The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Microsoft to Embed ISO/IEC 19770-2 Software ID Tags


Heather Young, Global Manager, SAM Services and Partners, Microsoft Corporation

Great news for the SAM Industry this week.

Software giant Microsoft has announced adoption of ISO/IEC 19770-2 software identification tags.

Heather Young, Global Manager, SAM Services and Partners, Microsoft Corporation states:

“We are pleased to announce our support for the ISO/IEC 19770-2 Standard on software identification tagging, and have started to integrate 19770-2 tags into our planning cycles to begin shipping in upcoming product releases”

Commenting on the news, David Bicket said:

“Microsoft’s commitment to ISO software identification (‘SWID’) tags is a breakthrough for the IT industry and for everyone who needs to manage their software – which is everyone”

What are -2 Tags and Why Bother?

In a nutshell:

“The ISO/IEC 19770-2 standard outlines consistent format and placement of small XML tags to make software identification faster, easier and more accurate.”

Business Benefits of -2 tags:

  1. Use a consistent method to identify software (Save time and money)
  2. Simplify the recognition process (Save time and money)
  3. Improve Security – more readily identify non-standard software

Managing -2 Tags

Microsoft claim they have begun to integrate the tags into product planning cycles so that they can be included in future product releases. Also, the MAP Toolkit and System Center 2012 will include the ability to manage tags (This will be a great value add for SCCM Administrators).

A key question to ask your inventory tool vendor: What are you doing about managing ISO/IEC 19770-2 tags? Give them a prod, it’s relatively easy to develop (See some earlier adopters from 2010 here)

The Microsoft SAM website also states:

“Qualified Gold SAM Competency Partners can help customers develop plans to leverage these SWID tags and customers may qualify for assistance through a SAM Deployment Planning engagement.”

First Mover Advantage?

There has been growing interest from worldwide organizations in -2 tags, championed by Steve Klos over at TagVault. Adobe flirted with the idea of inserting tags during the development of the Standard, but I believe Microsoft is the first software publisher to fully embrace the -2 standard.

This is a great move by Microsoft. Now it is time for the other major software publishers to step up to the plate. Back in 2010 we identified the vendors auditing their customers most frequentlyWhere are you Oracle, Adobe, IBM, SAP, Symantec, Attachmate? It is time to stop playing lip service to SAM whilst repeatedly auditing your customers and take action.

Microsoft SOM Makeover

Microsoft have also announced that the Microsoft SAM Optimization Model will be updated to incorporate the new -1 tiers so that it continues to be closely aligned to the overall SAM standard. Further details will be available at the Microsoft Worldwide Partner Conference.

2012 Software Identification Summit 

To get up to speed on this Microsoft news and all the latest developments with regards to -2 tags, Tagvault are hosting their summit in California on the 2nd May (only $100 Facilities fee) See

Tags and Parties

Finally, Heather Young and Dave Welsh from Microsoft use their party analogy to explain tags (In Penn & Teller style – Dave Welsh has a non-speaking part and looks a bit perplexed about the whole affair 🙂 )

Further information on the Microsoft SAM site here.

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.

Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.

Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).

When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.

Connect with Martin on LinkedIn.


  1. John Tomeny says:

    Heather’s news of Microsoft’s intention to adopt the ISO/IEC 19770-2 SAM standard for software identification is exciting to all of us in the WG21 / ISO/IEC 19770 development community. Great job Heather! You and Dave have turned the ship in the right direction. Thanks to both of you (and to Steve Klos) for your hard work to make this happen.

  2. Steve says:

    I do need to clarify one point, just to be fair…  

    Microsoft has announced that they will support tags in their tools (MAP and System Center) as well as build tags into the product development efforts.  This is absolutely fantastic without question and without reservation.Having said that, I do have to say that Symantec was the primary driving force behind the development of and they have been very actively engaged in the development and expansion of the use of tags in the market.  They have also been pumping out certified tags since tags could be certified!  Altiris has not provided direct support for tags as yet, but has provided add-on scripts that can pull tag information into the Altiris DB.  CA and ModusLink have also been incredibly active in the development of as a SWID tag registration and certification organization as well as an evangelism program for tag use in the industry.  If it had not been for Symantec, CA and ModusLink, it’s possible Microsoft would not have been able to detail the ROI for both the customer and their organization and see that this really is a priority for the software ecosystem.

    Microsoft’s support is critical to the success of the standard since Microsoft provides so much software to the marketplace.  But I do want to ensure that Symantec, CA and ModusLink get some level of attention in the details of who supports the standard!

