Microsoft Supports International Standards to Help Make Software Licenses More Manageable

Guest Post by:

Amy Konary, IDC
Research Vice President
Software Licensing & Provisioning

At most of the industry events I attend for Software Asset Management (SAM) Professionals, a common refrain is heard from these busy, and often frustrated, individuals who are tasked with ensuring compliance with software licensing agreements: "We need to know what we need to measure." They also want better software license manageability, as opposed to more audits or proprietary tools.

Asset managers are closer to getting what they are asking for, as progress on the adoption of the set of ISO 19770 standards continues. ISO 19770 is an international set of standards consisting of two parts (19770-1, and -2). The first part of the standard, (19770-1), is directed at enterprises and outlines best practices and processes for effective SAM. ISO 19770-1 uses implementation tiers to make it easier for customers to attain the ISO standard via a phased approach. Microsoft's SAM Optimization model will map to the 19770-1 tiers. The SAM Optimization model will show customers what they have obtained so far and the gaps to achieving more. Microsoft will be launching this as part of the Worldwide Partner Conference this July.

The second part of ISO 19770 describes the way in which software should be electronically tagged so that it’s easier for customers to discover installed software and thus help manage compliance. The standard and its components have been under development for the last several years, and have garnered the early support of companies such as Symantec and CA. In April 2012, Microsoft announced support of -2, helping to move the standards initiative forward.

Microsoft has made a commitment to the -2 tags — and support for the standard is being built into the common set of engineering criteria that helps ensure consistency across the products. The -2 tags are embedded in some products now, and will be incorporated into the planning cycles for future releases of other products. In the coming months, Microsoft is also planning on making some tags available for the install base. For example, there will be a service pack to tag Windows 7. This last part is huge, because SAM professionals are focused today on managing the assets that they already have.

The topic of standards can be pretty dry, and the general lack of media coverage of the ISO 19770 standard exemplifies the lack of industry focus of this topic as compared to headline-grabbers like “cloud.” However, if your job is SAM, these standards are a potential game-changer. I attended a conference for SAM professionals the other week, and the session on ISO 19770 was standing-room-only. The need for software tags is obvious in this community.

Criticism of the ISO 19770 standards initiative mainly centers on the time it takes the international standards committee to develop and release their standards and the limited support thus far from the software community. Microsoft joins Symantec, CA, and Adobe in supporting -2, which is a respectable list of companies, but there needs to be more companies to really gain broader industry attention. Furthermore, while the -2 tags themselves won't simplify licensing, and should not be considered a silver bullet, they represent a material step in the right direction towards easier software discovery, and should help reduce the time customers spend managing their licenses by a significant amount.

Comments (10)

  1. Anonymous says:

    I'd believe Adobe was serious and not just paying lip service if they had behaved and named the next release of Adobe Acrobat VERSION 10 rather than X.  Talk about a coding nightmare for identification of all versions found in an enterprise!

  2. Martin Thompson (The ITAM Review) says:

    Screenshot of Microsoft ISO/IEC 19770-2 Tag found 'in the wild' in Windows8.

    "First Microsoft ISO/IEC 19770-2 Tag Spotted in The Wild"…/windows8-iso-tag

  3. Randy Littleson says:

    Amy –

    This is a great post, and really underscores the promise of software tagging and the industry frustration around its slow adoption.  Flexera Software is also a proponent of software tags, and we’ve actually rolled out a comprehensive strategy and set of products which we announced at SoftSummit last October, to promote wider adoption of software tags by both ISV’s and enterprises.

    The challenge for the industry was the “chicken and egg” conundrum. Enterprises couldn't leverage ISO standards to improve their license management capabilities because there was no easy and automated way to create software tags, so they haven't been widely used.  And ISV’s didn’t have automated tools to create software tags – so there wasn’t a lot of incentive.  We’ve broken that logjam.

    Ultimately, application producers must massively adopt the ISO 19770-2 standards for tagging to go mainstream. Last year we announced that InstallShield and InstallAnywhere include tools to create ISO 19770-2 software identification tags as part of the installation development process. Implemented by thousands of software vendors globally on more than 500 million desktops – InstallShield & InstallAnywhere are used nearly ubiquitously by application producers, and it is now tooled to enable them to quickly and efficiently add software tags to their applications across all platforms.

    There’s an additional problem that’s been slowing the adoption of software tags.  Today when applications are repackaged, deployed, and installed on client computer end-points within an enterprise, the software tags imbedded in the software are usually lost or obfuscated. The backend software asset management tools then struggle to properly identify the installed applications. With our recent release of AdminStudio,  we gave enterprises the ability to automatically add ISO 19770-2 compliant tags to repackaged applications and preserve the original publisher information that will enable applications to be identified after deployment.  This solves the software packaging problem around software tags – and it also empowers enterprises to create their own ISO-19770-2 compliant tags if none were provided by the ISV.

    Ultimately, enterprises benefit when software tags can be used to support their software asset management and software license optimization efforts. To ensure this, we announced that our software license optimization solution, FlexNet Manager Suite for Enterprises, can now provide software tag discovery and inventory support that adhere to the ISO 19770-2 standard.

