves a filtered list of applications and licences through manual querying using PowerShell.
Automated discovery is critical for keeping your license inventory accurate. One way to do this is by using PowerShell to query installed software, check activation details of Microsoft 365 subscription apps, and retrieve activation status of Microsoft Office. Here are some example steps:
- Open PowerShell as an administrator. Press the Windows key, type PowerShell, then right-click Windows PowerShell and select Run as administrator.
- Run the following command:
- To list all Adobe and Microsoft Office installations on a device:
Get-CimInstance -ClassName Win32_Product |Where-Object
{ $_.Name -like “*Adobe*” -or $_.Name -like “*Office*” } | Select-Object Name, Version, InstallDate
This command retrieves Adobe and Microsoft Office applications installed on the local computer via MSI-based installers, showing their name, version, and install date.
💡 Note: The scope of this command is the device where it’s executed. If you have hundreds of computers, you would need to run this individually on each one. For scalability, organizations often use RMM tools like NinjaOne to automate this discovery by pushing mass scripts across all managed endpoints.
- To check activation details of Microsoft 365 subscription apps via the registry:
Get-ItemProperty HKLM:\SOFTWARE\Microsoft
\Office\ClickToRun\Configuration |
Select-Object ProductReleaseIds
- To retrieve activation status, you can:
cscript “C:\Program Files\Microsoft Office\Office16\ospp.vbs” /dstatus
Task 3: Detect Adobe licensing via registry and admin console
📌 Use Case:
This task verifies Adobe product licensing by checking registry keys and the Adobe Admin Console to identify unauthorized installations or expired licenses.
- Open PowerShell as an administrator. Press the Windows key, type PowerShell, then right-click Windows PowerShell and select Run as administrator.
- Run the following command:
Get-CimInstance -ClassName Win32_Product |Where-Object
{ $_.Name -like “*Adobe*” -or $_.Name -like “*Office*” }
|Select-Object Name, Version, InstallDate
This command gives administrators a filtered inventory of installed Adobe and Microsoft Office products across an endpoint, useful for quickly verifying whether licensed software is installed and when.
Task 4: Use GPO to enforce licensing compliance and application control
📌 Use Case:
This task prevents unauthorized or unlicensed software usage by applying Group Policy restrictions and controlling which applications can run within the network.
Group Policy provides a powerful control mechanism to enforce licensing and application control. Here’s a breakdown:
- Under User Configuration > Administrative Templates > System:
- Enable Run only specified Windows applications to lock down software installs.
- Or use Don’t run specified Windows applications to block known unlicensed or pirated apps.
- For more advanced control, use Software Restriction Policies or AppLocker to prevent unauthorized Adobe or Office versions.
- Navigate to:
- Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies
- Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker
- Or for instance, create path rules to block installers like setup.exe used by pirated software, or hash rules for known cracked versions.
- Navigate to:
Task 5: Validate via CMD and Windows license tools
📌 Use Case:
This task aims to confirm Windows and Microsoft Office activation status to avoid service disruptions and ensure devices meet licensing requirements.
- Open the Command Prompt as an administrator. Press the Windows key, type cmd, right-click Command Prompt from the search results, and select Run as administrator.
- To view Windows licensing and activation details, run:
slmgr.vbs /dli or slmgr.vbs /xpr
These commands display Windows activation status, license type, and whether the system is permanently activated.
- To view Microsoft Office activation information, you need to run the ospp.vbs script. Microsoft installs this built-in script with every volume-licensed Office installation to report on your license and activation information. You don’t need to download it; it’s already on your system.
To run it, locate it first. The ospp.vbs script is typically located in the Office installation folder:
- C:\Program Files\Microsoft Office\Office16 (for 64-bit Office on 64-bit Windows)
- C:\Program Files (x86)\Microsoft Office\Office16 (for 32-bit Office on 64-bit Windows)
You have to navigate to the directory where the ospp.vbs script is stored. Use one of the following commands, depending on your Office version and system architecture:
- For 64-bit Office on a 64-bit OS, run:
cd “C:\Program Files\Microsoft Office\Office16”
- For 32-bit Office on a 64-bit OS:
cd “C:\Program Files (x86)\Microsoft Office\Office16”
💡 NOTE: The “Office16” folder is for Office 2016 and 2019. This number changes depending on the version (e.g., “Office15” for Office 2013, “Office14” for Office 2010).
Open Command Prompt (opened as administrator). Run the following script with the cscript command:
cscript ospp.vbs /dstatus
Running this script will display activation status, license type, and remaining grace period if applicable.