  3. Martin Thompson says:

    Sorry Steve, well done to CA and Symantec for supporting TagVault – but where are their tags?

  4. John RIchardson says:

    Symantec is excited that Microsoft has announced its support of the ISO tagging standard. We look forward to working them to develop common implementation standards that will help our mutual customers improve their ability to manage their software assets across all publishers.

    To answer the questions — Where are the Symantec tags? …

    Symantec has been publishing tags in February 2010 with the release of Symantec NetBackup 7.0. NetBackup 7.0 was the first product to release a certified, digitally signed tag. The tag deployed by NetBackup is a common tag with the mandatory elements that is deployed on all NetBackup client and server systems.

    In 2011, we added two more products — Symantec Endpoint Protection 12.1 and Symantec Enterprise Vault 10.0 and 9.0.3 and move to the more advanced implementation model developed by a where these applications ship with varying types of tags — an “application” tag that is deployed on every system where any part of the application is installed, along with one or more “component” tags that align with the add/remove entries. This allows software consumers to know which add/remove programs go with the application. I know when I look at my add/remove programs and see a wave of components, it is hard to discern which entries go with which applications. With the tags conforming to the implementation model, software asset tools can clearly figure out which add/remove programs go with which applications as the tags provide the ability to have the parent application tag list its children/”component” tags/add/remove program entries. We have another product that will release soon in 2012 with tags.

    What has been needed to really scale this effort up internally is the ability for product groups to self-sign, self-certify. is updating its tools to provide these capabilies which will enable our product teams (and other publishers who wish to follow the same model) to be completely self-sufficient, and to integrate the certification and signing into their release engineering process. Software engineering teams want to do the right thing but frankly don’t want to be experts on tagging. They want/need standard tools to take care of it. To this end, we are excited about Microsoft and Flexera building tags into their tools sets (Wix, InstallShield). This will help greatly, but we need these tools to provide support for common inplementation guidelines developed. These guidelines provide the blueprint to provide a rich set of tags for an application rlease to cover the broad set of asset management use cases – inventory, license management, patch management, system security, install integrity, supply chain security, …

    Symantec and the other members believe that without standards for implementation and a certification process for tags across software publishers, software consumers will likely end up in the same position they are in today with the previous attempts to make software more identifiable/manageable — propriety OS install registries / interfaces, data that is not consistent or normalized, etc. ISO tags with the standard implementation and normalization guidelines outline in go along way enabling a standard, cross-platform (Windows, UNIX, Linux, Mac, Droid, …) process to track and manage software.

    With Microsoft joining the effort, 2012 looks to be a very exciting year. Hopefully more publishers sign-up for “being part of the solution” as well.

    Come out the SWID tagging conference next week in Cambell, CA (just outsiide of San Jose). I’ll be there and would be happy to share what we are doing in Symantec, discuss your ideas for how to tags can help software consumers, or anything else you’d like to chat about. It should be a great conference!

    John Richardson
    Director, Q2C Licensing Experience
    Symantec Corporation

  5. Martin Thompson says:

    Hi John, 
    Thanks for your comment and update. It is great to read the progress at Symantec and I stand corrected in terms of MS being the first major vendor to put emphasis on tags. 

  6. Guest says:

    Ok so it’s nice to know who is an invited guest at your party, but one of the main issues of licensing still hasn’t been addressed… Who is eating what? How do you cater this party if you don’t know how hungry everyone is?

    Some guests might be starving and consuming a large number of cores / processors, other might be nibbling on a single core. When server software is core / processor dependant, until you know who has eaten what, and there is a workable reporting tool that can tell you that for every tag, how well organised is this party?

  7. John Richardson says:

    To the Guest, you have to start some where, and before you can address licensing challenges, you need to first kwow what is installed, what software is being used, etc. Tags can eliminate a lot of the cycles spent in just obtaining this view (using various tools, consolidating and normalizing the data, etc.), Tags also provide a way for the software inventory to be accurate and current at all times. Once this foundational data is there (no party crashers, only authorized apps in use), organizations will have more time to focus on gathering what is needed for license management. So organizations of any size, that are large Microsoft users, I think should be very excited with their support of this standard.

  8. Guest says:

    Hi John I didn’t mean to sound critical, just pointing out that while tags are definitely part of the solution, they are not the entire solution. Having been a MS LS for many years prior to entering the SAM arena, the issue of tracking processor / core usage for software reporting purposes has persisted virtually unaddressed. For the benefit of those facing large True Ups every year I hope the progress doesn’t stop here.

Leave a Comment