    The ultimate vision of the ISO 19770-2 standards body was to improve the accuracy and reduce the difficulty around software identification.  While the standards provide the path to improved accuracy, we're providing the vehicle – automated tools – to get organizations to the goal line.  

    Randy Littleson

    Flexera Software

  4. Rob Harmer says:

    There is a significant problem with the -2 tags as they currently stand.

    For a software manufacturer (OEM vendor) to claim that they comply with the standard for -2 tags all they do is need comply with the mandatory elements in the -2 schema.

    Optional means optional.

    We note that so far Adobe only provides a few extra optional elements, not the full suite of data in the schema.

    Optional means the vendor can pick and choose what they want to or don't want to supply, not the customer.

    Microsoft has made it clear (by omission) they are only applying mandatory elements not optional elements as per previous link supplied.

    The mandatory tag data below is no better than what customers see now and in many cases less than they can see now with existing tools.

    Mandatory data elements (items with >> are new 19770-2 fields compared to existing data):

    * Product Title,

    * Product Version,

    * Software Creator,

    * Software Licensor,

    * >>Tag Creator,

    * >>Unique Software Identifier, and

    * >>Entitlement Required (Yes/No).

    Guidance for 19770 is suggesting that customers go out to vendors with RFPs mandating compliance with 19770-2. This not a smart move as they won't be getting all the data they need. I can imagine some customers might feel annoyed if not dismayed by this without understanding what they will be getting as the end state package.  

    If the minimum that customers can expect out of -2 tags is the mandatory elements, or in some cases a mix and match version of what other vendors decide they wish to include, then the customer is no better off than using add/remove or registry data, or internal elements already existing when enumerating file properties, or their existing discovery tool, whatever that may be. The data in file properties already equals or exceeds what will be provided in -2 mandatory tags.

    To be useful to the end user customer, what they really need is the optional data in the -2 standards to make their efforts, investment and changes they will need to adapt to make it worthwhile.

    The -2 schema can simply solve the problem by making more of the data elements in the optional area mandatory. That would be a big improvement, but for some reason this doesn't seem obvious, to the -2 evangelists, I have no idea why.

    The reasons listed above are why I make the claim the -2 tagging approach is flawed.

    Pity the poor software discovery tools vendors who will have to make sense of the mix and match tagging elements that will be appearing and what additional data matching identification libraries (and normalising needed) they will need to maintain to help disclose what is installed.

    All of this will need extra tools development effort by discovery tools vendors, which comes at a cost, which the customers will have to pay as they are upgraded to version x of their discovery tool.

    The benefits do not stack up and customers need to realise this, that's why I am happy to be a lone voice on the issue.

    Let's not be fooled into believing that this solution is workable in its curremt form, it has a lot of work yet to be done.

    Rob Harmer

  5. Rob Harmer says:

    I omitted a link to the Microsoft reference site for tags.

    If the vendors are supplying data that only covers the mandatory tags then the tags are a complete waste of time and the customer is NO BETTER off at all.

    Microsoft seem to be only supplying the mandatory tags as per their web site link below.…/softwareid.aspx

    In Microsoft's own words………………………"What kind of information will these tags give me? These software identification tags are simply small XML data files that are installed with the software."

    They contain the following mandatory data elements:

    * Product Title,

    * Product Version,

    * Software Creator,

    * Software Licensor,

    * Tag Creator,

    * Unique Software Identifier, and

    * Entitlement Required (Yes/No).

    ISO 19770-2 tagging is flawed if it allows a few Mandatory and a large number of Optional tag elements.

    In it's current form 19770-2 isn't helpful at all, to the end user customer, despite all the evangelistic trumpet blowing.

    Regards Rob Harmer

  6. PCProfile says:

    An overview of Microsoft Windows 8 19770-2 tags – get ready for pain and suffering if you are working in Software Asset Management (SAM)!

  7. Phil Tishberg says:

    After leaving my comment here 18 months ago, I have been on a number of large enterprise contracts and am currently in one on Wall Street.  The best advice which I have yet to see here and most other sites but is quite valuable is the MPN (Manufacturer Part Number). IT is the Primary Unique Key Field for every piece of ISV/Manufactured Software that is sold publicly.  By using the MPN as a prime key in either your MSL as part of your Service Catalog or as a PrimaryKeyIndexedField in your database/cidb/cmdb, you can guarantee that you will capture every version and manufacturer (creator/owner of the software) for all of your installed and discovered software.  Many products can do discovery, few do knowledge analyses and therefore give that added value so necessary for SAM and IT Asset Managers in their busy day. Rather than pitch my company's products, like a person above managed to intersperse through his comment, if you want to talk about how to develop a first class, real-world major SAM program or are struggling, feel free to reach out to me at my personal email address ( and I would be more than happy to share and help you at no cost but to a point unless you want me to go gangbusters and we can talk further in that vein if necessary.

  8. xiaojun says:

    20150922 junda

  9. dongdong says:


Skip to main content