- To ensure Adobe’s Creative Cloud process is running:
Get-Process “Creative Cloud”
- To get a full list of installed products for additional cross-checking:
Get-ItemProperty HKLM:\Software\Microsoft
\Windows\CurrentVersion\Uninstall\* | Select-Object
DisplayName, DisplayVersion, Publisher, InstallDate
Task 6: Automate non-compliance alerts and cleanup
📌 Use Case:
You can do this task to automatically detect, alert, and remove unlicensed or prohibited software. It can help maintain compliance without relying solely on manual reviews.
Automation helps with scaling compliance checks. Here are some recommendations:
- Schedule scripts to detect unauthorized software by comparing installed lists to your licensed inventory.
- Use scripting to automatically uninstall trial or deprecated versions. For example, if you want to find and automatically remove any MSI-installed Microsoft Office products on a device:
- Open the Command Prompt as an administrator. Press the Windows key, type cmd, right-click Command Prompt from the search results, and select Run as administrator.
- Run the following command:
Get-CimInstance -ClassName Win32_Product -Filter “Name LIKE
‘%Office%'” |ForEach-Object { $_.InvokeMethod(‘Uninstall’, $null) }
- Log all actions such as deletions, alerts, and integrations. This can ensure audits are backed by evidence.
⚠️ Things to look out for
| Risks | Potential Consequences | Reversals |
| Missing license data | Licensing commands may return incomplete or inaccurate information, leading to false compliance or activation status assumptions. | Reinstall or reconfigure the software with the correct installation context (per-machine vs. per-user), then re-run validation commands. |
| Script failures | Commands or scripts fail to execute, producing no output or incomplete results, which delays license verification. | Run the shell with administrative privileges, check file paths, and adjust execution policies (Set-ExecutionPolicy) to allow the script to run. |
| Office activation errors | Users may experience reduced functionality in Microsoft Office apps (e.g., read-only mode), impacting productivity. | Run Microsoft’s Office Repair tool, or follow official activation troubleshooting steps in Microsoft Learn to reactivate. |
| Adobe Creative Cloud (CC) sync issues | Users may lose access to assigned Adobe apps or encounter missing licenses in the Creative Cloud desktop app. | Force a sync from the Creative Cloud desktop app or sign in/out; if issues persist, verify assignments in the Adobe Admin Console and reassign as needed. |
Additional considerations for managing software license audits
- BYOD and remote devices: Track installs via sign-ins using Microsoft 365 or Adobe accounts.
- Inactive accounts: Deactivate or reassign licenses for users dormant for 30 days or more.
- Retention policies: Store procurement and license records for at least 3 years to satisfy audit traceability.
- Audit requests: Be ready to produce reports showing license counts, assignments, usage history, and purchase logs on demand.
NinjaOne services for detecting and quarantining malware via RMM
NinjaOne and its tools can help MSPs maintain continuous license hygiene and confidently generate audit-ready reports.
| NinjaOne service | What it is | How it helps with software licensing audit management |
| Software inventory monitoring | Detect all installed applications across clients. | Ensures you have a complete, up-to-date list of installed software, making it easier to verify licensing status and spot unauthorized or outdated applications. |
| Registry & GPO compliance audits | Monitor registry values that indicate license status. | Validates license compliance by cross-checking registry entries and Group Policy settings against expected configurations. |
| Alerting | Notify MSPs when unauthorized software is installed or unlicensed versions are detected. | Enables real-time detection and rapid remediation of potential licensing violations before they escalate into audit issues. |
| Automation scripts | Remove deprecated software, deploy compliance tools, or export license reports. | Speeds up compliance tasks by automating software removal, deploying tools for license validation, and generating reports for audits. |
| Cross-tenant dashboards | Aggregate licensing data across multiple client environments for audit readiness and cost optimization. | Provides a consolidated view of license usage across all clients, making it easier to prepare for audits and optimize software spending. |
Managing software licensing audits proactively
Carrying out operations to manage software licenses may seem tedious. However, following these recommendations can save you from unexpected, and most of the time, disruptive issues due to software license misaudits. In summary, we covered:
- How to discover and track Microsoft and Adobe software installations
- PowerShell, CMD, registry, and GPO methods to enforce compliance
- Centralized documentation and automation strategies
- How NinjaOne ensures software audit preparedness across all clients
All these strategies can help you proactively and confidently prepare for a software license audit.
